From 0637fe760c9413b5a2d8bc4f1a5d4a6bc9a91410 Mon Sep 17 00:00:00 2001 From: Felipe Sere Date: Thu, 26 Feb 2026 14:52:59 +0000 Subject: [PATCH 1/5] Keep track of the generation of the route resource Signed-off-by: Felipe Sere --- policy-controller/k8s/status/src/index.rs | 6 ++++++ .../k8s/status/src/tests/conflict.rs | 16 ++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/policy-controller/k8s/status/src/index.rs b/policy-controller/k8s/status/src/index.rs index 0e5db8ffc4c2d..adb8f5a20c6d9 100644 --- a/policy-controller/k8s/status/src/index.rs +++ b/policy-controller/k8s/status/src/index.rs @@ -107,6 +107,7 @@ pub struct IndexMetrics { #[derive(Clone, PartialEq, Debug)] pub(crate) struct RouteRef { + pub(crate) generation: Option, pub(crate) parents: Vec, pub(crate) backends: Vec, pub(crate) statuses: Vec, @@ -1364,6 +1365,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the HTTPRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = HTTPRouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::HTTPRouteStatus { parents: statuses }], @@ -1434,6 +1436,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the HTTPRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::HTTPRouteStatus { parents: statuses }], @@ -1504,6 +1507,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the GRPCRoute is // already in the index and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::GRPCRouteStatus { parents: statuses }], @@ -1573,6 +1577,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the TLSRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::TLSRouteStatus { parents: statuses }], @@ -1642,6 +1647,7 @@ impl kubert::index::IndexNamespacedResource for Index { // Construct route and insert into the index; if the TCPRoute is // already in the index, and it hasn't changed, skip creating a patch. let route = RouteRef { + generation: resource.metadata.generation, parents, backends, statuses: vec![gateway::TCPRouteStatus { parents: statuses }], diff --git a/policy-controller/k8s/status/src/tests/conflict.rs b/policy-controller/k8s/status/src/tests/conflict.rs index 87606e2574855..d5934ad1249d3 100644 --- a/policy-controller/k8s/status/src/tests/conflict.rs +++ b/policy-controller/k8s/status/src/tests/conflict.rs @@ -59,6 +59,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -74,6 +75,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -89,6 +91,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -104,6 +107,7 @@ fn grpc_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -140,6 +144,7 @@ fn http_route_conflict_grpc(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -176,6 +181,7 @@ fn http_route_no_conflict(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -191,6 +197,7 @@ fn http_route_no_conflict(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -206,6 +213,7 @@ fn http_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -242,6 +250,7 @@ fn tls_route_conflict_http(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -278,6 +287,7 @@ fn tls_route_conflict_grpc(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -314,6 +324,7 @@ fn tls_route_no_conflict(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -329,6 +340,7 @@ fn tls_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -365,6 +377,7 @@ fn tcp_route_conflict_grpc(p: ParentRefType) { }, }, &GRPCRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -401,6 +414,7 @@ fn tcp_route_conflict_http(p: ParentRefType) { }, }, &HTTPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -437,6 +451,7 @@ fn tcp_route_conflict_tls(p: ParentRefType) { }, }, &TLSRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], @@ -473,6 +488,7 @@ fn tcp_route_no_conflict(p: ParentRefType) { }, }, &TCPRouteRef { + generation: None, parents: vec![parent.clone()], statuses: vec![], backends: vec![], From 9258feda51fb0e12d100b32afe76bcd694873700 Mon Sep 17 00:00:00 2001 From: Felipe Sere Date: Thu, 26 Feb 2026 14:59:18 +0000 Subject: [PATCH 2/5] Pass `None` as observed_generation to accepted Signed-off-by: Felipe Sere --- policy-controller/k8s/status/src/index.rs | 14 ++-- .../k8s/status/src/tests/egress_network.rs | 4 +- .../k8s/status/src/tests/ratelimit.rs | 4 +- .../k8s/status/src/tests/routes/grpc.rs | 36 +++++------ .../k8s/status/src/tests/routes/http.rs | 64 +++++++++---------- .../k8s/status/src/tests/routes/tcp.rs | 30 ++++----- .../k8s/status/src/tests/routes/tls.rs | 36 +++++------ 7 files changed, 94 insertions(+), 94 deletions(-) diff --git a/policy-controller/k8s/status/src/index.rs b/policy-controller/k8s/status/src/index.rs index adb8f5a20c6d9..5936ef5d06111 100644 --- a/policy-controller/k8s/status/src/index.rs +++ b/policy-controller/k8s/status/src/index.rs @@ -597,7 +597,7 @@ impl Index { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { route_conflicted() } else { - accepted() + accepted(None) } } else { no_matching_parent() @@ -616,7 +616,7 @@ impl Index { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { route_conflicted() } else { - accepted() + accepted(None) } } Some(_svc) => headless_parent(), @@ -636,7 +636,7 @@ impl Index { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { route_conflicted() } else { - accepted() + accepted(None) } } Some(_) => egress_net_not_accepted(), @@ -1097,7 +1097,7 @@ impl Index { }; if first_id.name == id.gkn.name { - accepted() + accepted(None) } else { ratelimit_already_exists() } @@ -1140,7 +1140,7 @@ impl Index { } } - accepted() + accepted(None) } fn make_egress_net_patch( @@ -1894,11 +1894,11 @@ pub(crate) fn ratelimit_already_exists() -> k8s::Condition { } } -pub(crate) fn accepted() -> k8s::Condition { +pub(crate) fn accepted(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: conditions::ACCEPTED.to_string(), status: cond_statuses::STATUS_TRUE.to_string(), type_: conditions::ACCEPTED.to_string(), diff --git a/policy-controller/k8s/status/src/tests/egress_network.rs b/policy-controller/k8s/status/src/tests/egress_network.rs index d9ba48b125e5b..9ecbdbd2ed0c1 100644 --- a/policy-controller/k8s/status/src/tests/egress_network.rs +++ b/policy-controller/k8s/status/src/tests/egress_network.rs @@ -58,7 +58,7 @@ fn egress_network_with_no_networks_specified() { // Create the expected update. let status = EgressNetworkStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], }; let patch = crate::index::make_patch(&id, status).unwrap(); @@ -120,7 +120,7 @@ fn egress_network_with_nonoverlapping_networks_specified() { // Create the expected update. let status = EgressNetworkStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], }; let patch = crate::index::make_patch(&id, status).unwrap(); diff --git a/policy-controller/k8s/status/src/tests/ratelimit.rs b/policy-controller/k8s/status/src/tests/ratelimit.rs index 0eda7de7a73af..4818428c6cb08 100644 --- a/policy-controller/k8s/status/src/tests/ratelimit.rs +++ b/policy-controller/k8s/status/src/tests/ratelimit.rs @@ -38,7 +38,7 @@ fn ratelimit_accepted() { index.write().apply(ratelimit); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), @@ -110,7 +110,7 @@ fn ratelimit_not_accepted_already_exists() { index.write().apply(rl_1); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![accepted()], + conditions: vec![accepted(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), diff --git a/policy-controller/k8s/status/src/tests/routes/grpc.rs b/policy-controller/k8s/status/src/tests/routes/grpc.rs index b96c97ddfa09c..cf9cee481a268 100644 --- a/policy-controller/k8s/status/src/tests/routes/grpc.rs +++ b/policy-controller/k8s/status/src/tests/routes/grpc.rs @@ -116,7 +116,7 @@ fn route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { @@ -160,7 +160,7 @@ fn route_with_valid_egress_network_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -196,7 +196,7 @@ fn route_with_valid_egress_network_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { @@ -291,7 +291,7 @@ fn route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); let parent_status = gateway::GRPCRouteStatusParents { @@ -335,11 +335,11 @@ fn route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -375,7 +375,7 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -424,7 +424,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -460,7 +460,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -505,7 +505,7 @@ fn route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -545,7 +545,7 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { @@ -722,11 +722,11 @@ fn route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -861,7 +861,7 @@ fn route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no TLSRoutes yet. @@ -890,7 +890,7 @@ fn route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { @@ -1016,7 +1016,7 @@ fn service_route_type_conflict() { index.write().apply(http_route); // Create the expected update -- HTTPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { @@ -1116,7 +1116,7 @@ fn egress_network_route_type_conflict() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); let parent = gateway::GRPCRouteParentRefs { @@ -1161,7 +1161,7 @@ fn egress_network_route_type_conflict() { index.write().apply(http_route); // Create the expected update -- HTTPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::GRPCRouteStatusParents { diff --git a/policy-controller/k8s/status/src/tests/routes/http.rs b/policy-controller/k8s/status/src/tests/routes/http.rs index 8023f8b8d740e..676e688ed4e74 100644 --- a/policy-controller/k8s/status/src/tests/routes/http.rs +++ b/policy-controller/k8s/status/src/tests/routes/http.rs @@ -86,7 +86,7 @@ fn linkerd_route_with_no_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { @@ -154,7 +154,7 @@ fn gateway_route_with_no_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { @@ -253,7 +253,7 @@ fn linkerd_route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { @@ -297,7 +297,7 @@ fn linkerd_route_with_valid_egress_networks_backends() { ); // Apply the parent egress network - let parent: policy::EgressNetwork = super::make_egress_network("ns-0", "egress", accepted()); + let parent: policy::EgressNetwork = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); let id = NamespaceGroupKindName { @@ -332,7 +332,7 @@ fn linkerd_route_with_valid_egress_networks_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { @@ -433,7 +433,7 @@ fn gateway_route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { @@ -477,7 +477,7 @@ fn gateway_route_with_valid_egress_networks_backends() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -513,7 +513,7 @@ fn