fix(gatewayapi): update gateway-api and fix failing RouteKind tests (#…

…5175)

* chore(deps): update gateway-api
* fix: properly set ResolvedRefs listener condition
* fix: properly set SupportedKinds
* test(e2e): reenable Gateway API conformance tests
* refactor: use beta types where possible
* refactor: no more deprecated conditions

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>

go.mod

@@ -200,4 +200,4 @@ require (
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
-replace sigs.k8s.io/gateway-api => github.com/kumahq/gateway-api v0.0.0-20220822185518-e8a3f0be778b
+replace sigs.k8s.io/gateway-api => github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a

go.sum

@@ -1027,8 +1027,8 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ktrysmt/go-bitbucket v0.6.4/go.mod h1:9u0v3hsd2rqCHRIpbir1oP7F58uo5dq19sBYvuMoyQ4=
-github.com/kumahq/gateway-api v0.0.0-20220822185518-e8a3f0be778b h1:bOI+l61dTIF2vXrB/SUlRKCzJhFgGlBTVDKxKSCGrv8=
-github.com/kumahq/gateway-api v0.0.0-20220822185518-e8a3f0be778b/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA=
+github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a h1:szFGMVdySxtKAjCxO3JUncfr1JGWOIlQaqWnrTUJsBc=
+github.com/kumahq/gateway-api v0.0.0-20221019125100-747a4fedfd7a/go.mod h1:x0AP6gugkFV8fC/oTlnOMU0pnmuzIR8LfIPRVUjxSqA=
 github.com/kumahq/kuma-net v0.7.2 h1:892BxDUkSQjQZR2DUaAub/2DNN6VEQd/CaGrQIlFtR0=
 github.com/kumahq/kuma-net v0.7.2/go.mod h1:aqhBHsY3LQCTvBOr7oU1r2hwjTn9vhXUKDJXJokkSCM=
 github.com/kumahq/protoc-gen-kumadoc v0.3.1 h1:tY2dGQJTYVGkhxAHN154fddcWDRy55Pl4+oLT+FhsHo=

pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_conversion.go

@@ -3,9 +3,11 @@ package gatewayapi
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	kube_core "k8s.io/api/core/v1"
 	kube_apierrs "k8s.io/apimachinery/pkg/api/errors"
+	kube_apimeta "k8s.io/apimachinery/pkg/api/meta"
 	kube_meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kube_types "k8s.io/apimachinery/pkg/types"
 	kube_client "sigs.k8s.io/controller-runtime/pkg/client"
@@ -41,8 +43,8 @@ func ValidateListeners(listeners []gatewayapi.Listener) ([]gatewayapi.Listener,
 		listenerConditions[listener] = append(
 			listenerConditions[listener],
 			kube_meta.Condition{
-				Type:    string(gatewayapi.ListenerConditionDetached),
-				Status:  kube_meta.ConditionTrue,
+				Type:    string(gatewayapi.ListenerConditionAccepted),
+				Status:  kube_meta.ConditionFalse,
 				Reason:  string(reason),
 				Message: message,
 			},
@@ -191,20 +193,23 @@ func (r *GatewayReconciler) gapiToKumaGateway(
 			continue
 		}
 
+		var unsupportedRouteGroupKinds []string
 		for _, gk := range l.AllowedRoutes.Kinds {
 			if gk.Kind != common.HTTPRouteKind || *gk.Group != gatewayapi.GroupName {
 				metaGK := kube_meta.GroupKind{Group: string(*gk.Group), Kind: string(gk.Kind)}
-				listenerConditions[l.Name] = append(listenerConditions[l.Name],
-					kube_meta.Condition{
-						Type:    string(gatewayapi.ListenerConditionResolvedRefs),
-						Status:  kube_meta.ConditionFalse,
-						Reason:  string(gatewayapi.ListenerReasonInvalidRouteKinds),
-						Message: fmt.Sprintf("unexpected RouteGroupKind %q", metaGK.String()),
-					},
-				)
-				continue
+				unsupportedRouteGroupKinds = append(unsupportedRouteGroupKinds, metaGK.String())
 			}
 		}
+		if len(unsupportedRouteGroupKinds) > 0 {
+			listenerConditions[l.Name] = append(listenerConditions[l.Name],
+				kube_meta.Condition{
+					Type:    string(gatewayapi.ListenerConditionResolvedRefs),
+					Status:  kube_meta.ConditionFalse,
+					Reason:  string(gatewayapi.ListenerReasonInvalidRouteKinds),
+					Message: fmt.Sprintf("unexpected RouteGroupKind %q", strings.Join(unsupportedRouteGroupKinds, ", ")),
+				},
+			)
+		}
 
