refacotr: apisixglobal

Author: AlinsRan

internal/controller/apisixconsumer_controller.go

@@ -16,7 +16,6 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/api7/gopkg/pkg/log"
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
@@ -30,7 +29,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
 
 	"github.com/apache/apisix-ingress-controller/api/v1alpha1"
 	apiv2 "github.com/apache/apisix-ingress-controller/api/v2"
@@ -71,42 +69,33 @@ func (r *ApisixConsumerReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 		return ctrl.Result{}, err
 	}
 
-	tctx := provider.NewDefaultTranslateContext(ctx)
+	var (
+		tctx = provider.NewDefaultTranslateContext(ctx)
+		err  error
+	)
+	defer func() {
+		r.updateStatus(ac, err)
+	}()
 
 	ingressClass, err := GetIngressClass(tctx, r.Client, r.Log, ac.Spec.IngressClassName)
 	if err != nil {
-		log.Error(err, "failed to get IngressClass")
+		r.Log.Error(err, "failed to get IngressClass")
 		return ctrl.Result{}, err
 	}
 
 	if err := ProcessIngressClassParameters(tctx, r.Client, r.Log, ac, ingressClass); err != nil {
-		log.Error(err, "failed to process IngressClass parameters", "ingressClass", ingressClass.Name)
+		r.Log.Error(err, "failed to process IngressClass parameters", "ingressClass", ingressClass.Name)
+		return ctrl.Result{}, err
+	}
+
+	if err := r.processSpec(ctx, tctx, ac); err != nil {
 		return ctrl.Result{}, err
 	}
 
 	if err := r.Provider.Update(ctx, tctx, ac); err != nil {
 		r.Log.Error(err, "failed to update provider", "ApisixConsumer", ac)
-		// Update status with failure condition
-		r.updateStatus(ac, metav1.Condition{
-			Type:               string(apiv2.ConditionTypeAccepted),
-			Status:             metav1.ConditionFalse,
-			ObservedGeneration: ac.Generation,
-			LastTransitionTime: metav1.Now(),
-			Reason:             string(apiv2.ConditionReasonSyncFailed),
-			Message:            err.Error(),
-		})
 		return ctrl.Result{}, err
 	}
-
-	// Update status with success condition
-	r.updateStatus(ac, metav1.Condition{
-		Type:               string(gatewayv1.RouteConditionAccepted),
-		Status:             metav1.ConditionTrue,
-		ObservedGeneration: ac.Generation,
-		LastTransitionTime: metav1.Now(),
-		Reason:             string(gatewayv1.RouteReasonAccepted),
-		Message:            "The ApisixConsumer has been accepted by the apisix-ingress-controller",
-	})
 	return ctrl.Result{}, nil
 }
 
@@ -210,7 +199,8 @@ func (r *ApisixConsumerReconciler) processSpec(ctx context.Context, tctx *provid
 	return nil
 }
 
-func (r *ApisixConsumerReconciler) updateStatus(consumer *apiv2.ApisixConsumer, condition metav1.Condition) {
+func (r *ApisixConsumerReconciler) updateStatus(consumer *apiv2.ApisixConsumer, err error) {
+	SetApisixCRDConditionAccepted(&consumer.Status, consumer.GetGeneration(), err)
 	r.Updater.Update(status.Update{
 		NamespacedName: utils.NamespacedName(consumer),
 		Resource:       &apiv2.ApisixConsumer{},
@@ -221,7 +211,7 @@ func (r *ApisixConsumerReconciler) updateStatus(consumer *apiv2.ApisixConsumer,
 				panic(err)
 			}
 			acCopy := ac.DeepCopy()
-			acCopy.Status.Conditions = []metav1.Condition{condition}
+			acCopy.Status = consumer.Status
 			return acCopy
 		}),
 	})

internal/controller/apisixglobalrule_controller.go

@@ -14,16 +14,13 @@ package controller
 
 import (
 	"context"
-	"errors"
 	"fmt"
 
 	"github.com/api7/gopkg/pkg/log"
 	"github.com/go-logr/logr"
-	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -79,14 +76,14 @@ func (r *ApisixGlobalRuleReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	tctx := provider.NewDefaultTranslateContext(ctx)
 