gateway_route_with_valid_egress_networks_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { @@ -608,7 +608,7 @@ fn linkerd_route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); let parent_status = gateway::HTTPRouteStatusParents { @@ -652,11 +652,11 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -692,7 +692,7 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -741,7 +741,7 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -778,7 +778,7 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -823,7 +823,7 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -864,7 +864,7 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -958,7 +958,7 @@ fn gateway_route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); let parent_status = gateway::HTTPRouteStatusParents { @@ -1002,11 +1002,11 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -1042,7 +1042,7 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -1091,7 +1091,7 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -1128,7 +1128,7 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -1173,7 +1173,7 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -1214,7 +1214,7 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -1391,11 +1391,11 @@ fn linkerd_route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1574,11 +1574,11 @@ fn gateway_route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1713,7 +1713,7 @@ fn linkerd_route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no HTTPRoutes yet. @@ -1742,7 +1742,7 @@ fn linkerd_route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -1913,7 +1913,7 @@ fn gateway_route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no HTTPRoutes yet. @@ -1942,7 +1942,7 @@ fn gateway_route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { diff --git a/policy-controller/k8s/status/src/tests/routes/tcp.rs b/policy-controller/k8s/status/src/tests/routes/tcp.rs index 569428a9b2f7e..882bcd2ac2862 100644 --- a/policy-controller/k8s/status/src/tests/routes/tcp.rs +++ b/policy-controller/k8s/status/src/tests/routes/tcp.rs @@ -114,7 +114,7 @@ fn route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::TCPRouteStatusParents { @@ -158,7 +158,7 @@ fn route_with_valid_egress_network_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -193,7 +193,7 @@ fn route_with_valid_egress_network_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::TCPRouteStatusParents { @@ -286,7 +286,7 @@ fn route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); let parent_status = gateway::TCPRouteStatusParents { @@ -330,11 +330,11 @@ fn route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -369,7 +369,7 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -418,7 +418,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -453,7 +453,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -498,7 +498,7 @@ fn route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -537,7 +537,7 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { @@ -714,11 +714,11 @@ fn route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -853,7 +853,7 @@ fn route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no TCPRoutes yet. @@ -882,7 +882,7 @@ fn route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { diff --git a/policy-controller/k8s/status/src/tests/routes/tls.rs b/policy-controller/k8s/status/src/tests/routes/tls.rs index fddec87d46e5e..114f371259d48 100644 --- a/policy-controller/k8s/status/src/tests/routes/tls.rs +++ b/policy-controller/k8s/status/src/tests/routes/tls.rs @@ -114,7 +114,7 @@ fn route_with_valid_service_backends() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::TLSRouteStatusParents { @@ -158,7 +158,7 @@ fn route_with_valid_egress_network_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply the route. @@ -193,7 +193,7 @@ fn route_with_valid_egress_network_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // All backends exist and can be resolved. let backend_condition = resolved_refs(); let parent_status = gateway::TLSRouteStatusParents { @@ -286,7 +286,7 @@ fn route_with_invalid_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. let backend_condition = backend_not_found(); let parent_status = gateway::TLSRouteStatusParents { @@ -330,11 +330,11 @@ fn route_with_egress_network_backend_different_from_parent() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "svc", accepted()); + let parent = super::make_egress_network("ns-0", "svc", accepted(None)); index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -369,7 +369,7 @@ fn route_with_egress_network_backend_different_from_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -418,7 +418,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(parent.clone()); // Apply one backend egress network - let backend = super::make_egress_network("ns-0", "backend-1", accepted()); + let backend = super::make_egress_network("ns-0", "backend-1", accepted(None)); index.write().apply(backend.clone()); // Apply the route. @@ -453,7 +453,7 @@ fn route_with_egress_network_backend_and_service_parent() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", ); @@ -498,7 +498,7 @@ fn route_with_egress_network_parent_and_service_backend() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); // Apply one backend service @@ -537,7 +537,7 @@ fn route_with_egress_network_parent_and_service_backend() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { @@ -714,11 +714,11 @@ fn route_accepted_after_egress_network_create() { assert_eq!