Skip to content

Commit

Permalink
Use LocalPolicyTargetReference
Browse files Browse the repository at this point in the history
Signed-off-by: Adam Cattermole <acatterm@redhat.com>
  • Loading branch information
adam-cattermole committed Jul 25, 2024
1 parent 77fb25e commit 72c5c53
Show file tree
Hide file tree
Showing 53 changed files with 510 additions and 448 deletions.
27 changes: 7 additions & 20 deletions api/v1alpha1/dnspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ package v1alpha1

import (
"context"
"fmt"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/ptr"
Expand Down Expand Up @@ -53,7 +52,7 @@ type DNSPolicySpec struct {
// TargetRef identifies an API object to apply policy to.
// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'"
// +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'Gateway'"
TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"`
TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"`

// +optional
HealthCheck *v1alpha1.HealthCheckSpec `json:"healthCheck,omitempty"`
Expand Down Expand Up @@ -173,7 +172,7 @@ func (p *DNSPolicy) GetRulesHostnames() []string {
return make([]string, 0)
}

func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference {
func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference {

Check warning on line 175 in api/v1alpha1/dnspolicy_types.go

View check run for this annotation

Codecov / codecov/patch

api/v1alpha1/dnspolicy_types.go#L175

Added line #L175 was not covered by tests
return p.Spec.TargetRef
}

Expand Down Expand Up @@ -214,16 +213,6 @@ func (p *DNSPolicy) DirectReferenceAnnotationName() string {
return DNSPolicyDirectReferenceAnnotationName
}

// Validate ensures the resource is valid. Compatible with the validating interface
// used by webhooks
func (p *DNSPolicy) Validate() error {
if p.Spec.TargetRef.Namespace != nil && string(*p.Spec.TargetRef.Namespace) != p.Namespace {
return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *p.Spec.TargetRef.Namespace)
}

return nil
}

//+kubebuilder:object:root=true

// DNSPolicyList contains a list of DNSPolicy
Expand Down Expand Up @@ -259,7 +248,7 @@ func NewDNSPolicy(name, ns string) *DNSPolicy {
}
}

func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference) *DNSPolicy {
func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) *DNSPolicy {

Check warning on line 251 in api/v1alpha1/dnspolicy_types.go

View check run for this annotation

Codecov / codecov/patch

api/v1alpha1/dnspolicy_types.go#L251

Added line #L251 was not covered by tests
p.Spec.TargetRef = targetRef
return p
}
Expand All @@ -282,12 +271,10 @@ func (p *DNSPolicy) WithRoutingStrategy(strategy RoutingStrategy) *DNSPolicy {
//TargetRef

func (p *DNSPolicy) WithTargetGateway(gwName string) *DNSPolicy {
typedNamespace := gatewayapiv1.Namespace(p.GetNamespace())
return p.WithTargetRef(gatewayapiv1alpha2.NamespacedPolicyTargetReference{
Group: gatewayapiv1.GroupName,
Kind: "Gateway",
Name: gatewayapiv1.ObjectName(gwName),
Namespace: &typedNamespace,
return p.WithTargetRef(gatewayapiv1alpha2.LocalPolicyTargetReference{
Group: gatewayapiv1.GroupName,
Kind: "Gateway",
Name: gatewayapiv1.ObjectName(gwName),

Check warning on line 277 in api/v1alpha1/dnspolicy_types.go

View check run for this annotation

Codecov / codecov/patch

api/v1alpha1/dnspolicy_types.go#L274-L277

Added lines #L274 - L277 were not covered by tests
})
}

Expand Down
23 changes: 6 additions & 17 deletions api/v1alpha1/tlspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ package v1alpha1

import (
"context"
"fmt"

certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
certmanmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
Expand All @@ -42,7 +41,7 @@ type TLSPolicySpec struct {
// TargetRef identifies an API object to apply policy to.
// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'"
// +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'Gateway'"
TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"`
TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"`

CertificateSpec `json:",inline"`
}
Expand Down Expand Up @@ -179,7 +178,7 @@ func (p *TLSPolicy) GetRulesHostnames() []string {
return make([]string, 0)
}

func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference {
func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference {

