fix: tlspolicy enforced condition when certificate/issuer ready condi…

…tion is missing (#715)

* fix: tlspolicy enforced condition when certificate/issuer ready condition is missing

Previous using IsStatusConditionFalse will return true if the Ready status condition is missing which caused TLSPolicy to incorrectly set the Enforced condition to true

* feat: TLSPolicy watch for owned Certificates

* regression: do not wait for gateways to be ready for tlspolicy

* feat: watch for issuer/clusterIssuer status changes for TLSPolicy

* tests: harden and cleanup tests

* fix: get all gateways events for tlspolicy

* tests: unit test for list error for issuer mapper

* refactor: do not only just received programmed gateway events

* tls policy: check cert-manager API is available before starting controller

* refactor: account for ClusterIssuer & Issuer for checking if Cert Manager is installed

api/v1alpha1/dnspolicy_types.go

@@ -195,6 +195,10 @@ func (p *DNSPolicy) List(ctx context.Context, c client.Client, namespace string)
 	return policies
 }
 
+func (p *DNSPolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
+
 func (p *DNSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.DirectPolicy
 }

api/v1alpha1/tlspolicy_types.go

@@ -163,6 +163,10 @@ func (p *TLSPolicy) List(ctx context.Context, c client.Client, namespace string)
 	return policies
 }
 
+func (p *TLSPolicy) TargetProgrammedGatewaysOnly() bool {
+	return false
+}
+
 func (p *TLSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.DirectPolicy
 }

api/v1beta2/authpolicy_types.go

@@ -355,6 +355,10 @@ func (ap *AuthPolicy) List(ctx context.Context, c client.Client, namespace strin
 	return policies
 }
 
+func (ap *AuthPolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
+
 func (ap *AuthPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.InheritedPolicy
 }

api/v1beta2/ratelimitpolicy_types.go

@@ -288,6 +288,10 @@ func (r *RateLimitPolicy) List(ctx context.Context, c client.Client, namespace s
 	return policies
 }
 
+func (r *RateLimitPolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
+
 func (r *RateLimitPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.InheritedPolicy
 }

controllers/authpolicy_controller.go

@@ -65,7 +65,7 @@ func (r *AuthPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Requ
 	markedForDeletion := ap.GetDeletionTimestamp() != nil
 
 	// fetch the target network object
-	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ap.GetTargetRef(), ap.Namespace)
+	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ap.GetTargetRef(), ap.Namespace, ap.TargetProgrammedGatewaysOnly())
 	if err != nil {
 		if !markedForDeletion {
 			if apierrors.IsNotFound(err) {
@@ -186,7 +186,7 @@ func (r *AuthPolicyReconciler) reconcileResources(ctx context.Context, ap *api.A
 				return err
 			}
 
-			refNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ref.GetTargetRef(), ref.Namespace)
+			refNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ref.GetTargetRef(), ref.Namespace, ap.TargetProgrammedGatewaysOnly())
 			if err != nil {
 				return err
 			}

controllers/dnspolicy_controller.go

@@ -75,7 +75,7 @@ func (r *DNSPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 	markedForDeletion := dnsPolicy.GetDeletionTimestamp() != nil
 
-	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), dnsPolicy.GetTargetRef(), dnsPolicy.Namespace)
+	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), dnsPolicy.GetTargetRef(), dnsPolicy.Namespace, dnsPolicy.TargetProgrammedGatewaysOnly())
 	if err != nil {
 		if !markedForDeletion {
 			if apierrors.IsNotFound(err) {