fix(gatewayapi): validate listener fields in IsHTTPRouteReady

[vibhor-5]

Align IsHTTPRouteReady with IsGRPCRouteReady by checking SectionName and Port in ParentReferences. Update status updaters to pass listener.

Closes #1868

Summary by CodeRabbit

Release Notes

Bug Fixes

• Improved HTTP route readiness determination in policy enforcement by correctly matching gateway identities and listener-specific configurations across AuthPolicy, RateLimitPolicy, and TokenRateLimitPolicy.

Tests

• Extended test coverage for HTTP route readiness verification with multiple matching scenarios.

[coderabbitai]

Warning

Rate limit exceeded

@vibhor-5 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 54 minutes and 28 seconds before requesting another review.

To continue reviewing without waiting, purchase usage credits in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fda2fab0-417e-478d-8288-7d1e4a4829ed

📥 Commits

Reviewing files that changed from the base of the PR and between a21b470 and 97d772f.

📒 Files selected for processing (5)

• internal/controller/auth_policy_status_updater.go
• internal/controller/ratelimit_policy_status_updater.go
• internal/controller/tokenratelimitpolicy_status_updater.go
• internal/gatewayapi/utils.go
• internal/gatewayapi/utils_test.go

📝 Walkthrough

Walkthrough

This PR updates IsHTTPRouteReady to validate listener-specific ParentRef fields (SectionName, Port) matching IsGRPCRouteReady behaviour. Three policy status updaters adjust their readiness checks to pass the controller name from GatewayClass.Spec. New test coverage validates multiple matching scenarios.

Changes

HTTPRoute Readiness Consistency with Listener-Specific ParentRef Validation

Layer / File(s)	Summary
Core Readiness Check Logic internal/gatewayapi/utils.go	IsHTTPRouteReady function now filters by ControllerName first, explicitly matches Gateway identity via group/kind/namespace/name, and validates listener-specific ParentRef fields (SectionName, Port) only when set. Acceptance condition validation remains unchanged.
Policy Status Updater Calls internal/controller/auth_policy_status_updater.go, internal/controller/ratelimit_policy_status_updater.go, internal/controller/tokenratelimitpolicy_status_updater.go	Three policy status updaters adjust enforcedCondition logic to pass parsed.GatewayClass.Spec.ControllerName to IsHTTPRouteReady calls instead of gateway-derived controller references.
Test Coverage and Validation internal/gatewayapi/utils_test.go	New table-driven test suite TestIsHTTPRouteReady covers ControllerName matching, SectionName/Port validation, optional listener field matching, and readiness assertions across multiple scenarios.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Kuadrant/kuadrant-operator#1879: Updates Gateway API route-rule naming and related test changes that coordinate with HTTPRoute parent/SectionName matching logic.

Suggested reviewers

• mikenairn
• guicassolato
• maksymvavilov

Poem

🐰 A readiness check, now with grace,
Listens to SectionName's embrace,
ControllerName in place, Port aligned,
HTTPRoute matching, perfectly defined!
Tests bloom bright, consistency takes flight! 🌸

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: fixing IsHTTPRouteReady to validate listener fields (SectionName and Port), which is the core objective of this pull request.
Linked Issues check	✅ Passed	The pull request successfully addresses all coding requirements from issue #1868: adding listener parameter to IsHTTPRouteReady, validating SectionName and Port fields, and updating all callers (status updaters) to pass the listener.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to resolving issue #1868: updates to IsHTTPRouteReady logic, corresponding test coverage, and necessary caller updates in status updaters. No unrelated changes detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

internal/gatewayapi/utils_test.go (1)

824-976: ⚡ Quick win

Add explicit negative cases for controller and gateway identity mismatches.

The new suite covers listener SectionName/Port well, but it doesn’t directly assert the new controller-name and gateway identity filters. Adding those two cases would harden regression protection for the core change.

