Add generic policy handler; refactor IAMAuthPolicy, TargetGroupPolicy, VpcAssociationPolicy

Makefile

@@ -49,7 +49,7 @@ help: ## Display this help.
 
 .PHONY: run
 run: ## Run in development mode
-	DEV_MODE=1 go run cmd/aws-application-networking-k8s/main.go
+	DEV_MODE=1 LOG_LEVEL=debug go run cmd/aws-application-networking-k8s/main.go
 
 
 .PHONY: presubmit
@@ -102,6 +102,7 @@ e2e-test-namespace := "e2e-test"
 .PHONY: e2e-test
 e2e-test: ## Run e2e tests against cluster pointed to by ~/.kube/config
 	@kubectl create namespace $(e2e-test-namespace) > /dev/null 2>&1 || true # ignore already exists error
+	LOG_LEVEL=debug
 	cd test && go test \
 		-p 1 \
 		-count 1 \

cmd/aws-application-networking-k8s/main.go

@@ -39,8 +39,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/external-dns/endpoint"
-	gateway_api_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-	gateway_api_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
+	gwv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
+	gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
 
 	"github.com/aws/aws-application-networking-k8s/pkg/controllers"
 
@@ -60,8 +60,8 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
 	//+kubebuilder:scaffold:scheme
-	utilruntime.Must(gateway_api_v1alpha2.AddToScheme(scheme))
-	utilruntime.Must(gateway_api_v1beta1.AddToScheme(scheme))
+	utilruntime.Must(gwv1alpha2.AddToScheme(scheme))
+	utilruntime.Must(gwv1beta1.AddToScheme(scheme))
 	utilruntime.Must(anv1alpha1.AddToScheme(scheme))
 	addOptionalCRDs(scheme)
 }
@@ -115,6 +115,7 @@ func main() {
 		"AccountId", config.AccountID,
 		"DefaultServiceNetwork", config.DefaultServiceNetwork,
 		"ClusterName", config.ClusterName,
+		"LogLevel", logLevel,
 	)
 
 	cloud, err := aws.NewCloud(log.Named("cloud"), aws.CloudConfig{

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/zap v1.26.0
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
+	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
 	k8s.io/api v0.28.3
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3
@@ -61,7 +61,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/oauth2 v0.13.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
 	golang.org/x/term v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/time v0.3.0 // indirect

go.sum

@@ -157,8 +157,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
+golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -202,8 +202,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -227,7 +227,7 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
+golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

pkg/apis/applicationnetworking/v1alpha1/authpolicy_types.go

@@ -1,12 +1,8 @@
 package v1alpha1
 
 import (
-	apimachineryv1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/gateway-api/apis/v1alpha2"
-
-	"github.com/aws/aws-application-networking-k8s/pkg/k8s"
-	"github.com/aws/aws-application-networking-k8s/pkg/model/core"
 )
 
 const (
@@ -21,8 +17,8 @@ const (
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
 // +kubebuilder:subresource:status
 type IAMAuthPolicy struct {
-	apimachineryv1.TypeMeta   `json:",inline"`
-	apimachineryv1.ObjectMeta `json:"metadata,omitempty"`
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
 
 	Spec IAMAuthPolicySpec `json:"spec"`
 
@@ -35,9 +31,9 @@ type IAMAuthPolicy struct {
 // +kubebuilder:object:root=true
 // IAMAuthPolicyList contains a list of IAMAuthPolicies.
 type IAMAuthPolicyList struct {
-	apimachineryv1.TypeMeta `json:",inline"`
-	apimachineryv1.ListMeta `json:"metadata,omitempty"`
-	Items                   []IAMAuthPolicy `json:"items"`
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []IAMAuthPolicy `json:"items"`
 }
 
 // IAMAuthPolicySpec defines the desired state of IAMAuthPolicy.
@@ -73,29 +69,17 @@ type IAMAuthPolicyStatus struct {
 	// +listMapKey=type
 	// +kubebuilder:validation:MaxItems=8
 	// +kubebuilder:default={{type: "Accepted", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"},{type: "Programmed", status: "Unknown", reason:"Pending", message:"Waiting for controller", lastTransitionTime: "1970-01-01T00:00:00Z"}}
-	Conditions []apimachineryv1.Condition `json:"conditions,omitempty"`
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
 func (p *IAMAuthPolicy) GetTargetRef() *v1alpha2.PolicyTargetReference {
 	return p.Spec.TargetRef
 }
 