 	// get the ingress class
-	ingressClass, err := r.getIngressClass(&globalRule)
+	ingressClass, err := GetIngressClass(tctx, r.Client, r.Log, globalRule.Spec.IngressClassName)
 	if err != nil {
 		log.Error(err, "failed to get IngressClass")
 		return ctrl.Result{}, err
 	}
 
 	// process IngressClass parameters if they reference GatewayProxy
-	if err := r.processIngressClassParameters(ctx, tctx, &globalRule, ingressClass); err != nil {
+	if err := ProcessIngressClassParameters(tctx, r.Client, r.Log, &globalRule, ingressClass); err != nil {
 		log.Error(err, "failed to process IngressClass parameters", "ingressClass", ingressClass.Name)
 		return ctrl.Result{}, err
 	}
@@ -137,12 +134,13 @@ func (r *ApisixGlobalRuleReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			&networkingv1.IngressClass{},
 			handler.EnqueueRequestsFromMapFunc(r.listGlobalRulesForIngressClass),
 			builder.WithPredicates(
-				predicate.NewPredicateFuncs(r.matchesIngressController),
+				predicate.NewPredicateFuncs(matchesIngressController),
 			),
 		).
 		Watches(&v1alpha1.GatewayProxy{},
 			handler.EnqueueRequestsFromMapFunc(r.listGlobalRulesForGatewayProxy),
 		).
+		Named("apisixglobalrule").
 		Complete(r)
 }
 
@@ -187,181 +185,31 @@ func (r *ApisixGlobalRuleReconciler) matchesIngressClass(ingressClassName string
 	return matchesController(ingressClass.Spec.Controller)
 }
 
-// matchesIngressController check if the ingress class is controlled by us
-func (r *ApisixGlobalRuleReconciler) matchesIngressController(obj client.Object) bool {
-	ingressClass, ok := obj.(*networkingv1.IngressClass)
-	if !ok {
-		return false
-	}
-	return matchesController(ingressClass.Spec.Controller)
-}
-
 // listGlobalRulesForIngressClass list all global rules that use a specific ingress class
 func (r *ApisixGlobalRuleReconciler) listGlobalRulesForIngressClass(ctx context.Context, obj client.Object) []reconcile.Request {
 	ingressClass, ok := obj.(*networkingv1.IngressClass)
 	if !ok {
 		return nil
 	}
 
