diff --git a/policy-controller/k8s/status/src/index.rs b/policy-controller/k8s/status/src/index.rs index 0e5db8ffc4c2d..067b9ee514dc3 100644 --- a/policy-controller/k8s/status/src/index.rs +++ b/policy-controller/k8s/status/src/index.rs @@ -107,6 +107,7 @@ pub struct IndexMetrics { #[derive(Clone, PartialEq, Debug)] pub(crate) struct RouteRef { + pub(crate) generation: Option, pub(crate) parents: Vec, pub(crate) backends: Vec, pub(crate) statuses: Vec, @@ -119,6 +120,7 @@ pub(crate) type TCPRouteRef = RouteRef; #[derive(Clone, PartialEq, Debug)] struct HttpLocalRateLimitPolicyRef { + generation: Option, creation_timestamp: Option>, target_ref: ratelimit::TargetReference, status_conditions: Vec, @@ -126,6 +128,7 @@ struct HttpLocalRateLimitPolicyRef { #[derive(Clone, PartialEq, Debug)] struct EgressNetworkRef { + generation: Option, networks: Vec, status_conditions: Vec, } @@ -591,15 +594,16 @@ impl Index { server: &ResourceId, id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, + generation: Option, ) -> k8s::Condition { if self.servers.contains(server) { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { - route_conflicted() + route_conflicted(generation) } else { - accepted() + accepted(generation) } } else { - no_matching_parent() + no_matching_parent(generation) } } @@ -608,18 +612,19 @@ impl Index { service: &ResourceId, id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, + generation: Option, ) -> k8s::Condition { // service is a valid parent if it exists and it has a cluster_ip. match self.services.get(service) { Some(svc) if svc.valid_parent_service() => { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { - route_conflicted() + route_conflicted(generation) } else { - accepted() + accepted(generation) } } - Some(_svc) => headless_parent(), - None => no_matching_parent(), + Some(_svc) => headless_parent(generation), + None => no_matching_parent(generation), } } @@ -628,18 +633,19 @@ impl Index { egress_net: &ResourceId, id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, + generation: Option, ) -> k8s::Condition { // egress network is a valid parent if it exists and is accepted. match self.egress_networks.get(egress_net) { Some(egress_net) if egress_net.is_accepted() => { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { - route_conflicted() + route_conflicted(generation) } else { - accepted() + accepted(generation) } } - Some(_) => egress_net_not_accepted(), - None => no_matching_parent(), + Some(_) => egress_net_not_accepted(generation), + None => no_matching_parent(generation), } } @@ -648,10 +654,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -667,7 +674,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -683,7 +690,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -706,10 +713,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -725,7 +733,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -741,7 +749,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -764,10 +772,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -783,7 +792,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -799,7 +808,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -822,10 +831,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -841,7 +851,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -857,7 +867,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -879,23 +889,24 @@ impl Index { &self, parent_ref: &routes::ParentReference, backend_refs: &[routes::BackendReference], + generation: Option, ) -> k8s::Condition { for backend_ref in backend_refs.iter() { match backend_ref { routes::BackendReference::Unknown => { // If even one backend has a reference to an unknown / unsupported // reference, return invalid backend condition - return invalid_backend_kind(""); + return invalid_backend_kind("", generation); } routes::BackendReference::Service(service) => { if !self.services.contains_key(service) { - return backend_not_found(); + return backend_not_found(generation); } } routes::BackendReference::EgressNetwork(egress_net) => { if !self.egress_networks.contains_key(egress_net) { - return backend_not_found(); + return backend_not_found(generation); } match parent_ref { @@ -907,14 +918,14 @@ impl Index { _ => { let message = "EgressNetwork backend needs to be on a route that has an EgressNetwork parent"; - return invalid_backend_kind(message); + return invalid_backend_kind(message, generation); } } } } } - resolved_refs() + resolved_refs(generation) } fn make_http_route_patch( @@ -932,8 +943,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.http_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.http_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -968,8 +980,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.grpc_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.grpc_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -1005,8 +1018,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.tls_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.tls_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -1042,8 +1056,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.tcp_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.tcp_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -1068,6 +1083,7 @@ impl Index { &self, id: &NamespaceGroupKindName, target_ref: &ratelimit::TargetReference, + generation: Option, ) -> Option { match target_ref { ratelimit::TargetReference::Server(server) => { @@ -1096,12 +1112,12 @@ impl Index { }; if first_id.name == id.gkn.name { - accepted() + accepted(generation) } else { - ratelimit_already_exists() + ratelimit_already_exists(generation) } } else { - no_matching_target() + no_matching_target(generation) }; Some(policy::HttpLocalRateLimitPolicyStatus { @@ -1122,7 +1138,7 @@ impl Index { id: &NamespaceGroupKindName, ratelimit: &HttpLocalRateLimitPolicyRef, ) -> Option> { - let status = self.target_ref_status(id, &ratelimit.target_ref)?; + let status = self.target_ref_status(id, &ratelimit.target_ref, ratelimit.generation)?; if eq_time_insensitive_conditions(&status.conditions, &ratelimit.status_conditions) { return None; } @@ -1134,12 +1150,12 @@ impl Index { for