From 80cb35350ddf3b732c13c99cf5c812801d4d048a Mon Sep 17 00:00:00 2001
From: Mateus Oliveira <msouzaol@redhat.com>
Date: Tue, 12 Nov 2024 13:14:37 -0300
Subject: [PATCH] fixup! fix: NAC install validation

use another client

Signed-off-by: Mateus Oliveira <msouzaol@redhat.com>
---
 controllers/dpa_controller.go           | 16 ++++++-------
 controllers/nonadmin_controller.go      | 11 +++++----
 controllers/nonadmin_controller_test.go |  5 +++--
 controllers/predicate.go                | 13 +++++------
 main.go                                 | 30 ++++++++++++++++---------
 5 files changed, 43 insertions(+), 32 deletions(-)

diff --git a/controllers/dpa_controller.go b/controllers/dpa_controller.go
index 6a7ee3abb0..5396286d4c 100644
--- a/controllers/dpa_controller.go
+++ b/controllers/dpa_controller.go
@@ -45,13 +45,13 @@ import (
 // DPAReconciler reconciles a Velero object
 type DPAReconciler struct {
 	client.Client
-	Scheme         *runtime.Scheme
-	Log            logr.Logger
-	Context        context.Context
-	NamespacedName types.NamespacedName
-	EventRecorder  record.EventRecorder
-	dpa            *oadpv1alpha1.DataProtectionApplication
-	OADPNamespace  string
+	Scheme            *runtime.Scheme
+	Log               logr.Logger
+	Context           context.Context
+	NamespacedName    types.NamespacedName
+	EventRecorder     record.EventRecorder
+	dpa               *oadpv1alpha1.DataProtectionApplication
+	ClusterWideClient client.Client
 }
 
 var debugMode = os.Getenv("DEBUG") == "true"
@@ -149,7 +149,7 @@ func (r *DPAReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Owns(&routev1.Route{}).
 		Owns(&corev1.ConfigMap{}).
 		Watches(&corev1.Secret{}, &labelHandler{}).
-		WithEventFilter(veleroPredicate(r.Scheme, r.OADPNamespace)).
+		WithEventFilter(veleroPredicate(r.Scheme)).
 		Complete(r)
 }
 
diff --git a/controllers/nonadmin_controller.go b/controllers/nonadmin_controller.go
index 76249b9709..f82a16c61f 100644
--- a/controllers/nonadmin_controller.go
+++ b/controllers/nonadmin_controller.go
@@ -10,6 +10,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	k8serror "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -84,15 +85,17 @@ func (r *DPAReconciler) ReconcileNonAdminController(log logr.Logger) (bool, erro
 		return true, nil
 	}
 
+	selector, err := fields.ParseSelector(fmt.Sprintf("metadata.namespace!=%s", r.NamespacedName.Namespace))
+	if err != nil {
+		return false, err
+	}
 	dpaList := &oadpv1alpha1.DataProtectionApplicationList{}
-	err := r.List(r.Context, dpaList)
+	err = r.ClusterWideClient.List(r.Context, dpaList, &client.ListOptions{FieldSelector: selector})
 	if err != nil {
 		return false, err
 	}
-	r.Log.Info("number of DPAs fetched: ", "number of DPAs", len(dpaList.Items))
-	r.Log.Info("DPA list fetched:\n", "DPAs", dpaList.Items)
 	for _, dpa := range dpaList.Items {
-		if dpa.Namespace != r.NamespacedName.Namespace && (&DPAReconciler{dpa: &dpa}).checkNonAdminEnabled() {
+		if (&DPAReconciler{dpa: &dpa}).checkNonAdminEnabled() {
 			return false, fmt.Errorf("only a single instance of Non-Admin Controller can be installed across the entire cluster. Non-Admin controller is also configured to be installed in %s namespace", dpa.Namespace)
 		}
 	}
diff --git a/controllers/nonadmin_controller_test.go b/controllers/nonadmin_controller_test.go
index bbbda60d82..72343d53a8 100644
--- a/controllers/nonadmin_controller_test.go
+++ b/controllers/nonadmin_controller_test.go
@@ -136,8 +136,9 @@ func runReconcileNonAdminControllerTest(
 			Name:      scenario.dpa,
 			Namespace: scenario.namespace,
 		},
-		EventRecorder: event,
-		dpa:           dpa,
+		EventRecorder:     event,
+		dpa:               dpa,
+		ClusterWideClient: k8sClient,
 	}
 	result, err := r.ReconcileNonAdminController(logr.Discard())
 
diff --git a/controllers/predicate.go b/controllers/predicate.go
index 456bf974ec..4ed1adad0b 100644
--- a/controllers/predicate.go
+++ b/controllers/predicate.go
@@ -9,22 +9,22 @@ import (
 	oadpv1alpha1 "github.com/openshift/oadp-operator/api/v1alpha1"
 )
 
