Ensure labels are set correct on generated Supervisor secret

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

internal/controller/supervisorconfig/generator/generator.go

@@ -26,7 +26,7 @@ func generateSymmetricKey() ([]byte, error) {
 	return b, nil
 }
 
-func isValid(secret *corev1.Secret) bool {
+func isValid(secret *corev1.Secret, labels map[string]string) bool {
 	if secret.Type != symmetricSecretType {
 		return false
 	}
@@ -39,6 +39,12 @@ func isValid(secret *corev1.Secret) bool {
 		return false
 	}
 
+	for key, value := range labels {
+		if secret.Labels[key] != value {
+			return false
+		}
+	}
+
 	return true
 }
 

internal/controller/supervisorconfig/generator/supervisor_secrets.go

@@ -81,7 +81,7 @@ func (c *supervisorSecretsController) Sync(ctx controllerlib.Context) error {
 		return fmt.Errorf("failed to list secret %s/%s: %w", ctx.Key.Namespace, ctx.Key.Name, err)
 	}
 
-	secretNeedsUpdate := isNotFound || !isValid(secret)
+	secretNeedsUpdate := isNotFound || !isValid(secret, c.labels)
 	if !secretNeedsUpdate {
 		plog.Debug("secret is up to date", "secret", klog.KObj(secret))
 		c.setCacheFunc(secret.Data[symmetricSecretDataKey])
@@ -128,13 +128,16 @@ func (c *supervisorSecretsController) updateSecret(ctx context.Context, newSecre
 			return nil
 		}
 
-		if isValid(currentSecret) {
+		if isValid(currentSecret, c.labels) {
 			*newSecret = currentSecret
 			return nil
 		}
 
 		currentSecret.Type = (*newSecret).Type
 		currentSecret.Data = (*newSecret).Data
+		for key, value := range c.labels {
+			currentSecret.Labels[key] = value
+		}
 
 		_, err = secrets.Update(ctx, currentSecret, metav1.UpdateOptions{})
 		return err

internal/controller/supervisorconfig/generator/supervisor_secrets_test.go

@@ -46,7 +46,6 @@ var (
 	}
 )
 
-// TODO want what??
 func TestSupervisorSecretsControllerFilterSecret(t *testing.T) {
 	t.Parallel()
 
@@ -288,6 +287,9 @@ func TestSupervisorSecretsControllerSync(t *testing.T) {
 		}
 	)
 
+	// Add an extra label to make sure we don't overwrite existing labels on a Secret.
+	generatedSecret.Labels["extra-label-key"] = "extra-label-value"
+
 	once := sync.Once{}
 
 	tests := []struct {
@@ -429,6 +431,28 @@ func TestSupervisorSecretsControllerSync(t *testing.T) {
 			},
 			wantCallbackSecret: otherGeneratedSymmetricKey,
 		},
+		{
+			name: "upon updating we discover that a secret with missing labels exists",
+			storedSecret: func(secret **corev1.Secret) {
+				delete((*secret).Labels, "some-label-key-1")
+			},
+			wantActions: []kubetesting.Action{
+				kubetesting.NewGetAction(secretsGVR, generatedSecretNamespace, generatedSecretName),
+				kubetesting.NewUpdateAction(secretsGVR, generatedSecretNamespace, generatedSecret),
+			},
+			wantCallbackSecret: generatedSymmetricKey,
+		},
+		{
+			name: "upon updating we discover that a secret with incorrect labels exists",
+			storedSecret: func(secret **corev1.Secret) {
+				(*secret).Labels["some-label-key-1"] = "incorrect"
+			},
+			wantActions: []kubetesting.Action{
+				kubetesting.NewGetAction(secretsGVR, generatedSecretNamespace, generatedSecretName),
+				kubetesting.NewUpdateAction(secretsGVR, generatedSecretNamespace, generatedSecret),
+			},
+			wantCallbackSecret: generatedSymmetricKey,
+		},
 		{
 			name: "upon updating we discover that the secret has been deleted",
 			storedSecret: func(secret **corev1.Secret) {