Update HTTPRoutePolicy and related components

This commit updates the `HTTPRoutePolicy` CRD with more detailed validation for Kubernetes object references, adds status and ancestor information to the policy, and updates the corresponding controller and test files. Additionally, it refactors the `StringOrSlice` type and adjusts the indexing and translation logic.

Author: dspo

api/common/types.go

@@ -31,34 +31,26 @@ func (vars *Vars) UnmarshalJSON(p []byte) error {
 
 // StringOrSlice represents a string or a string slice.
 // TODO Do not use interface{} to avoid the reflection overheads.
+//
+// +kubebuilder:validation:Schemaless
 type StringOrSlice struct {
-	StrVal   string   `json:"-"`
-	SliceVal []string `json:"-"`
+	StrVal   string          `json:"-"`
+	SliceVal []StringOrSlice `json:"-"`
 }
 
 func (s *StringOrSlice) MarshalJSON() ([]byte, error) {
-	var (
-		p   []byte
-		err error
-	)
 	if s.SliceVal != nil {
-		p, err = json.Marshal(s.SliceVal)
-	} else {
-		p, err = json.Marshal(s.StrVal)
+		return json.Marshal(s.SliceVal)
 	}
-	return p, err
+	return json.Marshal(s.StrVal)
 }
 
 func (s *StringOrSlice) UnmarshalJSON(p []byte) error {
-	var err error
-
 	if len(p) == 0 {
 		return errors.New("empty object")
 	}
 	if p[0] == '[' {
-		err = json.Unmarshal(p, &s.SliceVal)
-	} else {
-		err = json.Unmarshal(p, &s.StrVal)
+		return json.Unmarshal(p, &s.SliceVal)
 	}
-	return err
+	return json.Unmarshal(p, &s.StrVal)
 }

api/common/zz_generated.deepcopy.go

@@ -17,10 +17,10 @@ limitations under the License.
 package v1alpha1
 
 import (
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-
-	"github.com/api7/api7-ingress-controller/api/common"
 )
 
 // HTTPRoutePolicySpec defines the desired state of HTTPRoutePolicy.
@@ -34,10 +34,20 @@ type HTTPRoutePolicySpec struct {
 	// +listMapKey=name
 	// +kubebuilder:validation:MinItems=1
 	// +kubebuilder:validation:MaxItems=16
-	TargetRefs []gatewayv1alpha2.LocalPolicyTargetReferenceWithSectionName `json:"targetRefs"`
+	TargetRefs []TargetReference `json:"targetRefs"`
+
+	Priority *int64                 `json:"priority,omitempty" yaml:"priority,omitempty"`
+	Vars     []apiextensionsv1.JSON `json:"vars,omitempty" yaml:"vars,omitempty"`
+}
 
-	Priority *int64 `json:"priority,omitempty" yaml:"priority,omitempty"`
-	Vars     Vars   `json:"vars,omitempty" yaml:"vars,omitempty"`
+type TargetReference struct {
+	Group v1.Group `json:"group"`
+	Kind  v1.Kind  `json:"kind"`
+	// +optional
+	Namespace *v1.Namespace `json:"namespace,omitempty"`
+	Name      v1.ObjectName `json:"name"`
+	// +optional
+	SectionName *v1.SectionName `json:"sectionName,omitempty"`
 }
 
 // +kubebuilder:object:root=true
@@ -61,10 +71,6 @@ type HTTPRoutePolicyList struct {
 	Items           []HTTPRoutePolicy `json:"items"`
 }
 
-// Vars represents the route match expressions of APISIX.
-// +kubebuilder:object:generate=false
-type Vars = common.Vars
-
 func init() {
 	SchemeBuilder.Register(&HTTPRoutePolicy{}, &HTTPRoutePolicyList{})
 }

api/v1alpha1/httproutepolicy_types.go

@@ -49,49 +49,121 @@ spec:
 
