Skip to content

Commit

Permalink
Implemented reconciler logic to set secret's labels
Browse files Browse the repository at this point in the history 
Signed-off-by: Lukas Grundmann <[email protected]>
  • Loading branch information
@lukasgr90
lukasgr90 committed Jan 6, 2023
1 parent b9ace5d commit 2f7ab7c
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@ $(GOLANGCILINT): $(LOCALBIN)
.PHONY: vault
vault: $(VAULT) ## Download vault locally if necessary.
$(VAULT): $(LOCALBIN)
wget https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(GO_OS)_$(GO_ARCH).zip -O $(LOCALBIN)/vault.zip
curl -o $(LOCALBIN)/vault.zip -L https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(GO_OS)_$(GO_ARCH).zip
unzip -o $(LOCALBIN)/vault.zip -d $(LOCALBIN)
rm $(LOCALBIN)/vault.zip

Expand Down
10 changes: 10 additions & 0 deletions controllers/vaultsecret_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,16 @@ func (r *VaultSecretReconciler) updateSecret(secret *corev1.Secret, vaultSecret
secret.Type = corev1.SecretTypeDockerConfigJson
}

// Update secret labels
if vaultSecret.Spec.SecretLabels != nil && len(vaultSecret.Spec.SecretLabels) > 0 {
if secret.ObjectMeta.Labels == nil {
secret.ObjectMeta.Labels = make(map[string]string)
}
for k, v := range vaultSecret.Spec.SecretLabels {
secret.ObjectMeta.Labels[k] = v
}
}

// Update secret data
if vaultSecret.Spec.Data != nil && len(vaultSecret.Spec.Data) > 0 {
for _, data := range vaultSecret.Spec.Data {
Expand Down
22 changes: 22 additions & 0 deletions controllers/vaultsecret_controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -423,6 +423,28 @@ var _ = Describe("VaultSecretReconciler", func() {
Expect(s.Type).To(Equal(corev1.SecretTypeTLS))
})
})
It("can specify secret's labels", func() {
Context("new secret", func() {
vs := mustCreateNewVaultSecret(func(spec *vaultv1alpha1.VaultSecretSpec) {
spec.Data[0].Name = "secret-with-labels"
spec.Data = append(spec.Data, vaultv1alpha1.VaultSecretData{
Name: corev1.TLSPrivateKeyKey,
Location: &vaultv1alpha1.VaultSecretLocation{
Path: "app/test/bar",
Field: "baz",
},
})
spec.SecretLabels = map[string]string{"frog": "prince"}
})
mustReconcile(vs)

s := &corev1.Secret{}
Eventually(func() bool {
return k8sClient.Get(ctx, namespacedName(vs), s) == nil
}, timeout, interval).Should(BeTrue())
Expect(s.ObjectMeta.Labels["frog"]).To(Equal("prince"))
})
})
It("can use templating", func() {
Context("with variables", func() {
vs := mustCreateNewVaultSecret(func(spec *vaultv1alpha1.VaultSecretSpec) {
Expand Down

0 comments on commit 2f7ab7c

Please sign in to comment.