egress_network_block in &egress_net.networks { for cluster_network_block in &self.cluster_networks { if egress_network_block.intersect(cluster_network_block) { - return in_cluster_net_overlap(); + return in_cluster_net_overlap(egress_net.generation); } } } - accepted() + accepted(egress_net.generation) } fn make_egress_net_patch( @@ -1364,6 +1380,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the HTTPRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = HTTPRouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::HTTPRouteStatus { parents: statuses }], @@ -1434,6 +1451,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the HTTPRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::HTTPRouteStatus { parents: statuses }], @@ -1504,6 +1522,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the GRPCRoute is // already in the index and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::GRPCRouteStatus { parents: statuses }], @@ -1573,6 +1592,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the TLSRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::TLSRouteStatus { parents: statuses }], @@ -1642,6 +1662,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the TCPRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::TCPRouteStatus { parents: statuses }], @@ -1725,6 +1746,7 @@ impl kubert::index::IndexNamespacedResource fo let target_ref = ratelimit::TargetReference::make_target_ref(&namespace, &resource.spec); let rl = HttpLocalRateLimitPolicyRef { + generation: resource.metadata.generation, creation_timestamp, target_ref, status_conditions, @@ -1775,6 +1797,7 @@ impl kubert::index::IndexNamespacedResource for Index { let id = ResourceId::new(namespace, name); let net = EgressNetworkRef { + generation: resource.metadata.generation, status_conditions, networks, }; @@ -1822,121 +1845,121 @@ fn now() -> DateTime { now } -pub(crate) fn no_matching_parent() -> k8s::Condition { +pub(crate) fn no_matching_parent(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_PARENT.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn no_matching_target() -> k8s::Condition { +pub(crate) fn no_matching_target(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_TARGET.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -fn headless_parent() -> k8s::Condition { +fn headless_parent(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "parent service must have a ClusterIP".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_PARENT.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -fn egress_net_not_accepted() -> k8s::Condition { +fn egress_net_not_accepted(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "EgressNetwork parent has not been accepted".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_PARENT.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn route_conflicted() -> k8s::Condition { +pub(crate) fn route_conflicted(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::ROUTE_REASON_CONFLICTED.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn ratelimit_already_exists() -> k8s::Condition { +pub(crate) fn ratelimit_already_exists(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::RATELIMIT_REASON_ALREADY_EXISTS.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn accepted() -> k8s::Condition { +pub(crate) fn accepted(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: conditions::ACCEPTED.to_string(), status: cond_statuses::STATUS_TRUE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn in_cluster_net_overlap() -> k8s::Condition { +pub(crate) fn in_cluster_net_overlap(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "networks overlap with clusterNetworks".to_string(), - observed_generation: None, + observed_generation, reason: reasons::EGRESS_NET_REASON_OVERLAP.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn resolved_refs() -> k8s::Condition { +pub(crate) fn resolved_refs(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::RESOLVED_REFS.to_string(), status: cond_statuses::STATUS_TRUE.to_string(), type_: conditions::RESOLVED_REFS.to_string(), } } -pub(crate) fn backend_not_found() -> k8s::Condition { +pub(crate) fn backend_not_found(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::BACKEND_NOT_FOUND.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::RESOLVED_REFS.to_string(), } } -pub(crate) fn invalid_backend_kind(message: &str) -> k8s::Condition { +pub(crate) fn invalid_backend_kind(message: &str, observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: message.to_string(), - observed_generation: None, + observed_generation, reason: reasons::INVALID_KIND.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::RESOLVED_REFS.to_string(), diff --git a/policy-controller/k8s/status/src/tests/conflict.rs b/policy-controller/k8s/status/src/tests/conflict.rs index 87606e2574855..d5934ad1249d3 100644 --- a/policy-controller/k8s/status/src/tests/conflict.rs +++ b/policy-controller/k8s/status/src/tests/conflict.rs @@ -59,6 +59,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -74,6 +75,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -89,6 +91,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -104,6 +107,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -140,6 +144,7 @@ fn http_route_conflict_grpc(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -176,6 +181,7 @@ fn http_route_no_conflict(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -191,6 +197,7 @@ fn http_route_no_conflict(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -206,6 +213,7 @@ fn http_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -242,6 +250,7 @@ fn tls_route_conflict_http(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -278,6 +287,7 @@ fn tls_route_conflict_grpc(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -314,6 +324,7 @@ fn tls_route_no_conflict(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -329,6 +340,7 @@ fn tls_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -365,6 +377,7 @@ fn tcp_route_conflict_grpc(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -401,6 +414,7 @@ fn tcp_route_conflict_http(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -437,6 +451,7 @@ fn