-	var requests []reconcile.Request
-
-	// List all global rules and filter based on ingress class
-	globalRuleList := &apiv2.ApisixGlobalRuleList{}
-	if err := r.List(ctx, globalRuleList); err != nil {
-		r.Log.Error(err, "failed to list global rules")
-		return nil
-	}
-
-	isDefaultClass := IsDefaultIngressClass(ingressClass)
-	for _, globalRule := range globalRuleList.Items {
-		if (isDefaultClass && globalRule.Spec.IngressClassName == "") ||
-			globalRule.Spec.IngressClassName == ingressClass.Name {
-			requests = append(requests, reconcile.Request{
-				NamespacedName: client.ObjectKey{
-					Namespace: globalRule.Namespace,
-					Name:      globalRule.Name,
-				},
-			})
-		}
-	}
-
-	return requests
-}
-
-// listGlobalRulesForGatewayProxy list all global rules that use a specific gateway proxy
-func (r *ApisixGlobalRuleReconciler) listGlobalRulesForGatewayProxy(ctx context.Context, obj client.Object) []reconcile.Request {
-	gatewayProxy, ok := obj.(*v1alpha1.GatewayProxy)
-	if !ok {
-		return nil
-	}
-
-	// Find all ingress classes that reference this gateway proxy
-	ingressClassList := &networkingv1.IngressClassList{}
-	if err := r.List(ctx, ingressClassList, client.MatchingFields{
-		indexer.IngressClassParametersRef: indexer.GenIndexKey(gatewayProxy.GetNamespace(), gatewayProxy.GetName()),
-	}); err != nil {
-		r.Log.Error(err, "failed to list ingress classes for gateway proxy", "gatewayproxy", gatewayProxy.GetName())
-		return nil
-	}
-
-	var requests []reconcile.Request
-	for _, ingressClass := range ingressClassList.Items {
-		requests = append(requests, r.listGlobalRulesForIngressClass(ctx, &ingressClass)...)
-	}
-
-	// Remove duplicates
-	uniqueRequests := make(map[string]reconcile.Request)
-	for _, request := range requests {
-		uniqueRequests[request.String()] = request
-	}
-
-	distinctRequests := make([]reconcile.Request, 0, len(uniqueRequests))
-	for _, request := range uniqueRequests {
-		distinctRequests = append(distinctRequests, request)
-	}
-
-	return distinctRequests
-}
-
-// getIngressClass get the ingress class for the global rule
-func (r *ApisixGlobalRuleReconciler) getIngressClass(globalRule *apiv2.ApisixGlobalRule) (*networkingv1.IngressClass, error) {
-	if globalRule.Spec.IngressClassName == "" {
-		// Check for default ingress class
-		ingressClassList := &networkingv1.IngressClassList{}
-		if err := r.List(context.Background(), ingressClassList, client.MatchingFields{
-			indexer.IngressClass: config.GetControllerName(),
-		}); err != nil {
-			r.Log.Error(err, "failed to list ingress classes")
-			return nil, err
-		}
-
-		// Find the ingress class that is marked as default
-		for _, ic := range ingressClassList.Items {
-			if IsDefaultIngressClass(&ic) && matchesController(ic.Spec.Controller) {
-				return &ic, nil
+	return ListMatchingRequests(
+		ctx,
+		r.Client,
+		r.Log,
+		&apiv2.ApisixGlobalRuleList{},
+		func(obj client.Object) bool {
+			agr, ok := obj.(*apiv2.ApisixGlobalRule)
+			if !ok {
+				r.Log.Error(fmt.Errorf("expected ApisixGlobalRule, got %T", obj), "failed to match object type")
+				return false
 			}
-		}
-		log.Debugw("no default ingress class found")
-		return nil, errors.New("no default ingress class found")
-	}
-
-	// Check if the specified ingress class is controlled by us
-	var ingressClass networkingv1.IngressClass
-	if err := r.Get(context.Background(), client.ObjectKey{Name: globalRule.Spec.IngressClassName}, &ingressClass); err != nil {
-		return nil, err
-	}
-
-	if matchesController(ingressClass.Spec.Controller) {
-		return &ingressClass, nil
-	}
-
-	return nil, errors.New("ingress class is not controlled by us")
+			return (IsDefaultIngressClass(ingressClass) && agr.Spec.IngressClassName == "") || agr.Spec.IngressClassName == ingressClass.Name
+		},
+	)
 }
 
-// processIngressClassParameters processes the IngressClass parameters that reference GatewayProxy
-func (r *ApisixGlobalRuleReconciler) processIngressClassParameters(ctx context.Context, tctx *provider.TranslateContext, globalRule *apiv2.ApisixGlobalRule, ingressClass *networkingv1.IngressClass) error {
-	if ingressClass == nil || ingressClass.Spec.Parameters == nil {
-		return nil
-	}
-
-	ingressClassKind := utils.NamespacedNameKind(ingressClass)
-	globalRuleKind := utils.NamespacedNameKind(globalRule)
-
-	parameters := ingressClass.Spec.Parameters
-	// check if the parameters reference GatewayProxy
-	if parameters.APIGroup != nil && *parameters.APIGroup == v1alpha1.GroupVersion.Group && parameters.Kind == KindGatewayProxy {
-		ns := globalRule.GetNamespace()
-		if parameters.Namespace != nil {
-			ns = *parameters.Namespace
-		}
-
-		gatewayProxy := &v1alpha1.GatewayProxy{}
-		if err := r.Get(ctx, client.ObjectKey{
-			Namespace: ns,
-			Name:      parameters.Name,
-		}, gatewayProxy); err != nil {
-			r.Log.Error(err, "failed to get GatewayProxy", "namespace", ns, "name", parameters.Name)
-			return err
-		}
-
-		r.Log.Info("found GatewayProxy for IngressClass", "ingressClass", ingressClass.Name, "gatewayproxy", gatewayProxy.Name)
-		tctx.GatewayProxies[ingressClassKind] = *gatewayProxy
-		tctx.ResourceParentRefs[globalRuleKind] = append(tctx.ResourceParentRefs[globalRuleKind], ingressClassKind)
-
-		// check if the provider field references a secret
-		if gatewayProxy.Spec.Provider != nil && gatewayProxy.Spec.Provider.Type == v1alpha1.ProviderTypeControlPlane {
-			if gatewayProxy.Spec.Provider.ControlPlane != nil &&
-				gatewayProxy.Spec.Provider.ControlPlane.Auth.Type == v1alpha1.AuthTypeAdminKey &&
-				gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey != nil &&
-				gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom != nil &&
-				gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef != nil {
-
-				secretRef := gatewayProxy.Spec.Provider.ControlPlane.Auth.AdminKey.ValueFrom.SecretKeyRef
-				secret := &corev1.Secret{}
-				if err := r.Get(ctx, client.ObjectKey{
-					Namespace: ns,
-					Name:      secretRef.Name,
-				}, secret); err != nil {
-					r.Log.Error(err, "failed to get secret for GatewayProxy provider",
-						"namespace", ns,
-						"name", secretRef.Name)
-					return err
-				}
-
-				r.Log.Info("found secret for GatewayProxy provider",
-					"ingressClass", ingressClass.Name,
-					"gatewayproxy", gatewayProxy.Name,
-					"secret", secretRef.Name)
-
-				tctx.Secrets[types.NamespacedName{
-					Namespace: ns,
-					Name:      secretRef.Name,
-				}] = secret
-			}
-		}
-	}
-
-	return nil
+func (r *ApisixGlobalRuleReconciler) listGlobalRulesForGatewayProxy(ctx context.Context, obj client.Object) []reconcile.Request {
+	return listIngressClassRequestsForGatewayProxy(ctx, r.Client, obj, r.Log, r.listGlobalRulesForIngressClass)
 }
 