(patch, update.patch); // Apply the egress network - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -853,7 +853,7 @@ fn route_rejected_after_egress_network_delete() { default_cluster_networks(), ); - let egress = super::make_egress_network("ns-0", "egress", accepted()); + let egress = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(egress); // There should be no update since there are no TLSRoutes yet. @@ -882,7 +882,7 @@ fn route_rejected_after_egress_network_delete() { index.write().apply(route); // Create the expected update. - let accepted_condition = accepted(); + let accepted_condition = accepted(None); let backend_condition = resolved_refs(); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { @@ -1007,7 +1007,7 @@ fn service_route_type_conflict() { index.write().apply(tcp_route); // Create the expected update -- TCPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::TLSRouteStatusParents { @@ -1107,7 +1107,7 @@ fn egress_network_route_type_conflict() { ); // Apply the parent egress network - let parent = super::make_egress_network("ns-0", "egress", accepted()); + let parent = super::make_egress_network("ns-0", "egress", accepted(None)); index.write().apply(parent.clone()); let parent = gateway::TLSRouteParentRefs { @@ -1151,7 +1151,7 @@ fn egress_network_route_type_conflict() { index.write().apply(tcp_route); // Create the expected update -- TCPRoute should be accepted - let accepted_condition = accepted(); + let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. let backend_condition = resolved_refs(); let parent_status = gateway::TLSRouteStatusParents { From 5e89daf9275867bc09094817018f31e5bff205c0 Mon Sep 17 00:00:00 2001 From: Felipe Sere Date: Thu, 26 Feb 2026 15:09:12 +0000 Subject: [PATCH 3/5] Set generation from egress_net Signed-off-by: Felipe Sere --- policy-controller/k8s/status/src/index.rs | 10 ++++++---- .../k8s/status/src/tests/egress_network.rs | 3 ++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/policy-controller/k8s/status/src/index.rs b/policy-controller/k8s/status/src/index.rs index 5936ef5d06111..95c55631603f0 100644 --- a/policy-controller/k8s/status/src/index.rs +++ b/policy-controller/k8s/status/src/index.rs @@ -127,6 +127,7 @@ struct HttpLocalRateLimitPolicyRef { #[derive(Clone, PartialEq, Debug)] struct EgressNetworkRef { + generation: Option, networks: Vec, status_conditions: Vec, } @@ -1135,12 +1136,12 @@ impl Index { for egress_network_block in &egress_net.networks { for cluster_network_block in &self.cluster_networks { if egress_network_block.intersect(cluster_network_block) { - return in_cluster_net_overlap(); + return in_cluster_net_overlap(egress_net.generation); } } } - accepted(None) + accepted(egress_net.generation) } fn make_egress_net_patch( @@ -1781,6 +1782,7 @@ impl kubert::index::IndexNamespacedResource for Index { let id = ResourceId::new(namespace, name); let net = EgressNetworkRef { + generation: resource.metadata.generation, status_conditions, networks, }; @@ -1905,11 +1907,11 @@ pub(crate) fn accepted(observed_generation: Option) -> k8s::Condition { } } -pub(crate) fn in_cluster_net_overlap() -> k8s::Condition { +pub(crate) fn in_cluster_net_overlap(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "networks overlap with clusterNetworks".to_string(), - observed_generation: None, + observed_generation, reason: reasons::EGRESS_NET_REASON_OVERLAP.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), diff --git a/policy-controller/k8s/status/src/tests/egress_network.rs b/policy-controller/k8s/status/src/tests/egress_network.rs index 9ecbdbd2ed0c1..2cd999492e423 100644 --- a/policy-controller/k8s/status/src/tests/egress_network.rs +++ b/policy-controller/k8s/status/src/tests/egress_network.rs @@ -160,6 +160,7 @@ fn egress_network_with_overlapping_networks_specified() { metadata: k8s_core_api::ObjectMeta { name: Some(id.gkn.name.to_string()), namespace: Some(id.namespace.clone()), + generation: Some(3), ..Default::default() }, spec: linkerd_k8s_api::EgressNetworkSpec { @@ -180,7 +181,7 @@ fn egress_network_with_overlapping_networks_specified() { // Create the expected update. let status = EgressNetworkStatus { - conditions: vec![in_cluster_net_overlap()], + conditions: vec![in_cluster_net_overlap(egress_network.metadata.generation)], }; let patch = crate::index::make_patch(&id, status).unwrap(); let update = updates_rx.try_recv().unwrap(); From 9f1ddcb0b9a69a040a23a3ab6d50bc740e3e968f Mon Sep 17 00:00:00 2001 From: Felipe Sere Date: Thu, 26 Feb 2026 15:51:43 +0000 Subject: [PATCH 4/5] Add generation to HttpLocalRateLimitPolicyRef Signed-off-by: Felipe Sere --- policy-controller/k8s/status/src/index.