add secret test

Author: AlinsRan

internal/controller/apisixconsumer_controller.go

@@ -32,6 +32,8 @@ import (
 
 	"github.com/apache/apisix-ingress-controller/api/v1alpha1"
 	apiv2 "github.com/apache/apisix-ingress-controller/api/v2"
+	v2 "github.com/apache/apisix-ingress-controller/api/v2"
+	"github.com/apache/apisix-ingress-controller/internal/controller/indexer"
 	"github.com/apache/apisix-ingress-controller/internal/controller/status"
 	"github.com/apache/apisix-ingress-controller/internal/provider"
 	"github.com/apache/apisix-ingress-controller/internal/utils"
@@ -70,30 +72,34 @@ func (r *ApisixConsumerReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	}
 
 	var (
-		tctx = provider.NewDefaultTranslateContext(ctx)
-		err  error
+		tctx      = provider.NewDefaultTranslateContext(ctx)
+		reasonErr error
 	)
 	defer func() {
-		r.updateStatus(ac, err)
+		r.updateStatus(ac, reasonErr)
 	}()
 
 	ingressClass, err := GetIngressClass(tctx, r.Client, r.Log, ac.Spec.IngressClassName)
 	if err != nil {
 		r.Log.Error(err, "failed to get IngressClass")
+		reasonErr = err
 		return ctrl.Result{}, err
 	}
 
 	if err := ProcessIngressClassParameters(tctx, r.Client, r.Log, ac, ingressClass); err != nil {
 		r.Log.Error(err, "failed to process IngressClass parameters", "ingressClass", ingressClass.Name)
+		reasonErr = err
 		return ctrl.Result{}, err
 	}
 
 	if err := r.processSpec(ctx, tctx, ac); err != nil {
+		reasonErr = err
 		return ctrl.Result{}, err
 	}
 
 	if err := r.Provider.Update(ctx, tctx, ac); err != nil {
 		r.Log.Error(err, "failed to update provider", "ApisixConsumer", ac)
+		reasonErr = err
 		return ctrl.Result{}, err
 	}
 	return ctrl.Result{}, nil
@@ -122,6 +128,9 @@ func (r *ApisixConsumerReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Watches(&v1alpha1.GatewayProxy{},
 			handler.EnqueueRequestsFromMapFunc(r.listApisixConsumerForGatewayProxy),
 		).
+		Watches(&corev1.Secret{},
+			handler.EnqueueRequestsFromMapFunc(r.listApisixConsumerForSecret),
+		).
 		Named("apisixconsumer").
 		Complete(r)
 }
@@ -161,6 +170,23 @@ func (r *ApisixConsumerReconciler) listApisixConsumerForIngressClass(ctx context
 	)
 }
 
+func (r *ApisixConsumerReconciler) listApisixConsumerForSecret(ctx context.Context, obj client.Object) []reconcile.Request {
+	secret, ok := obj.(*corev1.Secret)
+	if !ok {
+		r.Log.Error(nil, "failed to convert to Secret", "object", obj)
+		return nil
+	}
+	return ListRequests(
+		ctx,
+		r.Client,
+		r.Log,
+		&v2.ApisixConsumerList{},
+		client.MatchingFields{
+			indexer.SecretIndexRef: indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()),
+		},
+	)
+}
+
 func (r *ApisixConsumerReconciler) processSpec(ctx context.Context, tctx *provider.TranslateContext, ac *apiv2.ApisixConsumer) error {
 	var secretRef *corev1.LocalObjectReference
 	if ac.Spec.AuthParameter.KeyAuth != nil {
@@ -205,11 +231,7 @@ func (r *ApisixConsumerReconciler) updateStatus(consumer *apiv2.ApisixConsumer,
 		NamespacedName: utils.NamespacedName(consumer),
 		Resource:       &apiv2.ApisixConsumer{},
 		Mutator: status.MutatorFunc(func(obj client.Object) client.Object {
-			ac, ok := obj.(*apiv2.ApisixConsumer)
-			if !ok {
-				err := fmt.Errorf("unsupported object type %T", obj)
-				panic(err)
-			}
+			ac := obj.(*apiv2.ApisixConsumer)
 			acCopy := ac.DeepCopy()
 			acCopy.Status = consumer.Status
 			return acCopy

internal/controller/apisixroute_controller.go

@@ -35,7 +35,6 @@ import (
 
 	"github.com/apache/apisix-ingress-controller/api/v1alpha1"
 	apiv2 "github.com/apache/apisix-ingress-controller/api/v2"
-	"github.com/apache/apisix-ingress-controller/internal/controller/config"
 	"github.com/apache/apisix-ingress-controller/internal/controller/indexer"
 	"github.com/apache/apisix-ingress-controller/internal/controller/status"
 	"github.com/apache/apisix-ingress-controller/internal/provider"
@@ -511,45 +510,6 @@ func (r *ApisixRouteReconciler) listApisixRouteForApisixUpstream(ctx context.Con
 	return pkgutils.DedupComparable(requests)
 }
 
