fix consumers cases

CHANGELOG.md

@@ -175,8 +175,9 @@ Nothing yet.
   [#5029](https://github.com/Kong/kubernetes-ingress-controller/pull/5029)
 - Fixed `HTTPRoute` and `KongConsumer` admission webhook validators to properly
   signal validation failures, resulting in returning responses with `AdmissionResponse`
-  filled instead of 500 status codes. It will make them work as expected in cases where the 
-  `ValidatingWebhookConfiguration` is configured with `failurePolicy: Ignore`.
+  filled instead of 500 status codes. It will make them work as expected in cases where
+  the `ValidatingWebhookConfiguration` has `failurePolicy: Ignore`.
+  [#5063](https://github.com/Kong/kubernetes-ingress-controller/pull/5063)
 
 ### Changed
 

internal/admission/validator.go

@@ -125,7 +125,7 @@ func (validator KongHTTPValidator) ValidateConsumer(
 	// credentials so that the consumers credentials references can be validated.
 	managedConsumers, err := validator.listManagedConsumers(ctx)
 	if err != nil {
-		return false, ErrTextConsumerUnretrievable, err
+		return false, fmt.Sprintf("failed to fetch managed KongConsumers from cache: %s", err), nil
 	}
 
 	// retrieve the consumer's credentials secrets to validate them with the index
@@ -136,7 +136,7 @@ func (validator KongHTTPValidator) ValidateConsumer(
 		secret, err := validator.SecretGetter.GetSecret(consumer.Namespace, secretName)
 		if err != nil {
 			if apierrors.IsNotFound(err) {
-				return false, ErrTextConsumerCredentialSecretNotFound, err
+				return false, fmt.Sprintf("%s: %s", ErrTextConsumerCredentialSecretNotFound, err), nil
 			}
 			return false, ErrTextFailedToRetrieveSecret, err
 		}
@@ -248,7 +248,7 @@ func (validator KongHTTPValidator) ValidateCredential(ctx context.Context, secre
 	// if the credentials are referenced.
 	managedConsumers, err := validator.listManagedConsumers(ctx)
 	if err != nil {
-		return false, fmt.Sprintf("failed to list managed KongConsumers: %s", err)
+		return false, fmt.Sprintf("failed to fetch managed KongConsumers from cache: %s", err)
 	}
 
 	// Verify whether this secret is referenced by any managed consumer.
@@ -402,7 +402,7 @@ func (validator KongHTTPValidator) ValidateHTTPRoute(
 			Name:      string(parentRef.Name),
 		}, &gateway); err != nil {
 			if apierrors.IsNotFound(err) {
-				return false, fmt.Sprintf("Referenced gateway %s/%s not found", namespace, parentRef.Name), nil
+				return false, fmt.Sprintf("referenced gateway %s/%s not found", namespace, parentRef.Name), nil
 			}
 			return false, "", err
 		}
@@ -411,7 +411,7 @@ func (validator KongHTTPValidator) ValidateHTTPRoute(
 		gatewayClass := gatewayapi.GatewayClass{}
 		if err := validator.ManagerClient.Get(ctx, client.ObjectKey{Name: string(gateway.Spec.GatewayClassName)}, &gatewayClass); err != nil {
 			if apierrors.IsNotFound(err) {
-				return false, fmt.Sprintf("Referenced gatewayclass %s not found", gateway.Spec.GatewayClassName), nil
+				return false, fmt.Sprintf("referenced gatewayclass %s not found", gateway.Spec.GatewayClassName), nil
 			}
 			return false, "", err
 		}

test/integration/httproute_webhook_test.go

@@ -62,7 +62,7 @@ func commonHTTPRouteValidationTestCases(
 					},
 				},
 			},
-			WantCreateErrSubstring: `Referenced gateway a6587a40-b3c6-4433-9232-216f9acf833a/fake-gateway not found`,
+			WantCreateErrSubstring: `fake-gateway not found`,
 		},
 		{
 			Name: "an invalid httproute will pass validation if it's not linked to a managed controller (it's not ours)",