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/policy-controller/k8s/status/src/index.rs b/policy-controller/k8s/status/src/index.rs index 95c55631603f0..f02cb99cffb6b 100644 --- a/policy-controller/k8s/status/src/index.rs +++ b/policy-controller/k8s/status/src/index.rs @@ -120,6 +120,7 @@ pub(crate) type TCPRouteRef = RouteRef; #[derive(Clone, PartialEq, Debug)] struct HttpLocalRateLimitPolicyRef { + generation: Option, creation_timestamp: Option>, target_ref: ratelimit::TargetReference, status_conditions: Vec, @@ -1732,6 +1733,7 @@ impl kubert::index::IndexNamespacedResource fo let target_ref = ratelimit::TargetReference::make_target_ref(&namespace, &resource.spec); let rl = HttpLocalRateLimitPolicyRef { + generation: resource.metadata.generation, creation_timestamp, target_ref, status_conditions, From db6432498a35e901698245469e97be8dcb9fd645 Mon Sep 17 00:00:00 2001 From: Felipe Sere Date: Thu, 26 Feb 2026 15:51:43 +0000 Subject: [PATCH 5/5] Pass generation through to all status objects Signed-off-by: Felipe Sere --- policy-controller/k8s/status/src/index.rs | 129 ++++++++++-------- .../k8s/status/src/tests/ratelimit.rs | 4 +- .../k8s/status/src/tests/routes/grpc.rs | 26 ++-- .../k8s/status/src/tests/routes/http.rs | 40 +++--- .../k8s/status/src/tests/routes/tcp.rs | 18 +-- .../k8s/status/src/tests/routes/tls.rs | 26 ++-- 6 files changed, 133 insertions(+), 110 deletions(-) diff --git a/policy-controller/k8s/status/src/index.rs b/policy-controller/k8s/status/src/index.rs index f02cb99cffb6b..067b9ee514dc3 100644 --- a/policy-controller/k8s/status/src/index.rs +++ b/policy-controller/k8s/status/src/index.rs @@ -594,15 +594,16 @@ impl Index { server: &ResourceId, id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, + generation: Option, ) -> k8s::Condition { if self.servers.contains(server) { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { - route_conflicted() + route_conflicted(generation) } else { - accepted(None) + accepted(generation) } } else { - no_matching_parent() + no_matching_parent(generation) } } @@ -611,18 +612,19 @@ impl Index { service: &ResourceId, id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, + generation: Option, ) -> k8s::Condition { // service is a valid parent if it exists and it has a cluster_ip. match self.services.get(service) { Some(svc) if svc.valid_parent_service() => { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { - route_conflicted() + route_conflicted(generation) } else { - accepted(None) + accepted(generation) } } - Some(_svc) => headless_parent(), - None => no_matching_parent(), + Some(_svc) => headless_parent(generation), + None => no_matching_parent(generation), } } @@ -631,18 +633,19 @@ impl Index { egress_net: &ResourceId, id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, + generation: Option, ) -> k8s::Condition { // egress network is a valid parent if it exists and is accepted. match self.egress_networks.get(egress_net) { Some(egress_net) if egress_net.is_accepted() => { if self.parent_has_conflicting_routes(parent_ref, &id.gkn.kind) { - route_conflicted() + route_conflicted(generation) } else { - accepted(None) + accepted(generation) } } - Some(_) => egress_net_not_accepted(), - None => no_matching_parent(), + Some(_) => egress_net_not_accepted(generation), + None => no_matching_parent(generation), } } @@ -651,10 +654,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -670,7 +674,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -686,7 +690,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -709,10 +713,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -728,7 +733,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -744,7 +749,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -767,10 +772,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -786,7 +792,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -802,7 +808,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -825,10 +831,11 @@ impl Index { id: &NamespaceGroupKindName, parent_ref: &routes::ParentReference, backend_condition: k8s::Condition, + generation: Option, ) -> Option { match parent_ref { routes::ParentReference::Server(server) => { - let condition = self.parent_condition_server(server, id, parent_ref); + let condition = self.parent_condition_server(server, id, parent_ref, generation); Some(gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: Some(POLICY_API_GROUP.to_string()), @@ -844,7 +851,7 @@ impl Index { } routes::ParentReference::Service(service, port) => { - let condition = self.parent_condition_service(service, id, parent_ref); + let condition = self.parent_condition_service(service, id, parent_ref, generation); Some(gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -860,7 +867,7 @@ impl Index { } routes::ParentReference::EgressNetwork(egress_net, port) => { - let condition = self.parent_condition_egress_network(egress_net, id, parent_ref); + let condition = self.parent_condition_egress_network(egress_net, id, parent_ref, generation); Some(gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: Some("policy.linkerd.io".to_string()), @@ -882,23 +889,24 @@ impl Index { &self, parent_ref: &routes::ParentReference, backend_refs: &[routes::BackendReference], + generation: Option, ) -> k8s::Condition { for backend_ref in backend_refs.iter() { match backend_ref { routes::BackendReference::Unknown => { // If even one backend has a reference to an unknown / unsupported // reference, return invalid backend condition - return invalid_backend_kind(""); + return invalid_backend_kind("", generation); } routes::BackendReference::Service(service) => { if !self.services.contains_key(service) { - return