Skip to content

Commit

Permalink
Use the unfiltered API reader when looking for AAD identities
Browse files Browse the repository at this point in the history 
When target namespaces are set, there's no guarantee that the
operator's namespace is included. The identity finder always needs to
look in the operator namespace so pass it the API reader which
bypasses the filtered cache.
  • Loading branch information
@babbageclunk
babbageclunk committed Jun 10, 2021
1 parent 07c2031 commit 6d8e301
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -770,7 +770,10 @@ func main() {
os.Exit(1)
}

identityFinder := helpers.NewAADIdentityFinder(mgr.GetClient(), config.PodNamespace())
// Use the API reader rather than using mgr.GetClient(), because
// the client might be restricted by target namespaces, while we
// need to read from the operator namespace.
identityFinder := helpers.NewAADIdentityFinder(mgr.GetAPIReader(), config.PodNamespace())
if err = (&controllers.MySQLAADUserReconciler{
Reconciler: &controllers.AsyncReconciler{
Client: mgr.GetClient(),
Expand Down

0 comments on commit 6d8e301

Please sign in to comment.