Avoid updating Accepted status for routes matching no Gateways

Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2024-10-09 15:50:04 +02:00 · 2024-10-09 15:50:04 +02:00 · c441d04788
commit c441d04788
parent 1508a2c221
6 changed files with 164 additions and 96 deletions
--- a/pkg/provider/kubernetes/gateway/grpcroute.go
+++ b/pkg/provider/kubernetes/gateway/grpcroute.go
@ -32,6 +32,11 @@ func (p *Provider) loadGRPCRoutes(ctx context.Context, gatewayListeners []gatewa
 			Str("namespace", route.Namespace).
 			Logger()

+		routeListeners := matchingGatewayListeners(gatewayListeners, route.Namespace, route.Spec.ParentRefs)
+		if len(routeListeners) == 0 {
+			continue
+		}
+
 		var parentStatuses []gatev1.RouteParentStatus
 		for _, parentRef := range route.Spec.ParentRefs {
 			parentStatus := &gatev1.RouteParentStatus{
@ -48,11 +53,9 @@ func (p *Provider) loadGRPCRoutes(ctx context.Context, gatewayListeners []gatewa
 				},
 			}

-			for _, listener := range gatewayListeners {
-				accepted := true
-				if !matchListener(listener, route.Namespace, parentRef) {
-					accepted = false
-				}
+			for _, listener := range routeListeners {
+				accepted := matchListener(listener, parentRef)
+
 				if accepted && !allowRoute(listener, route.Namespace, kindGRPCRoute) {
 					parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNotAllowedByListeners))
 					accepted = false
--- a/pkg/provider/kubernetes/gateway/httproute.go
+++ b/pkg/provider/kubernetes/gateway/httproute.go
@ -36,6 +36,11 @@ func (p *Provider) loadHTTPRoutes(ctx context.Context, gatewayListeners []gatewa
 			Str("namespace", route.Namespace).
 			Logger()

+		routeListeners := matchingGatewayListeners(gatewayListeners, route.Namespace, route.Spec.ParentRefs)
+		if len(routeListeners) == 0 {
+			continue
+		}
+
 		var parentStatuses []gatev1.RouteParentStatus
 		for _, parentRef := range route.Spec.ParentRefs {
 			parentStatus := &gatev1.RouteParentStatus{
@ -52,11 +57,9 @@ func (p *Provider) loadHTTPRoutes(ctx context.Context, gatewayListeners []gatewa
 				},
 			}

-			for _, listener := range gatewayListeners {
-				accepted := true
-				if !matchListener(listener, route.Namespace, parentRef) {
-					accepted = false
-				}
+			for _, listener := range routeListeners {
+				accepted := matchListener(listener, parentRef)
+
 				if accepted && !allowRoute(listener, route.Namespace, kindHTTPRoute) {
 					parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNotAllowedByListeners))
 					accepted = false
--- a/pkg/provider/kubernetes/gateway/kubernetes.go
+++ b/pkg/provider/kubernetes/gateway/kubernetes.go
@ -1119,24 +1119,36 @@ func allowRoute(listener gatewayListener, routeNamespace, routeKind string) bool
 	})
 }

-func matchListener(listener gatewayListener, routeNamespace string, parentRef gatev1.ParentReference) bool {
+func matchingGatewayListeners(gatewayListeners []gatewayListener, routeNamespace string, parentRefs []gatev1.ParentReference) []gatewayListener {
+	var listeners []gatewayListener
+
+	for _, listener := range gatewayListeners {
+		for _, parentRef := range parentRefs {
 			if ptr.Deref(parentRef.Group, gatev1.GroupName) != gatev1.GroupName {
-		return false
+				continue
 			}

 			if ptr.Deref(parentRef.Kind, kindGateway) != kindGateway {
-		return false
+				continue
 			}

 			parentRefNamespace := string(ptr.Deref(parentRef.Namespace, gatev1.Namespace(routeNamespace)))
 			if listener.GWNamespace != parentRefNamespace {
-		return false
+				continue
 			}

 			if string(parentRef.Name) != listener.GWName {
-		return false
+				continue
 			}