backend_not_found(); + return backend_not_found(generation); } } routes::BackendReference::EgressNetwork(egress_net) => { if !self.egress_networks.contains_key(egress_net) { - return backend_not_found(); + return backend_not_found(generation); } match parent_ref { @@ -910,14 +918,14 @@ impl Index { _ => { let message = "EgressNetwork backend needs to be on a route that has an EgressNetwork parent"; - return invalid_backend_kind(message); + return invalid_backend_kind(message, generation); } } } } } - resolved_refs() + resolved_refs(generation) } fn make_http_route_patch( @@ -935,8 +943,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.http_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.http_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -971,8 +980,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.grpc_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.grpc_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -1008,8 +1018,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.tls_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.tls_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -1045,8 +1056,9 @@ impl Index { // Compute a status for each parent_ref which has a kind we support. let parent_statuses = route.parents.iter().filter_map(|parent_ref| { - let backend_condition = self.backend_condition(parent_ref, &route.backends); - self.tcp_parent_status(id, parent_ref, backend_condition.clone()) + let backend_condition = + self.backend_condition(parent_ref, &route.backends, route.generation); + self.tcp_parent_status(id, parent_ref, backend_condition.clone(), route.generation) }); let all_statuses = unowned_statuses.chain(parent_statuses).collect::>(); @@ -1071,6 +1083,7 @@ impl Index { &self, id: &NamespaceGroupKindName, target_ref: &ratelimit::TargetReference, + generation: Option, ) -> Option { match target_ref { ratelimit::TargetReference::Server(server) => { @@ -1099,12 +1112,12 @@ impl Index { }; if first_id.name == id.gkn.name { - accepted(None) + accepted(generation) } else { - ratelimit_already_exists() + ratelimit_already_exists(generation) } } else { - no_matching_target() + no_matching_target(generation) }; Some(policy::HttpLocalRateLimitPolicyStatus { @@ -1125,7 +1138,7 @@ impl Index { id: &NamespaceGroupKindName, ratelimit: &HttpLocalRateLimitPolicyRef, ) -> Option> { - let status = self.target_ref_status(id, &ratelimit.target_ref)?; + let status = self.target_ref_status(id, &ratelimit.target_ref, ratelimit.generation)?; if eq_time_insensitive_conditions(&status.conditions, &ratelimit.status_conditions) { return None; } @@ -1832,66 +1845,66 @@ fn now() -> DateTime { now } -pub(crate) fn no_matching_parent() -> k8s::Condition { +pub(crate) fn no_matching_parent(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_PARENT.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn no_matching_target() -> k8s::Condition { +pub(crate) fn no_matching_target(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_TARGET.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -fn headless_parent() -> k8s::Condition { +fn headless_parent(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "parent service must have a ClusterIP".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_PARENT.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -fn egress_net_not_accepted() -> k8s::Condition { +fn egress_net_not_accepted(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "EgressNetwork parent has not been accepted".to_string(), - observed_generation: None, + observed_generation, reason: reasons::NO_MATCHING_PARENT.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn route_conflicted() -> k8s::Condition { +pub(crate) fn route_conflicted(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::ROUTE_REASON_CONFLICTED.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), } } -pub(crate) fn ratelimit_already_exists() -> k8s::Condition { +pub(crate) fn ratelimit_already_exists(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::RATELIMIT_REASON_ALREADY_EXISTS.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::ACCEPTED.to_string(), @@ -1920,33 +1933,33 @@ pub(crate) fn in_cluster_net_overlap(observed_generation: Option) -> k8s::C } } -pub(crate) fn resolved_refs() -> k8s::Condition { +pub(crate) fn resolved_refs(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::RESOLVED_REFS.to_string(), status: cond_statuses::STATUS_TRUE.to_string(), type_: conditions::RESOLVED_REFS.to_string(), } } -pub(crate) fn backend_not_found() -> k8s::Condition { +pub(crate) fn backend_not_found(observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: "".to_string(), - observed_generation: None, + observed_generation, reason: reasons::BACKEND_NOT_FOUND.