tcp_route_conflict_tls(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -473,6 +488,7 @@ fn tcp_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], diff --git a/policy-controller/k8s/status/src/tests/egress_network.rs b/policy-controller/k8s/status/src/tests/egress_network.rs index d9ba48b125e5b..2cd999492e423 100644 --- a/policy-controller/k8s/status/src/tests/egress_network.rs +++ b/policy-controller/k8s/status/src/tests/egress_network.rs @@ -58,7 +58,7 @@ fn egress_network_with_no_networks_specified() { // Create the expected update. let status = EgressNetworkStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], }; let patch = crate::index::make_patch(&id, status).unwrap(); @@ -120,7 +120,7 @@ fn egress_network_with_nonoverlapping_networks_specified() { // Create the expected update. let status = EgressNetworkStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], }; let patch = crate::index::make_patch(&id, status).unwrap(); @@ -160,6 +160,7 @@ fn egress_network_with_overlapping_networks_specified() { metadata: k8s_core_api::ObjectMeta { name: Some(id.gkn.name.to_string()), namespace: Some(id.namespace.clone()), + generation: Some(3), ..Default::default() }, spec: linkerd_k8s_api::EgressNetworkSpec { @@ -180,7 +181,7 @@ fn egress_network_with_overlapping_networks_specified() { // Create the expected update. let status = EgressNetworkStatus { - conditions: vec![in_cluster_net_overlap()], + conditions: vec![in_cluster_net_overlap(egress_network.metadata.generation)], }; let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); diff --git a/policy-controller/k8s/status/src/tests/ratelimit.rs b/policy-controller/k8s/status/src/tests/ratelimit.rs index 0eda7de7a73af..06335c3ca86ef 100644 --- a/policy-controller/k8s/status/src/tests/ratelimit.rs +++ b/policy-controller/k8s/status/src/tests/ratelimit.rs @@ -38,7 +38,7 @@ fn ratelimit_accepted() { index.write().apply(ratelimit); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), @@ -74,7 +74,7 @@ fn ratelimit_not_accepted_no_matching_target() { index.write().apply(ratelimit); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![no_matching_target()], + conditions: vec![no_matching_target(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), @@ -110,7 +110,7 @@ fn ratelimit_not_accepted_already_exists() { index.write().apply(rl_1); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), @@ -130,7 +130,7 @@ fn ratelimit_not_accepted_already_exists() { index.write().apply(rl_2); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![ratelimit_already_exists()], + conditions: vec![ratelimit_already_exists(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), diff --git a/policy-controller/k8s/status/src/tests/routes/grpc.rs b/policy-controller/k8s/status/src/tests/routes/grpc.rs index b96c97ddfa09c..55d38c53e6cd7 100644 --- a/policy-controller/k8s/status/src/tests/routes/grpc.rs +++ b/policy-controller/k8s/status/src/tests/routes/grpc.rs @@ -116,9 +116,9 @@ fn route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -160,7 +160,7 @@ fn route_with_valid_egress_network_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -196,9 +196,9 @@ fn route_with_valid_egress_network_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -291,9 +291,9 @@ fn route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -335,11 +335,11 @@ fn route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -375,9 +375,10 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { @@ -424,7 +425,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -460,9 +461,10 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { @@ -505,7 +507,7 @@ fn route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -545,8 +547,8 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -695,8 +697,8 @@ fn route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -722,11 +724,11 @@ fn route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -861,7 +863,7 @@ fn route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no TLSRoutes yet. @@ -890,8 +892,8 @@ fn route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -926,7 +928,7 @@ fn route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -1016,9 +1018,9 @@ fn service_route_type_conflict() { index.write().apply(http_route); // Create the expected update -- HTTPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1055,7 +1057,7 @@ fn service_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::HTTPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1116,7 +1118,7 @@ fn egress_network_route_type_conflict() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); let parent = gateway::GRPCRouteParentRefs { @@ -1161,9 +1163,9 @@ fn egress_network_route_type_conflict() { index.write().apply(http_route); // Create the expected update -- HTTPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1200,7 +1202,7 @@ fn egress_network_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::HTTPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), diff --git a/policy-controller/k8s/status/src/tests/routes/http.rs b/policy-controller/k8s/status/src/tests/routes/http.rs index 8023f8b8d740e..634f848a84f8f 100644 --- a/policy-controller/k8s/status/src/tests/routes/http.rs +++ b/policy-controller/k8s/status/src/tests/routes/http.rs @@ -86,9 +86,9 @@ fn linkerd_route_with_no_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -154,9 +154,9 @@ fn gateway_route_with_no_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -253,9 +253,9 @@ fn linkerd_route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -297,7 +297,7 @@ fn linkerd_route_with_valid_egress_networks_backends() { ); // Apply the parent egress network - let parent: policy::EgressNetwork = super::make_egress_network("ns-0", "egress", accepted()); + let parent: policy::EgressNetwork = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); let id = NamespaceGroupKindName { @@ -332,9 +332,9 @@ fn linkerd_route_with_valid_egress_networks_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -433,9 +433,9 @@ fn gateway_route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -477,7 +477,7 @@ fn gateway_route_with_valid_egress_networks_backends() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -513,9 +513,9 @@ fn gateway_route_with_valid_egress_networks_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -608,9 +608,9 @@ fn linkerd_route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -652,11 +652,11 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -692,9 +692,10 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -741,7 +742,7 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -778,9 +779,10 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -823,7 +825,7 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -864,8 +866,8 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -958,9 +960,9 @@ fn gateway_route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1002,11 +1004,11 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -1042,9 +1044,10 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -1091,7 +1094,7 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -1128,9 +1131,10 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -1173,7 +1177,7 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -1214,8 +1218,8 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1364,8 +1368,8 @@ fn linkerd_route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1391,11 +1395,11 @@ fn linkerd_route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1547,8 +1551,8 @@ fn gateway_route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let rejected_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let rejected_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1574,11 +1578,11 @@ fn gateway_route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1713,7 +1717,7 @@ fn linkerd_route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no HTTPRoutes yet. @@ -1742,8 +1746,8 @@ fn linkerd_route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1778,7 +1782,7 @@ fn linkerd_route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1913,7 +1917,7 @@ fn gateway_route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no HTTPRoutes yet. @@ -1942,8 +1946,8 @@ fn gateway_route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1978,7 +1982,7 @@ fn gateway_route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), diff --git a/policy-controller/k8s/status/src/tests/routes/tcp.rs b/policy-controller/k8s/status/src/tests/routes/tcp.rs index 569428a9b2f7e..9e6d784a5a6eb 100644 --- a/policy-controller/k8s/status/src/tests/routes/tcp.rs +++ b/policy-controller/k8s/status/src/tests/routes/tcp.rs @@ -114,9 +114,9 @@ fn route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -158,7 +158,7 @@ fn route_with_valid_egress_network_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -193,9 +193,9 @@ fn route_with_valid_egress_network_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -286,9 +286,9 @@ fn route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -330,11 +330,11 @@ fn route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -369,9 +369,10 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { @@ -418,7 +419,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -453,9 +454,10 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { @@ -498,7 +500,7 @@ fn route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -537,8 +539,8 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -687,8 +689,8 @@ fn route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -714,11 +716,11 @@ fn route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -853,7 +855,7 @@ fn route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no TCPRoutes yet. @@ -882,8 +884,8 @@ fn route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -918,7 +920,7 @@ fn route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group.clone(), diff --git a/policy-controller/k8s/status/src/tests/routes/tls.rs b/policy-controller/k8s/status/src/tests/routes/tls.rs index fddec87d46e5e..7555431431179 100644 --- a/policy-controller/k8s/status/src/tests/routes/tls.rs +++ b/policy-controller/k8s/status/src/tests/routes/tls.rs @@ -114,9 +114,9 @@ fn route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -158,7 +158,7 @@ fn route_with_valid_egress_network_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -193,9 +193,9 @@ fn route_with_valid_egress_network_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -286,9 +286,9 @@ fn route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -330,11 +330,11 @@ fn route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -369,9 +369,10 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { @@ -418,7 +419,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -453,9 +454,10 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { @@ -498,7 +500,7 @@ fn route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -537,8 +539,8 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -687,8 +689,8 @@ fn route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -714,11 +716,11 @@ fn route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -853,7 +855,7 @@ fn route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no TLSRoutes yet. @@ -882,8 +884,8 @@ fn route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); - let backend_condition = resolved_refs(); + let accepted_condition = accepted(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -918,7 +920,7 @@ fn route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1007,9 +1009,9 @@ fn service_route_type_conflict() { index.write().apply(tcp_route); // Create the expected update -- TCPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1046,7 +1048,7 @@ fn service_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::TCPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1107,7 +1109,7 @@ fn egress_network_route_type_conflict() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); let parent = gateway::TLSRouteParentRefs { @@ -1151,9 +1153,9 @@ fn egress_network_route_type_conflict() { index.write().apply(tcp_route); // Create the expected update -- TCPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1190,7 +1192,7 @@ fn egress_network_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::TCPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(),