Reconcile resources

controllers/authconfig_eventmapper.go

@@ -0,0 +1,29 @@
+package controllers
+
+import (
+	"github.com/go-logr/logr"
+	"github.com/kuadrant/kuadrant-operator/pkg/common"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+// AuthConfigEventMapper is an EventHandler that maps AuthConfig objects events to Policy events.
+type AuthConfigEventMapper struct {
+	Logger logr.Logger
+}
+
+func (m *AuthConfigEventMapper) MapToAuthPolicy(obj client.Object) []reconcile.Request {
+	return m.mapToPolicyRequest(obj, "authpolicy", common.AuthPoliciesBackRefAnnotation)
+}
+
+func (m *AuthConfigEventMapper) mapToPolicyRequest(obj client.Object, policyKind string, policyBackRefAnnotationName string) []reconcile.Request {
+	policyRef, found := common.ReadAnnotationsFromObject(obj)[policyBackRefAnnotationName]
+	if !found {
+		return []reconcile.Request{}
+	}
+
+	policyKey := common.NamespacedNameToObjectKey(policyRef, obj.GetNamespace())
+
+	m.Logger.V(1).Info("Processing object", "object", client.ObjectKeyFromObject(obj), policyKind, policyKey)
+	return []reconcile.Request{{NamespacedName: policyKey}}
+}

controllers/authpolicy_auth_config.go

@@ -67,6 +67,8 @@ func (r *AuthPolicyReconciler) desiredAuthConfig(ap *api.AuthPolicy, targetNetwo
 		return nil, err
 	}
 
+	policyKey := client.ObjectKeyFromObject(ap)
+
 	return &authorinoapi.AuthConfig{
 		TypeMeta: metav1.TypeMeta{
 			Kind:       "AuthConfig",
@@ -75,6 +77,9 @@ func (r *AuthPolicyReconciler) desiredAuthConfig(ap *api.AuthPolicy, targetNetwo
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      authConfigName(client.ObjectKeyFromObject(ap)),
 			Namespace: ap.Namespace,
+			Annotations: map[string]string{
+				common.AuthPoliciesBackRefAnnotation: policyKey.String(),
+			},
 		},
 		Spec: authorinoapi.AuthConfigSpec{
 			Hosts:         hosts,

controllers/authpolicy_controller.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"encoding/json"
 
+	authorinoapi "github.com/kuadrant/authorino/api/v1beta1"
+
 	"github.com/go-logr/logr"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -199,6 +201,10 @@ func (r *AuthPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Logger: r.Logger().WithName("gatewayEventMapper"),
 	}
 
+	authConfigEventMapper := &AuthConfigEventMapper{
+		Logger: r.Logger().WithName("authConfigEventMapper"),
+	}
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&api.AuthPolicy{}).
 		Watches(
@@ -207,5 +213,7 @@ func (r *AuthPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		).
 		Watches(&source.Kind{Type: &gatewayapiv1beta1.Gateway{}},
 			handler.EnqueueRequestsFromMapFunc(gatewayEventMapper.MapToAuthPolicy)).
+		Watches(&source.Kind{Type: &authorinoapi.AuthConfig{}},
+			handler.EnqueueRequestsFromMapFunc(authConfigEventMapper.MapToAuthPolicy)).
 		Complete(r)
 }

controllers/limitador_eventmapper.go

@@ -0,0 +1,44 @@
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/go-logr/logr"
+	"github.com/kuadrant/kuadrant-operator/pkg/common"
+	limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+type LimitadorEventMapper struct {
+	Logger logr.Logger
+}
+
+func (m LimitadorEventMapper) MapToRateLimitPolicy(obj client.Object) []reconcile.Request {
+	limitador, ok := obj.(*limitadorv1alpha1.Limitador)
+	if !ok {
+		return []reconcile.Request{}
+	}
+
+	objAnnotations := limitador.GetAnnotations()
+	val, ok := objAnnotations[common.RateLimitPoliciesBackRefAnnotation]
+	if !ok {
+		return []reconcile.Request{}
+	}
+
+	var refs []client.ObjectKey
+	err := json.Unmarshal([]byte(val), &refs)
+	if err != nil {
+		return []reconcile.Request{}
+	}
+
+	requests := make([]reconcile.Request, 0)
+	for _, ref := range refs {
+		m.Logger.V(1).Info("MapRateLimitPolicy", "ratelimitpolicy", ref)
+		requests = append(requests, reconcile.Request{
+			NamespacedName: ref,
+		})
+		break
+	}
+	return requests
+}

controllers/ratelimitpolicy_controller.go

@@ -21,6 +21,7 @@ import (
 	"encoding/json"
 
