From da6e457b502322e9b6b500ca4bb2439ac51d1426 Mon Sep 17 00:00:00 2001
From: Eric Chan <kinyat2009@gmail.com>
Date: Fri, 11 Mar 2022 08:58:49 +1000
Subject: [PATCH] skip processing cluster secret store

---
 cmd/root.go                                      | 11 ++++++-----
 .../externalsecret/externalsecret_controller.go  | 16 +++++++++++-----
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/cmd/root.go b/cmd/root.go
index 0fbbb2a0c..f83cd736a 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -130,11 +130,12 @@ var rootCmd = &cobra.Command{
 			}
 		}
 		if err = (&externalsecret.Reconciler{
-			Client:          mgr.GetClient(),
-			Log:             ctrl.Log.WithName("controllers").WithName("ExternalSecret"),
-			Scheme:          mgr.GetScheme(),
-			ControllerClass: controllerClass,
-			RequeueInterval: time.Hour,
+			Client:                    mgr.GetClient(),
+			Log:                       ctrl.Log.WithName("controllers").WithName("ExternalSecret"),
+			Scheme:                    mgr.GetScheme(),
+			ControllerClass:           controllerClass,
+			RequeueInterval:           time.Hour,
+			ClusterSecretStoreEnabled: enableClusterStoreReconciler,
 		}).SetupWithManager(mgr, controller.Options{
 			MaxConcurrentReconciles: concurrent,
 		}); err != nil {
diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go
index 847a28b94..d08480c01 100644
--- a/pkg/controllers/externalsecret/externalsecret_controller.go
+++ b/pkg/controllers/externalsecret/externalsecret_controller.go
@@ -74,11 +74,12 @@ const (
 // Reconciler reconciles a ExternalSecret object.
 type Reconciler struct {
 	client.Client
-	Log             logr.Logger
-	Scheme          *runtime.Scheme
-	ControllerClass string
-	RequeueInterval time.Duration
-	recorder        record.EventRecorder
+	Log                       logr.Logger
+	Scheme                    *runtime.Scheme
+	ControllerClass           string
+	RequeueInterval           time.Duration
+	ClusterSecretStoreEnabled bool
+	recorder                  record.EventRecorder
 }
 
 // Reconcile implements the main reconciliation loop
@@ -108,6 +109,11 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu
 		return ctrl.Result{}, nil
 	}
 
+	if !r.ClusterSecretStoreEnabled && externalSecret.Spec.SecretStoreRef.Kind == esv1beta1.ClusterSecretStoreKind {
+		log.Info("skipping cluster secret store as it is disabled")
+		return ctrl.Result{}, nil
+	}
+
 	// patch status when done processing
 	p := client.MergeFrom(externalSecret.DeepCopy())
 	defer func() {