 		listener.Hostname = "*"
 		if l.Hostname != nil {
@@ -309,9 +314,9 @@ func handleConditions(conditions []kube_meta.Condition, unresolvableCertRef *cer
 	conditions = append(
 		conditions,
 		kube_meta.Condition{
-			Type:   string(gatewayapi.ListenerConditionDetached),
-			Status: kube_meta.ConditionFalse,
-			Reason: string(gatewayapi.ListenerReasonAttached),
+			Type:   string(gatewayapi.ListenerConditionAccepted),
+			Status: kube_meta.ConditionTrue,
+			Reason: string(gatewayapi.ListenerReasonAccepted),
 		},
 		kube_meta.Condition{
 			Type:   string(gatewayapi.ListenerConditionConflicted),
@@ -322,34 +327,41 @@ func handleConditions(conditions []kube_meta.Condition, unresolvableCertRef *cer
 
 	var resolvedRefConditions []kube_meta.Condition
 
-	if unresolvableCertRef == nil {
-		resolvedRefConditions = []kube_meta.Condition{
-			{
+	if unresolvableCertRef != nil && !kube_apimeta.IsStatusConditionFalse(conditions, string(gatewayapi.ListenerConditionResolvedRefs)) {
+		kube_apimeta.SetStatusCondition(&conditions,
+			kube_meta.Condition{
+				Type:    string(gatewayapi.ListenerConditionResolvedRefs),
+				Status:  kube_meta.ConditionFalse,
+				Reason:  unresolvableCertRef.reason,
+				Message: unresolvableCertRef.message,
+			},
+		)
+	}
+
+	if !kube_apimeta.IsStatusConditionFalse(conditions, string(gatewayapi.ListenerConditionResolvedRefs)) {
+		kube_apimeta.SetStatusCondition(&conditions,
+			kube_meta.Condition{
 				Type:   string(gatewayapi.ListenerConditionResolvedRefs),
 				Status: kube_meta.ConditionTrue,
 				Reason: string(gatewayapi.ListenerReasonResolvedRefs),
 			},
-			{
+		)
+		kube_apimeta.SetStatusCondition(&conditions,
+			kube_meta.Condition{
 				Type:   string(gatewayapi.ListenerConditionReady),
 				Status: kube_meta.ConditionTrue,
-				Reason: string(gatewayapi.ListenerConditionReady),
+				Reason: string(gatewayapi.ListenerReasonReady),
 			},
-		}
+		)
 	} else {
-		resolvedRefConditions = []kube_meta.Condition{
-			{
-				Type:    string(gatewayapi.ListenerConditionResolvedRefs),
-				Status:  kube_meta.ConditionFalse,
-				Reason:  unresolvableCertRef.reason,
-				Message: unresolvableCertRef.message,
-			},
-			{
+		kube_apimeta.SetStatusCondition(&conditions,
+			kube_meta.Condition{
 				Type:    string(gatewayapi.ListenerConditionReady),
 				Status:  kube_meta.ConditionFalse,
 				Reason:  string(gatewayapi.ListenerReasonInvalid),
 				Message: "unable to resolve refs",
 			},
-		}
+		)
 	}
 
 	return append(conditions, resolvedRefConditions...)

pkg/plugins/runtime/k8s/controllers/gatewayapi/gateway_status.go

@@ -12,6 +12,7 @@ import (
 	kube_meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kube_client "sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayapi "sigs.k8s.io/gateway-api/apis/v1beta1"
+	gatewayapi_util "sigs.k8s.io/gateway-api/apis/v1beta1/util/translator"
 
