refactor(policy): generalize route types in inbound index

policy-controller/core/src/inbound.rs

@@ -26,7 +26,7 @@ pub enum AuthorizationRef {
 }
 
 #[derive(Clone, Debug, PartialEq, Eq, Hash)]
-pub enum HttpRouteRef {
+pub enum InboundRouteRef {
     Default(&'static str),
     Linkerd(GroupKindName),
 }
@@ -86,26 +86,25 @@ pub type InboundServerStream = Pin<Box<dyn Stream<Item = InboundServer> + Send +
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct InboundServer {
     pub reference: ServerRef,
-
     pub protocol: ProxyProtocol,
     pub authorizations: HashMap<AuthorizationRef, ClientAuthorization>,
-    pub http_routes: HashMap<HttpRouteRef, HttpRoute>,
+    pub http_routes: HashMap<InboundRouteRef, InboundRoute<HttpRouteMatch>>,
 }
 
 #[derive(Clone, Debug, PartialEq, Eq)]
-pub struct HttpRoute {
+pub struct InboundRoute<MatchType> {
     pub hostnames: Vec<HostMatch>,
-    pub rules: Vec<HttpRouteRule>,
+    pub rules: Vec<InboundRouteRule<MatchType>>,
     pub authorizations: HashMap<AuthorizationRef, ClientAuthorization>,
 
-    /// This is required for ordering returned `HttpRoute`s by their creation
-    /// timestamp.
+    /// Required for ordering returned
+    /// routes by their creation timestamp
     pub creation_timestamp: Option<DateTime<Utc>>,
 }
 
 #[derive(Clone, Debug, PartialEq, Eq)]
-pub struct HttpRouteRule {
-    pub matches: Vec<HttpRouteMatch>,
+pub struct InboundRouteRule<MatchType> {
+    pub matches: Vec<MatchType>,
     pub filters: Vec<Filter>,
 }
 
@@ -117,15 +116,21 @@ pub enum Filter {
     FailureInjector(FailureInjectorFilter),
 }
 
-// === impl InboundHttpRoute ===
+// === impl AuthorizationRef ===
+
+impl AuthorizationRef {
+    pub const DEFAULT_PROBE: Self = Self::Default("probe");
+}
+
+// === impl InboundRoute ===
 
-/// The default `InboundHttpRoute` used for any `InboundServer` that
+/// The default `InboundRoute` used for any `InboundServer` that
 /// does not have routes.
-impl Default for HttpRoute {
+impl Default for InboundRoute<HttpRouteMatch> {
     fn default() -> Self {
         Self {
             hostnames: vec![],
-            rules: vec![HttpRouteRule {
+            rules: vec![InboundRouteRule {
                 matches: vec![HttpRouteMatch {
                     path: Some(PathMatch::Prefix("/".to_string())),
                     headers: vec![],
@@ -143,9 +148,9 @@ impl Default for HttpRoute {
     }
 }
 
-// === impl InboundHttpRouteRef ===
+// === impl InboundRouteRef ===
 
-impl Ord for HttpRouteRef {
+impl Ord for InboundRouteRef {
     fn cmp(&self, other: &Self) -> std::cmp::Ordering {
         match (self, other) {
             (Self::Default(a), Self::Default(b)) => a.cmp(b),
@@ -158,8 +163,13 @@ impl Ord for HttpRouteRef {
     }
 }
 
-impl PartialOrd for HttpRouteRef {
+impl PartialOrd for InboundRouteRef {
     fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> {
         Some(self.cmp(other))
     }
 }
+
+impl InboundRouteRef {
+    pub const DEFAULT_PROBE: Self = InboundRouteRef::Default("probe");
+    pub const DEFAULT_DEFAULT: Self = InboundRouteRef::Default("default");
+}

policy-controller/core/src/routes.rs

@@ -132,8 +132,8 @@ impl Default for HttpRouteMatch {
     fn default() -> Self {
         Self {
             method: None,
-            headers: vec![],
-            query_params: vec![],
+            headers: Default::default(),
+            query_params: Default::default(),
             path: Some(PathMatch::Prefix("/".to_string())),
         }
     }

policy-controller/grpc/src/inbound.rs

@@ -11,9 +11,10 @@ use linkerd2_proxy_api::{
 use linkerd_policy_controller_core::{
     inbound::{
         AuthorizationRef, ClientAuthentication, ClientAuthorization, DiscoverInboundServer, Filter,
-        HttpRoute, HttpRouteRef, HttpRouteRule, InboundServer, InboundServerStream, ProxyProtocol,
-        ServerRef,
+        InboundRoute, InboundRouteRef, InboundRouteRule, InboundServer, InboundServerStream,
+        ProxyProtocol, ServerRef,
     },
+    routes::HttpRouteMatch,
     IdentityMatch, IpNet, NetworkMatch,
 };
 use maplit::*;
@@ -129,7 +130,7 @@ fn response_stream(
 
