From 2d2ef6903bf3929168f4176c2e11153a1d7773b2 Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Mon, 14 Apr 2025 16:32:14 +0200
Subject: [PATCH] Fixed reconciliation of namespaced resources

---
 src/main.rs          |  6 +++--
 src/resources/mod.rs | 55 ++++++++++++++++++++++++++++++++++----------
 2 files changed, 47 insertions(+), 14 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index d7dc40c..4816d94 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -9,7 +9,9 @@ use kube::runtime::{Controller, watcher};
 use kube::{Api, Client as KubeClient, Resource};
 use lldap_controller::context::Context;
 use lldap_controller::lldap::LldapConfig;
-use lldap_controller::resources::{self, Error, Group, ServiceUser, UserAttribute, reconcile};
+use lldap_controller::resources::{
+    self, Error, Group, ServiceUser, UserAttribute, reconcile, reconcile_namespaced,
+};
 use tracing::{debug, info, warn};
 use tracing_subscriber::layer::SubscriberExt;
 use tracing_subscriber::util::SubscriberInitExt;
@@ -61,7 +63,7 @@ async fn main() -> anyhow::Result<()> {
     let service_user_controller = Controller::new(service_users, Default::default())
         .owns(secrets, Default::default())
         .shutdown_on_signal()
-        .run(reconcile, error_policy, Arc::new(data.clone()))
+        .run(reconcile_namespaced, error_policy, Arc::new(data.clone()))
         .for_each(log_status);
 
     let groups = Api::<Group>::all(client.clone());
diff --git a/src/resources/mod.rs b/src/resources/mod.rs
index 93d5cc8..516cddb 100644
--- a/src/resources/mod.rs
+++ b/src/resources/mod.rs
@@ -5,6 +5,7 @@ mod user_attribute;
 use core::fmt;
 use std::sync::Arc;
 
+use k8s_openapi::{ClusterResourceScope, NamespaceResourceScope};
 use kube::runtime::controller::Action;
 use kube::runtime::finalizer;
 use kube::{Api, Resource, ResourceExt};
@@ -49,22 +50,52 @@ trait Reconcile {
 }
 
 #[instrument(skip(obj, ctx))]
-pub async fn reconcile<T>(obj: Arc<T>, ctx: Arc<Context>) -> Result<Action>
+pub async fn reconcile_namespaced<T>(obj: Arc<T>, ctx: Arc<Context>) -> Result<Action>
 where
-    T: Resource + ResourceExt + Clone + Serialize + DeserializeOwned + fmt::Debug + Reconcile,
+    T: Resource<Scope = NamespaceResourceScope>
+        + ResourceExt
+        + Clone
+        + Serialize
+        + DeserializeOwned
+        + fmt::Debug
+        + Reconcile,
     <T as Resource>::DynamicType: Default,
 {
     debug!(name = obj.name_any(), "Reconcile");
 
-    let service_users = Api::<T>::all(ctx.client.clone());
+    let namespace = obj.namespace().expect("resource should be namespaced");
+    let api = Api::<T>::namespaced(ctx.client.clone(), &namespace);
 
-    Ok(
-        finalizer(&service_users, &ctx.controller_name, obj, |event| async {
-            match event {
-                finalizer::Event::Apply(obj) => obj.reconcile(ctx.clone()).await,
-                finalizer::Event::Cleanup(obj) => obj.cleanup(ctx.clone()).await,
-            }
-        })
-        .await?,
-    )
+    Ok(finalizer(&api, &ctx.controller_name, obj, |event| async {
+        match event {
+            finalizer::Event::Apply(obj) => obj.reconcile(ctx.clone()).await,
+            finalizer::Event::Cleanup(obj) => obj.cleanup(ctx.clone()).await,
+        }
+    })
+    .await?)
+}
+
+#[instrument(skip(obj, ctx))]
+pub async fn reconcile<T>(obj: Arc<T>, ctx: Arc<Context>) -> Result<Action>
+where
+    T: Resource<Scope = ClusterResourceScope>
+        + ResourceExt
+        + Clone
+        + Serialize
+        + DeserializeOwned
+        + fmt::Debug
+        + Reconcile,
+    <T as Resource>::DynamicType: Default,
+{
+    debug!(name = obj.name_any(), "Reconcile");
+
+    let api = Api::<T>::all(ctx.client.clone());
+
+    Ok(finalizer(&api, &ctx.controller_name, obj, |event| async {
+        match event {
+            finalizer::Event::Apply(obj) => obj.reconcile(ctx.clone()).await,
+            finalizer::Event::Cleanup(obj) => obj.cleanup(ctx.clone()).await,
+        }
+    })
+    .await?)
 }