 	mesh_k8s "github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/api/v1alpha1"
 	"github.com/kumahq/kuma/pkg/plugins/runtime/k8s/controllers/gatewayapi/common"
@@ -145,18 +146,36 @@ func mergeGatewayListenerStatuses(
 	// for each new parentstatus, either add it to the list or update the
 	// existing one
 	for name, conditions := range conditions {
+		var listener gatewayapi.Listener
+		for _, l := range gateway.Spec.Listeners {
+			if l.Name == name {
+				listener = l
+			}
+		}
+
+		supportedKinds := []gatewayapi.RouteGroupKind{}
+		if len(listener.AllowedRoutes.Kinds) == 0 {
+			supportedKinds = append(supportedKinds,
+				gatewayapi.RouteGroupKind{Group: gatewayapi_util.GroupPtr(gatewayapi.GroupVersion.Group), Kind: common.HTTPRouteKind},
+			)
+		}
+		for _, rgk := range listener.AllowedRoutes.Kinds {
+			if string(*rgk.Group) == gatewayapi.GroupVersion.Group && rgk.Kind == common.HTTPRouteKind {
+				supportedKinds = append(supportedKinds, rgk)
+			}
+		}
+
 		previousStatus := gatewayapi.ListenerStatus{
 			Name:           name,
 			AttachedRoutes: 0,
-			// TODO this should be Listener.AllowedRoutes with invalid kinds
-			// removed, i.e. it may be empty
-			SupportedKinds: []gatewayapi.RouteGroupKind{{Kind: common.HTTPRouteKind}},
 		}
 
 		if prev, ok := previousStatuses[name]; ok {
 			previousStatus = prev
 		}
 
+		previousStatus.SupportedKinds = supportedKinds
+
 		for _, condition := range conditions {
 			condition.ObservedGeneration = gateway.GetGeneration()
 			kube_apimeta.SetStatusCondition(&previousStatus.Conditions, condition)
@@ -215,9 +234,9 @@ func mergeGatewayStatus(
 
 	conditions := []kube_meta.Condition{
 		{
-			Type:   string(gatewayapi.GatewayConditionScheduled),
+			Type:   string(gatewayapi.GatewayConditionAccepted),
 			Status: kube_meta.ConditionTrue,
-			Reason: string(gatewayapi.GatewayReasonScheduled),
+			Reason: string(gatewayapi.GatewayReasonAccepted),
 		},
 		{
 			Type:   string(gatewayapi.GatewayConditionReady),

pkg/plugins/runtime/k8s/controllers/gatewayapi/http_route_controller.go

@@ -232,7 +232,7 @@ func routesForGrant(l logr.Logger, client kube_client.Client) kube_handler.MapFu
 
 		var namespaces []gatewayapi_alpha.Namespace
 		for _, from := range grant.Spec.From {
-			if from.Group == gatewayapi_alpha.Group(gatewayapi.GroupVersion.Group) && from.Kind == gatewayapi_alpha.Kind(common.HTTPRouteKind) {
+			if from.Group == gatewayapi.Group(gatewayapi.GroupVersion.Group) && from.Kind == common.HTTPRouteKind {
 				namespaces = append(namespaces, from.Namespace)
 			}
 		}

pkg/plugins/runtime/k8s/controllers/gatewayapi/policy/policy.go

@@ -14,7 +14,7 @@ import (
 
 type PolicyReference struct {
 	from        gatewayapi_alpha.ReferenceGrantFrom
-	toNamespace gatewayapi_alpha.Namespace
+	toNamespace gatewayapi.Namespace
 	// always set when created via the exported functions
 	to gatewayapi_alpha.ReferenceGrantTo
 }
@@ -29,32 +29,31 @@ func (pr *PolicyReference) GroupKindReferredTo() kube_schema.GroupKind {
 
 func FromGatewayIn(namespace string) gatewayapi_alpha.ReferenceGrantFrom {
 	return gatewayapi_alpha.ReferenceGrantFrom{
-		Kind:      gatewayapi_alpha.Kind("Gateway"),
-		Group:     gatewayapi_alpha.Group(gatewayapi.GroupName),
-		Namespace: gatewayapi_alpha.Namespace(namespace),
+		Kind:      "Gateway",
+		Group:     gatewayapi.GroupName,
+		Namespace: gatewayapi.Namespace(namespace),
 	}
 }
 
 func FromHTTPRouteIn(namespace string) gatewayapi_alpha.ReferenceGrantFrom {
 	return gatewayapi_alpha.ReferenceGrantFrom{
-		Kind:      gatewayapi_alpha.Kind("HTTPRoute"),
-		Group:     gatewayapi_alpha.Group(gatewayapi.GroupName),
-		Namespace: gatewayapi_alpha.Namespace(namespace),
+		Kind:      "HTTPRoute",
+		Group:     gatewayapi.GroupName,
+		Namespace: gatewayapi.Namespace(namespace),
 	}
 }
 
