redhat-cop · cuttingedge1109 · Apr 12, 2021 · Apr 12, 2021
diff --git a/controllers/groupconfig_controller.go b/controllers/groupconfig_controller.go
@@ -18,7 +18,6 @@ package controllers
 
 import (
 	"context"
-
 	"github.com/go-logr/logr"
 	userv1 "github.com/openshift/api/user/v1"
 	redhatcopv1alpha1 "github.com/redhat-cop/namespace-configuration-operator/api/v1alpha1"
@@ -45,6 +44,8 @@ type GroupConfigReconciler struct {
 	lockedresourcecontroller.EnforcingReconciler
 	Log            logr.Logger
 	controllerName string
+	InitGroupCount int16
+	groupCounter   int16
 }
 
 // +kubebuilder:rbac:groups=redhatcop.redhat.io,resources=groupconfigs,verbs=get;list;watch;create;update;patch;delete
@@ -249,6 +250,22 @@ func (r *GroupConfigReconciler) SetupWithManager(mgr ctrl.Manager) error {
 					Kind: "Group",
 				},
 			}}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request {
+
+			// Skip watching pre-existing namespaces
+			if r.InitGroupCount == -1 {
+				gl := &userv1.GroupList{}
+				if err := r.GetClient().List(context.TODO(), gl); err != nil {
+					r.Log.Error(err, "unable to list groups")
+					return []reconcile.Request{}
+				}
+				r.InitGroupCount = int16(len(gl.Items))
+			}
+			if r.groupCounter < r.InitGroupCount {
+				r.groupCounter++
+				return []reconcile.Request{}
+			}
+
+			// Main watcher
 			reconcileRequests := []reconcile.Request{}
 			group := a.(*userv1.Group)
 			groupConfigs, err := r.findApplicableGroupConfigsFromGroup(*group)

diff --git a/controllers/namespaceconfig_controller.go b/controllers/namespaceconfig_controller.go
@@ -18,6 +18,7 @@ package controllers
 
 import (
 	"context"
+	"k8s.io/apimachinery/pkg/types"
 	"strings"
 
 	"github.com/go-logr/logr"
@@ -32,7 +33,6 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -47,6 +47,8 @@ type NamespaceConfigReconciler struct {
 	Log                   logr.Logger
 	controllerName        string
 	AllowSystemNamespaces bool
+	InitNamespaceCount    int16
+	namespaceCounter      int16
 }
 
 // +kubebuilder:rbac:groups=redhatcop.redhat.io,resources=namespaceconfigs,verbs=get;list;watch;create;update;patch;delete
@@ -251,8 +253,25 @@ func (r *NamespaceConfigReconciler) SetupWithManager(mgr ctrl.Manager) error {
 				Kind: "Namespace",
 			},
 		}}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request {
+			// Skip watching pre-existing namespaces
+			if r.InitNamespaceCount == -1 {
+				nl := &corev1.NamespaceList{}
+				if err := r.GetClient().List(context.TODO(), nl); err != nil {
+					r.Log.Error(err, "unable to list namespaces")
+					return []reconcile.Request{}
+				}
+				r.InitNamespaceCount = int16(len(nl.Items))
+			}
+			if r.namespaceCounter < r.InitNamespaceCount {
+				r.namespaceCounter++
+				return []reconcile.Request{}
+			}
+
+			// Main watcher
 			res := []reconcile.Request{}
 			ns := a.(*corev1.Namespace)
+
+			r.Log.Info("namespace watcher:" + ns.Name)
 			ncl, err := r.findApplicableNameSpaceConfigs(*ns)
 			if err != nil {
 				r.Log.Error(err, "unable to find applicable NamespaceConfig for namespace", "namespace", ns.Name)

diff --git a/controllers/userconfig_controller.go b/controllers/userconfig_controller.go
@@ -44,8 +44,12 @@ import (
 // UserConfigReconciler reconciles a UserConfig object
 type UserConfigReconciler struct {
 	lockedresourcecontroller.EnforcingReconciler
-	Log            logr.Logger
-	controllerName string
+	Log               logr.Logger
+	controllerName    string
+	InitUserCount     int16
+	userCounter       int16
+	InitIdentityCount int16
+	identityCounter   int16
 }
 
