status

package
v0.1.0-alpha.18 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

Package status provides condition management utilities for cfgate controllers.

It centralizes condition management logic to ensure consistent status handling across all cfgate CRDs:

  • CloudflareTunnel: Tunnel lifecycle, credentials, cloudflared deployment
  • CloudflareDNS: DNS sync, zone resolution, ownership verification
  • CloudflareAccessPolicy: Access application, policies, service tokens

The package adapts patterns from Envoy Gateway for condition merging, message formatting, and Gateway API PolicyStatus handling.

Core Functions

MergeConditions merges condition updates into an existing slice:

  • Preserves LastTransitionTime when status unchanged
  • Truncates messages to MaxConditionMessageLength (32768)
  • Returns new slice (does not modify input)

Error2ConditionMsg formats errors for human-readable condition messages:

  • Capitalizes first letter
  • Ensures trailing period
  • Handles nil errors gracefully

Utility functions for condition slice manipulation:

  • NewCondition: Generic condition constructor with timestamps
  • FindCondition: Lookup condition by type
  • SetCondition: Add or update a condition
  • RemoveCondition: Remove a condition by type
  • ConditionTrue/ConditionFalse/ConditionUnknown: Status checks

Condition Types

CloudflareTunnel conditions:

  • Ready: Overall tunnel ready (all sub-conditions true)
  • CredentialsValid: Cloudflare API credentials validated
  • TunnelCreated: Tunnel exists in Cloudflare
  • TunnelConfigured: Tunnel configuration synced
  • DeploymentReady: cloudflared Deployment pods ready

CloudflareDNS conditions:

  • Ready: Overall DNS sync ready
  • CredentialsValid: Cloudflare API credentials validated
  • ZonesResolved: All configured zones resolved via API
  • RecordsSynced: DNS records synced to Cloudflare
  • OwnershipVerified: TXT ownership records verified

CloudflareAccessPolicy conditions:

  • Ready: Policy fully applied to all targets
  • CredentialsValid: Cloudflare API credentials validated
  • TargetsResolved: All targetRefs found and valid
  • ApplicationCreated: Access Application exists in Cloudflare
  • PoliciesAttached: Access policies attached to application
  • ServiceTokensReady: All service tokens created and stored

CRD-Specific Constructors

Each CRD has typed condition constructors: 

// CloudflareTunnel
NewCredentialsValidCondition(valid bool, reason, message string, generation int64)
NewTunnelCreatedCondition(created bool, reason, message string, generation int64)
NewTunnelConfiguredCondition(configured bool, reason, message string, generation int64)
NewDeploymentReadyCondition(ready bool, reason, message string, generation int64)
NewTunnelReadyCondition(conditions []metav1.Condition, generation int64)

// CloudflareDNS
NewZonesResolvedCondition(resolved bool, reason, message string, generation int64)
NewRecordsSyncedCondition(synced bool, reason, message string, generation int64)
NewOwnershipVerifiedCondition(verified bool, reason, message string, generation int64)
NewDNSReadyCondition(conditions []metav1.Condition, generation int64)

// CloudflareAccessPolicy
NewTargetsResolvedCondition(resolved bool, reason, message string, generation int64)
NewApplicationCreatedCondition(created bool, reason, message string, generation int64)
NewPoliciesAttachedCondition(attached bool, reason, message string, generation int64)
NewServiceTokensReadyCondition(ready bool, reason, message string, generation int64)
NewAccessPolicyReadyCondition(conditions []metav1.Condition, hasServiceTokens bool, generation int64)

Logging

The package provides logging helpers for condition changes: 

status.LogConditionChange(log, "tunnel", "Ready", oldStatus, newStatus, reason)
status.LogStatusUpdate(log, "tunnel", conditions)

LogConditionChange logs at Info level when status changes. LogStatusUpdate logs at V(1) debug level for routine updates.

Example Usage

Typical reconciler pattern: 

conditions := tunnel.Status.Conditions
conditions = status.MergeConditions(conditions,
    status.NewCredentialsValidCondition(true,
        status.ReasonCredentialsValid,
        "API token validated successfully.",
        tunnel.Generation,
    ),
)
readyCondition := status.NewTunnelReadyCondition(conditions, tunnel.Generation)
conditions = status.MergeConditions(conditions, readyCondition)
tunnel.Status.Conditions = conditions

Index

Constants

View Source 
const (
	// ConditionTypeReady indicates the resource is ready.
	// Used by Gateway, GatewayClass.
	ConditionTypeReady = "Ready"

	// ConditionTypeAccepted indicates the resource is accepted by the controller.
	// Used by Gateway, GatewayClass, Routes.
	ConditionTypeAccepted = "Accepted"

	// ConditionTypeProgrammed indicates the resource configuration is programmed.
	// Used by Gateway, Routes.
	ConditionTypeProgrammed = "Programmed"

	// ConditionTypeResolvedRefs indicates all references are resolved.
	// Used by Routes.
	ConditionTypeResolvedRefs = "ResolvedRefs"
)

Gateway API standard condition types.