+			listeners = append(listeners, listener)
+		}
+	}
+
+	return listeners
+}
+
+func matchListener(listener gatewayListener, parentRef gatev1.ParentReference) bool {
 	sectionName := string(ptr.Deref(parentRef.SectionName, ""))
 	if sectionName != "" && sectionName != listener.Name {
 		return false
--- a/pkg/provider/kubernetes/gateway/kubernetes_test.go
+++ b/pkg/provider/kubernetes/gateway/kubernetes_test.go
@ -6779,127 +6779,171 @@ func TestLoadRoutesWithReferenceGrants(t *testing.T) {
 	}
 }

+func Test_matchingGatewayListener(t *testing.T) {
+	testCases := []struct {
+		desc           string
+		gwListeners    []gatewayListener
+		parentRefs     []gatev1.ParentReference
+		routeNamespace string
+		wantLen        int
+	}{
+		{
+			desc: "Unsupported group",
+			gwListeners: []gatewayListener{{
+				Name:        "foo",
+				GWName:      "gateway",
+				GWNamespace: "default",
+			}},
+			parentRefs: []gatev1.ParentReference{{
+				Group: ptr.To(gatev1.Group("foo")),
+			}},
+			wantLen: 0,
+		},
+		{
+			desc: "Unsupported kind",
+			gwListeners: []gatewayListener{{
+				Name:        "foo",
+				GWName:      "gateway",
+				GWNamespace: "default",
+			}},
+			parentRefs: []gatev1.ParentReference{{
+				Group: ptr.To(gatev1.Group(gatev1.GroupName)),
+				Kind:  ptr.To(gatev1.Kind("foo")),
+			}},
+			wantLen: 0,
+		},
+		{
+			desc: "Namespace does not match the listener",
+			gwListeners: []gatewayListener{{
+				Name:        "foo",
+				GWName:      "gateway",
+				GWNamespace: "default",
+			}},
+			parentRefs: []gatev1.ParentReference{{
+				Namespace: ptr.To(gatev1.Namespace("foo")),
+				Group:     ptr.To(gatev1.Group(gatev1.GroupName)),
+				Kind:      ptr.To(gatev1.Kind("Gateway")),
+			}},
+			wantLen: 0,
+		},
+		{
+			desc: "Route namespace defaulting does not match the listener",
+			gwListeners: []gatewayListener{{
+				Name:        "foo",
+				GWName:      "gateway",
+				GWNamespace: "default",
+			}},
+			routeNamespace: "foo",
+			parentRefs: []gatev1.ParentReference{{
+				Group: ptr.To(gatev1.Group(gatev1.GroupName)),
+				Kind:  ptr.To(gatev1.Kind("Gateway")),
+			}},
+			wantLen: 0,
+		},
+		{
+			desc: "Name does not match the listener",
+			gwListeners: []gatewayListener{{
+				GWName:      "gateway",
+				GWNamespace: "default",
+			}},
+			parentRefs: []gatev1.ParentReference{{
+				Namespace: ptr.To(gatev1.Namespace("default")),
+				Name:      "foo",
+				Group:     ptr.To(gatev1.Group(gatev1.GroupName)),
+				Kind:      ptr.To(gatev1.Kind("Gateway")),
+			}},
+			wantLen: 0,
+		},
+		{
+			desc: "Match",
+			gwListeners: []gatewayListener{{
+				GWName:      "gateway",
+				GWNamespace: "default",
+			}},
+			parentRefs: []gatev1.ParentReference{{
+				Name:      "gateway",
+				Namespace: ptr.To(gatev1.Namespace("default")),
+				Group:     ptr.To(gatev1.Group(gatev1.GroupName)),
+				Kind:      ptr.To(gatev1.Kind("Gateway")),
+			}},
+			wantLen: 1,
+		},
+		{
+			desc: "Match with route namespace defaulting",
+			gwListeners: []gatewayListener{{
+				GWName:      "gateway",
+				GWNamespace: "default",
+			}},
+			routeNamespace: "default",
+			parentRefs: []gatev1.ParentReference{{
+				Name:  "gateway",
+				Group: ptr.To(gatev1.Group(gatev1.GroupName)),
+				Kind:  ptr.To(gatev1.Kind("Gateway")),
+			}},
+			wantLen: 1,
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			listeners := matchingGatewayListeners(test.gwListeners, test.routeNamespace, test.parentRefs)
+			assert.Len(t, listeners, test.wantLen)
+		})
+	}
+}
+
 func Test_matchListener(t *testing.T) {
 	testCases := []struct {
 		desc       string
 		gwListener gatewayListener
 		parentRef  gatev1.ParentReference
-		routeNamespace string
 		wantMatch  bool
 	}{
 		{
-			desc: "Unsupported group",
+			desc: "Section do not match",
 			gwListener: gatewayListener{