 // +kubebuilder:rbac:groups=redhatcop.redhat.io,resources=userconfigs,verbs=get;list;watch;create;update;patch;delete
@@ -288,6 +292,22 @@ func (r *UserConfigReconciler) SetupWithManager(mgr ctrl.Manager) error {
 					Kind: "User",
 				},
 			}}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request {
+
+			// Skip watching pre-existing namespaces
+			if r.InitUserCount == -1 {
+				ul := &userv1.UserList{}
+				if err := r.GetClient().List(context.TODO(), ul); err != nil {
+					r.Log.Error(err, "unable to list groups")
+					return []reconcile.Request{}
+				}
+				r.InitUserCount = int16(len(ul.Items))
+			}
+			if r.userCounter < r.InitUserCount {
+				r.userCounter++
+				return []reconcile.Request{}
+			}
+
+			// Main watcher
 			reconcileRequests := []reconcile.Request{}
 			user := a.(*userv1.User)
 			userConfigs, err := r.findApplicableUserConfigsFromUser(user)
@@ -311,6 +331,22 @@ func (r *UserConfigReconciler) SetupWithManager(mgr ctrl.Manager) error {
 					Kind: "Identity",
 				},
 			}}, handler.EnqueueRequestsFromMapFunc(func(a client.Object) []reconcile.Request {
+
+			// Skip watching pre-existing namespaces
+			if r.InitIdentityCount == -1 {
+				il := &userv1.IdentityList{}
+				if err := r.GetClient().List(context.TODO(), il); err != nil {
+					r.Log.Error(err, "unable to list groups")
+					return []reconcile.Request{}
+				}
+				r.InitIdentityCount = int16(len(il.Items))
+			}
+			if r.identityCounter < r.InitIdentityCount {
+				r.identityCounter++
+				return []reconcile.Request{}
+			}
+
+			// Main watcher
 			reconcileRequests := []reconcile.Request{}
 			identity := a.(*userv1.Identity)
 			user, err := r.findUserFromIdentity(identity)

diff --git a/main.go b/main.go
@@ -40,6 +40,9 @@ import (
 
 const (
 	AllowSystemNamespacesEnvVarKey = "ALLOW_SYSTEM_NAMESPACES"
+	EnableGroupConfigEnvVarKey     = "ENABLE_GROUPCONFIG_CONTROLLER"
+	EnableUserConfigEnvVarKey      = "ENABLE_USERCONFIG_CONTROLLER"
+	EnableNamespaceConfigEnvVarKey = "ENABLE_NAMESPACECONFIG_CONTROLLER"
 )
 
 var (
@@ -86,10 +89,14 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err = (&controllers.NamespaceConfigReconciler{
+	if !isNamespaceConfigControllerEnabled() {
+		setupLog.Info("NamespaceConfig controller disabled!")
+
+	} else if err = (&controllers.NamespaceConfigReconciler{
 		EnforcingReconciler:   lockedresourcecontroller.NewEnforcingReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetConfig(), mgr.GetAPIReader(), mgr.GetEventRecorderFor("NamespaceConfig_controller"), true),
 		Log:                   ctrl.Log.WithName("controllers").WithName("NamespaceConfig"),
 		AllowSystemNamespaces: checkNamespaceScope(),
+		InitNamespaceCount:    -1,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "NamespaceConfig")
 		os.Exit(1)
@@ -98,9 +105,13 @@ func main() {
 	userConfigController := &controllers.UserConfigReconciler{
 		EnforcingReconciler: lockedresourcecontroller.NewEnforcingReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetConfig(), mgr.GetAPIReader(), mgr.GetEventRecorderFor("UserConfig_controller"), true),
 		Log:                 ctrl.Log.WithName("controllers").WithName("UserConfig"),
+		InitUserCount:       -1,
+		InitIdentityCount:   -1,
 	}
 
-	if ok, err := userConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{
+	if !isUserConfigControllerEnabled() {
+		setupLog.Info("UserConfig controller disabled!")
+	} else if ok, err := userConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{
 		Group:   "user.openshift.io",
 		Version: "v1",
 		Kind:    "User",
@@ -119,9 +130,12 @@ func main() {
 	groupConfigController := &controllers.GroupConfigReconciler{
 		EnforcingReconciler: lockedresourcecontroller.NewEnforcingReconciler(mgr.GetClient(), mgr.GetScheme(), mgr.GetConfig(), mgr.GetAPIReader(), mgr.GetEventRecorderFor("GroupConfig_controller"), true),
 		Log:                 ctrl.Log.WithName("controllers").WithName("GroupConfig"),
+		InitGroupCount:      -1,
 	}
 
-	if ok, err := groupConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{
+	if !isGroupConfigControllerEnabled() {
+		setupLog.Info("GroupConfig controller disabled!")
+	} else if ok, err := groupConfigController.IsAPIResourceAvailable(schema.GroupVersionKind{
 		Group:   "user.openshift.io",
 		Version: "v1",
 		Kind:    "Group",
@@ -154,6 +168,42 @@ func main() {
 	}
 }
 
+func isGroupConfigControllerEnabled() bool {
+	value := os.Getenv(EnableGroupConfigEnvVarKey)
+	if len(value) == 0 {
+		return true
+	}
+	res, err := strconv.ParseBool(value)
+	if err != nil {
+		return false
+	}
+	return res
+}
+
+func isUserConfigControllerEnabled() bool {
+	value := os.Getenv(EnableUserConfigEnvVarKey)
+	if len(value) == 0 {
+		return true
+	}
+	res, err := strconv.ParseBool(value)
+	if err != nil {
+		return false
+	}
+	return res
+}
+
+func isNamespaceConfigControllerEnabled() bool {
+	value := os.Getenv(EnableNamespaceConfigEnvVarKey)
+	if len(value) == 0 {
+		return true
+	}
+	res, err := strconv.ParseBool(value)
+	if err != nil {
+		return false
+	}
+	return res
+}
+
 func checkNamespaceScope() bool {
 	value := os.Getenv(AllowSystemNamespacesEnvVarKey)
 	if len(value) == 0 {