View Source 
const (
	// ConditionTypeCredentialsValid indicates credentials are valid.
	ConditionTypeCredentialsValid = "CredentialsValid"

	// ConditionTypeTunnelCreated indicates tunnel exists in Cloudflare.
	// Used by condition constructors for lifecycle tracking.
	ConditionTypeTunnelCreated = "TunnelCreated"

	// ConditionTypeTunnelReady indicates the tunnel exists and is healthy.
	// Used by CloudflareTunnel controller for ongoing health status.
	ConditionTypeTunnelReady = "TunnelReady"

	// ConditionTypeTunnelConfigured indicates tunnel configuration is synced.
	// Used by condition constructors for lifecycle tracking.
	ConditionTypeTunnelConfigured = "TunnelConfigured"

	// ConditionTypeCloudflaredDeployed indicates the cloudflared deployment is running.
	ConditionTypeCloudflaredDeployed = "CloudflaredDeployed"

	// ConditionTypeConfigurationSynced indicates the tunnel configuration is synced to Cloudflare API.
	ConditionTypeConfigurationSynced = "ConfigurationSynced"

	// ConditionTypeDeploymentReady indicates cloudflared deployment is ready.
	ConditionTypeDeploymentReady = "DeploymentReady"
)

cfgate-specific condition types for CloudflareTunnel.

View Source 
const (
	// ConditionTypeZonesResolved indicates zones are resolved via API.
	ConditionTypeZonesResolved = "ZonesResolved"

	// ConditionTypeRecordsSynced indicates DNS records are synced.
	ConditionTypeRecordsSynced = "RecordsSynced"

	// ConditionTypeOwnershipVerified indicates ownership TXT records verified.
	ConditionTypeOwnershipVerified = "OwnershipVerified"
)

cfgate-specific condition types for CloudflareDNS.

View Source 
const (
	// ConditionTypeTargetsResolved indicates target references are resolved.
	ConditionTypeTargetsResolved = "TargetsResolved"

	// ConditionTypeApplicationCreated indicates Access Application exists.
	ConditionTypeApplicationCreated = "ApplicationCreated"

	// ConditionTypePoliciesAttached indicates Access Policies are attached.
	ConditionTypePoliciesAttached = "PoliciesAttached"

	// ConditionTypeServiceTokensReady indicates service tokens are ready.
	ConditionTypeServiceTokensReady = "ServiceTokensReady"

	// ConditionTypeReferenceGrantValid indicates cross-namespace references are permitted.
	ConditionTypeReferenceGrantValid = "ReferenceGrantValid"

	// ConditionTypeMTLSConfigured indicates mTLS certificate and hostname associations are configured.
	ConditionTypeMTLSConfigured = "MTLSConfigured"
)

cfgate-specific condition types for CloudflareAccessPolicy.

View Source 
const (
	// PolicyConditionAccepted indicates policy is accepted by the controller.
	PolicyConditionAccepted = "Accepted"

	// PolicyReasonAccepted indicates policy was accepted.
	PolicyReasonAccepted = "Accepted"

	// PolicyReasonTargetNotFound indicates target resource not found.
	PolicyReasonTargetNotFound = "TargetNotFound"

	// PolicyReasonConflicted indicates policy conflicts with another.
	PolicyReasonConflicted = "Conflicted"

	// PolicyReasonInvalid indicates policy is invalid.
	PolicyReasonInvalid = "Invalid"
)

Policy condition types for Gateway API Policy status.

View Source 
const (
	// Common reasons.
	ReasonReconciling      = "Reconciling"
	ReasonReconcileSuccess = "ReconcileSuccess"
	ReasonReconcileError   = "ReconcileError"
	ReasonReady            = "Ready"

	// Credentials reasons.
	ReasonCredentialsValid   = "CredentialsValid"
	ReasonCredentialsInvalid = "CredentialsInvalid"
	ReasonCredentialsMissing = "CredentialsMissing"

	// Tunnel reasons.
	ReasonTunnelCreated     = "TunnelCreated"
	ReasonTunnelAdopted     = "TunnelAdopted"
	ReasonTunnelCreateError = "TunnelCreateError"
	ReasonTunnelNotFound    = "TunnelNotFound"
	ReasonTunnelError       = "TunnelError"
	ReasonTunnelReady       = "TunnelReady"
	ReasonTunnelOperational = "TunnelOperational"