 				Name: "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
-			},
-			parentRef: gatev1.ParentReference{
-				Group: ptr.To(gatev1.Group("foo")),
-			},
-			wantMatch: false,
-		},
-		{
-			desc: "Unsupported kind",
-			gwListener: gatewayListener{
-				Name:        "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
-			},
-			parentRef: gatev1.ParentReference{
-				Group: ptr.To(gatev1.Group(gatev1.GroupName)),
-				Kind:  ptr.To(gatev1.Kind("foo")),
-			},
-			wantMatch: false,
-		},
-		{
-			desc: "Namespace does not match the listener",
-			gwListener: gatewayListener{
-				Name:        "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
-			},
-			parentRef: gatev1.ParentReference{
-				Namespace: ptr.To(gatev1.Namespace("foo")),
-				Group:     ptr.To(gatev1.Group(gatev1.GroupName)),
-				Kind:      ptr.To(gatev1.Kind("Gateway")),
-			},
-			wantMatch: false,
-		},
-		{
-			desc: "Route namespace defaulting does not match the listener",
-			gwListener: gatewayListener{
-				Name:        "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
-			},
-			routeNamespace: "foo",
-			parentRef: gatev1.ParentReference{
-				Group: ptr.To(gatev1.Group(gatev1.GroupName)),
-				Kind:  ptr.To(gatev1.Kind("Gateway")),
-			},
-			wantMatch: false,
-		},
-		{
-			desc: "Name does not match the listener",
-			gwListener: gatewayListener{
-				Name:        "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
-			},
-			parentRef: gatev1.ParentReference{
-				Namespace: ptr.To(gatev1.Namespace("default")),
-				Name:      "foo",
-				Group:     ptr.To(gatev1.Group(gatev1.GroupName)),
-				Kind:      ptr.To(gatev1.Kind("Gateway")),
-			},
-			wantMatch: false,
-		},
-		{
-			desc: "SectionName does not match a listener",
-			gwListener: gatewayListener{
-				Name:        "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
+				Port: gatev1.PortNumber(80),
 			},
 			parentRef: gatev1.ParentReference{
 				SectionName: ptr.To(gatev1.SectionName("bar")),
-				Name:        "gateway",
-				Namespace:   ptr.To(gatev1.Namespace("default")),
-				Group:       ptr.To(gatev1.Group(gatev1.GroupName)),
-				Kind:        ptr.To(gatev1.Kind("Gateway")),
+				Port:        ptr.To(gatev1.PortNumber(80)),
 			},
-			wantMatch: false,
 		},
 		{
-			desc: "Match",
+			desc: "Section matches",
 			gwListener: gatewayListener{
 				Name: "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
+				Port: gatev1.PortNumber(80),
 			},
 			parentRef: gatev1.ParentReference{
 				SectionName: ptr.To(gatev1.SectionName("foo")),
-				Name:        "gateway",
-				Namespace:   ptr.To(gatev1.Namespace("default")),
-				Group:       ptr.To(gatev1.Group(gatev1.GroupName)),
-				Kind:        ptr.To(gatev1.Kind("Gateway")),
+				Port:        ptr.To(gatev1.PortNumber(80)),
 			},
 			wantMatch: true,
 		},
 		{
-			desc: "Match with route namespace defaulting",
+			desc: "Port do not match",
 			gwListener: gatewayListener{
 				Name: "foo",
-				GWName:      "gateway",
-				GWNamespace: "default",
+				Port: gatev1.PortNumber(90),
 			},
-			routeNamespace: "default",
 			parentRef: gatev1.ParentReference{
 				SectionName: ptr.To(gatev1.SectionName("foo")),
-				Name:        "gateway",
-				Group:       ptr.To(gatev1.Group(gatev1.GroupName)),
-				Kind:        ptr.To(gatev1.Kind("Gateway")),
+				Port:        ptr.To(gatev1.PortNumber(80)),
+			},
+		},
+		{
+			desc: "Port matches",
+			gwListener: gatewayListener{
+				Name: "foo",
+				Port: gatev1.PortNumber(80),
+			},
+			parentRef: gatev1.ParentReference{
+				SectionName: ptr.To(gatev1.SectionName("foo")),
+				Port:        ptr.To(gatev1.PortNumber(80)),
 			},
 			wantMatch: true,
 		},
@ -6909,7 +6953,7 @@ func Test_matchListener(t *testing.T) {
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()

