Kuadrant · guicassolato · Nov 5, 2024 · Oct 22, 2024 · Oct 23, 2024 · Oct 23, 2024
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -7,8 +7,8 @@ linters:
     - errorlint
     - revive
     - gosec
-    - prealloc
     - stylecheck
+    - prealloc
     - tparallel
     - unconvert
     - unparam

diff --git a/api/v1/merge_strategies.go b/api/v1/merge_strategies.go
@@ -32,9 +32,20 @@
 	PolicyRuleMergeStrategy = "merge"
 )
 
-type MergeableRule struct {
-	Spec   any
-	Source string
+// NewMergeableRule creates a new MergeableRule with a default source if the rule does not have one.
+func NewMergeableRule(rule MergeableRule, defaultSource string) MergeableRule {
+	if rule.GetSource() == "" {
+		return rule.WithSource(defaultSource)
+	}
+	return rule
+}
+
+// MergeableRule is a policy rule that contains a spec which can be traced back to its source,
+// i.e. to the policy where the rule spec was defined.
+type MergeableRule interface {
+	GetSpec() any
+	GetSource() string
+	WithSource(string) MergeableRule
 }
 
 // +kubebuilder:object:generate=false
@@ -58,13 +69,11 @@
 		return source
 	}
 
-	mergeableTargetPolicy := target.(MergeablePolicy)
-
-	if !mergeableTargetPolicy.Empty() {
-		return mergeableTargetPolicy.DeepCopyObject().(machinery.Policy)
+	if mergeableTarget := target.(MergeablePolicy); !mergeableTarget.Empty() {
+		return copyMergeablePolicy(mergeableTarget)
 	}
 
-	return source.(MergeablePolicy).DeepCopyObject().(machinery.Policy)
+	return copyMergeablePolicy(source.(MergeablePolicy))
 }
 
 var _ machinery.MergeStrategy = AtomicDefaultsMergeStrategy
@@ -75,7 +84,7 @@
 	if source == nil {
 		return nil
 	}
-	return source.(MergeablePolicy).DeepCopyObject().(machinery.Policy)
+	return copyMergeablePolicy(source.(MergeablePolicy))
 }
 
 var _ machinery.MergeStrategy = AtomicOverridesMergeStrategy
@@ -94,15 +103,16 @@
 	targetMergeablePolicy := target.(MergeablePolicy)
 
 	// copy rules from the target
-	rules := targetMergeablePolicy.Rules()
+	rules := lo.MapValues(targetMergeablePolicy.Rules(), mapRuleWithSourceFunc(target))
 
 	// add extra rules from the source
 	for ruleID, rule := range sourceMergeablePolicy.Rules() {
 		if _, ok := targetMergeablePolicy.Rules()[ruleID]; !ok {
-			rules[ruleID] = MergeableRule{
-				Spec:   rule.Spec,
-				Source: source.GetLocator(),
+			origin := rule.GetSource()
+			if origin == "" {
+				origin = source.GetLocator()
 			}
+			rules[ruleID] = rule.WithSource(origin)
 		}
 	}
 
@@ -121,12 +131,16 @@
 	targetMergeablePolicy := target.(MergeablePolicy)
 
 	// copy rules from the source
-	rules := sourceMergeablePolicy.Rules()
+	rules := lo.MapValues(sourceMergeablePolicy.Rules(), mapRuleWithSourceFunc(source))
 
 	// add extra rules from the target
 	for ruleID, rule := range targetMergeablePolicy.Rules() {
 		if _, ok := sourceMergeablePolicy.Rules()[ruleID]; !ok {
-			rules[ruleID] = rule
+			origin := rule.GetSource()
+			if origin == "" {
+				origin = target.GetLocator()
+			}
+			rules[ruleID] = rule.WithSource(origin)
 		}
 	}
 
@@ -198,3 +212,15 @@
 		return strings.TrimPrefix(k8stypes.NamespacedName{Namespace: t.GetNamespace(), Name: t.GetName()}.String(), string(k8stypes.Separator))
 	}), "|")
 }
+
+func mapRuleWithSourceFunc(source machinery.Policy) func(MergeableRule, string) MergeableRule {
+	return func(rule MergeableRule, _ string) MergeableRule {
+		return rule.WithSource(source.GetLocator())
+	}
+}
+
+func copyMergeablePolicy(policy MergeablePolicy) MergeablePolicy {
+	dup := policy.DeepCopyObject().(MergeablePolicy)
+	dup.SetRules(lo.MapValues(dup.Rules(), mapRuleWithSourceFunc(policy)))
+	return dup
+}
diff --git a/api/v1beta1/topology.go b/api/v1beta1/topology.go
@@ -1,23 +1,28 @@
 package v1beta1
 
