From a19da43ca7add5b5b29ad23f08e9bed3e8004bc7 Mon Sep 17 00:00:00 2001
From: Alex Volchok <alex.volchok@sap.com>
Date: Wed, 29 May 2024 08:04:30 +0200
Subject: [PATCH 1/3] ensure both secrets and config map reconcile upon changes

ensure secret/config map changes trigger a reconcile

Signed-off-by: Alex Volchok <alex.volchok@sap.com>
---
 internal/provider/kubernetes/controller.go | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go
index 791b7fcbfa6..88b4253d4c4 100644
--- a/internal/provider/kubernetes/controller.go
+++ b/internal/provider/kubernetes/controller.go
@@ -1228,16 +1228,12 @@ func (r *gatewayAPIReconciler) watchResources(ctx context.Context, mgr manager.M
 	}
 	if err := c.Watch(
 		source.Kind(mgr.GetCache(), &corev1.Secret{},
-			handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, s *corev1.Secret) []reconcile.Request {
-				return r.enqueueClass(ctx, s)
-			}),
 			secretPredicates...)); err != nil {
 		return err
 	}
 
 	// Watch ConfigMap CRUDs and process affected ClienTraffiPolicies and BackendTLSPolicies.
 	configMapPredicates := []predicate.TypedPredicate[*corev1.ConfigMap]{
-		predicate.TypedGenerationChangedPredicate[*corev1.ConfigMap]{},
 		predicate.NewTypedPredicateFuncs[*corev1.ConfigMap](func(cm *corev1.ConfigMap) bool {
 			return r.validateConfigMapForReconcile(cm)
 		}),

From ca228659d71bbc3d06b448a697493bc470727d29 Mon Sep 17 00:00:00 2001
From: Alex Volchok <alex.volchok@sap.com>
Date: Wed, 29 May 2024 08:21:06 +0200
Subject: [PATCH 2/3] Update controller.go

Signed-off-by: Alex Volchok <alex.volchok@sap.com>
---
 internal/provider/kubernetes/controller.go | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go
index 88b4253d4c4..dae53f5b88a 100644
--- a/internal/provider/kubernetes/controller.go
+++ b/internal/provider/kubernetes/controller.go
@@ -464,21 +464,11 @@ func (r *gatewayAPIReconciler) processSecurityPolicyObjectRefs(
 		// Add the referenced BackendRefs and ReferenceGrants in ExtAuth to Maps for later processing
 		extAuth := policy.Spec.ExtAuth
 		if extAuth != nil {
-			var backendRef *gwapiv1.BackendObjectReference
+			var backendRef gwapiv1.BackendObjectReference
 			if extAuth.GRPC != nil {
 				backendRef = extAuth.GRPC.BackendRef
-				if len(extAuth.GRPC.BackendRefs) > 0 {
-					if len(extAuth.GRPC.BackendRefs) != 0 {
-						backendRef = egv1a1.ToBackendObjectReference(extAuth.GRPC.BackendRefs[0])
-					}
-				}
 			} else {
 				backendRef = extAuth.HTTP.BackendRef
-				if len(extAuth.HTTP.BackendRefs) > 0 {
-					if len(extAuth.HTTP.BackendRefs) != 0 {
-						backendRef = egv1a1.ToBackendObjectReference(extAuth.HTTP.BackendRefs[0])
-					}
-				}
 			}
 
 			backendNamespace := gatewayapi.NamespaceDerefOr(backendRef.Namespace, policy.Namespace)
@@ -1216,7 +1206,6 @@ func (r *gatewayAPIReconciler) watchResources(ctx context.Context, mgr manager.M
 
 	// Watch Secret CRUDs and process affected EG CRs (Gateway, SecurityPolicy, more in the future).
 	secretPredicates := []predicate.TypedPredicate[*corev1.Secret]{
-		predicate.TypedGenerationChangedPredicate[*corev1.Secret]{},
 		predicate.NewTypedPredicateFuncs(func(s *corev1.Secret) bool {
 			return r.validateSecretForReconcile(s)
 		}),
@@ -1228,6 +1217,9 @@ func (r *gatewayAPIReconciler) watchResources(ctx context.Context, mgr manager.M
 	}
 	if err := c.Watch(
 		source.Kind(mgr.GetCache(), &corev1.Secret{},
+			handler.TypedEnqueueRequestsFromMapFunc(func(ctx context.Context, s *corev1.Secret) []reconcile.Request {
+				return r.enqueueClass(ctx, s)
+			}),
 			secretPredicates...)); err != nil {
 		return err
 	}

From fdf6726f90e1fbf0252c58baf8a9a9309d8a43a8 Mon Sep 17 00:00:00 2001
From: Alex Volchok <alex.volchok@sap.com>
Date: Wed, 29 May 2024 08:22:22 +0200
Subject: [PATCH 3/3] Update controller.go

Signed-off-by: Alex Volchok <alex.volchok@sap.com>
---
 internal/provider/kubernetes/controller.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go
index dae53f5b88a..58b5e4fca02 100644
--- a/internal/provider/kubernetes/controller.go
+++ b/internal/provider/kubernetes/controller.go
@@ -464,11 +464,21 @@ func (r *gatewayAPIReconciler) processSecurityPolicyObjectRefs(
 		// Add the referenced BackendRefs and ReferenceGrants in ExtAuth to Maps for later processing
 		extAuth := policy.Spec.ExtAuth
 		if extAuth != nil {
-			var backendRef gwapiv1.BackendObjectReference
+			var backendRef *gwapiv1.BackendObjectReference
 			if extAuth.GRPC != nil {
 				backendRef = extAuth.GRPC.BackendRef
+				if len(extAuth.GRPC.BackendRefs) > 0 {
+					if len(extAuth.GRPC.BackendRefs) != 0 {
+						backendRef = egv1a1.ToBackendObjectReference(extAuth.GRPC.BackendRefs[0])
+					}
+				}
 			} else {
 				backendRef = extAuth.HTTP.BackendRef
+				if len(extAuth.HTTP.BackendRefs) > 0 {
+					if len(extAuth.HTTP.BackendRefs) != 0 {
+						backendRef = egv1a1.ToBackendObjectReference(extAuth.HTTP.BackendRefs[0])
+					}
+				}
 			}
 
 			backendNamespace := gatewayapi.NamespaceDerefOr(backendRef.Namespace, policy.Namespace)