feat: Update HTTPRoutePolicy handling for Ingress

Refactor the HTTPRoutePolicy update function to handle Ingress objects and improve logging. Add functionality to process HTTPRoutePolicies for Ingress in the IngressReconciler. Update tests to include scenarios for HTTPRoutePolicy targeting Ingress.

Author: dspo

internal/controller/httproute_controller.go

@@ -130,7 +130,7 @@ func (r *HTTPRouteReconciler) SetupWithManager(mgr ctrl.Manager) error {
 					DeleteFunc: func(e event.DeleteEvent) bool {
 						return true
 					},
-					UpdateFunc: r.httpRoutePolicyPredicateOnUpdate,
+					UpdateFunc: httpRoutePolicyPredicateOnUpdate(r.genericEvent, "HTTPRoute"),
 					GenericFunc: func(e event.GenericEvent) bool {
 						return false
 					},
@@ -400,7 +400,7 @@ func (r *HTTPRouteReconciler) listHTTPRouteByHTTPRoutePolicy(ctx context.Context
 		}
 
 		var httpRoute gatewayv1.HTTPRoute
-		if err := r.Get(ctx, client.ObjectKey{Namespace: key.Namespace, Name: key.Name}, &httpRoute); err != nil {
+		if err := r.Get(ctx, key, &httpRoute); err != nil {
 			r.Log.Error(err, "failed to get HTTPRoute by HTTPRoutePolicy targetRef", "namespace", key.Namespace, "name", key.Name)
 			continue
 		}
@@ -418,12 +418,7 @@ func (r *HTTPRouteReconciler) listHTTPRouteByHTTPRoutePolicy(ctx context.Context
 			}
 		}
 		keys[key] = struct{}{}
-		requests = append(requests, reconcile.Request{
-			NamespacedName: types.NamespacedName{
-				Namespace: key.Namespace,
-				Name:      key.Name,
-			},
-		})
+		requests = append(requests, reconcile.Request{NamespacedName: key})
 	}
 
 	return requests
@@ -466,14 +461,14 @@ func (r *HTTPRouteReconciler) listHTTPRouteForGenericEvent(ctx context.Context,
 			if _, ok := namespacedNameMap[namespacedName]; !ok {
 				namespacedNameMap[namespacedName] = struct{}{}
 				if err := r.Get(ctx, namespacedName, new(gatewayv1.HTTPRoute)); err != nil {
-					r.Log.Info("failed to Get HTTPRoute", "namespace", namespacedName.Namespace, "name", namespacedName.Name)
+					r.Log.Error(err, "failed to Get HTTPRoute", "namespace", namespacedName.Namespace, "name", namespacedName.Name)
 					continue
 				}
 				requests = append(requests, reconcile.Request{NamespacedName: namespacedName})
 			}
 		}
 	default:
-		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to BackendTrafficPolicy")
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to BackendTrafficPolicy or HTTPRoutePolicy")
 	}
 	return requests
 }
@@ -595,28 +590,36 @@ func (r *HTTPRouteReconciler) processHTTPRoute(tctx *provider.TranslateContext,
 	return terror
 }
 
