Labels and Annotations propagation for Secret (#596)

* Adding the  to allow annotations copy opt-in for the kubernetes secrets

* Adding the labels and annotations of the KamusSecret

* Adding the  property for the alpha2 version tests

* Adding the labels and annotations

* Adding tests for labels and annotations copy

* Not overriding kind cluster binary

* Chaing from  to

* Bumping the version

* Adding ignore paths

* Adding the annotations without the last-applied annotation

* Removing the default value

* Fixing the test failure

* Fixing some test bugs

* Comvinging all of the deletion to one try/catch

* Removing the unused import

.gitignore

@@ -45,4 +45,8 @@ init-container/token.txt
 init-container/decrypted/**
 
 kubectl
-kind
+kind
+
+docker-cache-api
+src/crd-controller/*.key
+src/crd-controller/*.crt

src/crd-controller/HostedServices/V1Alpha2Controller.cs

@@ -1,5 +1,5 @@
 using System;
-using System.Linq;
+using System.Collections.Generic;
 using System.Reactive.Linq;
 using System.Threading;
 using System.Threading.Tasks;
@@ -147,12 +147,21 @@ private async Task<V1Secret> CreateSecret(KamusSecret kamusSecret)
                         }
                     };
 
+            IDictionary<string, string> annotations = null;
+            if (kamusSecret.PropagateAnnotations)
+            {
+                annotations = kamusSecret.Metadata.Annotations;
+                annotations.Remove("kubectl.kubernetes.io/last-applied-configuration");
+            }
+
             return new V1Secret
             {
                 Metadata = new V1ObjectMeta
                 {
                     Name = kamusSecret.Metadata.Name,
                     NamespaceProperty = @namespace,
+                    Labels = kamusSecret.Metadata.Labels,
+                    Annotations = annotations,
                     OwnerReferences = ownerReference
                 },
                 Type = kamusSecret.Type,

src/crd-controller/Models/V1Alpha2/KamusSecret.cs

@@ -11,6 +11,6 @@ public class KamusSecret : KubernetesObject
         public string Type { get; set; }
         public V1ObjectMeta Metadata { get; set; }
         public string ServiceAccount { get; set; }
-
+        public bool PropagateAnnotations { get; set; }
     }
 }

src/crd-controller/crd-controller.csproj

@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <PropertyGroup>
-    <Version>0.8.0.0</Version>
+    <Version>0.8.1.0</Version>
   </PropertyGroup>
 
   <ItemGroup>

src/decrypt-api/decrypt-api.csproj

@@ -3,7 +3,7 @@
     <TargetFramework>netcoreapp3.1</TargetFramework>
   </PropertyGroup>
   <PropertyGroup>
-    <Version>0.8.0.0</Version>
+    <Version>0.8.1.0</Version>
   </PropertyGroup>
   <ItemGroup>
     <Folder Include="Models\" />

src/encrypt-api/encrypt-api.csproj

@@ -3,7 +3,7 @@
     <TargetFramework>netcoreapp3.1</TargetFramework>
   </PropertyGroup>
   <PropertyGroup>
-    <Version>0.8.0.0</Version>
+    <Version>0.8.1.0</Version>
   </PropertyGroup>
   <ItemGroup>
     <Folder Include="Models\" />

tests/crd-controller/FlowTest.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Diagnostics;
 using System.IO;
+using System.Linq;
 using System.Reactive.Linq;
 using System.Reactive.Subjects;
 using System.Text;
@@ -84,6 +85,68 @@ public async Task CreateKamusSecretV1Alpha2_SecretCreated()
             Assert.Equal(File.ReadAllText("key.crt"), Encoding.UTF8.GetString(v1Secret.Data["key3"]));
         }
 
