add policyAffected status for policy target refs

Author: salonichf5

internal/controller/state/conditions/conditions.go

@@ -107,6 +107,18 @@ const (
 	// has an overlapping hostname:port/path combination with another Route.
 	PolicyReasonTargetConflict v1alpha2.PolicyConditionReason = "TargetConflict"
 
+	// ClientSettingsPolicyAffected is used with the "PolicyAffected" condition when a
+	// ClientSettingsPolicy is applied to a Gateway, HTTPRoute, or GRPCRoute.
+	ClientSettingsPolicyAffected v1alpha2.PolicyConditionType = "ClientSettingsPolicyAffected"
+
+	// ObservabilityPolicyAffected is used with the "PolicyAffected" condition when an
+	// ObservabilityPolicy is applied to a HTTPRoute, or GRPCRoute.
+	ObservabilityPolicyAffected v1alpha2.PolicyConditionType = "ObservabilityPolicyAffected"
+
+	// PolicyAffectedReason is used with the "PolicyAffected" condition when a
+	// ObservabilityPolicy or ClientSettingsPolicy is applied to Gateways or Routes.
+	PolicyAffectedReason v1alpha2.PolicyConditionReason = "PolicyAffected"
+
 	// GatewayResolvedRefs condition indicates whether the controller was able to resolve the
 	// parametersRef on the Gateway.
 	GatewayResolvedRefs v1.GatewayConditionType = "ResolvedRefs"
@@ -185,6 +197,33 @@ func ConvertConditions(
 	return apiConds
 }
 
+// HasMatchingCondition checks if the given condition matches any of the existing conditions.
+func HasMatchingCondition(existingConditions []Condition, cond Condition) bool {
+	condMap := make(map[Condition]struct{}, len(existingConditions))
+	for _, cond := range existingConditions {
+		key := Condition{
+			Type:    cond.Type,
+			Status:  cond.Status,
+			Reason:  cond.Reason,
+			Message: cond.Message,
+		}
+		condMap[key] = struct{}{}
+	}
+
+	key := Condition{
+		Type:    cond.Type,
+		Status:  cond.Status,
+		Reason:  cond.Reason,
+		Message: cond.Message,
+	}
+
+	if _, exists := condMap[key]; exists {
+		return true
+	}
+
+	return false
+}
+
 // NewDefaultGatewayClassConditions returns Conditions that indicate that the GatewayClass is accepted and that the
 // Gateway API CRD versions are supported.
 func NewDefaultGatewayClassConditions() []Condition {
@@ -940,3 +979,25 @@ func NewSnippetsFilterAccepted() Condition {
 		Message: "SnippetsFilter is accepted",
 	}
 }
+
+// NewObservabilityPolicyAffected returns a Condition that indicates that an ObservabilityPolicy
+// is applied to the resource.
+func NewObservabilityPolicyAffected() Condition {
+	return Condition{
+		Type:    string(ObservabilityPolicyAffected),
+		Status:  metav1.ConditionTrue,
+		Reason:  string(PolicyAffectedReason),
+		Message: "ObservabilityPolicy is applied to the resource",
+	}
+}
+
+// NewClientSettingsPolicyAffected returns a Condition that indicates that a ClientSettingsPolicy
+// is applied to the resource.
+func NewClientSettingsPolicyAffected() Condition {
+	return Condition{
+		Type:    string(ClientSettingsPolicyAffected),
+		Status:  metav1.ConditionTrue,
+		Reason:  string(PolicyAffectedReason),
+		Message: "ClientSettingsPolicy is applied to the resource",
+	}
+}

internal/controller/state/conditions/conditions_test.go

@@ -105,3 +105,43 @@ func TestConvertConditions(t *testing.T) {
 	result := ConvertConditions(conds, generation, time)
 	g.Expect(result).Should(Equal(expected))
 }
+
+func TestHasMatchingConding(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		condition Condition
+		name      string
+		conds     []Condition
+		expected  bool
+	}{
+		{
+			name:      "no conditions in the list",
+			conds:     nil,
+			condition: NewClientSettingsPolicyAffected(),
+			expected:  false,
+		},
+		{
+			name:      "condition matches existing condition",
+			conds:     []Condition{NewClientSettingsPolicyAffected()},
+			condition: NewClientSettingsPolicyAffected(),
+			expected:  true,
+		},
+		{
+			name:      "condition does not match existing condition",
+			conds:     []Condition{NewClientSettingsPolicyAffected()},
+			condition: NewObservabilityPolicyAffected(),
+			expected:  false,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			t.Parallel()
+			g := NewWithT(t)
+
+			result := HasMatchingCondition(test.conds, test.condition)
+			g.Expect(result).To(Equal(test.expected))
+		})
+	}
+}

internal/controller/state/graph/graph.go

@@ -280,6 +280,9 @@ func BuildGraph(
 		gws,
 	)
 