 import (
-	authorinov1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1"
+	authorinooperatorv1beta1 "github.com/kuadrant/authorino-operator/api/v1beta1"
+	authorinov1beta2 "github.com/kuadrant/authorino/api/v1beta2"
 	limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1"
 	"github.com/kuadrant/policy-machinery/controller"
 	"github.com/kuadrant/policy-machinery/machinery"
 	"github.com/samber/lo"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 var (
-	AuthorinoGroupKind = schema.GroupKind{Group: authorinov1beta1.GroupVersion.Group, Kind: "Authorino"}
-	KuadrantGroupKind  = schema.GroupKind{Group: GroupVersion.Group, Kind: "Kuadrant"}
-	LimitadorGroupKind = schema.GroupKind{Group: limitadorv1alpha1.GroupVersion.Group, Kind: "Limitador"}
+	KuadrantGroupKind   = schema.GroupKind{Group: GroupVersion.Group, Kind: "Kuadrant"}
+	LimitadorGroupKind  = schema.GroupKind{Group: limitadorv1alpha1.GroupVersion.Group, Kind: "Limitador"}
+	AuthorinoGroupKind  = schema.GroupKind{Group: authorinooperatorv1beta1.GroupVersion.Group, Kind: "Authorino"}
+	AuthConfigGroupKind = schema.GroupKind{Group: authorinov1beta2.GroupVersion.Group, Kind: "AuthConfig"}
 
-	AuthorinosResource = authorinov1beta1.GroupVersion.WithResource("authorinos")
-	KuadrantsResource  = GroupVersion.WithResource("kuadrants")
-	LimitadorsResource = limitadorv1alpha1.GroupVersion.WithResource("limitadors")
+	KuadrantsResource   = GroupVersion.WithResource("kuadrants")
+	LimitadorsResource  = limitadorv1alpha1.GroupVersion.WithResource("limitadors")
+	AuthorinosResource  = authorinooperatorv1beta1.GroupVersion.WithResource("authorinos")
+	AuthConfigsResource = authorinov1beta2.GroupVersion.WithResource("authconfigs")
+
+	AuthConfigHTTPRouteRuleAnnotation = machinery.HTTPRouteRuleGroupKind.String()
 )
 
 var _ machinery.Object = &Kuadrant{}
@@ -31,7 +36,7 @@ func LinkKuadrantToGatewayClasses(objs controller.Store) machinery.LinkFunc {
 
 	return machinery.LinkFunc{
 		From: KuadrantGroupKind,
-		To:   schema.GroupKind{Group: gwapiv1.GroupVersion.Group, Kind: "GatewayClass"},
+		To:   schema.GroupKind{Group: gatewayapiv1.GroupVersion.Group, Kind: "GatewayClass"},
 		Func: func(_ machinery.Object) []machinery.Object {
 			parents := make([]machinery.Object, len(kuadrants))
 			for _, parent := range kuadrants {
@@ -69,3 +74,22 @@ func LinkKuadrantToAuthorino(objs controller.Store) machinery.LinkFunc {
 		},
 	}
 }
+
+func LinkHTTPRouteRuleToAuthConfig(objs controller.Store) machinery.LinkFunc {
+	httpRoutes := lo.Map(objs.FilterByGroupKind(machinery.HTTPRouteGroupKind), controller.ObjectAs[*gatewayapiv1.HTTPRoute])
+	httpRouteRules := lo.FlatMap(lo.Map(httpRoutes, func(r *gatewayapiv1.HTTPRoute, _ int) *machinery.HTTPRoute {
+		return &machinery.HTTPRoute{HTTPRoute: r}
+	}), machinery.HTTPRouteRulesFromHTTPRouteFunc)
+
+	return machinery.LinkFunc{
+		From: machinery.HTTPRouteRuleGroupKind,
+		To:   AuthConfigGroupKind,
+		Func: func(child machinery.Object) []machinery.Object {
+			return lo.FilterMap(httpRouteRules, func(httpRouteRule *machinery.HTTPRouteRule, _ int) (machinery.Object, bool) {
+				authConfig := child.(*controller.RuntimeObject).Object.(*authorinov1beta2.AuthConfig)
+				annotations := authConfig.GetAnnotations()
+				return httpRouteRule, annotations != nil && annotations[AuthConfigHTTPRouteRuleAnnotation] == httpRouteRule.GetLocator()
+			})
+		},
+	}
+}