+        [Fact]
+        public async Task CreateKamusSecret_LabelsCopiedAndAnnotationsNot()
+        {
+            Cleanup();
+            await DeployController();
+            var kubernetes = new Kubernetes(KubernetesClientConfiguration.BuildDefaultConfig());
+
+            var result = await kubernetes.ListNamespacedSecretWithHttpMessagesAsync(
+                "default",
+                watch: true
+            );
+
+            var subject = new ReplaySubject<(WatchEventType, V1Secret)>();
+
+            result.Watch<V1Secret>(
+                onEvent: (@type, @event) => subject.OnNext((@type, @event)),
+                onError: e => subject.OnError(e),
+                onClosed: () => subject.OnCompleted());
+
+            RunKubectlCommand("apply -f tls-KamusSecretV1Alpha2.yaml");
+            mTestOutputHelper.WriteLine("Waiting for secret creation");
+            var (_, v1Secret) = await subject
+                .Where(t => t.Item1 == WatchEventType.Added && t.Item2.Metadata.Name == "my-tls-secret").Timeout(TimeSpan.FromSeconds(30)).FirstAsync();
+
+            Assert.Equal(1, v1Secret.Metadata.Labels.Count);
+            Assert.True(v1Secret.Metadata.Labels.Keys.Contains("key"));
+            Assert.Equal("value", v1Secret.Metadata.Labels.First(x => x.Key == "key").Value);
+            Assert.Null(v1Secret.Metadata.Annotations);
+        }
+
+        [Fact]
+        public async Task CreateKamusSecret_LabelsAndAnnotationsCopied()
+        {
+            Cleanup();
+            await DeployController();
+            var kubernetes = new Kubernetes(KubernetesClientConfiguration.BuildDefaultConfig());
+
+            var result = await kubernetes.ListNamespacedSecretWithHttpMessagesAsync(
+                "default",
+                watch: true
+            );
+
+            var subject = new ReplaySubject<(WatchEventType, V1Secret)>();
+
+            result.Watch<V1Secret>(
+                onEvent: (@type, @event) => subject.OnNext((@type, @event)),
+                onError: e => subject.OnError(e),
+                onClosed: () => subject.OnCompleted());
+
+            RunKubectlCommand("apply -f tls-KamusSecretV1Alpha2-with-annotations.yaml");
+            mTestOutputHelper.WriteLine("Waiting for secret creation");
+            var (_, v1Secret) = await subject
+                .Where(t => t.Item1 == WatchEventType.Added && t.Item2.Metadata.Name == "my-tls-secret").Timeout(TimeSpan.FromSeconds(30)).FirstAsync();
+
+            Assert.Equal(1, v1Secret.Metadata.Labels.Count);
+            Assert.True(v1Secret.Metadata.Labels.Keys.Contains("key"));
+            Assert.Equal("value", v1Secret.Metadata.Labels.First(x => x.Key == "key").Value);
+            Assert.Equal(1, v1Secret.Metadata.Annotations.Count);
+            Assert.True(v1Secret.Metadata.Annotations.Keys.Contains("key"));
+            Assert.Equal("value", v1Secret.Metadata.Annotations.First(x => x.Key == "key").Value);
+        }
+
         [Theory]
         [InlineData("updated-tls-KamusSecret.yaml")]
         [InlineData("updated-tls-KamusSecretV1Alpha2.yaml")]
@@ -162,23 +225,10 @@ private void Cleanup()
             try
             {
                 RunKubectlCommand("delete -f tls-KamusSecret.yaml --ignore-not-found");
-            }
-            catch
-            {
-                // ignored
-            }
-
-            try
-            {
+                RunKubectlCommand("delete -f tls-KamusSecretV1Alpha2.yaml --ignore-not-found");
+                RunKubectlCommand("delete -f tls-KamusSecretV1Alpha2-with-annotations.yaml --ignore-not-found");
                 RunKubectlCommand("delete -f updated-tls-KamusSecret.yaml --ignore-not-found");
-            }
-            catch
-            {
-                // ignored
-            }
-
-            try
-            {
+                RunKubectlCommand("delete -f updated-tls-KamusSecretV1Alpha2.yaml --ignore-not-found");
                 RunKubectlCommand("delete -f tls-Secret.yaml --ignore-not-found");
             }
             catch

