diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index e90de1ee70a38..902b8c31a364f 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -669,8 +669,9 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg Watches( &corev1.Secret{}, &clusterSecretEventHandler{ - Client: mgr.GetClient(), - Log: log.WithField("type", "createSecretEventHandler"), + Client: mgr.GetClient(), + Log: log.WithField("type", "createSecretEventHandler"), + ApplicationSetNamespaces: r.ApplicationSetNamespaces, }). Complete(r) } diff --git a/applicationset/controllers/clustereventhandler.go b/applicationset/controllers/clustereventhandler.go index dd71e9b8c79bc..2cf45bc7a6066 100644 --- a/applicationset/controllers/clustereventhandler.go +++ b/applicationset/controllers/clustereventhandler.go @@ -14,6 +14,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/event" + "github.com/argoproj/argo-cd/v3/applicationset/utils" "github.com/argoproj/argo-cd/v3/common" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1" ) @@ -22,8 +23,9 @@ import ( // requeue any related ApplicationSets. type clusterSecretEventHandler struct { // handler.EnqueueRequestForOwner - Log log.FieldLogger - Client client.Client + Log log.FieldLogger + Client client.Client + ApplicationSetNamespaces []string } func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.TypedRateLimitingInterface[reconcile.Request]) { @@ -68,6 +70,10 @@ func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Contex h.Log.WithField("count", len(appSetList.Items)).Info("listed ApplicationSets") for _, appSet := range appSetList.Items { + if !utils.IsNamespaceAllowed(h.ApplicationSetNamespaces, appSet.GetNamespace()) { + // Ignore it as not part of the allowed list of namespaces in which to watch Appsets + continue + } foundClusterGenerator := false for _, generator := range appSet.Spec.Generators { if generator.Clusters != nil { diff --git a/applicationset/controllers/clustereventhandler_test.go b/applicationset/controllers/clustereventhandler_test.go index b87bfc1a39cf0..19e7ee057731d 100644 --- a/applicationset/controllers/clustereventhandler_test.go +++ b/applicationset/controllers/clustereventhandler_test.go @@ -137,7 +137,7 @@ func TestClusterEventHandler(t *testing.T) { { ObjectMeta: metav1.ObjectMeta{ Name: "my-app-set", - Namespace: "another-namespace", + Namespace: "argocd", }, Spec: argov1alpha1.ApplicationSetSpec{ Generators: []argov1alpha1.ApplicationSetGenerator{ @@ -171,9 +171,37 @@ func TestClusterEventHandler(t *testing.T) { }, }, expectedRequests: []reconcile.Request{ - {NamespacedName: types.NamespacedName{Namespace: "another-namespace", Name: "my-app-set"}}, + {NamespacedName: types.NamespacedName{Namespace: "argocd", Name: "my-app-set"}}, }, }, + { + name: "cluster generators in other namespaces should not match", + items: []argov1alpha1.ApplicationSet{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "my-app-set", + Namespace: "my-namespace-not-allowed", + }, + Spec: argov1alpha1.ApplicationSetSpec{ + Generators: []argov1alpha1.ApplicationSetGenerator{ + { + Clusters: &argov1alpha1.ClusterGenerator{}, + }, + }, + }, + }, + }, + secret: corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "argocd", + Name: "my-secret", + Labels: map[string]string{ + argocommon.LabelKeySecretType: argocommon.LabelValueSecretTypeCluster, + }, + }, + }, + expectedRequests: []reconcile.Request{}, + }, { name: "non-argo cd secret should not match", items: []argov1alpha1.ApplicationSet{ @@ -552,8 +580,9 @@ func TestClusterEventHandler(t *testing.T) { fakeClient := fake.NewClientBuilder().WithScheme(scheme).WithLists(&appSetList).Build() handler := &clusterSecretEventHandler{ - Client: fakeClient, - Log: log.WithField("type", "createSecretEventHandler"), + Client: fakeClient, + Log: log.WithField("type", "createSecretEventHandler"), + ApplicationSetNamespaces: []string{"argocd"}, } mockAddRateLimitingInterface := mockAddRateLimitingInterface{}