Merge remote-tracking branch 'origin/main' into APL-1786

Author: j-zimnowoda

src/app.ts

@@ -83,8 +83,6 @@ const resourceStatus = async (errorSet) => {
     debug('Values are not loaded yet')
     return
   }
-  const { cluster } = await otomiStack.getSettings(['cluster'])
-  const domainSuffix = cluster?.domainSuffix
   const resources: Record<string, (AplResponseObject | SealedSecretManifestResponse)[]> = {
     workloads: otomiStack.getAllAplWorkloads(),
     builds: otomiStack.getAllAplBuilds(),
@@ -103,7 +101,7 @@ const resourceStatus = async (errorSet) => {
     const promises = resources[resourceType].map(async (resource) => {
       const { name } = resource.metadata
       try {
-        const res = await statusFunctions[resourceType](resource, domainSuffix)
+        const res = await statusFunctions[resourceType](resource)
         return { [name]: res }
       } catch (error) {
         const errorMessage = `${resourceType}-${name}-${error.message}`

src/k8s-operations.test.ts

@@ -1,12 +1,15 @@
-import { CoreV1Api, KubernetesObjectApi, PatchStrategy, V1Service } from '@kubernetes/client-node'
+import { CoreV1Api, CustomObjectsApi, KubernetesObjectApi, PatchStrategy, V1Service } from '@kubernetes/client-node'
 import {
   getApiStatusFromConfigMap,
   getCloudttyActiveTime,
   getLogTime,
+  getServiceStatus,
   mergeCanaryServices,
+  parseHTTPRouteStatus,
   setApiStatusInConfigMap,
   toK8sService,
 } from './k8s-operations'
+import { AplServiceResponse } from './otomi-models'
 