 // updateStatus updates the ApisixGlobalRule status with the given condition

internal/provider/adc/translator/apisixconsumer.go

@@ -40,6 +40,8 @@ var (
 	_hmacAuthEncodeURIParamsDefaultValue     = true
 	_hmacAuthValidateRequestBodyDefaultValue = false
 	_hmacAuthMaxReqBodyDefaultValue          = int64(524288)
+
+	_stringTrue = "true"
 )
 
 func (t *Translator) TranslateApisixConsumer(tctx *provider.TranslateContext, ac *v2.ApisixConsumer) (*TranslateResult, error) {
@@ -197,7 +199,7 @@ func (t *Translator) translateConsumerJwtAuthPluginV2(tctx *provider.TranslateCo
 	}
 	base64SecretRaw := sec.Data["base64_secret"]
 	var base64Secret bool
-	if string(base64SecretRaw) == "true" {
+	if string(base64SecretRaw) == _stringTrue {
 		base64Secret = true
 	}
 	expRaw := sec.Data["exp"]
@@ -272,8 +274,8 @@ func (t *Translator) translateConsumerHMACAuthPluginV2(tctx *provider.TranslateC
 		clockSkew = _hmacAuthClockSkewDefaultValue
 	}
 
-	var signedHeaders []string
 	signedHeadersRaw := sec.Data["signed_headers"]
+	signedHeaders := make([]string, 0, len(signedHeadersRaw))
 	for _, b := range signedHeadersRaw {
 		signedHeaders = append(signedHeaders, string(b))
 	}
@@ -283,7 +285,7 @@ func (t *Translator) translateConsumerHMACAuthPluginV2(tctx *provider.TranslateC
 	if !ok {
 		keepHeader = _hmacAuthKeepHeadersDefaultValue
 	} else {
-		if string(keepHeaderRaw) == "true" {
+		if string(keepHeaderRaw) == _stringTrue {
 			keepHeader = true
 		} else {
 			keepHeader = false
@@ -295,7 +297,7 @@ func (t *Translator) translateConsumerHMACAuthPluginV2(tctx *provider.TranslateC
 	if !ok {
 		encodeURIParams = _hmacAuthEncodeURIParamsDefaultValue
 	} else {
-		if string(encodeURIParamsRaw) == "true" {
+		if string(encodeURIParamsRaw) == _stringTrue {
 			encodeURIParams = true
 		} else {
 			encodeURIParams = false
@@ -307,7 +309,7 @@ func (t *Translator) translateConsumerHMACAuthPluginV2(tctx *provider.TranslateC
 	if !ok {
 		validateRequestBody = _hmacAuthValidateRequestBodyDefaultValue
 	} else {
-		if string(validateRequestBodyRaw) == "true" {
+		if string(validateRequestBodyRaw) == _stringTrue {
 			validateRequestBody = true
 		} else {
 			validateRequestBody = false