-func veleroPredicate(scheme *runtime.Scheme, namespace string) predicate.Predicate {
+func veleroPredicate(scheme *runtime.Scheme) predicate.Predicate {
 	return predicate.Funcs{
 		// Update returns true if the Update event should be processed
 		UpdateFunc: func(e event.UpdateEvent) bool {
 			if e.ObjectOld.GetGeneration() == e.ObjectNew.GetGeneration() {
 				return false
 			}
-			return isObjectOurs(scheme, e.ObjectOld, namespace)
+			return isObjectOurs(scheme, e.ObjectOld)
 		},
 		// Create returns true if the Create event should be processed
 		CreateFunc: func(e event.CreateEvent) bool {
-			return isObjectOurs(scheme, e.Object, namespace)
+			return isObjectOurs(scheme, e.Object)
 		},
 		// Delete returns true if the Delete event should be processed
 		DeleteFunc: func(e event.DeleteEvent) bool {
-			return !e.DeleteStateUnknown && isObjectOurs(scheme, e.Object, namespace)
+			return !e.DeleteStateUnknown && isObjectOurs(scheme, e.Object)
 		},
 	}
 }
@@ -32,10 +32,7 @@ func veleroPredicate(scheme *runtime.Scheme, namespace string) predicate.Predica
 // isObjectOurs returns true if the object is ours.
 // it first checks if the object has our group, version, and kind
 // else it will check for non empty OadpOperatorlabel labels
-func isObjectOurs(scheme *runtime.Scheme, object client.Object, namespace string) bool {
-	if object.GetNamespace() != namespace {
-		return false
-	}
+func isObjectOurs(scheme *runtime.Scheme, object client.Object) bool {
 	objGVKs, _, err := scheme.ObjectKinds(object)
 	if err != nil {
 		return false
diff --git a/main.go b/main.go
index 21fb661997..4696816163 100644
--- a/main.go
+++ b/main.go
@@ -44,7 +44,7 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	ctrl "sigs.k8s.io/controller-runtime"
-	// "sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -171,11 +171,11 @@ func main() {
 		RenewDeadline:          &leConfig.RenewDeadline.Duration,
 		RetryPeriod:            &leConfig.RetryPeriod.Duration,
 		LeaderElectionID:       "oadp.openshift.io",
-		// Cache: cache.Options{
-		// 	DefaultNamespaces: map[string]cache.Config{
-		// 		watchNamespace: {},
-		// 	},
-		// },
+		Cache: cache.Options{
+			DefaultNamespaces: map[string]cache.Config{
+				watchNamespace: {},
+			},
+		},
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
@@ -218,11 +218,21 @@ func main() {
 		os.Exit(1)
 	}
 
+	dpaClientScheme := runtime.NewScheme()
+	utilruntime.Must(oadpv1alpha1.AddToScheme(dpaClientScheme))
+	dpaClient, err := client.New(kubeconf, client.Options{
+		Scheme: dpaClientScheme,
+	})
+	if err != nil {
+		setupLog.Error(err, "unable to create Kubernetes client")
+		os.Exit(1)
+	}
+
 	if err = (&controllers.DPAReconciler{
-		Client:        mgr.GetClient(),
-		Scheme:        mgr.GetScheme(),
-		EventRecorder: mgr.GetEventRecorderFor("DPA-controller"),
-		OADPNamespace: watchNamespace,
+		Client:            mgr.GetClient(),
+		Scheme:            mgr.GetScheme(),
+		EventRecorder:     mgr.GetEventRecorderFor("DPA-controller"),
+		ClusterWideClient: dpaClient,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "DataProtectionApplication")
 		os.Exit(1)