tests/crd-controller/crd-controller.csproj

@@ -28,6 +28,9 @@
     <None Update="tls-KamusSecretV1Alpha2.yaml">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Update="tls-KamusSecretV1Alpha2-with-annotations.yaml">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="updated-tls-KamusSecret.yaml">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>

tests/crd-controller/crd.yaml

@@ -42,6 +42,8 @@ spec:
             type: string
           type:
             type: string
+          propagateAnnotations:
+            type: boolean
   # either Namespaced or Cluster
   scope: Namespaced
   names:

tests/crd-controller/run-tests.sh

@@ -31,9 +31,12 @@ cleanup() {
     echo 'Removing e2e container...'
     docker kill e2e > /dev/null 2>&1
     echo 'Removing kind e2e-test cluster'
-    kind delete clusters e2e-test
+    ./kind delete clusters e2e-test
     echo 'Restoring kubeconfig'
     mv "$HOME/.kube/config.bkp" "$HOME/.kube/config"  || echo "No original kubeconfig to backup was found."
+    echo 'Removing kubectl and kind binaries'
+    rm kubectl
+    rm kind
     echo 'Done!'
 }
 
@@ -48,7 +51,6 @@ create_kind_cluster() {
 
     curl -sfSLo kind "https://github.com/kubernetes-sigs/kind/releases/download/v$KIND_VERSION/kind-$machine-amd64"
     chmod +x kind
-    sudo mv kind /usr/local/bin/kind
 
     curl -sfSLO https://storage.googleapis.com/kubernetes-release/release/"$K8S_VERSION"/bin/linux/amd64/kubectl
     chmod +x kubectl
@@ -57,9 +59,9 @@ create_kind_cluster() {
 
     kind_config="kind-config.yaml"
 
-    TMPDIR=$HOME kind create cluster --name "$CLUSTER_NAME" --config tests/crd-controller/$kind_config --image "kindest/node:$K8S_VERSION"
+    TMPDIR=$HOME ./kind create cluster --name "$CLUSTER_NAME" --config tests/crd-controller/$kind_config --image "kindest/node:$K8S_VERSION"
 
-    kind load image-archive docker-cache-api/crd-controller.tar --name "$CLUSTER_NAME"
+    ./kind load image-archive docker-cache-api/crd-controller.tar --name "$CLUSTER_NAME"
     docker_exec mkdir -p /root/.kube
 
     echo 'Copying kubeconfig to container...'

