History showed us that the Enforced status condition on Kuadrant policies is not reliable in nightly test runs. This manifests as flakiness, primarily
on assertions checking HTTP status codes (e.g., expecting 302 redirect but receiving 200).

The core issue: The status on these policies does not reflect the actual situation on the data plane. While the Kubernetes policy resource may show Enforced: True, this only indicates the Kuadrant controller has processed the policy. It does not guarantee that:

1. The Envoy filters created by the Kuadrant operator are ready (these filters have no status of their own)
2. The WASM shim's configuration has been updated
3. The filter chains are actively intercepting and processing requests

This creates a race condition where tests assert policy enforcement before the configuration has actually propagated to Envoy's data plane

There is a sliver lining though, the WASM shim exposes a metric called kuadrant_configs that increments each time its configuration changes. This provides a more reliable indicator of actual data plane readiness than the Kubernetes policy status.