-			gotMatch := matchListener(test.gwListener, test.routeNamespace, test.parentRef)
+			gotMatch := matchListener(test.gwListener, test.parentRef)
 			assert.Equal(t, test.wantMatch, gotMatch)
 		})
 	}
--- a/pkg/provider/kubernetes/gateway/tcproute.go
+++ b/pkg/provider/kubernetes/gateway/tcproute.go
@ -32,6 +32,11 @@ func (p *Provider) loadTCPRoutes(ctx context.Context, gatewayListeners []gateway
 			Str("namespace", route.Namespace).
 			Logger()

+		routeListeners := matchingGatewayListeners(gatewayListeners, route.Namespace, route.Spec.ParentRefs)
+		if len(routeListeners) == 0 {
+			continue
+		}
+
 		var parentStatuses []gatev1alpha2.RouteParentStatus
 		for _, parentRef := range route.Spec.ParentRefs {
 			parentStatus := &gatev1alpha2.RouteParentStatus{
@ -48,11 +53,9 @@ func (p *Provider) loadTCPRoutes(ctx context.Context, gatewayListeners []gateway
 				},
 			}

-			for _, listener := range gatewayListeners {
-				accepted := true
-				if !matchListener(listener, route.Namespace, parentRef) {
-					accepted = false
-				}
+			for _, listener := range routeListeners {
+				accepted := matchListener(listener, parentRef)
+
 				if accepted && !allowRoute(listener, route.Namespace, kindTCPRoute) {
 					parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNotAllowedByListeners))
 					accepted = false
--- a/pkg/provider/kubernetes/gateway/tlsroute.go
+++ b/pkg/provider/kubernetes/gateway/tlsroute.go
@ -32,6 +32,11 @@ func (p *Provider) loadTLSRoutes(ctx context.Context, gatewayListeners []gateway
 			Str("tls_route", route.Name).
 			Str("namespace", route.Namespace).Logger()

+		routeListeners := matchingGatewayListeners(gatewayListeners, route.Namespace, route.Spec.ParentRefs)
+		if len(routeListeners) == 0 {
+			continue
+		}
+
 		var parentStatuses []gatev1alpha2.RouteParentStatus
 		for _, parentRef := range route.Spec.ParentRefs {
 			parentStatus := &gatev1alpha2.RouteParentStatus{
@ -48,11 +53,9 @@ func (p *Provider) loadTLSRoutes(ctx context.Context, gatewayListeners []gateway
 				},
 			}

-			for _, listener := range gatewayListeners {
-				accepted := true
-				if !matchListener(listener, route.Namespace, parentRef) {
-					accepted = false
-				}
+			for _, listener := range routeListeners {
+				accepted := matchListener(listener, parentRef)
+
 				if accepted && !allowRoute(listener, route.Namespace, kindTLSRoute) {
 					parentStatus.Conditions = updateRouteConditionAccepted(parentStatus.Conditions, string(gatev1.RouteReasonNotAllowedByListeners))
 					accepted = false