 func PolicyReferenceBackend(from gatewayapi_alpha.ReferenceGrantFrom, to gatewayapi.BackendObjectReference) PolicyReference {
 	ns := from.Namespace
 	if to.Namespace != nil {
-		ns = gatewayapi_alpha.Namespace(*to.Namespace)
+		ns = *to.Namespace
 	}
-	name := gatewayapi_alpha.ObjectName(to.Name)
 	return PolicyReference{
 		from: from,
 		to: gatewayapi_alpha.ReferenceGrantTo{
-			Kind:  gatewayapi_alpha.Kind(*to.Kind),
-			Group: gatewayapi_alpha.Group(*to.Group),
-			Name:  &name,
+			Kind:  *to.Kind,
+			Group: *to.Group,
+			Name:  &to.Name,
 		},
 		toNamespace: ns,
 	}
@@ -63,15 +62,14 @@ func PolicyReferenceBackend(from gatewayapi_alpha.ReferenceGrantFrom, to gateway
 func PolicyReferenceSecret(from gatewayapi_alpha.ReferenceGrantFrom, to gatewayapi.SecretObjectReference) PolicyReference {
 	ns := from.Namespace
 	if to.Namespace != nil {
-		ns = gatewayapi_alpha.Namespace(*to.Namespace)
+		ns = *to.Namespace
 	}
-	name := gatewayapi_alpha.ObjectName(to.Name)
 	return PolicyReference{
 		from: from,
 		to: gatewayapi_alpha.ReferenceGrantTo{
-			Kind:  gatewayapi_alpha.Kind(*to.Kind),
-			Group: gatewayapi_alpha.Group(*to.Group),
-			Name:  &name,
+			Kind:  *to.Kind,
+			Group: *to.Group,
+			Name:  &to.Name,
 		},
 		toNamespace: ns,
 	}

pkg/plugins/runtime/k8s/controllers/gatewayapi/policy/policy_test.go

@@ -38,15 +38,15 @@ var (
 		Spec: gatewayapi_alpha.ReferenceGrantSpec{
 			From: []gatewayapi_alpha.ReferenceGrantFrom{
 				{
-					Group:     gatewayapi_alpha.Group(gatewayapi_alpha.GroupName),
-					Kind:      gatewayapi_alpha.Kind("HTTPRoute"),
-					Namespace: gatewayapi_alpha.Namespace(defaultNs),
+					Group:     gatewayapi.GroupName,
+					Kind:      "HTTPRoute",
+					Namespace: defaultNs,
 				},
 			},
 			To: []gatewayapi_alpha.ReferenceGrantTo{
 				{
-					Group: gatewayapi_alpha.Group(""),
-					Kind:  gatewayapi_alpha.Kind("Service"),
+					Group: "",
+					Kind:  "Service",
 				},
 			},
 		},
@@ -132,8 +132,8 @@ var _ = Describe("ReferenceGrant support", func() {
 			permittedToExtSvcName := gatewayapi_alpha.ObjectName("specific-permitted-ext-svc")
 			policyWithName.Spec.To = append(policyWithName.Spec.To,
 				gatewayapi_alpha.ReferenceGrantTo{
-					Group: gatewayapi_alpha.Group(kumaGroup),
-					Kind:  gatewayapi_alpha.Kind(externalSvcKind),
+					Group: kumaGroup,
+					Kind:  externalSvcKind,
 					Name:  &permittedToExtSvcName,
 				},
 			)
@@ -154,7 +154,7 @@ var _ = Describe("ReferenceGrant support", func() {
 
 			By("permitting if the name matches")
 			toOtherSpecificExternalSvc := toOtherExternalSvc.DeepCopy()
-			toOtherSpecificExternalSvc.Name = gatewayapi.ObjectName(permittedToExtSvcName)
+			toOtherSpecificExternalSvc.Name = permittedToExtSvcName
 
 			ref = policy.PolicyReferenceBackend(policy.FromHTTPRouteIn(defaultNs), *toOtherSpecificExternalSvc)
 			permitted, err = policy.IsReferencePermitted(

test/e2e/gateway/gatewayapi/conformance_test.go

@@ -95,7 +95,7 @@ func TestConformance(t *testing.T) {
 		ValidUniqueListenerPorts: validUniqueListenerPorts,
 		SupportedFeatures: []suite.SupportedFeature{
 			suite.SupportHTTPRouteQueryParamMatching,
-			suite.SupportReferenceGrant,
+			suite.SupportHTTPRouteMethodMatching,
 		},
 	})