tests/crd-controller/tls-KamusSecretV1Alpha2-with-annotations.yaml

@@ -0,0 +1,15 @@
+apiVersion: "soluto.com/v1alpha2"
+kind: KamusSecret
+metadata:
+  annotations:
+    key: value
+  labels:
+    key: value
+  name: my-tls-secret
+type: TlsSecret
+stringData:
+  key: J9NYLzTC/O44DvlCEZ+LfQ==:Cc9O5zQzFOyxwTD5ZHseqg==
+data:
+  key3: 5SRnC8HJ6gJEOCpgby3ZSQ==:LUfzADu23z1l9CWFXzR71/Ua74IxI12Ehn18d5hnqA+C40D6o1qfaaOLuPzwPYILwsViZvg7FymTB9c/1vLlwnqQJfRXNNKg07cTD5tGoufKrQrgMpOHcEKsq/k3jwQ5MSyU99npBmPFkCZ93uE1b6llSbBkzp80cBQB+Peb7WtyfG4WoOn15hy7Eb71tcdNcRLd1r5pWaPWEIlMnVB8TERCfCpTUakXmuM5mvq5PTOp/OfRGpbqG3VRf/iDHSpSOqiNKhq6eiOWvG+WTCVqjpMv4iQiMlTCcJT31ayUHxafx1bg8EX5SuMVc0sHT7wwX4BBMDUCQ8i7qXHNS5gGAl6LXHC2fhfsK/PAJVDZ18PS/ISDuzAs/iV3zffqqLCZxy5qFDyBq5hdjE2deLhH40pL1G9i7fto40ikftdqKLFaa7pxc0A88bvQihkDuPj9gtAmXt7k+hnUXlPdP5VuoKGhfJUMaEDIwTxUekzcCPDPas9XrmLWyN27BFs6Z+s/kDL+8ZGHP4yyeJyxZV0Gxf0k7RY65GyFzkvcZElq8aI8sSSc9D4Li5OilpXb0M5/s+oZj0QCwwFR2+rNTc4vm1l5s2vRmNMHZ/mQEy1qSJbEvA65U6axYoRcjQIEnvth+sZHy1E3CNBW7LRvUMf2KCy6qX+rjV/i6krAVyohAOLCfWtS+Wi3ulkefoFbKLNVLVaDVP15s4c+dqsDAzscl3HtQHRlhkOlr9hAEsX7qQlRue2S8apDp4SN8umpaTFgZy7u03yTWE64fGYyubKYRYo38D0wTOI7Z9+47m/z52rk6214A3mxoTY8Mm4bmCyxcPwGMnKXdx8x9FN56mpdFifcQLx1HffkGM/F5Hj6/xUUaquHWnWnh3keQjm1gdE0eE5YLB/EZggczj5HiahTgd3IZ/oUd8a2bGo+VToTRimOczz8je4WN3+4px2KXRs+qgaTUTUZ/m1AT90PewOKVhHfWEZKmU9063xqBjtytMyFQxZkFvQqwZNmDYmkWMrqdkC2u5/yjm1Dc1OUEy6ImnxuStCB4j+8B7gXPBg+x/nSbY8vjhbnyhmXQ37m54rFN3Jqgr0XMg5c9h2eMs2oMw/1nGFxZqzxa9VdjsG4sPcfEAECmjgnqaKVY/d7tUoXEKYQWVcoetL5zQxo4Vg9BTFaIO+npwW0Dmc5ED0ShqfKVdUkN+jx5sm16Ik6SR+xvpgh8g4YmA5GmlhLUZuSPn7jTLYmt+1e9ZpvQnNRrSW9hzmpW5FCA2i7hr83x9NmW2S7iPQ979to+i1Ak8f8B1s95bJcgkzEv9kHyd+a6kroM2AXXq0Ra2xXSNYryAS+TESYs7VPzsXeGXzmcRYIwEPqA8Kh3/8b6oNdNzY1+PHavk9Op6jTWnlsGOnRMi1WzC4nFDa9V5lvEFtBT4c1dhNnUVuecBy7yeo2LopYsY6+7rKlWFHCSfC4srZtv7CIRIO6zNAao+Cl6g9O5d+1Yu4/fI9XJMMMqJZZBUl7TGwgGTZhoWol9H5ppgShrV6nYbq2Ekyw2y0I8f96NGRrzeX9AiApoCM/qfC42NP3zEvewdgtzPlo8O0izf76R8ggc/c1rcaQwnMB1FHfPIYup10oVTJvoH2mHSVRCrCuKRQqqB/uCVIglgDjA/jnK68+yoUBD+pwOy3xiyVkQBTmxpnGURMzqXxTypP2YOXHFISnuyTElr7JRNoaK7Oep2hhiXO+jlKEXHe3jeWOKlOW8gpPKKd2rxBrrX+IeaJx7EWKdxkCbackd7cpaeRLVQV8WCUIb91HeMUqz1DEALky+lsfXOr5VwaiikRcJzrlwJkIarNSoM2644Qf5Gyo87z3kmnHyHTqKerC5VrRSgEcH2Z3Ag4Skdf5qMnYC3jm90jp2hhZzq4pMcgGhambiUb1
+serviceAccount: some-sa
+propagateAnnotations: true

tests/crd-controller/tls-KamusSecretV1Alpha2.yaml

@@ -1,6 +1,10 @@
 apiVersion: "soluto.com/v1alpha2"
 kind: KamusSecret
 metadata:
+  annotations:
+    key: value
+  labels:
+    key: value
   name: my-tls-secret
 type: TlsSecret
 stringData: