diff --git a/internal/controller/validator.go b/internal/controller/validator.go index 442837a830..3c9c5f7b8c 100644 --- a/internal/controller/validator.go +++ b/internal/controller/validator.go @@ -136,36 +136,32 @@ func (r *DataProtectionApplicationReconciler) ValidateDataProtectionCR(log logr. } // validate non-admin enable - if r.dpa.Spec.NonAdmin != nil { - if r.dpa.Spec.NonAdmin.Enable != nil { - - dpaList := &oadpv1alpha1.DataProtectionApplicationList{} - err = r.ClusterWideClient.List(r.Context, dpaList) - if err != nil { - return false, err - } - for _, dpa := range dpaList.Items { - if dpa.Namespace != r.NamespacedName.Namespace && (&DataProtectionApplicationReconciler{dpa: &dpa}).checkNonAdminEnabled() { - nonAdminDeployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ - Name: nonAdminObjectName, - Namespace: dpa.Namespace, - }, - } - if err := r.ClusterWideClient.Get( - r.Context, - types.NamespacedName{ - Name: nonAdminDeployment.Name, - Namespace: nonAdminDeployment.Namespace, - }, - nonAdminDeployment, - ); err == nil { - return false, fmt.Errorf("only a single instance of Non-Admin Controller can be installed across the entire cluster. Non-Admin controller is already configured and installed in %s namespace", dpa.Namespace) - } + if r.checkNonAdminEnabled() { + dpaList := &oadpv1alpha1.DataProtectionApplicationList{} + err = r.ClusterWideClient.List(r.Context, dpaList) + if err != nil { + return false, err + } + for _, dpa := range dpaList.Items { + if dpa.Namespace != r.NamespacedName.Namespace && (&DataProtectionApplicationReconciler{dpa: &dpa}).checkNonAdminEnabled() { + nonAdminDeployment := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: nonAdminObjectName, + Namespace: dpa.Namespace, + }, + } + if err := r.ClusterWideClient.Get( + r.Context, + types.NamespacedName{ + Name: nonAdminDeployment.Name, + Namespace: nonAdminDeployment.Namespace, + }, + nonAdminDeployment, + ); err == nil { + return false, fmt.Errorf("only a single instance of Non-Admin Controller can be installed across the entire cluster. Non-Admin controller is already configured and installed in %s namespace", dpa.Namespace) } } } - garbageCollectionPeriod := r.dpa.Spec.NonAdmin.GarbageCollectionPeriod appliedGarbageCollectionPeriod := oadpv1alpha1.DefaultGarbageCollectionPeriod if garbageCollectionPeriod != nil { diff --git a/internal/controller/validator_test.go b/internal/controller/validator_test.go index f0263c4d9e..41001bb0d0 100644 --- a/internal/controller/validator_test.go +++ b/internal/controller/validator_test.go @@ -1507,6 +1507,49 @@ func TestDPAReconciler_ValidateDataProtectionCR(t *testing.T) { wantErr: true, messageErr: "only a single instance of Non-Admin Controller can be installed across the entire cluster. Non-Admin controller is already configured and installed in test-another-ns namespace", }, + { + name: "[valid] DPA CR: NonAdmin.Enable is true with another DPA having NonAdmin.Enable false", + dpa: &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test-DPA-CR", + Namespace: "test-ns", + }, + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: pointer.Bool(true), + }, + Configuration: &oadpv1alpha1.ApplicationConfig{ + Velero: &oadpv1alpha1.VeleroConfig{ + DefaultPlugins: []oadpv1alpha1.DefaultPlugin{ + oadpv1alpha1.DefaultPluginAWS, + }, + NoDefaultBackupLocation: true, + }, + }, + BackupImages: pointer.Bool(false), + }, + }, + objects: []client.Object{ + &oadpv1alpha1.DataProtectionApplication{ + ObjectMeta: metav1.ObjectMeta{ + Name: "another-DPA-CR", + Namespace: "test-another-ns", + }, + Spec: oadpv1alpha1.DataProtectionApplicationSpec{ + NonAdmin: &oadpv1alpha1.NonAdmin{ + Enable: pointer.Bool(false), + }, + }, + }, + &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: "non-admin-controller", + Namespace: "test-another-ns", + }, + }, + }, + wantErr: false, + }, { name: "given invalid DPA CR aws and legacy-aws plugins both specified", dpa: &oadpv1alpha1.DataProtectionApplication{