Implement PolicyAffected Status for ClientSettingsPolicy and ObservabilityPolicy

[kate-osborn]

trafficstars

As an HTTPRoute or Gateway owner I want to know when my object is affected by a ClientSettingsPolicy So that I know that the policy has taken effect.

Acceptance

• Add and document the Condition type gateway.nginx.org/ClientSettingsPolicyAffected
• Set this Condition on all HTTPRoutes and Gateways affected by a ClientSettingPolicy.
• If an object is affected by multiple ClientSettingsPolicy, only one gateway.nginx.org/ClientSettingsPolicyAffected should exist.
• When the last ClientSettingsPolicy affecting that object is removed, the Condition should be removed.
• The Observed Generation is the generation of the affected object, not the generation of the ClientSettingsPolicy.

[sjberman]

This also needs to work for the ObservabilityPolicy. Ideally our policy logic is general enough that it will apply everywhere.

[salonichf5]

This also needs to work for the ObservabilityPolicy. Ideally our policy logic is general enough that it will apply everywhere.

Confirming that we need to add another field letting us know if ObservabilityPolicyAffected has been applied to that resource?

Also, when a PolicyAffected is added to the Conditions of a resource, it will specify the name of the Policy, be it observability or client settings? or just true or false?

[sjberman]

Requirements are defined here by the spec and here by our design.

Just the message should have the context as to which policy is attached.

[kate-osborn]

@sjberman @salonichf5 we may want to wait to implement this. There could be changes to how policies are stored on the graph once we fix #2105 and #2079, which could affect how we build the PolicyAffected statuses.

[mpstefan]

Blocked by #2105 #2079

[kate-osborn]

@mpstefan can we move this up in priority? This is an important tool for troubleshooting policies. It let's the app dev know when their route is affected by a policy applied at the gateway level.