	// Configuration reasons.
	ReasonConfigSynced        = "ConfigSynced"
	ReasonConfigSyncError     = "ConfigSyncError"
	ReasonConfigurationSynced = "ConfigurationSynced"

	// Deployment reasons.
	ReasonDeploymentReady    = "DeploymentReady"
	ReasonDeploymentNotReady = "DeploymentNotReady"
	ReasonDeploymentError    = "DeploymentError"

	// DNS reasons.
	ReasonZonesResolved            = "ZonesResolved"
	ReasonZoneResolutionFailed     = "ZoneResolutionFailed"
	ReasonRecordsSynced            = "RecordsSynced"
	ReasonRecordSyncFailed         = "RecordSyncFailed"
	ReasonOwnershipVerified        = "OwnershipVerified"
	ReasonOwnershipFailed          = "OwnershipFailed"
	ReasonTargetResolutionFailed   = "TargetResolutionFailed"
	ReasonHostnameCollectionFailed = "HostnameCollectionFailed"
	ReasonNoHostnamesDiscovered    = "NoHostnamesDiscovered"
	ReasonSyncPartiallyFailed      = "SyncPartiallyFailed"

	// Access Policy reasons.
	ReasonTargetsResolved        = "TargetsResolved"
	ReasonTargetNotFound         = "TargetNotFound"
	ReasonApplicationCreated     = "ApplicationCreated"
	ReasonApplicationError       = "ApplicationError"
	ReasonPoliciesAttached       = "PoliciesAttached"
	ReasonPolicyError            = "PolicyError"
	ReasonServiceTokensReady     = "ServiceTokensReady"
	ReasonServiceTokenError      = "ServiceTokenError"
	ReasonReferenceGrantRequired = "ReferenceGrantRequired"
	ReasonMTLSConfigured         = "MTLSConfigured"
	ReasonMTLSConfigError        = "MTLSConfigError"

	// Gateway reasons.
	ReasonMissingTunnelRef = "MissingTunnelRef"
	ReasonTunnelPending    = "TunnelPending"
	ReasonTunnelNotReady   = "TunnelNotReady"

	// HTTPRoute reasons.
	ReasonNoMatchingParent           = "NoMatchingParent"
	ReasonNoTunnelRef                = "NoTunnelRef"
	ReasonNotAllowedByListeners      = "NotAllowedByListeners"
	ReasonNoMatchingListenerHostname = "NoMatchingListenerHostname"
	ReasonBackendNotFound            = "BackendNotFound"
	ReasonAccessPolicyNotFound       = "AccessPolicyNotFound"
	ReasonAccessPolicyError          = "AccessPolicyError"
	ReasonInvalidPolicyRef           = "InvalidPolicyRef"
	ReasonResolved                   = "Resolved"
)

Reasons for condition status changes.

View Source 
const (
	// ConditionTypeAccessPolicyResolved indicates the cfgate.io/access-policy reference is resolved.
	ConditionTypeAccessPolicyResolved = "AccessPolicyResolved"
)

cfgate-specific condition types for HTTPRoute status.

View Source 
const (
	// MaxConditionMessageLength is the maximum length of a condition message.
	// Messages longer than this will be truncated with an ellipsis.
	// Matches Gateway API and Kubernetes conventions.
	MaxConditionMessageLength = 32768
)

Variables

This section is empty.

Functions

func ConditionFalse 

func ConditionFalse(conditions []metav1.Condition, conditionType string) bool

ConditionFalse returns true if the condition is False.

func ConditionTrue 

func ConditionTrue(conditions []metav1.Condition, conditionType string) bool

ConditionTrue returns true if the condition is True.

func ConditionUnknown 

func ConditionUnknown(conditions []metav1.Condition, conditionType string) bool

ConditionUnknown returns true if the condition is Unknown or not found.

func Error2ConditionMsg 

func Error2ConditionMsg(err error) string

Error2ConditionMsg converts an error to a human-readable condition message. - Capitalizes first letter - Ensures trailing period - Handles nil errors gracefully

func FindCondition 

func FindCondition(conditions []metav1.Condition, conditionType string) *metav1.Condition

FindCondition returns the condition with the given type, or nil if not found.

func LogConditionChange 

func LogConditionChange(log logr.Logger, resource, conditionType string, old, new metav1.ConditionStatus, reason string)

LogConditionChange logs a condition change at Info level.

func LogStatusUpdate 

func LogStatusUpdate(log logr.Logger, resource string, conditions []metav1.Condition)