-func (r *ApisixRouteReconciler) matchesIngressController(obj client.Object) bool {
-	ingressClass, ok := obj.(*networkingv1.IngressClass)
-	if !ok {
-		return false
-	}
-	return matchesController(ingressClass.Spec.Controller)
-}
-
-func (r *ApisixRouteReconciler) getIngressClass(ar *apiv2.ApisixRoute) (*networkingv1.IngressClass, error) {
-	if ar.Spec.IngressClassName == "" {
-		return r.getDefaultIngressClass()
-	}
-
-	var ic networkingv1.IngressClass
-	if err := r.Get(context.Background(), client.ObjectKey{Name: ar.Spec.IngressClassName}, &ic); err != nil {
-		return nil, err
-	}
-	return &ic, nil
-}
-
-func (r *ApisixRouteReconciler) getDefaultIngressClass() (*networkingv1.IngressClass, error) {
-	var icList networkingv1.IngressClassList
-	if err := r.List(context.Background(), &icList, client.MatchingFields{
-		indexer.IngressClass: config.GetControllerName(),
-	}); err != nil {
-		r.Log.Error(err, "failed to list ingress classes")
-		return nil, err
-	}
-	for _, ic := range icList.Items {
-		if IsDefaultIngressClass(&ic) && matchesController(ic.Spec.Controller) {
-			return &ic, nil
-		}
-	}
-	return nil, ReasonError{
-		Reason:  string(metav1.StatusReasonNotFound),
-		Message: "default ingress class not found or dose not match the controller",
-	}
-}
-
 func (r *ApisixRouteReconciler) updateStatus(ar *apiv2.ApisixRoute, err error) {
 	SetApisixCRDConditionAccepted(&ar.Status, ar.GetGeneration(), err)
 	r.Updater.Update(status.Update{

internal/controller/consumer_controller.go

@@ -100,23 +100,15 @@ func (r *ConsumerReconciler) listConsumersForSecret(ctx context.Context, obj cli
 		r.Log.Error(nil, "failed to convert to Secret", "object", obj)
 		return nil
 	}
-	consumerList := &v1alpha1.ConsumerList{}
-	if err := r.List(ctx, consumerList, client.MatchingFields{
-		indexer.SecretIndexRef: indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()),
-	}); err != nil {
-		r.Log.Error(err, "failed to list consumers")
-		return nil
-	}
-	requests := make([]reconcile.Request, 0, len(consumerList.Items))
-	for _, consumer := range consumerList.Items {
-		requests = append(requests, reconcile.Request{
-			NamespacedName: client.ObjectKey{
-				Name:      consumer.Name,
-				Namespace: consumer.Namespace,
-			},
-		})
-	}
-	return requests
+	return ListRequests(
+		ctx,
+		r.Client,
+		r.Log,
+		&v1alpha1.ConsumerList{},
+		client.MatchingFields{
+			indexer.SecretIndexRef: indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()),
+		},
+	)
 }
 
 func (r *ConsumerReconciler) listConsumersForGateway(ctx context.Context, obj client.Object) []reconcile.Request {

internal/controller/httproutepolicy.go

@@ -202,7 +202,7 @@ func (r *IngressReconciler) updateHTTPRoutePolicyStatusOnDeleting(ctx context.Co
 				if err := r.Get(ctx, namespacedName, &ingress); err != nil {
 					continue
 				}
-				ingressClass, err := r.getIngressClass(&ingress)
+				ingressClass, err := r.getIngressClass(ctx, &ingress)
 				if err != nil {
 					continue
 				}

internal/controller/indexer/indexer.go

@@ -16,6 +16,7 @@ import (
 	"cmp"
 	"context"
 
+	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
@@ -56,6 +57,7 @@ func SetupIndexer(mgr ctrl.Manager) error {
 		setupGatewayClassIndexer,
 		setupApisixRouteIndexer,
 		setupApisixPluginConfigIndexer,
+		setupApisixConsumerIndexer,
 	} {
 		if err := setup(mgr); err != nil {
 			return err
@@ -124,6 +126,18 @@ func setupApisixPluginConfigIndexer(mgr ctrl.Manager) error {
 	return nil
 }
 
+func setupApisixConsumerIndexer(mgr ctrl.Manager) error {
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&apiv2.ApisixConsumer{},
+		SecretIndexRef,
+		ApisixConsumerSecretIndexFunc,
+	); err != nil {
+		return err
+	}
+	return nil
+}
+
 func ConsumerSecretIndexFunc(rawObj client.Object) []string {
 	consumer := rawObj.(*v1alpha1.Consumer)
 	secretKeys := make([]string, 0)
@@ -638,3 +652,25 @@ func ApisixPluginConfigSecretIndexFunc(obj client.Object) (keys []string) {
 	}
 	return
 }
+
+func ApisixConsumerSecretIndexFunc(rawObj client.Object) (keys []string) {
+	ac := rawObj.(*apiv2.ApisixConsumer)
+	var secretRef *corev1.LocalObjectReference
+	if ac.Spec.AuthParameter.KeyAuth != nil {
+		secretRef = ac.Spec.AuthParameter.KeyAuth.SecretRef
+	} else if ac.Spec.AuthParameter.BasicAuth != nil {
+		secretRef = ac.Spec.AuthParameter.BasicAuth.SecretRef
+	} else if ac.Spec.AuthParameter.JwtAuth != nil {
+		secretRef = ac.Spec.AuthParameter.JwtAuth.SecretRef
+	} else if ac.Spec.AuthParameter.WolfRBAC != nil {
+		secretRef = ac.Spec.AuthParameter.WolfRBAC.SecretRef
+	} else if ac.Spec.AuthParameter.HMACAuth != nil {
+		secretRef = ac.Spec.AuthParameter.HMACAuth.SecretRef
+	} else if ac.Spec.AuthParameter.LDAPAuth != nil {
+		secretRef = ac.Spec.AuthParameter.LDAPAuth.SecretRef
+	}
+	if secretRef != nil {
+		keys = append(keys, GenIndexKey(ac.GetNamespace(), secretRef.Name))
+	}
+	return
+}