Check warning on line 181 in api/v1alpha1/tlspolicy_types.go

View check run for this annotation

Codecov / codecov/patch

api/v1alpha1/tlspolicy_types.go#L181

Added line #L181 was not covered by tests
return p.Spec.TargetRef
}

Expand All @@ -195,14 +194,6 @@ func (p *TLSPolicy) DirectReferenceAnnotationName() string {
return TLSPolicyDirectReferenceAnnotationName
}

func (p *TLSPolicy) Validate() error {
if p.Spec.TargetRef.Namespace != nil && string(*p.Spec.TargetRef.Namespace) != p.Namespace {
return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *p.Spec.TargetRef.Namespace)
}

return nil
}

//+kubebuilder:object:root=true

// TLSPolicyList contains a list of TLSPolicy
Expand Down Expand Up @@ -239,12 +230,10 @@ func NewTLSPolicy(policyName, ns string) *TLSPolicy {
}

func (p *TLSPolicy) WithTargetGateway(gwName string) *TLSPolicy {
typedNamespace := gatewayapiv1.Namespace(p.GetNamespace())
p.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{
Group: gatewayapiv1.GroupName,
Kind: "Gateway",
Name: gatewayapiv1.ObjectName(gwName),
Namespace: &typedNamespace,
p.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{
Group: gatewayapiv1.GroupName,
Kind: "Gateway",
Name: gatewayapiv1.ObjectName(gwName),

Check warning on line 236 in api/v1alpha1/tlspolicy_types.go

View check run for this annotation

Codecov / codecov/patch

api/v1alpha1/tlspolicy_types.go#L233-L236

Added lines #L233 - L236 were not covered by tests
}
return p
}
Expand Down
4 changes: 2 additions & 2 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 2 additions & 11 deletions api/v1beta2/authpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package v1beta2

import (
"context"
"fmt"

"github.com/go-logr/logr"
"github.com/google/go-cmp/cmp"
Expand Down Expand Up @@ -163,7 +162,7 @@ type AuthPolicySpec struct {
// TargetRef identifies an API object to apply policy to.
// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'"
// +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'"
TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"`
TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"`

// Defaults define explicit default values for this policy and for policies inheriting this policy.
// Defaults are mutually exclusive with implicit defaults defined by AuthPolicyCommonSpec.
Expand Down Expand Up @@ -273,15 +272,7 @@ func (ap *AuthPolicy) IsAtomicOverride() bool {
return ap.Spec.Overrides != nil
}

func (ap *AuthPolicy) Validate() error {
if ap.Spec.TargetRef.Namespace != nil && string(*ap.Spec.TargetRef.Namespace) != ap.Namespace {
return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *ap.Spec.TargetRef.Namespace)
}

return nil
}

func (ap *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference {
func (ap *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference {
return ap.Spec.TargetRef
}

Expand Down
69 changes: 1 addition & 68 deletions api/v1beta2/authpolicy_types_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ import (
"reflect"
"testing"

authorinoapi "github.com/kuadrant/authorino/api/v1beta2"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/utils/ptr"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
Expand Down Expand Up @@ -71,7 +70,7 @@ func TestAuthPolicyGetRulesHostnames(t *testing.T) {
Namespace: "my-namespace",
},
Spec: AuthPolicySpec{
TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{
TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{
Group: gatewayapiv1.GroupName,
Kind: "HTTPRoute",
Name: "my-route",
Expand Down Expand Up @@ -213,72 +212,6 @@ func TestAuthPolicyGetRulesHostnames(t *testing.T) {
}
}

func TestAuthPolicyValidate(t *testing.T) {
testCases := []struct {
name string
policy *AuthPolicy
valid bool
message string
}{
{
name: "invalid targetRef namespace",
policy: &AuthPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "my-policy",
Namespace: "my-namespace",
},
Spec: AuthPolicySpec{
TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{
Group: gatewayapiv1.GroupName,
Kind: "HTTPRoute",
Name: "my-route",
Namespace: ptr.To(gatewayapiv1.Namespace("other-namespace")),
},
AuthPolicyCommonSpec: AuthPolicyCommonSpec{
AuthScheme: &AuthSchemeSpec{
Authentication: map[string]AuthenticationSpec{
"my-rule": {
AuthenticationSpec: authorinoapi.AuthenticationSpec{
AuthenticationMethodSpec: authorinoapi.AuthenticationMethodSpec{
AnonymousAccess: &authorinoapi.AnonymousAccessSpec{},
},
},
CommonAuthRuleSpec: CommonAuthRuleSpec{
RouteSelectors: []RouteSelector{
{
Hostnames: []gatewayapiv1.Hostname{"*.foo.io"},
Matches: []gatewayapiv1.HTTPRouteMatch{
{
Path: &gatewayapiv1.HTTPPathMatch{
Value: ptr.To("/foo"),
},
},
},
},
},
},
},
},
},
},
},
},
message: "invalid targetRef.Namespace other-namespace. Currently only supporting references to the same namespace",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
result := tc.policy.Validate()
if tc.valid && result != nil {
t.Errorf("Expected policy to be valid, got %t", result)
}
if !tc.valid && result == nil {
t.Error("Expected policy to be invalid, got no validation error")
}
})
}
}

