OADP-6500: allow nonadmin.enabled.false (#1897)

* OADP-6500: allow nonadmin.enabled.false

Signed-off-by: Wesley Hayutin <[email protected]>

* Update internal/controller/validator_test.go

Co-authored-by: Tiger Kaovilai <[email protected]>

---------

Signed-off-by: Wesley Hayutin <[email protected]>
Co-authored-by: Tiger Kaovilai <[email protected]>

Author: weshayutin

internal/controller/validator.go

@@ -136,36 +136,32 @@ func (r *DataProtectionApplicationReconciler) ValidateDataProtectionCR(log logr.
 	}
 
 	// validate non-admin enable
-	if r.dpa.Spec.NonAdmin != nil {
-		if r.dpa.Spec.NonAdmin.Enable != nil {
-
-			dpaList := &oadpv1alpha1.DataProtectionApplicationList{}
-			err = r.ClusterWideClient.List(r.Context, dpaList)
-			if err != nil {
-				return false, err
-			}
-			for _, dpa := range dpaList.Items {
-				if dpa.Namespace != r.NamespacedName.Namespace && (&DataProtectionApplicationReconciler{dpa: &dpa}).checkNonAdminEnabled() {
-					nonAdminDeployment := &appsv1.Deployment{
-						ObjectMeta: metav1.ObjectMeta{
-							Name:      nonAdminObjectName,
-							Namespace: dpa.Namespace,
-						},
-					}
-					if err := r.ClusterWideClient.Get(
-						r.Context,
-						types.NamespacedName{
-							Name:      nonAdminDeployment.Name,
-							Namespace: nonAdminDeployment.Namespace,
-						},
-						nonAdminDeployment,
-					); err == nil {
-						return false, fmt.Errorf("only a single instance of Non-Admin Controller can be installed across the entire cluster. Non-Admin controller is already configured and installed in %s namespace", dpa.Namespace)
-					}
+	if r.checkNonAdminEnabled() {
+		dpaList := &oadpv1alpha1.DataProtectionApplicationList{}
+		err = r.ClusterWideClient.List(r.Context, dpaList)
+		if err != nil {
+			return false, err
+		}
+		for _, dpa := range dpaList.Items {
+			if dpa.Namespace != r.NamespacedName.Namespace && (&DataProtectionApplicationReconciler{dpa: &dpa}).checkNonAdminEnabled() {
+				nonAdminDeployment := &appsv1.Deployment{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      nonAdminObjectName,
+						Namespace: dpa.Namespace,
+					},
+				}
+				if err := r.ClusterWideClient.Get(
+					r.Context,
+					types.NamespacedName{
+						Name:      nonAdminDeployment.Name,
+						Namespace: nonAdminDeployment.Namespace,
+					},
+					nonAdminDeployment,
+				); err == nil {
+					return false, fmt.Errorf("only a single instance of Non-Admin Controller can be installed across the entire cluster. Non-Admin controller is already configured and installed in %s namespace", dpa.Namespace)
 				}
 			}
 		}
-
 		garbageCollectionPeriod := r.dpa.Spec.NonAdmin.GarbageCollectionPeriod
 		appliedGarbageCollectionPeriod := oadpv1alpha1.DefaultGarbageCollectionPeriod
 		if garbageCollectionPeriod != nil {

internal/controller/validator_test.go

@@ -1507,6 +1507,49 @@ func TestDPAReconciler_ValidateDataProtectionCR(t *testing.T) {
 			wantErr:    true,
 			messageErr: "only a single instance of Non-Admin Controller can be installed across the entire cluster. Non-Admin controller is already configured and installed in test-another-ns namespace",
 		},
+		{
+			name: "[valid] DPA CR: NonAdmin.Enable is true with another DPA having NonAdmin.Enable false",
+			dpa: &oadpv1alpha1.DataProtectionApplication{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "test-DPA-CR",
+					Namespace: "test-ns",
+				},
+				Spec: oadpv1alpha1.DataProtectionApplicationSpec{
+					NonAdmin: &oadpv1alpha1.NonAdmin{
+						Enable: pointer.Bool(true),
+					},
+					Configuration: &oadpv1alpha1.ApplicationConfig{
+						Velero: &oadpv1alpha1.VeleroConfig{
+							DefaultPlugins: []oadpv1alpha1.DefaultPlugin{
+								oadpv1alpha1.DefaultPluginAWS,
+							},
+							NoDefaultBackupLocation: true,
+						},
+					},
+					BackupImages: pointer.Bool(false),
+				},
+			},
+			objects: []client.Object{
+				&oadpv1alpha1.DataProtectionApplication{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "another-DPA-CR",
+						Namespace: "test-another-ns",
+					},
+					Spec: oadpv1alpha1.DataProtectionApplicationSpec{
+						NonAdmin: &oadpv1alpha1.NonAdmin{
+							Enable: pointer.Bool(false),
+						},
+					},
+				},
+				&appsv1.Deployment{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "non-admin-controller",
+						Namespace: "test-another-ns",
+					},
+				},
+			},
+			wantErr: false,
+		},
 		{
 			name: "given invalid DPA CR aws and legacy-aws plugins both specified",
 			dpa: &oadpv1alpha1.DataProtectionApplication{