refactor: fetch routes accepted by a given gateway without specifying…

… the gateway controller name Removes the need for authorizing reading gateway classes
Kuadrant · Apr 19, 2024 · 78e0e42 · 78e0e42
1 parent 7ec2b8a
commit 78e0e42
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 36 deletions.
diff --git a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml
@@ -106,7 +106,7 @@ metadata:
     capabilities: Basic Install
     categories: Integration & Delivery
     containerImage: quay.io/kuadrant/kuadrant-operator:latest
-    createdAt: "2024-04-19T09:46:40Z"
+    createdAt: "2024-04-19T18:30:03Z"
     operators.operatorframework.io/builder: operator-sdk-v1.32.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/Kuadrant/kuadrant-operator
@@ -274,14 +274,6 @@ spec:
           - patch
           - update
           - watch
-        - apiGroups:
-          - gateway.networking.k8s.io
-          resources:
-          - gatewayclasses
-          verbs:
-          - get
-          - list
-          - watch
         - apiGroups:
           - gateway.networking.k8s.io
           resources:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -122,14 +122,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - gateway.networking.k8s.io
-  resources:
-  - gatewayclasses
-  verbs:
-  - get
-  - list
-  - watch
 - apiGroups:
   - gateway.networking.k8s.io
   resources:

diff --git a/controllers/kuadrant_controller.go b/controllers/kuadrant_controller.go
@@ -74,7 +74,6 @@ type KuadrantReconciler struct {
 //+kubebuilder:rbac:groups=maistra.io,resources=servicemeshmembers,verbs=get;list;watch;create;update;delete;patch
 
 // Common permissions required by policy controllers
-//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses,verbs=get;list;watch
 //+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways/finalizers,verbs=update

diff --git a/pkg/library/reconcilers/target_ref_reconciler.go b/pkg/library/reconcilers/target_ref_reconciler.go
@@ -26,6 +26,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 
+	kuadrantgatewayapi "github.com/kuadrant/kuadrant-operator/pkg/library/gatewayapi"
 	"github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant"
 	"github.com/kuadrant/kuadrant-operator/pkg/library/utils"
 )
@@ -40,12 +41,6 @@ func (r *TargetRefReconciler) FetchAcceptedGatewayHTTPRoutes(ctx context.Context
 	logger, _ := logr.FromContext(ctx)
 	logger = logger.WithName("FetchAcceptedGatewayHTTPRoutes").WithValues("gateway", gwKey)
 
-	gatewayClass := &gatewayapiv1.GatewayClass{}
-	if err := r.Client.Get(ctx, client.ObjectKey{Name: string(gateway.Spec.GatewayClassName)}, gatewayClass); err != nil {
-		logger.V(1).Info("failed to get controller name", "err", err)
-		return
-	}
-
 	routeList := &gatewayapiv1.HTTPRouteList{}
 	err := r.Client.List(ctx, routeList)
 	if err != nil {
@@ -55,22 +50,12 @@ func (r *TargetRefReconciler) FetchAcceptedGatewayHTTPRoutes(ctx context.Context
 
 	for idx := range routeList.Items {
 		route := routeList.Items[idx]
-		routeParentStatus, found := utils.Find(route.Status.RouteStatus.Parents, func(p gatewayapiv1.RouteParentStatus) bool {
-			return *p.ParentRef.Kind == ("Gateway") &&
-				p.ControllerName == gatewayClass.Spec.ControllerName &&
-				((p.ParentRef.Namespace == nil && route.GetNamespace() == gwKey.Namespace) || string(*p.ParentRef.Namespace) == gwKey.Namespace) &&
-				string(p.ParentRef.Name) == gwKey.Name
-		})
-		if found && meta.IsStatusConditionTrue(routeParentStatus.Conditions, string(gatewayapiv1.RouteConditionAccepted)) {
+		if utils.Index(kuadrantgatewayapi.GetRouteAcceptedGatewayParentKeys(&route), func(parentGatewayKey client.ObjectKey) bool { return parentGatewayKey == gwKey }) >= 0 {
 			logger.V(1).Info("found route attached to gateway", "httproute", client.ObjectKeyFromObject(&route))
 			routes = append(routes, route)
 			continue
 		}
-
-		logger.V(1).Info("skipping route, not attached to gateway",
-			"httproute", client.ObjectKeyFromObject(&route),
-			"isChildRoute", found,
-			"isAccepted", routeParentStatus != nil && meta.IsStatusConditionTrue(routeParentStatus.Conditions, string(gatewayapiv1.RouteConditionAccepted)))
+		logger.V(1).Info("skipping route, not attached to gateway", "httproute", client.ObjectKeyFromObject(&route))
 	}
 
 	return