From 36283a9dc47775ba137f92530846b3d4fd9d2711 Mon Sep 17 00:00:00 2001 From: Michael Nairn Date: Fri, 1 Nov 2024 14:49:02 +0000 Subject: [PATCH] chore: TLS and DNS Policy API cleanup * Remove unnescaery implementation of kuadrant.Referrer * Mark implementation of kuadrant.Policy as Deprecated * Avoid the use of Kind() method in DNS/TLS policy validator tasks * Set type of missing resource to Gateway rather than the Policy. This isn't 100% correct since it could be a section name not found, but it's closer than using the policy. Signed-off-by: Michael Nairn --- api/v1alpha1/dnspolicy_types.go | 76 +++---------------------- api/v1alpha1/tlspolicy_types.go | 73 +++--------------------- controllers/dnspolicies_validator.go | 4 +- controllers/dnspolicy_status_updater.go | 2 +- controllers/tlspolicies_validator.go | 6 +- controllers/tlspolicy_status_updater.go | 4 +- 6 files changed, 24 insertions(+), 141 deletions(-) diff --git a/api/v1alpha1/dnspolicy_types.go b/api/v1alpha1/dnspolicy_types.go index 5aa5ad64f..620f2c4f1 100644 --- a/api/v1alpha1/dnspolicy_types.go +++ b/api/v1alpha1/dnspolicy_types.go @@ -17,7 +17,6 @@ limitations under the License. package v1alpha1 import ( - "context" "fmt" "net" "strings" @@ -25,9 +24,7 @@ import ( dnsv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/utils/ptr" - "sigs.k8s.io/controller-runtime/pkg/client" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -36,21 +33,9 @@ import ( "github.com/kuadrant/kuadrant-operator/pkg/library/utils" ) -var ( - DNSPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{ - Group: GroupVersion.Group, - Version: GroupVersion.Version, - Kind: "DNSPolicy", - } -) - const ( - DefaultWeight int = 120 - DefaultGeo GeoCode = "default" - WildcardGeo GeoCode = "*" - - DNSPolicyBackReferenceAnnotationName = "kuadrant.io/dnspolicies" - DNSPolicyDirectReferenceAnnotationName = "kuadrant.io/dnspolicy" + DefaultGeo GeoCode = "default" + WildcardGeo GeoCode = "*" ) // DNSPolicySpec defines the desired state of DNSPolicy @@ -157,7 +142,6 @@ func (s *DNSPolicyStatus) GetConditions() []metav1.Condition { } var _ kuadrant.Policy = &DNSPolicy{} -var _ kuadrant.Referrer = &DNSPolicy{} // +kubebuilder:object:root=true // +kubebuilder:subresource:status @@ -181,10 +165,12 @@ func (p *DNSPolicy) Validate() error { return p.Spec.ExcludeAddresses.Validate() } +// Deprecated: kuadrant.Policy. func (p *DNSPolicy) GetWrappedNamespace() gatewayapiv1.Namespace { return gatewayapiv1.Namespace(p.Namespace) } +// Deprecated: kuadrant.Policy. func (p *DNSPolicy) GetRulesHostnames() []string { return make([]string, 0) } @@ -193,30 +179,21 @@ func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference return p.Spec.TargetRef.LocalPolicyTargetReference } +// Deprecated: kuadrant.Policy. func (p *DNSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus { return &p.Status } +// Deprecated: kuadrant.Policy. func (p *DNSPolicy) Kind() string { - return NewDNSPolicyType().GetGVK().Kind -} - -func (p *DNSPolicy) TargetProgrammedGatewaysOnly() bool { - return true + return DNSPolicyGroupKind.Kind } +// Deprecated: kuadrant.Policy. func (p *DNSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass { return kuadrantgatewayapi.DirectPolicy } -func (p *DNSPolicy) BackReferenceAnnotationName() string { - return NewDNSPolicyType().BackReferenceAnnotationName() -} - -func (p *DNSPolicy) DirectReferenceAnnotationName() string { - return NewDNSPolicyType().DirectReferenceAnnotationName() -} - //+kubebuilder:object:root=true // DNSPolicyList contains a list of DNSPolicy @@ -226,6 +203,7 @@ type DNSPolicyList struct { Items []DNSPolicy `json:"items"` } +// Deprecated: kuadrant.PolicyList. func (l *DNSPolicyList) GetItems() []kuadrant.Policy { return utils.Map(l.Items, func(item DNSPolicy) kuadrant.Policy { return &item @@ -326,39 +304,3 @@ func (p *DNSPolicy) WithLoadBalancingFor(weight int, geo string, isDefaultGeo bo DefaultGeo: isDefaultGeo, }) } - -type dnsPolicyType struct{} - -func NewDNSPolicyType() kuadrantgatewayapi.PolicyType { - return &dnsPolicyType{} -} - -func (d dnsPolicyType) GetGVK() schema.GroupVersionKind { - return DNSPolicyGVK -} - -func (d dnsPolicyType) GetInstance() client.Object { - return &DNSPolicy{ - TypeMeta: metav1.TypeMeta{ - Kind: DNSPolicyGVK.Kind, - APIVersion: GroupVersion.String(), - }, - } -} - -func (d dnsPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) { - list := &DNSPolicyList{} - err := cl.List(ctx, list, listOpts...) - if err != nil { - return nil, err - } - return utils.Map(list.Items, func(p DNSPolicy) kuadrantgatewayapi.Policy { return &p }), nil -} - -func (d dnsPolicyType) BackReferenceAnnotationName() string { - return DNSPolicyBackReferenceAnnotationName -} - -func (d dnsPolicyType) DirectReferenceAnnotationName() string { - return DNSPolicyDirectReferenceAnnotationName -} diff --git a/api/v1alpha1/tlspolicy_types.go b/api/v1alpha1/tlspolicy_types.go index ebf168a85..11b3aaf13 100644 --- a/api/v1alpha1/tlspolicy_types.go +++ b/api/v1alpha1/tlspolicy_types.go @@ -17,13 +17,9 @@ limitations under the License. package v1alpha1 import ( - "context" - certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" certmanmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/client" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -32,19 +28,6 @@ import ( "github.com/kuadrant/kuadrant-operator/pkg/library/utils" ) -var ( - TLSPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{ - Group: GroupVersion.Group, - Version: GroupVersion.Version, - Kind: "TLSPolicy", - } -) - -const ( - TLSPolicyBackReferenceAnnotationName = "kuadrant.io/tlspolicies" - TLSPolicyDirectReferenceAnnotationName = "kuadrant.io/tlspolicy" -) - // TLSPolicySpec defines the desired state of TLSPolicy type TLSPolicySpec struct { // TargetRef identifies an API object to apply policy to. @@ -134,7 +117,6 @@ func (s *TLSPolicyStatus) GetConditions() []metav1.Condition { } var _ kuadrant.Policy = &TLSPolicy{} -var _ kuadrant.Referrer = &TLSPolicy{} // +kubebuilder:object:root=true // +kubebuilder:subresource:status @@ -154,22 +136,22 @@ type TLSPolicy struct { Status TLSPolicyStatus `json:"status,omitempty"` } +// Deprecated: kuadrant.Policy. func (p *TLSPolicy) Kind() string { - return NewTLSPolicyType().GetGVK().Kind -} - -func (p *TLSPolicy) TargetProgrammedGatewaysOnly() bool { - return false + return TLSPolicyGroupKind.Kind } +// Deprecated: kuadrant.Policy. func (p *TLSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass { return kuadrantgatewayapi.DirectPolicy } +// Deprecated: kuadrant.Policy. func (p *TLSPolicy) GetWrappedNamespace() gatewayapiv1.Namespace { return gatewayapiv1.Namespace(p.Namespace) } +// Deprecated: kuadrant.Policy. func (p *TLSPolicy) GetRulesHostnames() []string { return