LogStatusUpdate logs a status update at V(1) debug level.

func MergeConditions 

func MergeConditions(conditions []metav1.Condition, updates ...metav1.Condition) []metav1.Condition

MergeConditions merges condition updates into an existing condition slice. When multiple updates share the same type, the last one wins. Preserves LastTransitionTime when status is unchanged. Truncates messages to MaxConditionMessageLength. Returns a new slice (does not modify input).

func NewAccessPolicyReadyCondition 

func NewAccessPolicyReadyCondition(conditions []metav1.Condition, hasServiceTokens bool, generation int64) metav1.Condition

NewAccessPolicyReadyCondition creates the overall Ready condition for CloudflareAccessPolicy. Ready = CredentialsValid AND TargetsResolved AND ApplicationCreated AND PoliciesAttached ServiceTokensReady is optional (only required if serviceTokens configured)

func NewApplicationCreatedCondition 

func NewApplicationCreatedCondition(created bool, reason, message string, generation int64) metav1.Condition

NewApplicationCreatedCondition creates an ApplicationCreated condition.

func NewCondition 

func NewCondition(
	conditionType string,
	status metav1.ConditionStatus,
	reason string,
	message string,
	generation int64,
) metav1.Condition

NewCondition creates a new condition with proper timestamps.

func NewCredentialsValidCondition 

func NewCredentialsValidCondition(valid bool, reason, message string, generation int64) metav1.Condition

NewCredentialsValidCondition creates a CredentialsValid condition.

func NewDNSReadyCondition 

func NewDNSReadyCondition(conditions []metav1.Condition, generation int64) metav1.Condition

NewDNSReadyCondition creates the overall Ready condition for CloudflareDNS. Ready = CredentialsValid AND ZonesResolved AND RecordsSynced

func NewDeploymentReadyCondition 

func NewDeploymentReadyCondition(ready bool, reason, message string, generation int64) metav1.Condition

NewDeploymentReadyCondition creates a DeploymentReady condition.

func NewOwnershipVerifiedCondition 

func NewOwnershipVerifiedCondition(verified bool, reason, message string, generation int64) metav1.Condition

NewOwnershipVerifiedCondition creates an OwnershipVerified condition.

func NewPoliciesAttachedCondition 

func NewPoliciesAttachedCondition(attached bool, reason, message string, generation int64) metav1.Condition

NewPoliciesAttachedCondition creates a PoliciesAttached condition.

func NewPolicyAcceptedCondition 

func NewPolicyAcceptedCondition(accepted bool, reason, message string, generation int64) metav1.Condition

NewPolicyAcceptedCondition creates an Accepted condition for policy status.

func NewRecordsSyncedCondition 

func NewRecordsSyncedCondition(synced bool, reason, message string, generation int64) metav1.Condition

NewRecordsSyncedCondition creates a RecordsSynced condition.

func NewServiceTokensReadyCondition 

func NewServiceTokensReadyCondition(ready bool, reason, message string, generation int64) metav1.Condition

NewServiceTokensReadyCondition creates a ServiceTokensReady condition.

func NewTargetsResolvedCondition 

func NewTargetsResolvedCondition(resolved bool, reason, message string, generation int64) metav1.Condition

NewTargetsResolvedCondition creates a TargetsResolved condition.

func NewTunnelConfiguredCondition 

func NewTunnelConfiguredCondition(configured bool, reason, message string, generation int64) metav1.Condition

NewTunnelConfiguredCondition creates a TunnelConfigured condition.

func NewTunnelCreatedCondition 

func NewTunnelCreatedCondition(created bool, reason, message string, generation int64) metav1.Condition

NewTunnelCreatedCondition creates a TunnelCreated condition.

func NewTunnelReadyCondition 

func NewTunnelReadyCondition(conditions []metav1.Condition, generation int64) metav1.Condition

NewTunnelReadyCondition creates the overall Ready condition for CloudflareTunnel. Ready = CredentialsValid AND TunnelCreated AND TunnelConfigured AND DeploymentReady

func NewZonesResolvedCondition 

func NewZonesResolvedCondition(resolved bool, reason, message string, generation int64) metav1.Condition

NewZonesResolvedCondition creates a ZonesResolved condition.

func RemoveCondition 

func RemoveCondition(conditions []metav1.Condition, conditionType string) []metav1.Condition

RemoveCondition removes the condition with the given type. Returns the updated slice.

func SetCondition 

func SetCondition(conditions []metav1.Condition, condition metav1.Condition) []metav1.Condition

SetCondition sets or updates a condition in a slice. Returns the updated slice.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.