-func (r *HTTPRouteReconciler) httpRoutePolicyPredicateOnUpdate(e event.UpdateEvent) bool {
-	oldPolicy, ok0 := e.ObjectOld.(*v1alpha1.HTTPRoutePolicy)
-	newPolicy, ok1 := e.ObjectNew.(*v1alpha1.HTTPRoutePolicy)
-	if !ok0 || !ok1 {
-		return false
-	}
-	var discardsRefs = make(map[string]v1alpha2.LocalPolicyTargetReferenceWithSectionName)
-	for _, ref := range oldPolicy.Spec.TargetRefs {
-		key := indexer.GenHTTPRoutePolicyIndexKey(string(ref.Group), string(ref.Kind), e.ObjectOld.GetNamespace(), string(ref.Name), "")
-		discardsRefs[key] = ref
-	}
-	for _, ref := range newPolicy.Spec.TargetRefs {
-		key := indexer.GenHTTPRoutePolicyIndexKey(string(ref.Group), string(ref.Kind), e.ObjectOld.GetNamespace(), string(ref.Name), "")
-		delete(discardsRefs, key)
-	}
-	if len(discardsRefs) > 0 {
-		dump := oldPolicy.DeepCopy()
-		dump.Spec.TargetRefs = make([]v1alpha2.LocalPolicyTargetReferenceWithSectionName, 0, len(discardsRefs))
-		for _, ref := range discardsRefs {
-			dump.Spec.TargetRefs = append(dump.Spec.TargetRefs, ref)
+func httpRoutePolicyPredicateOnUpdate(c chan event.GenericEvent, kind string) func(e event.UpdateEvent) bool {
+	return func(e event.UpdateEvent) bool {
+		oldPolicy, ok0 := e.ObjectOld.(*v1alpha1.HTTPRoutePolicy)
+		newPolicy, ok1 := e.ObjectNew.(*v1alpha1.HTTPRoutePolicy)
+		if !ok0 || !ok1 {
+			return false
+		}
+		var discardsRefs = make(map[string]v1alpha2.LocalPolicyTargetReferenceWithSectionName)
+		for _, ref := range oldPolicy.Spec.TargetRefs {
+			if string(ref.Kind) != kind {
+				continue
+			}
+			key := indexer.GenHTTPRoutePolicyIndexKey(string(ref.Group), string(ref.Kind), e.ObjectOld.GetNamespace(), string(ref.Name), "")
+			discardsRefs[key] = ref
+		}
+		for _, ref := range newPolicy.Spec.TargetRefs {
+			if string(ref.Kind) != kind {
+				continue
+			}
+			key := indexer.GenHTTPRoutePolicyIndexKey(string(ref.Group), string(ref.Kind), e.ObjectOld.GetNamespace(), string(ref.Name), "")
+			delete(discardsRefs, key)
+		}
+		if len(discardsRefs) > 0 {
+			dump := oldPolicy.DeepCopy()
+			dump.Spec.TargetRefs = make([]v1alpha2.LocalPolicyTargetReferenceWithSectionName, 0, len(discardsRefs))
+			for _, ref := range discardsRefs {
+				dump.Spec.TargetRefs = append(dump.Spec.TargetRefs, ref)
+			}
+			c <- event.GenericEvent{Object: dump}
 		}
-		r.genericEvent <- event.GenericEvent{Object: dump}
+		return true
 	}
-	return true
 }

internal/controller/httproutepolicy.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"
 
+	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -19,8 +20,8 @@ func (r *HTTPRouteReconciler) processHTTPRoutePolicies(tctx *provider.TranslateC
 	// list HTTPRoutePolices which sectionName is not specified
 	var (
 		checker = conflictChecker{
-			httpRoute: httpRoute,
-			policies:  make(map[targetRefKey][]v1alpha1.HTTPRoutePolicy),
+			object:   httpRoute,
+			policies: make(map[targetRefKey][]v1alpha1.HTTPRoutePolicy),
 		}
 		listForAllRules v1alpha1.HTTPRoutePolicyList
 		key             = indexer.GenHTTPRoutePolicyIndexKey(gatewayv1.GroupName, "HTTPRoute", httpRoute.GetNamespace(), httpRoute.GetName(), "")
@@ -111,10 +112,39 @@ func (r *HTTPRouteReconciler) modifyHTTPRoutePolicyStatus(httpRoute *gatewayv1.H
 	_ = SetAncestors(&policy.Status, httpRoute.Spec.ParentRefs, condition)
 }
 
+func (r *IngressReconciler) processHTTPRoutePolicies(tctx *provider.TranslateContext, ingress *networkingv1.Ingress) error {
+	var (
+		checker = conflictChecker{
+			object:   ingress,
+			policies: make(map[targetRefKey][]v1alpha1.HTTPRoutePolicy),
+			conflict: false,
+		}
+		list v1alpha1.HTTPRoutePolicyList
+		key  = indexer.GenHTTPRoutePolicyIndexKey(networkingv1.GroupName, "Ingress", ingress.GetNamespace(), ingress.GetName(), "")
+	)
+	if err := r.List(context.Background(), &list, client.MatchingFields{indexer.PolicyTargetRefs: key}); err != nil {
+		return err
+	}
+
+	for _, item := range list.Items {
+		checker.append("", item)
+		tctx.HTTPRoutePolicies["*"] = append(tctx.HTTPRoutePolicies["*"], item)
+	}
+
+	if checker.conflict {
+		// clear HTTPRoutePolicies from TranslateContext
+		tctx.HTTPRoutePolicies = make(map[string][]v1alpha1.HTTPRoutePolicy)
+	}
+
+	// todo: handle HTTPRoutePolicy status
+
+	return nil
+}
+
 type conflictChecker struct {
-	httpRoute *gatewayv1.HTTPRoute
-	policies  map[targetRefKey][]v1alpha1.HTTPRoutePolicy
-	conflict  bool
+	object   client.Object
+	policies map[targetRefKey][]v1alpha1.HTTPRoutePolicy
+	conflict bool
 }
 