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::RESOLVED_REFS.to_string(), } } -pub(crate) fn invalid_backend_kind(message: &str) -> k8s::Condition { +pub(crate) fn invalid_backend_kind(message: &str, observed_generation: Option) -> k8s::Condition { k8s::Condition { last_transition_time: k8s::Time(now()), message: message.to_string(), - observed_generation: None, + observed_generation, reason: reasons::INVALID_KIND.to_string(), status: cond_statuses::STATUS_FALSE.to_string(), type_: conditions::RESOLVED_REFS.to_string(), diff --git a/policy-controller/k8s/status/src/tests/ratelimit.rs b/policy-controller/k8s/status/src/tests/ratelimit.rs index 4818428c6cb08..06335c3ca86ef 100644 --- a/policy-controller/k8s/status/src/tests/ratelimit.rs +++ b/policy-controller/k8s/status/src/tests/ratelimit.rs @@ -74,7 +74,7 @@ fn ratelimit_not_accepted_no_matching_target() { index.write().apply(ratelimit); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![no_matching_target()], + conditions: vec![no_matching_target(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), @@ -130,7 +130,7 @@ fn ratelimit_not_accepted_already_exists() { index.write().apply(rl_2); let expected_status = linkerd_k8s_api::HttpLocalRateLimitPolicyStatus { - conditions: vec![ratelimit_already_exists()], + conditions: vec![ratelimit_already_exists(None)], target_ref: linkerd_k8s_api::LocalTargetRef { group: Some("policy.linkerd.io".to_string()), kind: "Server".to_string(), diff --git a/policy-controller/k8s/status/src/tests/routes/grpc.rs b/policy-controller/k8s/status/src/tests/routes/grpc.rs index cf9cee481a268..55d38c53e6cd7 100644 --- a/policy-controller/k8s/status/src/tests/routes/grpc.rs +++ b/policy-controller/k8s/status/src/tests/routes/grpc.rs @@ -118,7 +118,7 @@ fn route_with_valid_service_backends() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: Some("core".to_string()), @@ -198,7 +198,7 @@ fn route_with_valid_egress_network_backend() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -293,7 +293,7 @@ fn route_with_invalid_service_backend() { // Create the expected update. let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -378,6 +378,7 @@ fn route_with_egress_network_backend_different_from_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { @@ -463,6 +464,7 @@ fn route_with_egress_network_backend_and_service_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { @@ -546,7 +548,7 @@ fn route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -695,8 +697,8 @@ fn route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -891,7 +893,7 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -926,7 +928,7 @@ fn route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group, @@ -1018,7 +1020,7 @@ fn service_route_type_conflict() { // Create the expected update -- HTTPRoute should be accepted let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1055,7 +1057,7 @@ fn service_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::HTTPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1163,7 +1165,7 @@ fn egress_network_route_type_conflict() { // Create the expected update -- HTTPRoute should be accepted let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1200,7 +1202,7 @@ fn egress_network_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::HTTPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::GRPCRouteStatusParents { parent_ref: gateway::GRPCRouteStatusParentsParentRef { group: parent.group.clone(), diff --git a/policy-controller/k8s/status/src/tests/routes/http.rs b/policy-controller/k8s/status/src/tests/routes/http.rs index 676e688ed4e74..634f848a84f8f 100644 --- a/policy-controller/k8s/status/src/tests/routes/http.rs +++ b/policy-controller/k8s/status/src/tests/routes/http.rs @@ -88,7 +88,7 @@ fn linkerd_route_with_no_backends() { // Create the expected update. let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -156,7 +156,7 @@ fn gateway_route_with_no_backends() { // Create the expected update. let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -255,7 +255,7 @@ fn linkerd_route_with_valid_service_backends() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -334,7 +334,7 @@ fn linkerd_route_with_valid_egress_networks_backends() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -435,7 +435,7 @@ fn gateway_route_with_valid_service_backends() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -515,7 +515,7 @@ fn gateway_route_with_valid_egress_networks_backends() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -610,7 +610,7 @@ fn linkerd_route_with_invalid_service_backend() { // Create the expected update. let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -695,6 +695,7 @@ fn linkerd_route_with_egress_network_backend_different_from_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -781,6 +782,7 @@ fn linkerd_route_with_egress_network_backend_and_service_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -865,7 +867,7 @@ fn linkerd_route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -960,7 +962,7 @@ fn gateway_route_with_invalid_service_backend() { // Create the expected update. let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1045,6 +1047,7 @@ fn gateway_route_with_egress_network_backend_different_from_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -1131,6 +1134,7 @@ fn gateway_route_with_egress_network_backend_and_service_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { @@ -1215,7 +1219,7 @@ fn gateway_route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group, @@ -1364,8 +1368,8 @@ fn linkerd_route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1547,8 +1551,8 @@ fn gateway_route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let rejected_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let