feat: Support user-defined labels on secrets

geekifier · pcallewaert · commit d6f12a37f1af · 2025-04-28T09:38:50.000+02:00
diff --git a/README.md b/README.md
@@ -153,6 +153,8 @@ spec:
   privileges: OWNER     # Can be OWNER/READ/WRITE
   annotations:          # Annotations to be propagated to the secrets metadata section (optional)
     foo: "bar"
+  labels:
+    foo: "bar"          # Labels to be propagated to the secrets metadata section (optional)
   secretTemplate:       # Output secrets can be customized using standard Go templates
     PQ_URL: "host={{.Host}} user={{.Role}} password={{.Password}} dbname={{.Database}}"
 ```
diff --git a/pkg/apis/db/v1alpha1/postgresuser_types.go b/pkg/apis/db/v1alpha1/postgresuser_types.go
@@ -19,6 +19,8 @@ type PostgresUserSpec struct {
 	Privileges string `json:"privileges"`
 	// +optional
 	Annotations map[string]string `json:"annotations,omitempty"`
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
 }
 
 // PostgresUserStatus defines the observed state of PostgresUser
diff --git a/pkg/controller/postgresuser/postgresuser_controller.go b/pkg/controller/postgresuser/postgresuser_controller.go
@@ -286,6 +286,10 @@ func (r *ReconcilePostgresUser) newSecretForCR(cr *dbv1alpha1.PostgresUser, role
 	labels := map[string]string{
 		"app": cr.Name,
 	}
+	// Merge in user-defined secret labels
+	for k, v := range cr.Spec.Labels {
+		labels[k] = v
+	}
 	annotations := cr.Spec.Annotations
 	name := fmt.Sprintf("%s-%s", cr.Spec.SecretName, cr.Name)
 	if r.keepSecretName {

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,8 @@ type PostgresUserSpec struct {`
`19`	`19`	Privileges string `json:"privileges"`
`20`	`20`	`// +optional`
`21`	`21`	Annotations map[string]string `json:"annotations,omitempty"`
	`22`	`+ // +optional`
	`23`	+ Labels map[string]string `json:"labels,omitempty"`
`22`	`24`	`}`
`23`	`25`
`24`	`26`	`// PostgresUserStatus defines the observed state of PostgresUser`