make([]string, 0) } @@ -178,18 +160,11 @@ func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference return p.Spec.TargetRef } +// Deprecated: kuadrant.Policy. func (p *TLSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus { return &p.Status } -func (p *TLSPolicy) BackReferenceAnnotationName() string { - return NewTLSPolicyType().BackReferenceAnnotationName() -} - -func (p *TLSPolicy) DirectReferenceAnnotationName() string { - return NewTLSPolicyType().DirectReferenceAnnotationName() -} - //+kubebuilder:object:root=true // TLSPolicyList contains a list of TLSPolicy @@ -199,6 +174,7 @@ type TLSPolicyList struct { Items []TLSPolicy `json:"items"` } +// Deprecated: kuadrant.PolicyList. func (l *TLSPolicyList) GetItems() []kuadrant.Policy { return utils.Map(l.Items, func(item TLSPolicy) kuadrant.Policy { return &item @@ -238,38 +214,3 @@ func (p *TLSPolicy) WithIssuerRef(issuerRef certmanmetav1.ObjectReference) *TLSP p.Spec.IssuerRef = issuerRef return p } - -type tlsPolicyType struct{} - -func NewTLSPolicyType() kuadrantgatewayapi.PolicyType { - return &tlsPolicyType{} -} - -func (t tlsPolicyType) GetGVK() schema.GroupVersionKind { - return TLSPolicyGVK -} -func (t tlsPolicyType) GetInstance() client.Object { - return &TLSPolicy{ - TypeMeta: metav1.TypeMeta{ - Kind: TLSPolicyGVK.Kind, - APIVersion: GroupVersion.String(), - }, - } -} - -func (t tlsPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) { - list := &TLSPolicyList{} - err := cl.List(ctx, list, listOpts...) - if err != nil { - return nil, err - } - return utils.Map(list.Items, func(p TLSPolicy) kuadrantgatewayapi.Policy { return &p }), nil -} - -func (t tlsPolicyType) BackReferenceAnnotationName() string { - return TLSPolicyBackReferenceAnnotationName -} - -func (t tlsPolicyType) DirectReferenceAnnotationName() string { - return TLSPolicyDirectReferenceAnnotationName -} diff --git a/controllers/dnspolicies_validator.go b/controllers/dnspolicies_validator.go index cbe77d42d..510a8c566 100644 --- a/controllers/dnspolicies_validator.go +++ b/controllers/dnspolicies_validator.go @@ -40,8 +40,8 @@ func (r *DNSPoliciesValidator) validate(ctx context.Context, _ []controller.Reso state.Store(StateDNSPolicyAcceptedKey, lo.SliceToMap(policies, func(policy *kuadrantv1alpha1.DNSPolicy) (string, error) { if len(policy.GetTargetRefs()) == 0 || len(topology.Targetables().Children(policy)) == 0 { - return policy.GetLocator(), kuadrant.NewErrTargetNotFound(policy.Kind(), policy.GetTargetRef(), - apierrors.NewNotFound(kuadrantv1alpha1.DNSPoliciesResource.GroupResource(), policy.GetName())) + return policy.GetLocator(), kuadrant.NewErrTargetNotFound(kuadrantv1alpha1.DNSPolicyGroupKind.Kind, policy.GetTargetRef(), + apierrors.NewNotFound(controller.GatewaysResource.GroupResource(), policy.GetName())) } return policy.GetLocator(), policy.Validate() })) diff --git a/controllers/dnspolicy_status_updater.go b/controllers/dnspolicy_status_updater.go index 5501174e9..758cee40a 100644 --- a/controllers/dnspolicy_status_updater.go +++ b/controllers/dnspolicy_status_updater.go @@ -138,7 +138,7 @@ func enforcedCondition(records []*kuadrantdnsv1alpha1.DNSRecord, dnsPolicy *kuad // if there are records and none of the records are ready if len(records) > 0 && len(notReadyRecords) == len(records) { - return kuadrant.EnforcedCondition(dnsPolicy, kuadrant.NewErrUnknown(dnsPolicy.Kind(), errors.New("policy