rejected_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1743,7 +1747,7 @@ fn linkerd_route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1778,7 +1782,7 @@ fn linkerd_route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1943,7 +1947,7 @@ fn gateway_route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1978,7 +1982,7 @@ fn gateway_route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::HTTPRouteStatusParents { parent_ref: gateway::HTTPRouteStatusParentsParentRef { group: parent.group.clone(), diff --git a/policy-controller/k8s/status/src/tests/routes/tcp.rs b/policy-controller/k8s/status/src/tests/routes/tcp.rs index 882bcd2ac2862..9e6d784a5a6eb 100644 --- a/policy-controller/k8s/status/src/tests/routes/tcp.rs +++ b/policy-controller/k8s/status/src/tests/routes/tcp.rs @@ -116,7 +116,7 @@ fn route_with_valid_service_backends() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -195,7 +195,7 @@ fn route_with_valid_egress_network_backend() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -288,7 +288,7 @@ fn route_with_invalid_service_backend() { // Create the expected update. let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -372,6 +372,7 @@ fn route_with_egress_network_backend_different_from_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { @@ -456,6 +457,7 @@ fn route_with_egress_network_backend_and_service_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { @@ -538,7 +540,7 @@ fn route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group, @@ -687,8 +689,8 @@ fn route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -883,7 +885,7 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group.clone(), @@ -918,7 +920,7 @@ fn route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::TCPRouteStatusParents { parent_ref: gateway::TCPRouteStatusParentsParentRef { group: parent.group.clone(), diff --git a/policy-controller/k8s/status/src/tests/routes/tls.rs b/policy-controller/k8s/status/src/tests/routes/tls.rs index 114f371259d48..7555431431179 100644 --- a/policy-controller/k8s/status/src/tests/routes/tls.rs +++ b/policy-controller/k8s/status/src/tests/routes/tls.rs @@ -116,7 +116,7 @@ fn route_with_valid_service_backends() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -195,7 +195,7 @@ fn route_with_valid_egress_network_backend() { // Create the expected update. let accepted_condition = accepted(None); // All backends exist and can be resolved. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -288,7 +288,7 @@ fn route_with_invalid_service_backend() { // Create the expected update. let accepted_condition = accepted(None); // One of the backends does not exist so the status should be BackendNotFound. - let backend_condition = backend_not_found(); + let backend_condition = backend_not_found(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -372,6 +372,7 @@ fn route_with_egress_network_backend_different_from_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { @@ -456,6 +457,7 @@ fn route_with_egress_network_backend_and_service_parent() { let accepted_condition = accepted(None); let backend_condition = invalid_backend_kind( "EgressNetwork backend needs to be on a route that has an EgressNetwork parent", + None, ); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { @@ -538,7 +540,7 @@ fn route_with_egress_network_parent_and_service_backend() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group, @@ -687,8 +689,8 @@ fn route_accepted_after_egress_network_create() { index.write().apply(route); // Create the expected update. - let accepted_condition = no_matching_parent(); - let backend_condition = resolved_refs(); + let accepted_condition = no_matching_parent(None); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -883,7 +885,7 @@ fn route_rejected_after_egress_network_delete() { // Create the expected update. let accepted_condition = accepted(None); - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -918,7 +920,7 @@ fn route_rejected_after_egress_network_delete() { } // Create the expected update. - let rejected_condition = no_matching_parent(); + let rejected_condition = no_matching_parent(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1009,7 +1011,7 @@ fn service_route_type_conflict() { // Create the expected update -- TCPRoute should be accepted let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1046,7 +1048,7 @@ fn service_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::TCPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1153,7 +1155,7 @@ fn egress_network_route_type_conflict() { // Create the expected update -- TCPRoute should be accepted let accepted_condition = accepted(None); // No backends were specified, so we have vacuously resolved them all. - let backend_condition = resolved_refs(); + let backend_condition = resolved_refs(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(), @@ -1190,7 +1192,7 @@ fn egress_network_route_type_conflict() { for _ in 0..2 { let update = updates_rx.try_recv().unwrap(); if update.id.gkn.kind == gateway::TCPRoute::kind(&()) { - let conflict_condition = route_conflicted(); + let conflict_condition = route_conflicted(None); let parent_status = gateway::TLSRouteStatusParents { parent_ref: gateway::TLSRouteStatusParentsParentRef { group: parent.group.clone(),