From 651ddcec800ca0ae90c08101bf5733eb61be7bc0 Mon Sep 17 00:00:00 2001
From: Vadym <vs0780@att.com>
Date: Fri, 8 Sep 2023 12:18:19 -0700
Subject: [PATCH] Add custom annotations insertion support

---
 README.md                                     |  1 +
 api/v1/certificatepackage_types.go            |  1 +
 ...ilder.directv.com_certificatepackages.yaml |  5 +++++
 controllers/certificatepackage_controller.go  | 20 ++++++++++++-------
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index b2a442b..45110f4 100644
--- a/README.md
+++ b/README.md
@@ -50,6 +50,7 @@ passwordSecret: "secret containing the password to sign JKS keystore with - requ
 passwordSecretKey: "key within the passwordSecret containing the password data - required only for JKS type only"
 addClusterCA: "(true/false) include the cluster CA in the certificate store. Default: false"
 selector: "label selector that selects which secrets contain the source trusted certificates"
+annotations: "label selector that selects which secrets contain the source trusted certificates"
 ```
 
 ### Source Trusted Certificates
diff --git a/api/v1/certificatepackage_types.go b/api/v1/certificatepackage_types.go
index 53c2779..50b6597 100644
--- a/api/v1/certificatepackage_types.go
+++ b/api/v1/certificatepackage_types.go
@@ -38,6 +38,7 @@ type CertificatePackageSpec struct {
 	AddClusterCA      string               `json:"addClusterCA,omitempty"`
 	PasswordSecret    string               `json:"passwordSecret,omitempty"`
 	PasswordSecretKey string               `json:"passwordSecretKey,omitempty"`
+	Annotations       map[string]string    `json:"annotations,omitempty"`
 }
 
 // CertificatePackageStatus defines the observed state of CertificatePackage
diff --git a/config/crd/bases/trustbuilder.directv.com_certificatepackages.yaml b/config/crd/bases/trustbuilder.directv.com_certificatepackages.yaml
index f40efeb..96a280b 100644
--- a/config/crd/bases/trustbuilder.directv.com_certificatepackages.yaml
+++ b/config/crd/bases/trustbuilder.directv.com_certificatepackages.yaml
@@ -39,6 +39,11 @@ spec:
             properties:
               addClusterCA:
                 type: string
+              annotations:
+                description: Custom annotations map that will be added to the output object
+                additionalProperties:
+                  type: string
+                type: object
               key:
                 type: string
               packageType:
diff --git a/controllers/certificatepackage_controller.go b/controllers/certificatepackage_controller.go
index 260c459..2f8825a 100644
--- a/controllers/certificatepackage_controller.go
+++ b/controllers/certificatepackage_controller.go
@@ -24,19 +24,20 @@ import (
 	"encoding/pem"
 	oserrors "errors"
 	"fmt"
+	"io/ioutil"
+	"os"
+	"sort"
+	"strconv"
+	"strings"
+	"time"
+
 	"github.com/go-logr/logr"
 	"github.com/pavel-v-chernykh/keystore-go/v4"
-	"io/ioutil"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/retry"
-	"os"
-	"sort"
-	"strconv"
-	"strings"
-	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -407,10 +408,15 @@ func (r *CertificatePackageReconciler) applyCertBytesToSecret(ctx context.Contex
 			return fmt.Errorf("failed to get destination secret: %s", err.Error())
 		}
 	}
-	if targetSecret.Annotations == nil {
+
+	if cp.Annotations != nil {
+		targetSecret.Annotations = cp.Spec.Annotations
+	} else if targetSecret.Annotations == nil {
 		targetSecret.Annotations = map[string]string{}
 	}
+
 	targetSecret.Annotations[CurrentCertificateHashAnnotation] = certHash
+
 	if targetSecret.Data == nil {
 		targetSecret.Data = map[string][]byte{}
 	}