 	"github.com/go-logr/logr"
+	limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -186,7 +187,7 @@ func (r *RateLimitPolicyReconciler) reconcileResources(ctx context.Context, rlp
 		return err
 	}
 
-	// set annotation of policies afftecting the gateway - should be the last step, only when all the reconciliation steps succeed
+	// set annotation of policies affecting the gateway - should be the last step, only when all the reconciliation steps succeed
 	return r.ReconcileGatewayPolicyReferences(ctx, rlp, gatewayDiffObj)
 }
 
@@ -216,7 +217,13 @@ func (r *RateLimitPolicyReconciler) deleteResources(ctx context.Context, rlp *ku
 		}
 	}
 
-	// update annotation of policies afftecting the gateway
+	// remove direct back ref from limitador CR
+	err = r.deleteLimitadorBackReference(ctx, rlp)
+	if err != nil {
+		return err
+	}
+
+	// update annotation of policies affecting the gateway
 	return r.ReconcileGatewayPolicyReferences(ctx, rlp, gatewayDiffObj)
 }
 
@@ -241,6 +248,11 @@ func (r *RateLimitPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Logger: r.Logger().WithName("gatewayRateLimitPolicyEventMapper"),
 		Client: r.Client(),
 	}
+
+	limitadorEventMapper := &LimitadorEventMapper{
+		Logger: r.Logger().WithName("limitadorEventMapper"),
+	}
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&kuadrantv1beta2.RateLimitPolicy{}).
 		Watches(
@@ -258,5 +270,8 @@ func (r *RateLimitPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
 			&source.Kind{Type: &kuadrantv1beta2.RateLimitPolicy{}},
 			handler.EnqueueRequestsFromMapFunc(gatewayRateLimtPolicyEventMapper.MapRouteRateLimitPolicy),
 		).
+		Watches(&source.Kind{Type: &limitadorv1alpha1.Limitador{}},
+			handler.EnqueueRequestsFromMapFunc(limitadorEventMapper.MapToRateLimitPolicy),
+		).
 		Complete(r)
 }

controllers/ratelimitpolicy_limits.go

@@ -42,6 +42,11 @@ func (r *RateLimitPolicyReconciler) reconcileLimitador(ctx context.Context, rlp
 		return err
 	}
 
+	rplsBackref, err := common.BuildBackRefs(rlpRefs)
+	if err != nil {
+		return err
+	}
+
 	// get the current limitador cr for the kuadrant instance so we can compare if it needs to be updated
 	logger.V(1).Info("get kuadrant namespace")
 	var kuadrantNamespace string
@@ -68,13 +73,17 @@ func (r *RateLimitPolicyReconciler) reconcileLimitador(ctx context.Context, rlp
 		return err
 	}
 
-	// return if limitador is up to date
-	if rlptools.Equal(rateLimitIndex.ToRateLimits(), limitador.Spec.Limits) {
+	update := false
+	update = update || !common.AnnotationEqual(common.RateLimitPoliciesBackRefAnnotation, rplsBackref, limitador.Annotations)
+	update = update || !rlptools.Equal(rateLimitIndex.ToRateLimits(), limitador.Spec.Limits)
+	// return if limitador is up-to-date
+	if !update {
 		logger.V(1).Info("limitador is up to date, skipping update")
 		return nil
 	}
 
 	// update limitador
+	limitador.SetAnnotations(common.AddAnnotation(common.RateLimitPoliciesBackRefAnnotation, rplsBackref, limitador.Annotations))
 	limitador.Spec.Limits = rateLimitIndex.ToRateLimits()
 	err = r.UpdateResource(ctx, limitador)
 	logger.V(1).Info("update limitador", "limitador", limitadorKey, "err", err)
@@ -108,3 +117,49 @@ func (r *RateLimitPolicyReconciler) buildRateLimitIndex(ctx context.Context, rlp
 
