add labels for secret

reddec · Nov 15, 2023 · ce0a501 · ce0a501
1 parent 3a6a1f7
commit ce0a501
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -39,10 +39,13 @@ spec:
   realm: reddec
   annotations:
     foo: bar
+  labels:
+    alice: bob
 ```
 
 - `secretName` is optional. If it is not set, then the name of CRD (`sample` in this case) will be used.
 - `annotations` is optional. If set, all values will be copied to secret annotations.
+- `labels` is optional. If set, all values will be copied to secret labels.
 
 Generated secret
 

diff --git a/api/v1alpha1/keycloakclient_types.go b/api/v1alpha1/keycloakclient_types.go
@@ -37,6 +37,8 @@ type KeycloakClientSpec struct {
 	SecretName string `json:"secretName,omitempty"`
 	// Annotations (optional) to add to the target secret
 	Annotations map[string]string `json:"annotations,omitempty"`
+	// Labels (optional) to add to the target secret
+	Labels map[string]string `json:"labels,omitempty"`
 }
 
 // KeycloakClientStatus defines the observed state of KeycloakClient

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/keycloak.k8s.reddec.net_keycloakclients.yaml b/config/crd/bases/keycloak.k8s.reddec.net_keycloakclients.yaml
@@ -43,6 +43,11 @@ spec:
               domain:
                 description: Domain which will be used for redirect callback.
                 type: string
+              labels:
+                additionalProperties:
+                  type: string
+                description: Labels (optional) to add to the target secret
+                type: object
               realm:
                 description: Realm name.
                 type: string

diff --git a/controllers/keycloakclient_controller.go b/controllers/keycloakclient_controller.go
@@ -142,14 +142,19 @@ func (r *KeycloakClientReconciler) getOrCreateSecret(ctx context.Context, info *
 }
 
 func (r *KeycloakClientReconciler) createSecret(ctx context.Context, info *internal.ClientDetails, manifest *keycloakv1alpha1.KeycloakClient) (*v12.Secret, error) {
+	var labels = map[string]string{
+		"keycloak-cr": manifest.Name,
+		"keycloak-id": info.ID,
+	}
+	for k, v := range manifest.Spec.Labels {
+		labels[k] = v
+	}
+
 	sec := &v12.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      manifest.SecretName(),
-			Namespace: manifest.Namespace,
-			Labels: map[string]string{
-				"keycloak-cr": manifest.Name,
-				"keycloak-id": info.ID,
-			},
+			Name:        manifest.SecretName(),
+			Namespace:   manifest.Namespace,
+			Labels:      labels,
 			Annotations: manifest.Spec.Annotations,
 		},
 		Immutable: proto.Bool(true),
@@ -185,6 +190,9 @@ func (r *KeycloakClientReconciler) updateSecret(ctx context.Context, secret *v12
 		"keycloak-cr": m.Name,
 		"keycloak-id": info.ID,
 	}
+	for k, v := range m.Spec.Labels {
+		secret.Labels[k] = v
+	}
 	secret.Data = map[string][]byte{
 		"clientID":     []byte(info.ClientID),
 		"clientSecret": []byte(info.Secret),