Add TargetRef to AuthPolicy and Fix Formatting and Integration Tests

- Added TargetRef to AuthPolicy to specify the target reference. - Replaced the gateway object with the gateway wrapped inside the gatewayWrapper. - Fixed various errors and improved code formatting. - Resolved issues with Istio integration tests. This commit consolidates multiple changes made during the development process, improving the stability and functionality of the AuthPolicy controller and related tests.
Kuadrant · Jun 11, 2024 · 6ad0982 · 6ad0982
1 parent ec5351d
commit 6ad0982
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/controllers/authpolicy_istio_authorizationpolicy.go b/controllers/authpolicy_istio_authorizationpolicy.go
@@ -94,8 +94,8 @@ func (r *AuthPolicyReconciler) istioAuthorizationPolicy(ctx context.Context, ap
 			Labels:    istioAuthorizationPolicyLabels(client.ObjectKeyFromObject(gateway), client.ObjectKeyFromObject(ap)),
 		},
 		Spec: istiosecurity.AuthorizationPolicy{
-			Action:   istiosecurity.AuthorizationPolicy_CUSTOM,
-			Selector: kuadrantistioutils.WorkloadSelectorFromGateway(ctx, r.Client(), gateway),
+			Action:    istiosecurity.AuthorizationPolicy_CUSTOM,
+			TargetRef: kuadrantistioutils.PolicyTargetRefFromGateway(gateway),
 			ActionDetail: &istiosecurity.AuthorizationPolicy_Provider{
 				Provider: &istiosecurity.AuthorizationPolicy_ExtensionProvider{
 					Name: KuadrantExtAuthProviderName,

diff --git a/tests/istio/authpolicy_controller_authorizationpolicy_test.go b/tests/istio/authpolicy_controller_authorizationpolicy_test.go
@@ -121,6 +121,11 @@ var _ = Describe("AuthPolicy controller managing authorization policy", Ordered,
 				logf.Log.V(1).Info("Fetching Istio's AuthorizationPolicy", "key", iapKey.String(), "error", err)
 				return err == nil
 			}).WithContext(ctx).Should(BeTrue())
+
+			// has the correct target ref
+			Expect(iap.Spec.TargetRef.Group).To(Equal("gateway.networking.k8s.io"))
+			Expect(iap.Spec.TargetRef.Kind).To(Equal("Gateway"))
+			Expect(iap.Spec.TargetRef.Name).To(Equal(TestGatewayName))
 			Expect(iap.Spec.Rules).To(HaveLen(1))
 			Expect(iap.Spec.Rules[0].To).To(HaveLen(1))
 			Expect(iap.Spec.Rules[0].To[0].Operation).ShouldNot(BeNil())
@@ -164,6 +169,11 @@ var _ = Describe("AuthPolicy controller managing authorization policy", Ordered,
 				logf.Log.V(1).Info("Fetching Istio's AuthorizationPolicy", "key", iapKey.String(), "error", err)
 				return err == nil
 			}).WithContext(ctx).Should(BeTrue())
+
+			// has the correct target ref
+			Expect(iap.Spec.TargetRef.Group).To(Equal("gateway.networking.k8s.io"))
+			Expect(iap.Spec.TargetRef.Kind).To(Equal("Gateway"))
+			Expect(iap.Spec.TargetRef.Name).To(Equal(TestGatewayName))
 			Expect(iap.Spec.Rules).To(HaveLen(1))
 			Expect(iap.Spec.Rules[0].To).To(HaveLen(1))
 			Expect(iap.Spec.Rules[0].To[0].Operation).ShouldNot(BeNil())
@@ -365,7 +375,6 @@ var _ = Describe("AuthPolicy controller managing authorization policy", Ordered,
 				condition := meta.FindStatusCondition(existingPolicy.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted))
 				return condition != nil && condition.Reason == string(kuadrant.PolicyReasonUnknown) && strings.Contains(condition.Message, "cannot match any route rules, check for invalid route selectors in the policy")
 			}).WithContext(ctx).Should(BeTrue())
-
 			// check istio authorizationpolicy
 			iapKey := types.NamespacedName{Name: controllers.IstioAuthorizationPolicyName(TestGatewayName, routePolicy.Spec.TargetRef), Namespace: testNamespace}
 			iap := &secv1beta1resources.AuthorizationPolicy{}