-func (p *IAMAuthPolicy) GetStatusConditions() []apimachineryv1.Condition {
-	return p.Status.Conditions
-}
-
-func (p *IAMAuthPolicy) SetStatusConditions(conditions []apimachineryv1.Condition) {
-	p.Status.Conditions = conditions
-}
-
-func (p *IAMAuthPolicy) GetNamespacedName() types.NamespacedName {
-	return k8s.NamespacedName(p)
+func (p *IAMAuthPolicy) GetStatusConditions() *[]metav1.Condition {
+	return &p.Status.Conditions
 }
 
-func (pl *IAMAuthPolicyList) GetItems() []core.Policy {
-	items := make([]core.Policy, len(pl.Items))
-	for i, item := range pl.Items {
-		items[i] = &item
-	}
-	return items
+func (pl *IAMAuthPolicyList) GetItems() []*IAMAuthPolicy {
+	return toPtrSlice(pl.Items)
 }

pkg/apis/applicationnetworking/v1alpha1/common.go

@@ -0,0 +1,10 @@
+package v1alpha1
+
+func toPtrSlice[T any](s []T) []*T {
+	ps := make([]*T, len(s))
+	for i, t := range s {
+		ct := t
+		ps[i] = &ct
+	}
+	return ps
+}

pkg/apis/applicationnetworking/v1alpha1/common_test.go

@@ -0,0 +1,32 @@
+package v1alpha1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestToPtrSlice(t *testing.T) {
+
+	type A struct {
+		x int
+	}
+
+	type test struct {
+		name string
+		in   []A
+		want []*A
+	}
+
+	tests := []test{
+		{"empty", []A{}, []*A{}},
+		{"single item", []A{{1}}, []*A{{1}}},
+		{"multiple items", []A{{1}, {2}, {3}}, []*A{{1}, {2}, {3}}},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, toPtrSlice(tt.in), tt.want)
+		})
+	}
+}

pkg/apis/applicationnetworking/v1alpha1/targetgrouppolicy_types.go

@@ -2,12 +2,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/gateway-api/apis/v1alpha2"
-
-	"github.com/aws/aws-application-networking-k8s/pkg/k8s"
-	"github.com/aws/aws-application-networking-k8s/pkg/model/core"
-	"github.com/aws/aws-application-networking-k8s/pkg/utils"
 )
 
 const (
@@ -164,20 +159,10 @@ func (p *TargetGroupPolicy) GetTargetRef() *v1alpha2.PolicyTargetReference {
 	return p.Spec.TargetRef
 }
 
-func (p *TargetGroupPolicy) GetNamespacedName() types.NamespacedName {
-	return k8s.NamespacedName(p)
-}
-
-func (p *TargetGroupPolicy) GetStatusConditions() []metav1.Condition {
-	return p.Status.Conditions
-}
-
-func (p *TargetGroupPolicy) SetStatusConditions(conditions []metav1.Condition) {
-	p.Status.Conditions = conditions
+func (p *TargetGroupPolicy) GetStatusConditions() *[]metav1.Condition {
+	return &p.Status.Conditions
 }
 
-func (pl *TargetGroupPolicyList) GetItems() []core.Policy {
-	return utils.SliceMap(pl.Items, func(p TargetGroupPolicy) core.Policy {
-		return &p
-	})
+func (pl *TargetGroupPolicyList) GetItems() []*TargetGroupPolicy {
+	return toPtrSlice(pl.Items)
 }

pkg/apis/applicationnetworking/v1alpha1/vpcassociationpolicy_types.go

@@ -2,12 +2,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/gateway-api/apis/v1alpha2"
-
-	"github.com/aws/aws-application-networking-k8s/pkg/k8s"
-	"github.com/aws/aws-application-networking-k8s/pkg/model/core"
-	"github.com/aws/aws-application-networking-k8s/pkg/utils"
 )
 
 const (
@@ -92,20 +87,10 @@ func (p *VpcAssociationPolicy) GetTargetRef() *v1alpha2.PolicyTargetReference {
 	return p.Spec.TargetRef
 }
 
