From 4c5cb1b767829250a9d616c7386c5fc561e56a4c Mon Sep 17 00:00:00 2001
From: olalekan odukoya <odukoyaonline@gmail.com>
Date: Sun, 9 Nov 2025 01:36:25 +0100
Subject: [PATCH] fix permission claim label not updated when selector changes

Signed-off-by: olalekan odukoya <odukoyaonline@gmail.com>
---
 .../permissionclaimlabel_reconcile.go         | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/pkg/reconciler/apis/permissionclaimlabel/permissionclaimlabel_reconcile.go b/pkg/reconciler/apis/permissionclaimlabel/permissionclaimlabel_reconcile.go
index 39628a6cbd9..ce7245fdc13 100644
--- a/pkg/reconciler/apis/permissionclaimlabel/permissionclaimlabel_reconcile.go
+++ b/pkg/reconciler/apis/permissionclaimlabel/permissionclaimlabel_reconcile.go
@@ -19,6 +19,7 @@ package permissionclaimlabel
 import (
 	"context"
 	"fmt"
+	"reflect"
 	"strings"
 
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -84,8 +85,11 @@ func (c *controller) reconcile(ctx context.Context, apiBinding *apisv1alpha2.API
 	}
 
 	appliedClaims := sets.New[string]()
+	appliedClaimsMap := make(map[string]apisv1alpha2.ScopedPermissionClaim)
 	for _, claim := range apiBinding.Status.AppliedPermissionClaims {
-		appliedClaims.Insert(setKeyForClaim(claim.PermissionClaim))
+		key := setKeyForClaim(claim.PermissionClaim)
+		appliedClaims.Insert(key)
+		appliedClaimsMap[key] = claim
 	}
 
 	expectedClaims := exportedClaims.Intersection(acceptedClaims)
@@ -94,6 +98,19 @@ func (c *controller) reconcile(ctx context.Context, apiBinding *apisv1alpha2.API
 	needToRemove := appliedClaims.Difference(acceptedClaims)
 	allChanges := needToApply.Union(needToRemove)
 
+	for key := range expectedClaims {
+		if acceptedClaims.Has(key) && appliedClaims.Has(key) {
+			acceptedClaim := acceptedClaimsMap[key]
+			appliedClaim := appliedClaimsMap[key]
+			if !reflect.DeepEqual(acceptedClaim.Selector, appliedClaim.Selector) {
+				allChanges.Insert(key)
+				logger.V(4).Info("detected selector change for claim", "claim", key,
+					"oldSelector", appliedClaim.Selector,
+					"newSelector", acceptedClaim.Selector)
+			}
+		}
+	}
+
 	logger.V(4).Info("claim set details",
 		"expected", expectedClaims,
 		"unexpected", unexpectedClaims,