+	// add status conditions to each targetRef based on the policies that affect them.
+	addPolicyAffectedStatusToTargetRefs(processedPolicies, routes, gws)
+
 	setPlusSecretContent(state.Secrets, plusSecrets)
 
 	g := &Graph{

internal/controller/state/graph/graph_test.go

@@ -765,6 +765,9 @@ func TestBuildGraph(t *testing.T) {
 			Rules:     []RouteRule{createValidRuleWithBackendRefsAndFilters(routeMatches, RouteTypeHTTP)},
 		},
 		Policies: []*Policy{processedRoutePolicy},
+		Conditions: []conditions.Condition{
+			conditions.NewClientSettingsPolicyAffected(),
+		},
 	}
 
 	routeTR := &L4Route{
@@ -1080,7 +1083,10 @@ func TestBuildGraph(t *testing.T) {
 							ErrorLevel: helpers.GetPointer(ngfAPIv1alpha2.NginxLogLevelError),
 						},
 					},
-					Conditions: []conditions.Condition{conditions.NewGatewayResolvedRefs()},
+					Conditions: []conditions.Condition{
+						conditions.NewGatewayResolvedRefs(),
+						conditions.NewClientSettingsPolicyAffected(),
+					},
 					DeploymentName: types.NamespacedName{
 						Namespace: "test",
 						Name:      "gateway-1-my-class",

internal/controller/state/graph/policies.go

@@ -448,3 +448,60 @@ func refGroupKind(group v1.Group, kind v1.Kind) string {
 
 	return fmt.Sprintf("%s/%s", group, kind)
 }
+
+// addPolicyAffectedStatusToTargetRefs adds the policyAffected status to the target references
+// of ClientSetttingsPolicies and ObservabilityPolicies.
+func addPolicyAffectedStatusToTargetRefs(
+	processedPolicies map[PolicyKey]*Policy,
+	routes map[RouteKey]*L7Route,
+	gws map[types.NamespacedName]*Gateway,
+) {
+	for policyKey, policy := range processedPolicies {
+		for _, ref := range policy.TargetRefs {
+			switch ref.Kind {
+			case kinds.Gateway:
+				if !gatewayExists(ref.Nsname, gws) {
+					continue
+				}
+				gw := gws[ref.Nsname]
+				if gw == nil {
+					continue
+				}
+
+				// set the policy status on the Gateway.
+				policyKind := policyKey.GVK.Kind
+				addStatusToTargetRefs(policyKind, &gw.Conditions)
+			case kinds.HTTPRoute, kinds.GRPCRoute:
+				routeKey := routeKeyForKind(ref.Kind, ref.Nsname)
+				l7route, exists := routes[routeKey]
+				if !exists {
+					continue
+				}
+
+				// set the policy status on L7 routes.
+				policyKind := policyKey.GVK.Kind
+				addStatusToTargetRefs(policyKind, &l7route.Conditions)
+			default:
+				continue
+			}
+		}
+	}
+}
+
+func addStatusToTargetRefs(policyKind string, conditionsList *[]conditions.Condition) {
+	if conditionsList == nil {
+		return
+	}
+	switch policyKind {
+	case kinds.ObservabilityPolicy:
+		if conditions.HasMatchingCondition(*conditionsList, conditions.NewObservabilityPolicyAffected()) {
+			return
+		}
+		*conditionsList = append(*conditionsList, conditions.NewObservabilityPolicyAffected())
+	case kinds.ClientSettingsPolicy:
+		if conditions.HasMatchingCondition(*conditionsList, conditions.NewClientSettingsPolicyAffected()) {
+			return
+		}
+		*conditionsList = append(*conditionsList, conditions.NewClientSettingsPolicyAffected())
+	}
+}