                 // If the server starts shutting down, close the stream so that it doesn't hold the
                 // server open.
-                _ = (&mut shutdown) => {
+                _ = &mut shutdown => {
                     return;
                 }
             }
@@ -325,7 +326,7 @@ fn to_authz(
 }
 
 fn to_http_route_list<'r>(
-    routes: impl IntoIterator<Item = (&'r HttpRouteRef, &'r HttpRoute)>,
+    routes: impl IntoIterator<Item = (&'r InboundRouteRef, &'r InboundRoute<HttpRouteMatch>)>,
     cluster_networks: &[IpNet],
 ) -> Vec<proto::HttpRoute> {
     // Per the Gateway API spec:
@@ -359,19 +360,19 @@ fn to_http_route_list<'r>(
 }
 
 fn to_http_route(
-    reference: &HttpRouteRef,
-    HttpRoute {
+    reference: &InboundRouteRef,
+    InboundRoute {
         hostnames,
         rules,
         authorizations,
         creation_timestamp: _,
-    }: HttpRoute,
+    }: InboundRoute<HttpRouteMatch>,
     cluster_networks: &[IpNet],
 ) -> proto::HttpRoute {
     let metadata = Metadata {
         kind: Some(match reference {
-            HttpRouteRef::Default(name) => metadata::Kind::Default(name.to_string()),
-            HttpRouteRef::Linkerd(gkn) => metadata::Kind::Resource(api::meta::Resource {
+            InboundRouteRef::Default(name) => metadata::Kind::Default(name.to_string()),
+            InboundRouteRef::Linkerd(gkn) => metadata::Kind::Resource(api::meta::Resource {
                 group: gkn.group.to_string(),
                 kind: gkn.kind.to_string(),
                 name: gkn.name.to_string(),
@@ -388,12 +389,15 @@ fn to_http_route(
     let rules = rules
         .into_iter()
         .map(
-            |HttpRouteRule { matches, filters }| proto::http_route::Rule {
+            |InboundRouteRule { matches, filters }| proto::http_route::Rule {
                 matches: matches
                     .into_iter()
                     .map(routes::http::convert_match)
                     .collect(),
-                filters: filters.into_iter().filter_map(convert_filter).collect(),
+                filters: filters
+                    .into_iter()
+                    .filter_map(convert_http_filter)
+                    .collect(),
             },
         )
         .collect();
@@ -411,7 +415,7 @@ fn to_http_route(
     }
 }
 
-fn convert_filter(filter: Filter) -> Option<proto::http_route::Filter> {
+fn convert_http_filter(filter: Filter) -> Option<proto::http_route::Filter> {
     use proto::http_route::filter::Kind;
 
     let kind = match filter {

policy-controller/k8s/index/src/inbound.rs

@@ -1,8 +1,8 @@
 pub mod authorization_policy;
-mod http_route;
 pub mod index;
 mod meshtls_authentication;
 mod network_authentication;
+mod routes;
 mod server;
 pub mod server_authorization;
 mod workload;

policy-controller/k8s/index/src/inbound/authorization_policy.rs

@@ -14,7 +14,7 @@ pub(crate) struct Spec {
 
 #[derive(Debug, PartialEq)]
 pub(crate) enum Target {
-    HttpRoute(GroupKindName),
+    Route(GroupKindName),
     Server(String),
     Namespace,
 }
@@ -67,7 +67,7 @@ fn target(t: LocalTargetRef) -> Result<Target> {
         t if t.targets_kind::<k8s::policy::HttpRoute>()
             || t.targets_kind::<k8s_gateway_api::HttpRoute>() =>
         {
-            Ok(Target::HttpRoute(GroupKindName {
+            Ok(Target::Route(GroupKindName {
                 group: t.group.unwrap_or_default().into(),
                 kind: t.kind.into(),
                 name: t.name.into(),