fix: review

Signed-off-by: ashing <[email protected]>

Author: ronething

internal/controller/indexer/indexer.go

@@ -42,6 +42,12 @@ func SetupIndexer(mgr ctrl.Manager) error {
 	if err := setupBackendTrafficPolicyIndexer(mgr); err != nil {
 		return err
 	}
+	if err := setupIngressClassIndexer(mgr); err != nil {
+		return err
+	}
+	if err := setupGatewayProxyIndexer(mgr); err != nil {
+		return err
+	}
 	return nil
 }
 
@@ -149,53 +155,90 @@ func setupHTTPRouteIndexer(mgr ctrl.Manager) error {
 	return nil
 }
 
-func setupIngressIndexer(mgr ctrl.Manager) error {
+func setupIngressClassIndexer(mgr ctrl.Manager) error {
 	// create IngressClass index
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.Ingress{},
-		IngressClassRef,
-		IngressClassRefIndexFunc,
+		&networkingv1.IngressClass{},
+		IngressClass,
+		IngressClassIndexFunc,
 	); err != nil {
 		return err
 	}
 
-	// create Service index for quick lookup of Ingresses using specific services
+	// create IngressClassParametersRef index
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.Ingress{},
-		ServiceIndexRef,
-		IngressServiceIndexFunc,
+		&networkingv1.IngressClass{},
+		IngressClassParametersRef,
+		IngressClassParametersRefIndexFunc,
 	); err != nil {
 		return err
 	}
 
-	// create secret index for TLS
+	return nil
+}
+
+func setupGatewayProxyIndexer(mgr ctrl.Manager) error {
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.Ingress{},
+		&v1alpha1.GatewayProxy{},
 		SecretIndexRef,
-		IngressSecretIndexFunc,
+		GatewayProxySecretIndexFunc,
 	); err != nil {
 		return err
 	}
+	return nil
+}
 
+func GatewayProxySecretIndexFunc(rawObj client.Object) []string {
+	gatewayProxy := rawObj.(*v1alpha1.GatewayProxy)
+	secretKeys := make([]string, 0)
+
+	// Check if provider is ControlPlane type and has AdminKey auth
+	if gatewayProxy.Spec.Provider != nil &&
+		gatewayProxy.Spec.Provider.Type == v1alpha1.ProviderTypeControlPlane &&
+		gatewayProxy.Spec.Provider.ControlPlane != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.Type == v1alpha1.AuthTypeAdminKey &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom != nil &&
+		gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef != nil {
+
+		ref := gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef
+		ns := gatewayProxy.GetNamespace()
+		key := GenIndexKey(ns, ref.Name)
+		secretKeys = append(secretKeys, key)
+	}
+	return secretKeys
+}
+
+func setupIngressIndexer(mgr ctrl.Manager) error {
 	// create IngressClass index
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.IngressClass{},
-		IngressClass,
-		IngressClassIndexFunc,
+		&networkingv1.Ingress{},
+		IngressClassRef,
+		IngressClassRefIndexFunc,
 	); err != nil {
 		return err
 	}
 
-	// create IngressClassParametersRef index
+	// create Service index for quick lookup of Ingresses using specific services
 	if err := mgr.GetFieldIndexer().IndexField(
 		context.Background(),
-		&networkingv1.IngressClass{},
-		IngressClassParametersRef,
-		IngressClassParametersRefIndexFunc,
+		&networkingv1.Ingress{},
+		ServiceIndexRef,
+		IngressServiceIndexFunc,
+	); err != nil {
+		return err
+	}
+
+	// create secret index for TLS
+	if err := mgr.GetFieldIndexer().IndexField(
+		context.Background(),
+		&networkingv1.Ingress{},
+		SecretIndexRef,
+		IngressSecretIndexFunc,
 	); err != nil {
 		return err
 	}

internal/controller/ingressclass_controller.go

@@ -4,9 +4,6 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/api7/api7-ingress-controller/api/v1alpha1"
-	"github.com/api7/api7-ingress-controller/internal/controller/indexer"
-	"github.com/api7/api7-ingress-controller/internal/provider"
 	"github.com/api7/gopkg/pkg/log"
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
@@ -19,6 +16,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+
+	"github.com/api7/api7-ingress-controller/api/v1alpha1"
+	"github.com/api7/api7-ingress-controller/internal/controller/indexer"
+	"github.com/api7/api7-ingress-controller/internal/provider"
 )
 
