Skip to content

Commit 2f7ab7c

Browse files
lukasgr90lukasgr90
committed
Implemented reconciler logic to set secret's labels
Signed-off-by: Lukas Grundmann <[email protected]>
1 parent b9ace5d commit 2f7ab7c

File tree

3 files changed

+33
-1
lines changed

3 files changed

+33
-1
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -168,7 +168,7 @@ $(GOLANGCILINT): $(LOCALBIN)
168168
.PHONY: vault
169169
vault: $(VAULT) ## Download vault locally if necessary.
170170
$(VAULT): $(LOCALBIN)
171-
wget https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(GO_OS)_$(GO_ARCH).zip -O $(LOCALBIN)/vault.zip
171+
curl -o $(LOCALBIN)/vault.zip -L https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(GO_OS)_$(GO_ARCH).zip
172172
unzip -o $(LOCALBIN)/vault.zip -d $(LOCALBIN)
173173
rm $(LOCALBIN)/vault.zip
174174

controllers/vaultsecret_controller.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -253,6 +253,16 @@ func (r *VaultSecretReconciler) updateSecret(secret *corev1.Secret, vaultSecret
253253
secret.Type = corev1.SecretTypeDockerConfigJson
254254
}
255255

256+
// Update secret labels
257+
if vaultSecret.Spec.SecretLabels != nil && len(vaultSecret.Spec.SecretLabels) > 0 {
258+
if secret.ObjectMeta.Labels == nil {
259+
secret.ObjectMeta.Labels = make(map[string]string)
260+
}
261+
for k, v := range vaultSecret.Spec.SecretLabels {
262+
secret.ObjectMeta.Labels[k] = v
263+
}
264+
}
265+
256266
// Update secret data
257267
if vaultSecret.Spec.Data != nil && len(vaultSecret.Spec.Data) > 0 {
258268
for _, data := range vaultSecret.Spec.Data {

controllers/vaultsecret_controller_test.go

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -423,6 +423,28 @@ var _ = Describe("VaultSecretReconciler", func() {
423423
Expect(s.Type).To(Equal(corev1.SecretTypeTLS))
424424
})
425425
})
426+
It("can specify secret's labels", func() {
427+
Context("new secret", func() {
428+
vs := mustCreateNewVaultSecret(func(spec *vaultv1alpha1.VaultSecretSpec) {
429+
spec.Data[0].Name = "secret-with-labels"
430+
spec.Data = append(spec.Data, vaultv1alpha1.VaultSecretData{
431+
Name: corev1.TLSPrivateKeyKey,
432+
Location: &vaultv1alpha1.VaultSecretLocation{
433+
Path: "app/test/bar",
434+
Field: "baz",
435+
},
436+
})
437+
spec.SecretLabels = map[string]string{"frog": "prince"}
438+
})
439+
mustReconcile(vs)
440+
441+
s := &corev1.Secret{}
442+
Eventually(func() bool {
443+
return k8sClient.Get(ctx, namespacedName(vs), s) == nil
444+
}, timeout, interval).Should(BeTrue())
445+
Expect(s.ObjectMeta.Labels["frog"]).To(Equal("prince"))
446+
})
447+
})
426448
It("can use templating", func() {
427449
Context("with variables", func() {
428450
vs := mustCreateNewVaultSecret(func(spec *vaultv1alpha1.VaultSecretSpec) {

0 commit comments

Comments
 (0)