func testBuildRouteSelector() RouteSelector {
return RouteSelector{
Hostnames: []gatewayapiv1.Hostname{"toystore.kuadrant.io"},
Expand Down
12 changes: 2 additions & 10 deletions api/v1beta2/ratelimitpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ type RateLimitPolicySpec struct {
// TargetRef identifies an API object to apply policy to.
// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'"
// +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'"
TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"`
TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"`

// Defaults define explicit default values for this policy and for policies inheriting this policy.
// Defaults are mutually exclusive with implicit defaults defined by RateLimitPolicyCommonSpec.
Expand Down Expand Up @@ -226,14 +226,6 @@ type RateLimitPolicy struct {

var _ kuadrantgatewayapi.Policy = &RateLimitPolicy{}

func (r *RateLimitPolicy) Validate() error {
if r.Spec.TargetRef.Namespace != nil && string(*r.Spec.TargetRef.Namespace) != r.Namespace {
return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *r.Spec.TargetRef.Namespace)
}

return nil
}

func (r *RateLimitPolicy) GetObservedGeneration() int64 { return r.Status.GetObservedGeneration() }
func (r *RateLimitPolicy) SetObservedGeneration(o int64) { r.Status.SetObservedGeneration(o) }

Expand All @@ -252,7 +244,7 @@ func (l *RateLimitPolicyList) GetItems() []kuadrant.Policy {
})
}

func (r *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference {
func (r *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference {
return r.Spec.TargetRef
}

Expand Down
23 changes: 1 addition & 22 deletions api/v1beta2/ratelimitpolicy_types_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
package v1beta2

import (
"strings"
"testing"

"gotest.tools/assert"
Expand All @@ -25,7 +24,7 @@ func testBuildBasicRLP(name string, kind gatewayapiv1.Kind, mutateFn func(*RateL
Namespace: "testNS",
},
Spec: RateLimitPolicySpec{
TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{
TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{
Group: gatewayapiv1.GroupName,
Kind: kind,
Name: "some-name",
Expand All @@ -44,26 +43,6 @@ func testBuildBasicHTTPRouteRLP(name string, mutateFn func(*RateLimitPolicy)) *R
return testBuildBasicRLP(name, "HTTPRoute", mutateFn)
}

// TestRateLimitPolicyValidation calls rlp.Validate()
// for a valid return value.
func TestRateLimitPolicyValidation(t *testing.T) {
name := "httproute-a"

t.Run("Invalid - Different namespace", func(subT *testing.T) {
rlp := testBuildBasicHTTPRouteRLP(name, func(policy *RateLimitPolicy) {
otherNS := gatewayapiv1.Namespace(policy.GetNamespace() + "other")
policy.Spec.TargetRef.Namespace = &otherNS
})
err := rlp.Validate()
if err == nil {
subT.Fatal(`rlp.Validate() did not return error and should`)
}
if !strings.Contains(err.Error(), "invalid targetRef.Namespace") {
subT.Fatalf(`rlp.Validate() did not return expected error. Instead: %v`, err)
}
})
}

func TestRateLimitPolicyListGetItems(t *testing.T) {
list := &RateLimitPolicyList{}
if len(list.GetItems()) != 0 {
Expand Down
4 changes: 2 additions & 2 deletions api/v1beta2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ metadata:
capabilities: Basic Install
categories: Integration & Delivery
containerImage: quay.io/kuadrant/kuadrant-operator:latest
createdAt: "2024-07-10T15:04:27Z"
createdAt: "2024-07-24T10:00:34Z"
operators.operatorframework.io/builder: operator-sdk-v1.32.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/Kuadrant/kuadrant-operator
Expand Down
Loading

0 comments on commit 72c5c53

Please sign in to comment.