-func (p *VpcAssociationPolicy) GetStatusConditions() []metav1.Condition {
-	return p.Status.Conditions
-}
-
-func (p *VpcAssociationPolicy) SetStatusConditions(conditions []metav1.Condition) {
-	p.Status.Conditions = conditions
-}
-
-func (p *VpcAssociationPolicy) GetNamespacedName() types.NamespacedName {
-	return k8s.NamespacedName(p)
+func (p *VpcAssociationPolicy) GetStatusConditions() *[]metav1.Condition {
+	return &p.Status.Conditions
 }
 
-func (pl *VpcAssociationPolicyList) GetItems() []core.Policy {
-	return utils.SliceMap(pl.Items, func(p VpcAssociationPolicy) core.Policy {
-		return &p
-	})
+func (pl *VpcAssociationPolicyList) GetItems() []*VpcAssociationPolicy {
+	return toPtrSlice(pl.Items)
 }

pkg/controllers/eventhandlers/mapper.go

@@ -12,7 +12,8 @@ import (
 	gateway_api "sigs.k8s.io/gateway-api/apis/v1beta1"
 
 	anv1alpha1 "github.com/aws/aws-application-networking-k8s/pkg/apis/applicationnetworking/v1alpha1"
-	"github.com/aws/aws-application-networking-k8s/pkg/k8s"
+	k8sutils "github.com/aws/aws-application-networking-k8s/pkg/k8s"
+	"github.com/aws/aws-application-networking-k8s/pkg/k8s/policyhelper"
 	"github.com/aws/aws-application-networking-k8s/pkg/model/core"
 	"github.com/aws/aws-application-networking-k8s/pkg/utils/gwlog"
 )
@@ -47,7 +48,7 @@ func (r *resourceMapper) ServiceToServiceExport(ctx context.Context, svc *corev1
 		return nil
 	}
 	svcExport := &anv1alpha1.ServiceExport{}
-	if err := r.client.Get(ctx, k8s.NamespacedName(svc), svcExport); err != nil {
+	if err := r.client.Get(ctx, k8sutils.NamespacedName(svc), svcExport); err != nil {
 		return nil
 	}
 	return svcExport
@@ -58,7 +59,7 @@ func (r *resourceMapper) EndpointsToService(ctx context.Context, ep *corev1.Endp
 		return nil
 	}
 	svc := &corev1.Service{}
-	if err := r.client.Get(ctx, k8s.NamespacedName(ep), svc); err != nil {
+	if err := r.client.Get(ctx, k8sutils.NamespacedName(ep), svc); err != nil {
 		return nil
 	}
 	return svc
@@ -72,12 +73,12 @@ func (r *resourceMapper) VpcAssociationPolicyToGateway(ctx context.Context, vap
 	return policyToTargetRefObj(r, ctx, vap, &gateway_api.Gateway{})
 }
 
-func policyToTargetRefObj[T client.Object](r *resourceMapper, ctx context.Context, policy core.Policy, retObj T) T {
+func policyToTargetRefObj[T client.Object](r *resourceMapper, ctx context.Context, policy policyhelper.Policy, retObj T) T {
 	null := *new(T)
 	if policy == nil {
 		return null
 	}
-	policyNamespacedName := policy.GetNamespacedName()
+	policyNamespacedName := k8sutils.NamespacedName(policy)
 
 	targetRef := policy.GetTargetRef()
 	if targetRef == nil {
@@ -173,7 +174,7 @@ func (r *resourceMapper) backendRefToRoutes(ctx context.Context, obj client.Obje
 	return filteredRoutes
 }
 
-func (r *resourceMapper) isBackendRefUsedByRoute(route core.Route, obj k8s.NamespacedAndNamed, group, kind string) bool {
+func (r *resourceMapper) isBackendRefUsedByRoute(route core.Route, obj client.Object, group, kind string) bool {
 	for _, rule := range route.Spec().Rules() {
 		for _, backendRef := range rule.BackendRefs() {
 			isGroupEqual := backendRef.Group() != nil && string(*backendRef.Group()) == group