feat: customize connection string secret annotations

limwa · limwa · commit 2ece40f2dfaf · 2024-07-05T15:48:21.000+01:00
diff --git a/api/v1/mongodbcommunity_types.go b/api/v1/mongodbcommunity_types.go
@@ -486,6 +486,10 @@ type MongoDBUser struct {
 	// +optional
 	ConnectionStringSecretNamespace string `json:"connectionStringSecretNamespace,omitempty"`
 
+	// ConnectionStringSecretAnnotations is the annotations of the secret object created by the operator which exposes the connection strings for the user.
+	// +optional
+	ConnectionStringSecretAnnotations map[string]string `json:"connectionStringSecretAnnotations,omitempty"`
+
 	// Additional options to be appended to the connection string.
 	// These options apply only to this user and will override any existing options in the resource.
 	// +kubebuilder:validation:Type=object
@@ -786,12 +790,13 @@ func (m *MongoDBCommunity) GetAuthUsers() []authtypes.User {
 		}
 
 		users[i] = authtypes.User{
-			Username:                        u.Name,
-			Database:                        u.DB,
-			Roles:                           roles,
-			ConnectionStringSecretName:      u.GetConnectionStringSecretName(m.Name),
-			ConnectionStringSecretNamespace: u.GetConnectionStringSecretNamespace(m.Namespace),
-			ConnectionStringOptions:         u.AdditionalConnectionStringConfig.Object,
+			Username:                          u.Name,
+			Database:                          u.DB,
+			Roles:                             roles,
+			ConnectionStringSecretName:        u.GetConnectionStringSecretName(m.Name),
+			ConnectionStringSecretNamespace:   u.GetConnectionStringSecretNamespace(m.Namespace),
+			ConnectionStringSecretAnnotations: u.ConnectionStringSecretAnnotations,
+			ConnectionStringOptions:           u.AdditionalConnectionStringConfig.Object,
 		}
 
 		if u.DB != constants.ExternalDB {
diff --git a/config/crd/bases/mongodbcommunity.mongodb.com_mongodbcommunity.yaml b/config/crd/bases/mongodbcommunity.mongodb.com_mongodbcommunity.yaml
@@ -518,6 +518,13 @@ spec:
                       nullable: true
                       type: object
                       x-kubernetes-preserve-unknown-fields: true
+                    connectionStringSecretAnnotations:
+                      additionalProperties:
+                        type: string
+                      description: ConnectionStringSecretAnnotations is the annotations
+                        of the secret object created by the operator which exposes
+                        the connection strings for the user.
+                      type: object
                     connectionStringSecretName:
                       description: |-
                         ConnectionStringSecretName is the name of the secret object created by the operator which exposes the connection strings for the user.
diff --git a/controllers/mongodb_users.go b/controllers/mongodb_users.go
@@ -77,6 +77,7 @@ func (r ReplicaSetReconciler) updateConnectionStringSecrets(ctx context.Context,
 			SetField("username", user.Username).
 			SetField("password", pwd).
 			SetOwnerReferences(mdb.GetOwnerReferences()).
+			SetAnnotations(user.ConnectionStringSecretAnnotations).
 			Build()
 
 		if err := secret.CreateOrUpdate(ctx, r.client, connectionStringSecret); err != nil {
diff --git a/pkg/authentication/authtypes/authtypes.go b/pkg/authentication/authtypes/authtypes.go
@@ -71,8 +71,12 @@ type User struct {
 	ConnectionStringSecretName string
 
 	// ConnectionStringSecretNamespace is the namespace of the secret object created by the operator which exposes the connection strings for the user.
+	// Note: there will be one secret with connection strings per user created.
 	ConnectionStringSecretNamespace string `json:"connectionStringSecretNamespace,omitempty"`
 
+	// ConnectionStringSecretAnnotations is the annotations of the secret object created by the operator which exposes the connection strings for the user.
+	ConnectionStringSecretAnnotations map[string]string
+
 	// ConnectionStringOptions contains connection string options for this user
 	// These options will be appended at the end of the connection string and
 	// will override any existing options from the resources.
diff --git a/pkg/kube/secret/secret_builder.go b/pkg/kube/secret/secret_builder.go
@@ -11,6 +11,7 @@ type builder struct {
 	labels          map[string]string
 	name            string
 	namespace       string
+	annotations     map[string]string
 	ownerReferences []metav1.OwnerReference
 }
 
@@ -24,6 +25,11 @@ func (b *builder) SetNamespace(namespace string) *builder {
 	return b
 }
 
+func (b *builder) SetAnnotations(annotations map[string]string) *builder {
+	b.annotations = annotations
+	return b
+}
+
 func (b *builder) SetField(key, value string) *builder {
 	b.data[key] = []byte(value)
 	return b
@@ -72,6 +78,7 @@ func (b builder) Build() corev1.Secret {
 			Namespace:       b.namespace,
 			OwnerReferences: b.ownerReferences,
 			Labels:          b.labels,
+			Annotations:     b.annotations,
 		},
 		Data: b.data,
 		Type: b.dataType,