                   target references.
                 items:
-                  description: |-
-                    LocalPolicyTargetReferenceWithSectionName identifies an API object to apply a
-                    direct policy to. This should be used as part of Policy resources that can
-                    target single resources. For more information on how this policy attachment
-                    mode works, and a sample Policy resource, refer to the policy attachment
-                    documentation for Gateway API.
-
-
-                    Note: This should only be used for direct policy attachment when references
-                    to SectionName are actually needed. In all other cases,
-                    LocalPolicyTargetReference should be used.
                   properties:
                     group:
-                      description: Group is the group of the target resource.
+                      description: |-
+                        Group refers to a Kubernetes Group. It must either be an empty string or a
+                        RFC 1123 subdomain.
+
+
+                        This validation is based off of the corresponding Kubernetes validation:
+                        https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
+
+
+                        Valid values include:
+
+
+                        * "" - empty string implies core Kubernetes API group
+                        * "gateway.networking.k8s.io"
+                        * "foo.example.com"
+
+
+                        Invalid values include:
+
+
+                        * "example.com/bar" - "/" is an invalid character
                       maxLength: 253
                       pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                       type: string
                     kind:
-                      description: Kind is kind of the target resource.
+                      description: |-
+                        Kind refers to a Kubernetes Kind.
+
+
+                        Valid values include:
+
+
+                        * "Service"
+                        * "HTTPRoute"
+
+
+                        Invalid values include:
+
+
+                        * "invalid/kind" - "/" is an invalid character
                       maxLength: 63
                       minLength: 1
                       pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
                       type: string
                     name:
-                      description: Name is the name of the target resource.
+                      description: |-
+                        ObjectName refers to the name of a Kubernetes object.
+                        Object names can have a variety of forms, including RFC 1123 subdomains,
+                        RFC 1123 labels, or RFC 1035 labels.
                       maxLength: 253
                       minLength: 1
                       type: string
+                    namespace:
+                      description: |-
+                        Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.
+
+
+                        This validation is based off of the corresponding Kubernetes validation:
+                        https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187
+
+
+                        This is used for Namespace name validation here:
+                        https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63
+
+
+                        Valid values include:
+
+
+                        * "example"
+
+
+                        Invalid values include:
+
+
+                        * "example.com" - "." is an invalid character
+                      maxLength: 63
+                      minLength: 1
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                      type: string
                     sectionName:
                       description: |-
-                        SectionName is the name of a section within the target resource. When
-                        unspecified, this targetRef targets the entire resource. In the following
-                        resources, SectionName is interpreted as the following:
+                        SectionName is the name of a section in a Kubernetes resource.
+
+
+                        In the following resources, SectionName is interpreted as the following:
 
 
                         * Gateway: Listener name
                         * HTTPRoute: HTTPRouteRule name
                         * Service: Port name
 
 
-                        If a SectionName is specified, but does not exist on the targeted object,
-                        the Policy must fail to attach, and the policy implementation should record
-                        a `ResolvedRefs` or similar Condition in the Policy's status.
+                        Section names can have a variety of forms, including RFC 1123 subdomains,
+                        RFC 1123 labels, or RFC 1035 labels.
+
+
+                        This validation is based off of the corresponding Kubernetes validation:
+                        https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L208
+
+
+                        Valid values include:
+
+
+                        * "example"
+                        * "foo-example"
+                        * "example.com"
+                        * "foo.example.com"
+
+
+                        Invalid values include:
+
+
+                        * "example.com/bar" - "/" is an invalid character
                       maxLength: 253
                       minLength: 1
                       pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -110,14 +182,8 @@ spec:
                 - name
                 x-kubernetes-list-type: map
               vars:
-                description: Vars represents the route match expressions of APISIX.
                 items:
-                  items:
-                    description: |-
-                      StringOrSlice represents a string or a string slice.
-                      TODO Do not use interface{} to avoid the reflection overheads.
-                    type: object
-                  type: array
+                  x-kubernetes-preserve-unknown-fields: true
                 type: array
             required:
             - targetRefs

api/v1alpha1/zz_generated.deepcopy.go

@@ -5,9 +5,11 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/api7/api7-ingress-controller/internal/controller/config"
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	discoveryv1 "k8s.io/api/discovery/v1"
+	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -19,6 +21,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
+	"sigs.k8s.io/gateway-api/apis/v1alpha2"
 
 	"github.com/api7/api7-ingress-controller/api/v1alpha1"
 	"github.com/api7/api7-ingress-controller/internal/controller/indexer"
@@ -386,6 +389,24 @@ func (r *HTTPRouteReconciler) processHTTPRoute(tctx *provider.TranslateContext,
 		}
 		for _, item := range httpRoutePolicyList.Items {
 			tctx.HTTPRoutePolicies[ruleName] = append(tctx.HTTPRoutePolicies[key], item.Spec)
+			item.Status.Ancestors = []v1alpha2.PolicyAncestorStatus{
+				{
+					AncestorRef: v1alpha2.ParentReference{
+						Group:       nil,
+						Kind:        nil,
+						Namespace:   nil,
+						Name:        gatewayv1.ObjectName(httpRoute.GetName()),
+						SectionName: nil,
+						Port:        nil,
+					},
+					ControllerName: v1alpha2.GatewayController(config.GetControllerName()),
+					Conditions:     []metav1.Condition{},
+				},
+			}
+			meta.SetStatusCondition(&item.Status.Ancestors[0].Conditions, NewCondition(item.Generation, true, "Successfully"))
+			if err := r.Status().Update(context.Background(), &item); err != nil {
+				r.Log.Error(err, "failed to Update policy status")
+			}
 		}
 	}