 // Mock the KubeConfig
 jest.mock('@kubernetes/client-node', () => {
@@ -22,6 +25,9 @@ jest.mock('@kubernetes/client-node', () => {
         if (apiClientType === actual.KubernetesObjectApi) {
           return new actual.KubernetesObjectApi()
         }
+        if (apiClientType === actual.CustomObjectsApi) {
+          return new actual.CustomObjectsApi()
+        }
         return {}
       }),
     })),
@@ -231,3 +237,179 @@ describe('setApiStatusInConfigMap', () => {
     )
   })
 })
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+const makeServiceResponse = (name: string, teamName: string, overrides: Record<string, any> = {}): AplServiceResponse =>
+  ({
+    kind: 'AplTeamService',
+    metadata: { name, labels: { 'apl.io/teamId': teamName } },
+    spec: {},
+    ...overrides,
+  }) as unknown as AplServiceResponse
+
+const makeHTTPRoute = (
+  conditions: { type: string; status: string }[],
+  options: { parentGatewayName?: string; visibility?: string } = {},
+) => ({
+  metadata: {
+    labels: {
+      'networking.knative.dev/visibility': options.visibility ?? '',
+    },
+  },
+  spec: {
+    parentRefs: [{ name: options.parentGatewayName ?? 'platform' }],
+  },
+  status: {
+    parents: [
+      {
+        conditions,
+        controllerName: 'istio.io/gateway-controller',
+        parentRef: {
+          group: 'gateway.networking.k8s.io',
+          kind: 'Gateway',
+          name: options.parentGatewayName ?? 'platform',
+        },
+      },
+    ],
+  },
+})
+
+// ---------------------------------------------------------------------------
+// parseHTTPRouteStatus
+// ---------------------------------------------------------------------------
+
+describe('parseHTTPRouteStatus', () => {
+  test('returns true when Accepted and ResolvedRefs are both True', () => {
+    const route = makeHTTPRoute([
+      { type: 'Accepted', status: 'True' },
+      { type: 'ResolvedRefs', status: 'True' },
+    ])
+    expect(parseHTTPRouteStatus(route)).toBe(true)
+  })
+
+  test('returns false when Accepted is False', () => {
+    const route = makeHTTPRoute([
+      { type: 'Accepted', status: 'False' },
+      { type: 'ResolvedRefs', status: 'True' },
+    ])
+    expect(parseHTTPRouteStatus(route)).toBe(false)
+  })
+
+  test('returns false when ResolvedRefs is False', () => {
+    const route = makeHTTPRoute([
+      { type: 'Accepted', status: 'True' },
+      { type: 'ResolvedRefs', status: 'False' },
+    ])
+    expect(parseHTTPRouteStatus(route)).toBe(false)
+  })
+
+  test('returns false when conditions are empty', () => {
+    expect(parseHTTPRouteStatus(makeHTTPRoute([]))).toBe(false)
+  })
+
+  test('returns false when parents array is missing', () => {
+    expect(parseHTTPRouteStatus({ status: {} })).toBe(false)
+  })
+})
+
+// ---------------------------------------------------------------------------
+// getServiceStatus
+// ---------------------------------------------------------------------------
+
+describe('getServiceStatus', () => {
+  afterEach(() => {
+    jest.clearAllMocks()
+  })
+
+  const mockList = (items: any[]) =>
+    jest.spyOn(CustomObjectsApi.prototype, 'listNamespacedCustomObject').mockResolvedValue({ items } as any)
+
+  test('returns NotFound when no HTTPRoutes exist', async () => {
+    mockList([])
+    const result = await getServiceStatus(makeServiceResponse('web', 'alpha'))
+    expect(result).toBe('NotFound')
+  })
+
+  test('returns NotFound when only local HTTPRoutes exist', async () => {
+    mockList([
+      makeHTTPRoute(
+        [
+          { type: 'Accepted', status: 'True' },
+          { type: 'ResolvedRefs', status: 'True' },
+        ],
+        { parentGatewayName: 'knative-local-gateway', visibility: 'cluster-local' },
+      ),
+    ])
+    const result = await getServiceStatus(makeServiceResponse('web', 'alpha'))
+    expect(result).toBe('NotFound')
+  })
+
+  test('returns Unknown when multiple HTTPRoutes are found', async () => {
+    mockList([makeHTTPRoute([]), makeHTTPRoute([])])
+    const result = await getServiceStatus(makeServiceResponse('web', 'alpha'))
+    expect(result).toBe('Unknown')
+  })
+
+  test('returns Succeeded when single HTTPRoute is accepted', async () => {
+    mockList([
+      makeHTTPRoute([
+        { type: 'Accepted', status: 'True' },
+        { type: 'ResolvedRefs', status: 'True' },
+      ]),
+    ])
+    const result = await getServiceStatus(makeServiceResponse('web', 'alpha'))
+    expect(result).toBe('Succeeded')
+  })
+
+  test('returns Succeeded when local and public routes exist and public is accepted', async () => {
+    mockList([
+      makeHTTPRoute(
+        [
+          { type: 'Accepted', status: 'True' },
+          { type: 'ResolvedRefs', status: 'True' },
+        ],
+        { parentGatewayName: 'knative-local-gateway', visibility: 'cluster-local' },
+      ),
+      makeHTTPRoute([
+        { type: 'Accepted', status: 'True' },
+        { type: 'ResolvedRefs', status: 'True' },
+      ]),
+    ])
+    const result = await getServiceStatus(makeServiceResponse('web', 'alpha'))
+    expect(result).toBe('Succeeded')
+  })
+
+  test('returns Unknown when single HTTPRoute is not accepted', async () => {
+    mockList([
+      makeHTTPRoute([
+        { type: 'Accepted', status: 'False' },
+        { type: 'ResolvedRefs', status: 'True' },
+      ]),
+    ])
+    const result = await getServiceStatus(makeServiceResponse('web', 'alpha'))
+    expect(result).toBe('Unknown')
+  })
+
+  test('queries with the correct label selector and namespace', async () => {
+    const spy = mockList([])
+    await getServiceStatus(makeServiceResponse('my-app', 'dev'))
+    expect(spy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        group: 'gateway.networking.k8s.io',
+        version: 'v1',
+        namespace: 'team-dev',
+        plural: 'httproutes',
+        labelSelector: 'otomi.io/app=my-app',
+      }),
+    )
+  })
+
+  test('returns NotFound when the k8s API call throws', async () => {
+    jest.spyOn(CustomObjectsApi.prototype, 'listNamespacedCustomObject').mockRejectedValue(new Error('network error'))
+    const result = await getServiceStatus(makeServiceResponse('web', 'alpha'))
+    expect(result).toBe('NotFound')
+  })
+})

src/k8s-operations.ts

@@ -160,6 +160,7 @@ export async function getWorkloadStatus(workload: AplWorkloadResponse): Promise<
 
 async function listNamespacedCustomObject(
   group: string,
+  version: string,
   namespace: string,
   plural: string,
   labelSelector: string | undefined,
@@ -170,7 +171,7 @@ async function listNamespacedCustomObject(
   try {
     const res: any = await k8sApi.listNamespacedCustomObject({
       group,
-      version: 'v1beta1',
+      version,
       namespace,
       plural,
       labelSelector,
@@ -187,6 +188,7 @@ export async function getBuildStatus(build: AplBuildResponse): Promise<string> {
   const labelSelector = `tekton.dev/pipeline=${build.spec.mode?.type}-build-${name}`
   const resPipelineruns = await listNamespacedCustomObject(
     'tekton.dev',
+    'v1beta1',
     `team-${teamName}`,
     'pipelineruns',
     labelSelector,
@@ -213,6 +215,7 @@ export async function getBuildStatus(build: AplBuildResponse): Promise<string> {
     } else {
       const resEventlisteners = await listNamespacedCustomObject(
         'triggers.tekton.dev',
+        'v1beta1',
         `team-${teamName}`,
         'eventlisteners',
         labelSelector,
@@ -236,54 +239,57 @@ export async function getBuildStatus(build: AplBuildResponse): Promise<string> {
   }
 }
 