Suggested additional test cases

 		{
+			name: "Not Ready - controller name mismatch",
+			httpRoute: &gatewayapiv1.HTTPRoute{
+				ObjectMeta: metav1.ObjectMeta{Namespace: "default"},
+				Status: gatewayapiv1.HTTPRouteStatus{
+					RouteStatus: gatewayapiv1.RouteStatus{
+						Parents: []gatewayapiv1.RouteParentStatus{
+							{
+								ControllerName: gatewayapiv1.GatewayController("other/controller"),
+								ParentRef: gatewayapiv1.ParentReference{
+									Name: "my-gateway",
+								},
+								Conditions: []metav1.Condition{{
+									Type:   string(gatewayapiv1.RouteConditionAccepted),
+									Status: metav1.ConditionTrue,
+								}},
+							},
+						},
+					},
+				},
+			},
+			gateway:        gateway,
+			listener:       listenerHttp,
+			controllerName: controllerName,
+			expected:       false,
+		},
+		{
+			name: "Not Ready - gateway namespace mismatch",
+			httpRoute: &gatewayapiv1.HTTPRoute{
+				ObjectMeta: metav1.ObjectMeta{Namespace: "default"},
+				Status: gatewayapiv1.HTTPRouteStatus{
+					RouteStatus: gatewayapiv1.RouteStatus{
+						Parents: []gatewayapiv1.RouteParentStatus{
+							{
+								ControllerName: controllerName,
+								ParentRef: gatewayapiv1.ParentReference{
+									Name:      "my-gateway",
+									Namespace: ptr.To(gatewayapiv1.Namespace("other-ns")),
+								},
+								Conditions: []metav1.Condition{{
+									Type:   string(gatewayapiv1.RouteConditionAccepted),
+									Status: metav1.ConditionTrue,
+								}},
+							},
+						},
+					},
+				},
+			},
+			gateway:        gateway,
+			listener:       listenerHttp,
+			controllerName: controllerName,
+			expected:       false,
+		},

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/gatewayapi/utils_test.go` around lines 824 - 976, Add two negative
test cases to the existing testCases slice in utils_test.go to assert
controller-name and gateway identity filters: (1) a case where the
RouteParentStatus.ControllerName is set to a different controller (not equal to
the local controllerName variable) and the ParentRef.Name matches "my-gateway"
but expected is false; (2) a case where ControllerName is correct but
ParentRef.Name is changed to a different gateway name (e.g., "other-gateway")
with the same SectionName/Port as listenerHttp and expected is false; place
these alongside the existing HTTPRoute entries so they exercise the same
matching logic used by the functions that read HTTPRoute.Status.Parents (refer
to the testCases slice, controllerName, gateway, listenerHttp, and
ParentReference.ControllerName/Name fields).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@internal/gatewayapi/utils_test.go`:
- Around line 824-976: Add two negative test cases to the existing testCases
slice in utils_test.go to assert controller-name and gateway identity filters:
(1) a case where the RouteParentStatus.ControllerName is set to a different
controller (not equal to the local controllerName variable) and the
ParentRef.Name matches "my-gateway" but expected is false; (2) a case where
ControllerName is correct but ParentRef.Name is changed to a different gateway
name (e.g., "other-gateway") with the same SectionName/Port as listenerHttp and
expected is false; place these alongside the existing HTTPRoute entries so they
exercise the same matching logic used by the functions that read
HTTPRoute.Status.Parents (refer to the testCases slice, controllerName, gateway,
listenerHttp, and ParentReference.ControllerName/Name fields).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1b7584dc-f976-4bc4-ad28-9931bb69298b

📥 Commits

Reviewing files that changed from the base of the PR and between ec89156 and a21b470.

📒 Files selected for processing (5)

• internal/controller/auth_policy_status_updater.go
• internal/controller/ratelimit_policy_status_updater.go
• internal/controller/tokenratelimitpolicy_status_updater.go
• internal/gatewayapi/utils.go
• internal/gatewayapi/utils_test.go