 	return rateLimitIndex, nil
 }
+
+func (r *RateLimitPolicyReconciler) deleteLimitadorBackReference(ctx context.Context, policy client.Object) error {
+	kuadrantNamespace, err := common.GetKuadrantNamespace(policy)
+	if err != nil {
+		return err
+	}
+
+	limitadorList, err := r.listLimitadorByNamespace(ctx, kuadrantNamespace)
+	if err != nil {
+		return err
+	}
+
+	policyKey := client.ObjectKeyFromObject(policy)
+	updateList, err := rlptools.RemoveRLPLabelsFromLimitadorList(limitadorList, policyKey)
+	if err != nil {
+		return err
+	}
+
+	err = r.updateLimitadorCRs(ctx, updateList)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (r *RateLimitPolicyReconciler) updateLimitadorCRs(ctx context.Context, updateList limitadorv1alpha1.LimitadorList) error {
+	for index := range updateList.Items {
+		err := r.Client().Update(ctx, &updateList.Items[index])
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (r *RateLimitPolicyReconciler) listLimitadorByNamespace(ctx context.Context, namespace string) (limitadorv1alpha1.LimitadorList, error) {
+	limitadorList := limitadorv1alpha1.LimitadorList{}
+	listOptions := &client.ListOptions{Namespace: namespace}
+
+	err := r.Client().List(ctx, &limitadorList, listOptions)
+	if err != nil {
+		return limitadorv1alpha1.LimitadorList{}, err
+	}
+	return limitadorList, nil
+}

pkg/common/annotations.go

@@ -0,0 +1,32 @@
+package common
+
+func AddAnnotation(annotation string, value string, annotations map[string]string) map[string]string {
+	_, ok := annotations[annotation]
+	if !ok && len(value) == 0 {
+		return annotations
+	}
+
+	if len(value) == 0 {
+		delete(annotations, annotation)
+		return annotations
+	}
+
+	if annotations == nil {
+		annotations = map[string]string{}
+	}
+	annotations[annotation] = value
+	return annotations
+}
+
+func AnnotationEqual(annotation string, value string, annotations map[string]string) bool {
+	val, ok := annotations[annotation]
+	if !ok && len(annotation) == 0 {
+		return true
+	}
+
+	if val == value {
+		return true
+	}
+
+	return false
+}

pkg/common/back_reference.go

@@ -0,0 +1,26 @@
+package common
+
+import (
+	"encoding/json"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func BuildBackRefs(refs []client.ObjectKey) (string, error) {
+	if len(refs) == 0 {
+		return "", nil
+	}
+
+	var uniqueKeys []client.ObjectKey
+
+	for _, v := range refs {
+		if !Contains(uniqueKeys, v) {
+			uniqueKeys = append(uniqueKeys, v)
+		}
+	}
+
+	serialized, err := json.Marshal(uniqueKeys)
+	if err != nil {
+		return "", err
+	}
+	return string(serialized), nil
+}

pkg/rlptools/utils.go

@@ -3,9 +3,12 @@ package rlptools
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"encoding/json"
 	"fmt"
 	"unicode"
 
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
 	limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1"
 
 	kuadrantv1beta2 "github.com/kuadrant/kuadrant-operator/api/v1beta2"
@@ -88,3 +91,40 @@ func rateToSeconds(rate kuadrantv1beta2.Rate) (maxValue int, seconds int) {
 
 	return
 }
+
+func RemoveRLPLabelsFromLimitadorList(limitadorList limitadorv1alpha1.LimitadorList, policyKey client.ObjectKey) (limitadorv1alpha1.LimitadorList, error) {
+	var updateList limitadorv1alpha1.LimitadorList
+	for index := range limitadorList.Items {
+		limitador := limitadorList.Items[index]
+		objAnnotations := limitador.GetAnnotations()
+		val, ok := objAnnotations[common.RateLimitPoliciesBackRefAnnotation]
+		if !ok {
+			continue
+		}
+
+		var refs []client.ObjectKey
+		err := json.Unmarshal([]byte(val), &refs)
+		if err != nil {
+			return updateList, err
+		}
+		refID := common.FindObjectKey(refs, policyKey)
+		if refID != len(refs) {
+			// remove index
+			refs = append(refs[:refID], refs[refID+1:]...)
+
+			if len(refs) > 0 {
+				serialized, err := json.Marshal(refs)
+				if err != nil {
+					return updateList, err
+				}
+				objAnnotations[common.RateLimitPoliciesBackRefAnnotation] = string(serialized)
+			} else {
+				delete(objAnnotations, common.RateLimitPoliciesBackRefAnnotation)
+			}
+
+			limitador.SetAnnotations(objAnnotations)
+			updateList.Items = append(updateList.Items, limitador)
+		}
+	}
+	return updateList, nil
+}