 type targetRefKey struct {
@@ -127,8 +157,8 @@ type targetRefKey struct {
 func (c *conflictChecker) append(sectionName string, policy v1alpha1.HTTPRoutePolicy) {
 	key := targetRefKey{
 		Group:       gatewayv1.GroupName,
-		Namespace:   gatewayv1.Namespace(c.httpRoute.GetNamespace()),
-		Name:        gatewayv1.ObjectName(c.httpRoute.GetName()),
+		Namespace:   gatewayv1.Namespace(c.object.GetNamespace()),
+		Name:        gatewayv1.ObjectName(c.object.GetName()),
 		SectionName: gatewayv1.SectionName(sectionName),
 	}
 	c.policies[key] = append(c.policies[key], policy)

internal/controller/indexer/indexer.go

@@ -23,6 +23,7 @@ const (
 	IngressClassRef    = "ingressClassRef"
 	ConsumerGatewayRef = "consumerGatewayRef"
 	PolicyTargetRefs   = "targetRefs"
+	PolicyTargetRefIng = "targetRefIng"
 )
 
 func SetupIndexer(mgr ctrl.Manager) error {
@@ -189,6 +190,16 @@ func setupIngressIndexer(mgr ctrl.Manager) error {
 		return err
 	}
 
+	// create HTTPRoutePolicy index
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&v1alpha1.HTTPRoutePolicy{},
+		PolicyTargetRefIng,
+		IngressHTTPRouteIndexFunc,
+	); err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -256,6 +267,10 @@ func IngressSecretIndexFunc(rawObj client.Object) []string {
 	return secrets
 }
 
+func IngressHTTPRouteIndexFunc(rawObj client.Object) []string {
+	return []string{GenHTTPRoutePolicyIndexKey(networkingv1.GroupName, "Ingress", rawObj.GetGenerateName(), rawObj.GetName(), "")}
+}
+
 func GenIndexKeyWithGK(group, kind, namespace, name string) string {
 	gvk := schema.GroupKind{
 		Group: group,

internal/controller/ingress_controller.go

@@ -6,11 +6,6 @@ import (
 	"fmt"
 	"reflect"
 
-	"github.com/api7/api7-ingress-controller/api/v1alpha1"
-	"github.com/api7/api7-ingress-controller/internal/controller/config"
-	"github.com/api7/api7-ingress-controller/internal/controller/indexer"
-	"github.com/api7/api7-ingress-controller/internal/provider"
-	"github.com/api7/gopkg/pkg/log"
 	"github.com/go-logr/logr"
 	"go.uber.org/zap"
 	corev1 "k8s.io/api/core/v1"
@@ -22,9 +17,17 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+	"sigs.k8s.io/controller-runtime/pkg/source"
+
+	"github.com/api7/api7-ingress-controller/api/v1alpha1"
+	"github.com/api7/api7-ingress-controller/internal/controller/config"
+	"github.com/api7/api7-ingress-controller/internal/controller/indexer"
+	"github.com/api7/api7-ingress-controller/internal/provider"
+	"github.com/api7/gopkg/pkg/log"
 )
 
 // IngressReconciler reconciles a Ingress object.
@@ -34,10 +37,14 @@ type IngressReconciler struct { //nolint:revive
 	Log    logr.Logger
 
