refactor: improve linking functions

Signed-off-by: KevFan <chfan@redhat.com>
Kuadrant · Oct 2, 2024 · 8c526a7 · 8c526a7
1 parent ff91d70
commit 8c526a7
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 24 deletions.
diff --git a/controllers/state_of_the_world.go b/controllers/state_of_the_world.go
@@ -17,7 +17,6 @@ import (
 	istioclientnetworkingv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3"
 	istioclientgosecurityv1beta1 "istio.io/client-go/pkg/apis/security/v1beta1"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/dynamic"
@@ -294,11 +293,6 @@ func (r *TopologyFileReconciler) Reconcile(ctx context.Context, _ []controller.R
 	if len(existingTopologyConfigMaps) == 0 {
 		_, err := r.Client.Resource(controller.ConfigMapsResource).Namespace(cm.Namespace).Create(ctx, unstructuredCM, metav1.CreateOptions{})
 		if err != nil {
-			if errors.IsAlreadyExists(err) {
-				// This error can happen when the operator is starting, and the create event for the topology has not being processed.
-				logger.Info("already created topology configmap, must not be in topology yet")
-				return nil
-			}
 			logger.Error(err, "failed to write topology configmap")
 		}
 		return err

diff --git a/controllers/tlspolicy_links.go b/controllers/tlspolicy_links.go
@@ -6,6 +6,8 @@ import (
 	"github.com/kuadrant/policy-machinery/machinery"
 	"github.com/samber/lo"
 	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+
+	kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1"
 )
 
 func LinkGatewayToCertificateFunc(objs controller.Store) machinery.LinkFunc {
@@ -18,13 +20,13 @@ func LinkGatewayToCertificateFunc(objs controller.Store) machinery.LinkFunc {
 			o := child.(*controller.RuntimeObject)
 			cert := o.Object.(*certmanagerv1.Certificate)
 
-			gateway, ok := lo.Find(gateways, func(item *gwapiv1.Gateway) bool {
-				for _, l := range item.Spec.Listeners {
+			gateway, ok := lo.Find(gateways, func(g *gwapiv1.Gateway) bool {
+				for _, l := range g.Spec.Listeners {
 					if l.TLS != nil && l.TLS.CertificateRefs != nil {
 						for _, certRef := range l.TLS.CertificateRefs {
 							certRefNS := ""
 							if certRef.Namespace == nil {
-								certRefNS = item.GetNamespace()
+								certRefNS = g.GetNamespace()
 							} else {
 								certRefNS = string(*certRef.Namespace)
 							}
@@ -49,6 +51,7 @@ func LinkGatewayToCertificateFunc(objs controller.Store) machinery.LinkFunc {
 
 func LinkGatewayToIssuerFunc(objs controller.Store) machinery.LinkFunc {
 	gateways := lo.Map(objs.FilterByGroupKind(machinery.GatewayGroupKind), controller.ObjectAs[*gwapiv1.Gateway])
+	tlsPolicies := lo.Map(objs.FilterByGroupKind(kuadrantv1alpha1.TLSPolicyKind), controller.ObjectAs[*kuadrantv1alpha1.TLSPolicy])
 
 	return machinery.LinkFunc{
 		From: machinery.GatewayGroupKind,
@@ -57,30 +60,68 @@ func LinkGatewayToIssuerFunc(objs controller.Store) machinery.LinkFunc {
 			o := child.(*controller.RuntimeObject)
 			issuer := o.Object.(*certmanagerv1.Issuer)
 
-			// TODO: Refine
-			gateway, ok := lo.Find(gateways, func(item *gwapiv1.Gateway) bool {
-				return item.GetNamespace() == issuer.GetNamespace()
+			// Policies linked to Issuer
+			// Issuer must be in the same namespace as the policy
+			linkedPolicies := lo.Filter(tlsPolicies, func(p *kuadrantv1alpha1.TLSPolicy, index int) bool {
+				return p.Spec.IssuerRef.Name == issuer.GetName() && p.GetNamespace() == issuer.GetNamespace() && p.Spec.IssuerRef.Kind == certmanagerv1.IssuerKind
 			})
 
-			if ok {
-				return []machinery.Object{&machinery.Gateway{Gateway: gateway}}
+			if len(linkedPolicies) == 0 {
+				return nil
 			}
 