-async function getNamespacedCustomObject(namespace: string, name: string) {
-  const kc = new KubeConfig()
-  kc.loadFromDefault()
-  const k8sApi = kc.makeApiClient(CustomObjectsApi)
-  try {
-    const res: any = await k8sApi.getNamespacedCustomObject({
-      group: 'networking.istio.io',
-      version: 'v1beta1',
-      namespace,
-      plural: 'gateways',
-      name,
-    })
-    const { hosts } = res.spec.servers[0]
-    return hosts
-  } catch (error) {
-    return 'NotFound'
-  }
+export function parseHTTPRouteStatus(httpRoute: any): boolean {
+  const parents: any[] = Array.isArray(httpRoute?.status?.parents) ? httpRoute.status.parents : []
+
+  const isAccepted = parents.some(
+    (parent: any) =>
+      Array.isArray(parent?.conditions) &&
+      parent.conditions.some((c: any) => c.type === 'Accepted' && c.status === 'True') &&
+      parent.conditions.some((c: any) => c.type === 'ResolvedRefs' && c.status === 'True'),
+  )
+  return isAccepted
 }
 
-async function checkHostStatus(namespace: string, name: string, host: string) {
-  const hosts = await getNamespacedCustomObject(namespace, name)
-  return hosts.includes(host) ? 'Succeeded' : 'Unknown'
+function isPublicHTTPRoute(httpRoute: any): boolean {
+  const visibility = httpRoute?.metadata?.labels?.['networking.knative.dev/visibility']
+  if (visibility === 'cluster-local') return false
+
+  const parentRefs: any[] = Array.isArray(httpRoute?.spec?.parentRefs) ? httpRoute.spec.parentRefs : []
+  const hasLocalGateway = parentRefs.some((parentRef) => parentRef?.name === 'knative-local-gateway')
+  return !hasLocalGateway
 }
 
-export async function getServiceStatus(service: AplServiceResponse, domainSuffix: string): Promise<string> {
-  const isKsvc = service.spec.ksvc?.predeployed
+export async function getServiceStatus(service: AplServiceResponse): Promise<'Succeeded' | 'Unknown' | 'NotFound'> {
   const { name, labels } = service.metadata
   const teamName = labels['apl.io/teamId']
   const namespace = `team-${teamName}`
-  const host = `team-${teamName}/${name}-${teamName}.${domainSuffix}`
 
-  if (isKsvc) {
-    const res = await listNamespacedCustomObject('networking.istio.io', namespace, 'virtualservices', undefined)
-    const virtualservices = res?.items?.map((item) => item.metadata.name) || []
-    if (virtualservices.includes(`${name}-ingress`)) {
-      return 'Succeeded'
-    } else {
-      return 'NotFound'
-    }
-  }
+  const res = await listNamespacedCustomObject(
+    'gateway.networking.k8s.io',
+    'v1',
+    namespace,
+    'httproutes',
+    `otomi.io/app=${name}`,
+  )
 
-  const tlstermStatus = await checkHostStatus(namespace, `team-${teamName}-public-tlsterm`, host)
-  if (tlstermStatus === 'Succeeded') return 'Succeeded'
+  const httpRoutes = Array.isArray(res?.items) ? res.items : []
+  const publicHttpRoutes = httpRoutes.filter((httpRoute) => isPublicHTTPRoute(httpRoute))
 
-  const tlspassStatus = await checkHostStatus(namespace, `team-${teamName}-public-tlspass`, host)
-  return tlspassStatus
-}
+  if (publicHttpRoutes.length === 0) {
+    debug(`No public HTTPRoutes found for service ${name} in namespace ${namespace}.`)
+    return 'NotFound'
+  } else if (publicHttpRoutes.length > 1) {
+    debug(
+      `Multiple public HTTPRoutes found for service ${name} in namespace ${namespace}. This may indicate an issue with the service configuration.`,
+    )
+    return 'Unknown'
+  }
 
+  const [httpRoute] = publicHttpRoutes
+  const isAccepted = parseHTTPRouteStatus(httpRoute)
+  return isAccepted ? 'Succeeded' : 'Unknown'
+}
 export async function getSecretValues(name: string, namespace: string): Promise<Record<string, string> | undefined> {
   const kc = new KubeConfig()
   kc.loadFromDefault()