From 5a50ecd320c8436f2dc4ebc1631b051a5e51afef Mon Sep 17 00:00:00 2001
From: Mattia Lavacca <lavacca.mattia@gmail.com>
Date: Tue, 17 Dec 2024 15:28:13 +0100
Subject: [PATCH] address reviews comments

Signed-off-by: Mattia Lavacca <lavacca.mattia@gmail.com>
---
 CHANGELOG.md                                              | 7 +++----
 .../controllers/gateway/backendtlspolicy_controller.go    | 8 ++++----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7df0316e8d..35358d55f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -254,18 +254,17 @@ Adding a new version? You'll need three changes:
 - Added `BackendTLSPolicy` support. The user can now reference any Kubernetes `Service`
   in the `BackendTLSPolicy` spec, and in case the service is used as a backend by
   `HTTPRoute`s that reference a Kong Gateway as parent, such Backend TLS configuration
-  is applied to the service section of the Kong configuration.
+  is applied to the service section of the Kong configuration. The `BackendTLSPolicies`
+  CA Certificates can be set in `Secret`s or `ConfigMap`s.
   [#6712](https://github.com/Kong/kubernetes-ingress-controller/pull/6712)
   [#6753](https://github.com/Kong/kubernetes-ingress-controller/pull/6753)
   [#6837](https://github.com/Kong/kubernetes-ingress-controller/pull/6837)
+  [#6853](https://github.com/Kong/kubernetes-ingress-controller/pull/6853)
 - Added the flag `--configmap-label-selector` to set the label selector for `ConfigMap`s
   to ingest. By setting this flag, the `ConfigMap`s that are ingested will be limited
   to those having this label set to "true". This limits the amount of resources that are kept in memory.
   The default value is `konghq.com/configmap`.
   [#6753](https://github.com/Kong/kubernetes-ingress-controller/pull/6753)
-- Added the possibility to set `Secret`s as `CACertificateRefs` in the `BackendTLSPolicy`
-  objects.
-  [#6853](https://github.com/Kong/kubernetes-ingress-controller/pull/6853)
 
 ## [3.3.1]
 
diff --git a/internal/controllers/gateway/backendtlspolicy_controller.go b/internal/controllers/gateway/backendtlspolicy_controller.go
index 533f4478e4..8aa691bd15 100644
--- a/internal/controllers/gateway/backendtlspolicy_controller.go
+++ b/internal/controllers/gateway/backendtlspolicy_controller.go
@@ -240,8 +240,8 @@ func (r *BackendTLSPolicyReconciler) listBackendTLSPoliciesForConfigMaps(ctx con
 		r.Log.Error(fmt.Errorf("invalid type"), "Found invalid type in event handlers", "expected", "ConfigMap", "found", reflect.TypeOf(obj))
 		return nil
 	}
-	policies := &gatewayapi.BackendTLSPolicyList{}
-	if err := r.List(ctx, policies,
+	policies := gatewayapi.BackendTLSPolicyList{}
+	if err := r.List(ctx, &policies,
 		client.InNamespace(cm.Namespace),
 		client.MatchingFields{backendTLSPolicyValidationCARefConfigMapIndexKey: cm.Name},
 	); err != nil {
@@ -264,8 +264,8 @@ func (r *BackendTLSPolicyReconciler) listBackendTLSPoliciesForSecrets(ctx contex
 		r.Log.Error(fmt.Errorf("invalid type"), "Found invalid type in event handlers", "expected", "Secret", "found", reflect.TypeOf(obj))
 		return nil
 	}
-	policies := &gatewayapi.BackendTLSPolicyList{}
-	if err := r.List(ctx, policies,
+	policies := gatewayapi.BackendTLSPolicyList{}
+	if err := r.List(ctx, &policies,
 		client.InNamespace(secret.Namespace),
 		client.MatchingFields{backendTLSPolicyValidationCARefSecretIndexKey: secret.Name},
 	); err != nil {