-			return nil
+			// Can infer linked gateways through the policy
+			linkedGateways := lo.Filter(gateways, func(g *gwapiv1.Gateway, index int) bool {
+				for _, l := range linkedPolicies {
+					if string(l.Spec.TargetRef.Name) == g.GetName() && g.GetNamespace() == l.GetNamespace() {
+						return true
+					}
+				}
+
+				return false
+			})
+
+			return lo.Map(linkedGateways, func(item *gwapiv1.Gateway, index int) machinery.Object {
+				return &machinery.Gateway{Gateway: item}
+			})
 		},
 	}
 }
 
 func LinkGatewayToClusterIssuerFunc(objs controller.Store) machinery.LinkFunc {
-	gateways := lo.Map(objs.FilterByGroupKind(machinery.GatewayGroupKind), controller.ObjectAs[machinery.Object])
+	gateways := lo.Map(objs.FilterByGroupKind(machinery.GatewayGroupKind), controller.ObjectAs[*gwapiv1.Gateway])
+	tlsPolicies := lo.Map(objs.FilterByGroupKind(kuadrantv1alpha1.TLSPolicyKind), controller.ObjectAs[*kuadrantv1alpha1.TLSPolicy])
 
 	return machinery.LinkFunc{
 		From: machinery.GatewayGroupKind,
 		To:   CertManagerClusterIssuerKind,
 		Func: func(child machinery.Object) []machinery.Object {
 			o := child.(*controller.RuntimeObject)
-			_ = o.Object.(*certmanagerv1.ClusterIssuer)
-			return gateways
+			clusterIssuer := o.Object.(*certmanagerv1.ClusterIssuer)
+
+			// Policies linked to ClusterIssuer
+			linkedPolicies := lo.Filter(tlsPolicies, func(p *kuadrantv1alpha1.TLSPolicy, index int) bool {
+				return p.Spec.IssuerRef.Name == clusterIssuer.GetName() && p.Spec.IssuerRef.Kind == certmanagerv1.ClusterIssuerKind
+			})
+
+			if len(linkedPolicies) == 0 {
+				return nil
+			}
+
+			// Can infer linked gateways through the policy
+			linkedGateways := lo.Filter(gateways, func(g *gwapiv1.Gateway, index int) bool {
+				for _, l := range linkedPolicies {
+					if string(l.Spec.TargetRef.Name) == g.GetName() && g.GetNamespace() == l.GetNamespace() {
+						return true
+					}
+				}
+
+				return false
+			})
+
+			return lo.Map(linkedGateways, func(item *gwapiv1.Gateway, index int) machinery.Object {
+				return &machinery.Gateway{Gateway: item}
+			})
 		},
 	}
 }
diff --git a/controllers/tlspolicy_tasks.go b/controllers/tlspolicy_tasks.go
@@ -233,21 +233,21 @@ func (t *TLSPolicyStatusTask) isIssuerReady(ctx context.Context, tlsPolicy *kuad
 		})
 		if !ok {
 			err := errors.New("unable to find issuer for TLSPolicy")
-			logger.Error(err, "unable to find issuer for TLSPolicy")
+			logger.Error(err, "error finding object in topology")
 			return err
 		}
 
 		issuer := obj.(*controller.RuntimeObject).Object.(*certmanagerv1.Issuer)
 
 		conditions = issuer.Status.Conditions
 	case certmanagerv1.ClusterIssuerKind:
-		// TODO: Why cant use gateway children
-		obj, ok := lo.Find(topology.Objects().Items(), func(o machinery.Object) bool {
+		objs := topology.Objects().Children(gw)
+		obj, ok := lo.Find(objs, func(o machinery.Object) bool {
 			return o.GroupVersionKind().GroupKind() == CertManagerClusterIssuerKind && o.GetName() == tlsPolicy.Spec.IssuerRef.Name
 		})
 		if !ok {
 			err := errors.New("unable to find cluster issuer for TLSPolicy")
-			logger.Error(err, "unable to find  cluster issuer for TLSPolicy")
+			logger.Error(err, "error finding object in topology")
 			return err
 		}
 
@@ -289,8 +289,8 @@ func (t *TLSPolicyStatusTask) isCertificatesReady(ctx context.Context, p machine
 		expectedCertificates := expectedCertificatesForGateway(ctx, gw.Gateway, tlsPolicy)
 
 		for _, cert := range expectedCertificates {
-			// TODO: Why cant use gateway
-			obj, ok := lo.Find(topology.Objects().Children(gw), func(o machinery.Object) bool {
+			objs := topology.Objects().Children(gw)
+			obj, ok := lo.Find(objs, func(o machinery.Object) bool {
 				return o.GroupVersionKind().GroupKind() == CertManagerCertificateKind && o.GetNamespace() == cert.GetNamespace() && o.GetName() == cert.GetName()
 			})