feat(health): support various policies _.microgateway.airlock.com

[root30]

This PR adds the custom health check for various policy Types of Airlock Microgateway.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Title of the PR
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.
• Optional. My organization is added to USERS.md.
• Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

[bunnyshell]

✅ Preview Environment deployed on Bunnyshell

Component	Endpoints
argocd	https://argocd-drfjry.bunnyenv.com/
argocd-ttyd	https://argocd-web-cli-drfjry.bunnyenv.com/

See: Environment Details | Pipeline Logs

Available commands (reply to this comment):

• 🔴 /bns:stop to stop the environment
• 🚀 /bns:deploy to redeploy the environment
• ❌ /bns:delete to remove the environment

[codecov]

Bundle Report

Bundle size has no change ✅

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.82%. Comparing base (3336cf6) to head (90bd417).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #28268      +/-   ##
==========================================
- Coverage   64.84%   64.82%   -0.02%     
==========================================
  Files         425      425              
  Lines       59092    59092              
==========================================
- Hits        38317    38307      -10     
- Misses      17217    17224       +7     
- Partials     3558     3561       +3     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

[crenshaw-dev]

I'm not loving the idea of using contrived resource kinds for tests. The wildcard pattern allows us to avoid duplicating a lot of script logic. But it shouldn't be used as a way to avoid writing thorough tests.

Is there a strong reason why we can't use actual examples for the tests?

[root30]

Please see my detailed response in the other conversation.

However regarding your question: We can use an actual custom resource of ours for the unknown test case if this is the sole concern.

[crenshaw-dev]

I don't like the idea of matching a kind suffix. If a new kind is added that matches this suffix, there's no reason to believe it'll necessarily follow the same status field conventions. I'd recommend instead hard-coding a static list of kinds that we know this check supports.

[root30]

Hi @crenshaw-dev

Thanks for raising these concerns.

For the first point, the decision to avoid using a fixed list of concrete resource kinds was intentional. We want to avoid having to update the HealthCheck implementation every time a new policy kind is introduced, as that would require a separate PR just to register the new kind. The wildcard-based approach allows the HealthCheck to automatically support additional policy resources as they are added to our implementation.

Regarding the tests, the goal was not to avoid thorough test coverage. The additional policies we plan to support are Gateway API direct attached policies, which follow the same status conventions as existing resources such as BackendTLSPolicy. Because the HealthCheck logic is based on those shared conventions rather than kind-specific behavior, we considered it more valuable to test the common behavior than to duplicate equivalent tests for every individual policy kind.

For the second point, we agree that blindly matching arbitrary suffixes would be risky if unrelated resources could satisfy the pattern. In this case, however, the expectation is that future matching resources will be Gateway API policy kinds that share the same status structure and semantics. The intent behind the suffix matching is to make the HealthCheck extensible without requiring code changes whenever a new policy kind is introduced. If we hard-code the supported kinds, we lose that extensibility and would need to keep the list synchronized as our implementation evolves.

[crenshaw-dev]

Are you a maintainer of microgateway? I want to make sure we have solid reason to believe the future CRDs will follow existing conventions. A link to a docs page stating this would be extra valuable. :-)