 	Provider provider.Provider
+
+	genericEvent chan event.GenericEvent
 }
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *IngressReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	r.genericEvent = make(chan event.GenericEvent, 100)
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&networkingv1.Ingress{},
 			builder.WithPredicates(
@@ -65,6 +72,29 @@ func (r *IngressReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			&corev1.Secret{},
 			handler.EnqueueRequestsFromMapFunc(r.listIngressesBySecret),
 		).
+		Watches(&v1alpha1.HTTPRoutePolicy{},
+			handler.EnqueueRequestsFromMapFunc(r.listIngressesByHTTPRoutePolicy),
+			builder.WithPredicates(
+				predicate.Funcs{
+					CreateFunc: func(e event.CreateEvent) bool {
+						return true
+					},
+					DeleteFunc: func(e event.DeleteEvent) bool {
+						return true
+					},
+					UpdateFunc: httpRoutePolicyPredicateOnUpdate(r.genericEvent, "Ingress"),
+					GenericFunc: func(e event.GenericEvent) bool {
+						return false
+					},
+				},
+			),
+		).
+		WatchesRawSource(
+			source.Channel(
+				r.genericEvent,
+				handler.EnqueueRequestsFromMapFunc(r.listIngressesForGenericEvent),
+			),
+		).
 		Complete(r)
 }
 
@@ -121,6 +151,12 @@ func (r *IngressReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		return ctrl.Result{}, err
 	}
 
+	// process HTTPRoutePolicy
+	if err := r.processHTTPRoutePolicies(tctx, ingress); err != nil {
+		r.Log.Error(err, "failed to process HTTPRoutePolicy", "ingress", ingress.Name)
+		return ctrl.Result{}, err
+	}
+
 	// update the ingress resources
 	if err := r.Provider.Update(ctx, tctx, ingress); err != nil {
 		r.Log.Error(err, "failed to update ingress resources", "ingress", ingress.Name)
@@ -341,6 +377,60 @@ func (r *IngressReconciler) listIngressesBySecret(ctx context.Context, obj clien
 	return requests
 }
 
+func (r *IngressReconciler) listIngressesByHTTPRoutePolicy(ctx context.Context, obj client.Object) (requests []reconcile.Request) {
+	httpRoutePolicy, ok := obj.(*v1alpha1.HTTPRoutePolicy)
+	if !ok {
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to HTTPRoutePolicy")
+		return nil
+	}
+
+	var keys = make(map[types.NamespacedName]struct{})
+	for _, ref := range httpRoutePolicy.Spec.TargetRefs {
+		if ref.Kind != "Ingress" {
+			continue
+		}
+		key := types.NamespacedName{
+			Namespace: obj.GetNamespace(),
+			Name:      string(ref.Name),
+		}
+		if _, ok := keys[key]; ok {
+			continue
+		}
+
+		var ingress networkingv1.Ingress
+		if err := r.Get(ctx, key, &ingress); err != nil {
+			r.Log.Error(err, "failed to get Ingress By HTTPRoutePolicy targetRef", "namespace", key.Namespace, "name", key.Name)
+			continue
+		}
+		keys[key] = struct{}{}
+		requests = append(requests, reconcile.Request{NamespacedName: key})
+	}
+	return
+}
+
+func (r *IngressReconciler) listIngressesForGenericEvent(ctx context.Context, obj client.Object) (requests []reconcile.Request) {
+	var namespacedNameMap = make(map[types.NamespacedName]struct{})
+
+	switch v := obj.(type) {
+	case *v1alpha1.HTTPRoutePolicy:
+		for _, ref := range v.Spec.TargetRefs {
+			namespacedName := types.NamespacedName{Namespace: v.GetNamespace(), Name: string(ref.Name)}
+			if _, ok := namespacedNameMap[namespacedName]; !ok {
+				namespacedNameMap[namespacedName] = struct{}{}
+				if err := r.Get(ctx, namespacedName, new(networkingv1.Ingress)); err != nil {
+					r.Log.Error(err, "failed to Get Ingress", "namespace", namespacedName.Namespace, "name", namespacedName.Name)
+					continue
+				}
+				requests = append(requests, reconcile.Request{NamespacedName: namespacedName})
+			}
+		}
+	default:
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to HTTPRoutePolicy")
+	}
+
+	return
+}
+
 // processTLS process the TLS configuration of the ingress
 func (r *IngressReconciler) processTLS(tctx *provider.TranslateContext, ingress *networkingv1.Ingress) error {
 	for _, tls := range ingress.Spec.TLS {