 // IngressClassReconciler reconciles a IngressClass object.
@@ -44,6 +45,10 @@ func (r *IngressClassReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			&v1alpha1.GatewayProxy{},
 			handler.EnqueueRequestsFromMapFunc(r.listIngressClassesForGatewayProxy),
 		).
+		Watches(
+			&corev1.Secret{},
+			handler.EnqueueRequestsFromMapFunc(r.listIngressClassesForSecret),
+		).
 		Complete(r)
 }
 
@@ -122,6 +127,50 @@ func (r *IngressClassReconciler) listIngressClassesForGatewayProxy(ctx context.C
 	return recs
 }
 
+func (r *IngressClassReconciler) listIngressClassesForSecret(ctx context.Context, obj client.Object) []reconcile.Request {
+	secret, ok := obj.(*corev1.Secret)
+	if !ok {
+		r.Log.Error(fmt.Errorf("unexpected object type"), "failed to convert object to Secret")
+		return nil
+	}
+
+	// 1. list gateway proxies by secret
+	gatewayProxyList := &v1alpha1.GatewayProxyList{}
+	if err := r.List(ctx, gatewayProxyList, client.MatchingFields{
+		indexer.SecretIndexRef: indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()),
+	}); err != nil {
+		r.Log.Error(err, "failed to list gateway proxies by secret", "secret", secret.GetName())
+		return nil
+	}
+
+	// 2. list ingress classes by gateway proxies
+	requests := make([]reconcile.Request, 0)
+	for _, gatewayProxy := range gatewayProxyList.Items {
+		ingressClassList := &networkingv1.IngressClassList{}
+		if err := r.List(ctx, ingressClassList, client.MatchingFields{
+			indexer.IngressClassParametersRef: indexer.GenIndexKey(gatewayProxy.GetNamespace(), gatewayProxy.GetName()),
+		}); err != nil {
+			r.Log.Error(err, "failed to list ingress classes by secret", "secret", secret.GetName())
+			return nil
+		}
+		for _, ingressClass := range ingressClassList.Items {
+			if !r.matchesController(&ingressClass) {
+				continue
+			}
+			requests = append(requests, reconcile.Request{
+				NamespacedName: client.ObjectKey{
+					Name:      ingressClass.GetName(),
+					Namespace: ingressClass.GetNamespace(),
+				},
+			})
+		}
+	}
+
+	requests = distinctRequests(requests)
+
+	return requests
+}
+
 func (r *IngressClassReconciler) processInfrastructure(tctx *provider.TranslateContext, ingressClass *networkingv1.IngressClass) error {
 	if ingressClass.Spec.Parameters == nil {
 		return nil

internal/provider/adc/translator/ingressclass.go

@@ -1,11 +1,12 @@
 package translator
 
 import (
-	adctypes "github.com/api7/api7-ingress-controller/api/adc"
-	"github.com/api7/api7-ingress-controller/internal/provider"
 	"github.com/api7/gopkg/pkg/log"
 	"go.uber.org/zap"
 	networkingv1 "k8s.io/api/networking/v1"
+
+	adctypes "github.com/api7/api7-ingress-controller/api/adc"
+	"github.com/api7/api7-ingress-controller/internal/provider"
 )
 
 func (t *Translator) TranslateIngressClass(tctx *provider.TranslateContext, obj *networkingv1.IngressClass) (*TranslateResult, error) {