is not enforced on any DNSRecord: not a single DNSRecord is ready")), false) + return kuadrant.EnforcedCondition(dnsPolicy, kuadrant.NewErrUnknown(kuadrantv1alpha1.DNSPolicyGroupKind.Kind, errors.New("policy is not enforced on any DNSRecord: not a single DNSRecord is ready")), false) } // some of the records are not ready diff --git a/controllers/tlspolicies_validator.go b/controllers/tlspolicies_validator.go index 419b1e61a..60e83f3e2 100644 --- a/controllers/tlspolicies_validator.go +++ b/controllers/tlspolicies_validator.go @@ -93,7 +93,7 @@ func (t *TLSPoliciesValidator) Validate(ctx context.Context, _ []controller.Reso // TODO: What should happen if multiple target refs is supported in the future in terms of reporting in log and policy status? func (t *TLSPoliciesValidator) isTargetRefsFound(topology *machinery.Topology, p *kuadrantv1alpha1.TLSPolicy) error { if len(p.GetTargetRefs()) != len(topology.Targetables().Children(p)) { - return kuadrant.NewErrTargetNotFound(p.Kind(), p.GetTargetRef(), apierrors.NewNotFound(kuadrantv1alpha1.TLSPoliciesResource.GroupResource(), p.GetName())) + return kuadrant.NewErrTargetNotFound(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, p.GetTargetRef(), apierrors.NewNotFound(controller.GatewaysResource.GroupResource(), p.GetName())) } return nil @@ -102,7 +102,7 @@ func (t *TLSPoliciesValidator) isTargetRefsFound(topology *machinery.Topology, p // isValidIssuerKind Validates that the Issuer Ref kind is either empty, Issuer or ClusterIssuer func (t *TLSPoliciesValidator) isValidIssuerKind(p *kuadrantv1alpha1.TLSPolicy) error { if !lo.Contains([]string{"", certmanv1.IssuerKind, certmanv1.ClusterIssuerKind}, p.Spec.IssuerRef.Kind) { - return kuadrant.NewErrInvalid(p.Kind(), fmt.Errorf(`invalid value %q for issuerRef.kind. Must be empty, %q or %q`, + return kuadrant.NewErrInvalid(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, fmt.Errorf(`invalid value %q for issuerRef.kind. Must be empty, %q or %q`, p.Spec.IssuerRef.Kind, certmanv1.IssuerKind, certmanv1.ClusterIssuerKind)) } @@ -132,7 +132,7 @@ func (t *TLSPoliciesValidator) isIssuerFound(topology *machinery.Topology, p *ku }) if !ok { - return kuadrant.NewErrInvalid(p.Kind(), errors.New("unable to find issuer")) + return kuadrant.NewErrInvalid(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, errors.New("unable to find issuer")) } return nil diff --git a/controllers/tlspolicy_status_updater.go b/controllers/tlspolicy_status_updater.go index c71e35dda..723f970cb 100644 --- a/controllers/tlspolicy_status_updater.go +++ b/controllers/tlspolicy_status_updater.go @@ -106,11 +106,11 @@ func (t *TLSPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controlle func (t *TLSPolicyStatusUpdater) enforcedCondition(ctx context.Context, policy *kuadrantv1alpha1.TLSPolicy, topology *machinery.Topology) *metav1.Condition { if err := t.isIssuerReady(ctx, policy, topology); err != nil { - return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(policy.Kind(), err), false) + return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, err), false) } if err := t.isCertificatesReady(policy, topology); err != nil { - return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(policy.Kind(), err), false) + return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, err), false) } return kuadrant.EnforcedCondition(policy, nil, true)