Merge pull request #46 from DopplerHQ/nic/same-namespace-reconciliation

Allow reconciliation of dopplersecret resources with refs in same namespace
DopplerHQ · Jul 25, 2023 · 1d18bce · 1d18bce
2 parents 343129a + 2d254cd
commit 1d18bce
Showing 1 changed file with 23 additions and 7 deletions.
diff --git a/controllers/dopplersecret_controller.go b/controllers/dopplersecret_controller.go
@@ -63,13 +63,6 @@ func (r *DopplerSecretReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		}, nil
 	}
 
-	if ownNamespace != req.Namespace {
-		log.Error(fmt.Errorf("cannot reconcile doppler secret (%v) in a namespace different from the operator (%v)", req.NamespacedName, ownNamespace), "")
-		return ctrl.Result{}, nil
-	}
-
-	log.Info("Reconciling dopplersecret")
-
 	dopplerSecret := secretsv1alpha1.DopplerSecret{}
 	err := r.Client.Get(ctx, req.NamespacedName, &dopplerSecret)
 	if err != nil {
@@ -83,6 +76,29 @@ func (r *DopplerSecretReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		}, nil
 	}
 
+	// If omitted, the default namespace for references is the DopplerSecret's namespace
+	tokenSecretRefNamespace := dopplerSecret.Spec.TokenSecretRef.Namespace
+	if tokenSecretRefNamespace == "" {
+		tokenSecretRefNamespace = dopplerSecret.Namespace
+	}
+	managedSecretRefNamespace := dopplerSecret.Spec.ManagedSecretRef.Namespace
+	if managedSecretRefNamespace == "" {
+		managedSecretRefNamespace = dopplerSecret.Namespace
+	}
+
+	if ownNamespace == dopplerSecret.Namespace {
+		log.Info("Reconciling dopplersecret in operator namespace, references can be in any namespace.")
+	} else if dopplerSecret.Namespace == tokenSecretRefNamespace && dopplerSecret.Namespace == managedSecretRefNamespace {
+		log.Info("Reconciling dopplersecret in non-operator namespace, all references are in the same namespace as the dopplersecret.")
+	} else {
+		p1 := fmt.Sprintf("cannot reconcile dopplersecret (%v/%v) in a namespace different from the operator (%v)", dopplerSecret.Namespace, dopplerSecret.Name, ownNamespace)
+		p2 := fmt.Sprintf("unless all secret references [(%v/%v), (%v/%v)] are also in the dopplersecret's namespace", tokenSecretRefNamespace, dopplerSecret.Spec.TokenSecretRef.Name, managedSecretRefNamespace, dopplerSecret.Spec.ManagedSecretRef.Name)
+		log.Error(fmt.Errorf("%v %v", p1, p2), "")
+		return ctrl.Result{}, nil
+	}
+
+	log.Info("Reconciling dopplersecret")
+
 	requeueAfter := defaultRequeueDuration
 	if dopplerSecret.Spec.ResyncSeconds != 0 {
 		requeueAfter = time.Second * time.Duration(dopplerSecret.Spec.ResyncSeconds)