feat: allow to add annotations to secret (#15)

api/v1alpha1/postgresrole_types.go

@@ -53,6 +53,7 @@ type PostgresRoleSpec struct {
 	PasswordFromSecret *PostgresRolePasswordFromSecret `json:"passwordFromSecret,omitempty"`
 	SecretName         string                          `json:"secretName,omitempty"`
 	SecretTemplate     map[string]string               `json:"secretTemplate,omitempty"`
+	SecretAnnotations  map[string]string               `json:"secretAnnotations,omitempty"`
 
 	MemberOfRoles []string `json:"memberOfRoles,omitempty"`
 

deploy/crds/managed-postgres-operator.hoppscale.com_postgresroles.yaml

@@ -82,6 +82,10 @@ spec:
                 type: object
               replication:
                 type: boolean
+              secretAnnotations:
+                additionalProperties:
+                  type: string
+                type: object
               secretName:
                 type: string
               secretTemplate:

internal/controller/postgresrole_controller.go

@@ -69,12 +69,12 @@
 
 	resource := &managedpostgresoperatorhoppscalecomv1alpha1.PostgresRole{}
 
 	if err := r.Client.Get(ctx, req.NamespacedName, resource); err != nil {
 		return r.Result(client.IgnoreNotFound(err))
 	}
 
 	// Skip reconcile if the resource is not managed by this operator
 	if !utils.IsManagedByOperatorInstance(resource.ObjectMeta.Annotations, r.OperatorInstanceName) {
 		return r.Result(nil)
 	}
 
@@ -156,6 +156,7 @@
 		resource.ObjectMeta.Namespace,
 		resource.Spec.SecretName,
 		resource.Spec.SecretTemplate,
+		resource.Spec.SecretAnnotations,
 		&desiredRole,
 		r.PGPools.Default.Config().ConnConfig,
 	)
@@ -337,7 +338,7 @@
 	return err
 }
 
-func (r *PostgresRoleReconciler) reconcileRoleSecret(secretNamespace, secretName string, secretTemplate map[string]string, role *postgresql.Role, pgConfig *pgx.ConnConfig) (err error) {
+func (r *PostgresRoleReconciler) reconcileRoleSecret(secretNamespace, secretName string, secretTemplate map[string]string, secretAnnotations map[string]string, role *postgresql.Role, pgConfig *pgx.ConnConfig) (err error) {
 	// Do not create Secret if no name provided by the user
 	if secretName == "" {
 		return err
@@ -382,7 +383,7 @@
 	}
 
 	// Retrieve Secret
 	err = r.Client.Get(context.Background(), secretNamespacedName, resourceSecret)
 	if err != nil && !errors.IsNotFound(err) {
 		return fmt.Errorf("failed to retrieve secret: %s", err)
 	}
@@ -391,8 +392,9 @@
 	if errors.IsNotFound(err) {
 		resourceSecret = &corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
-				Namespace: secretNamespace,
-				Name:      secretName,
+				Namespace:   secretNamespace,
+				Name:        secretName,
+				Annotations: secretAnnotations,
 				Labels: map[string]string{
 					"app.kubernetes.io/managed-by": "managed-postgres-operator.hoppscale.com",
 				},
@@ -421,6 +423,16 @@
 		toUpdate = true
 	}
 
+	if resourceSecret.ObjectMeta.Annotations == nil {
+		resourceSecret.ObjectMeta.Annotations = make(map[string]string)
+	}
+	for k, v := range secretAnnotations {
+		if val, ok := resourceSecret.ObjectMeta.Annotations[k]; !ok || val != v {
+			resourceSecret.ObjectMeta.Annotations[k] = v
+			toUpdate = true
+		}
+	}
+
 	if fmt.Sprint(resourceSecret.Data) != fmt.Sprint(desiredSecretData) {
 		toUpdate = true
 		resourceSecret.Data = desiredSecretData

internal/controller/postgresrole_controller_test.go

@@ -252,6 +252,7 @@ var _ = Describe("PostgresRole Controller", func() {
 							"default",
 							"db-config-myrole",
 							make(map[string]string),
+							make(map[string]string),
 							&role,
 							pgConfig,
 						)
@@ -299,6 +300,7 @@ var _ = Describe("PostgresRole Controller", func() {
 							"default",
 							"db-config-myrole",
 							secretTemplate,
+							make(map[string]string),
 							&role,
 							pgConfig,
 						)
@@ -816,6 +818,7 @@ var _ = Describe("PostgresRole Controller", func() {
 								"default",
 								"db-config-myrole",
 								make(map[string]string),
+								make(map[string]string),
 								&role,
 								pgConfig,
 							)