diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index 51a3c107..aa41089d 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -18,6 +18,8 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) var ( @@ -132,7 +134,7 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc "apps.cozystack.io/application.name": obj.GetName(), } templateLabels := map[string]string{ - "kind": strings.ToLower(obj.GetKind()), + "kind": strings.ToLower(obj.GetKind()), "name": obj.GetName(), } if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { @@ -142,9 +144,9 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc crd := cfg.appCRDMap[appRef{gv.Group, obj.GetKind()}] // TODO: expand this to work with other resources than Secrets - labels["apps.cozystack.io/tenantresource"] = func(b bool) string { + labels[corev1alpha1.TenantResourceLabelKey] = func(b bool) string { if b { - return "true" + return corev1alpha1.TenantResourceLabelValue } return "false" }(matchResourceToExcludeInclude(o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) diff --git a/packages/apps/clickhouse/templates/backup-script.yaml b/packages/apps/clickhouse/templates/backup-script.yaml index d8156792..29e4b727 100644 --- a/packages/apps/clickhouse/templates/backup-script.yaml +++ b/packages/apps/clickhouse/templates/backup-script.yaml @@ -4,8 +4,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-backup-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: backup.sh: | #!/bin/sh diff --git a/packages/apps/mysql/templates/backup-script.yaml b/packages/apps/mysql/templates/backup-script.yaml index c5fc8ce7..b261cdea 100644 --- a/packages/apps/mysql/templates/backup-script.yaml +++ b/packages/apps/mysql/templates/backup-script.yaml @@ -4,8 +4,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-backup-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: backup.sh: | #!/bin/sh diff --git a/packages/apps/postgres/templates/init-script.yaml b/packages/apps/postgres/templates/init-script.yaml index 8d306789..80f7c4c7 100644 --- a/packages/apps/postgres/templates/init-script.yaml +++ b/packages/apps/postgres/templates/init-script.yaml @@ -20,8 +20,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-credentials -labels: - internal.cozystack.io/tenantsecret: "true" stringData: {{- range $user, $u := .Values.users }} {{ quote $user }}: {{ quote (index $passwords $user) }} @@ -32,8 +30,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-init-script - labels: - apps.cozystack.io/tenantresource: "false" stringData: init.sh: | #!/bin/bash diff --git a/packages/apps/vpn/templates/secret.yaml b/packages/apps/vpn/templates/secret.yaml index b703a903..79960096 100644 --- a/packages/apps/vpn/templates/secret.yaml +++ b/packages/apps/vpn/templates/secret.yaml @@ -22,8 +22,6 @@ apiVersion: v1 kind: Secret metadata: name: {{ .Release.Name }}-vpn - labels: - apps.cozystack.io/tenantresource: "false" type: Opaque stringData: shadowbox_server_config.json: | diff --git a/packages/extra/monitoring/templates/alerta/alerta.yaml b/packages/extra/monitoring/templates/alerta/alerta.yaml index 750e4140..bec7b825 100644 --- a/packages/extra/monitoring/templates/alerta/alerta.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta.yaml @@ -192,8 +192,6 @@ apiVersion: v1 kind: Secret metadata: name: alertmanager - labels: - apps.cozystack.io/tenantresource: "false" type: Opaque stringData: alertmanager.yaml: | diff --git a/packages/system/cozystack-api/cozyrds/postgres.yaml b/packages/system/cozystack-api/cozyrds/postgres.yaml index f2f98d46..eebd3e3a 100644 --- a/packages/system/cozystack-api/cozyrds/postgres.yaml +++ b/packages/system/cozystack-api/cozyrds/postgres.yaml @@ -41,3 +41,4 @@ spec: include: - resourceNames: - postgres-{{ .name }}-app + - postgres-{{ .name }}-credentials diff --git a/pkg/apis/core/v1alpha1/tenantresource_types.go b/pkg/apis/core/v1alpha1/tenantresource_types.go new file mode 100644 index 00000000..172d9eb1 --- /dev/null +++ b/pkg/apis/core/v1alpha1/tenantresource_types.go @@ -0,0 +1,4 @@ +package v1alpha1 + +const TenantResourceLabelKey = "internal.cozystack.io/tenantresource" +const TenantResourceLabelValue = "true" diff --git a/pkg/registry/core/tenantmodule/rest.go b/pkg/registry/core/tenantmodule/rest.go index d77f23a7..aa7d4eeb 100644 --- a/pkg/registry/core/tenantmodule/rest.go +++ b/pkg/registry/core/tenantmodule/rest.go @@ -55,7 +55,7 @@ var ( // Define constants for label filtering const ( - TenantModuleLabelKey = "apps.cozystack.io/tenantmodule" + TenantModuleLabelKey = "internal.cozystack.io/tenantmodule" TenantModuleLabelValue = "true" singularName = "tenantmodule" ) diff --git a/pkg/registry/core/tenantsecret/rest.go b/pkg/registry/core/tenantsecret/rest.go index 6e26b524..ad477527 100644 --- a/pkg/registry/core/tenantsecret/rest.go +++ b/pkg/registry/core/tenantsecret/rest.go @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 // TenantSecret registry – namespaced view over Secrets labelled -// "internal.cozystack.io/tenantsecret=true". Internal tenant secret labels are hidden. +// "internal.cozystack.io/tenantresource=true". Internal tenant secret labels are hidden. package tenantsecret @@ -35,8 +35,8 @@ import ( // ----------------------------------------------------------------------------- const ( - tsLabelKey = "apps.cozystack.io/tenantresource" - tsLabelValue = "true" + tsLabelKey = corev1alpha1.TenantResourceLabelKey + tsLabelValue = corev1alpha1.TenantResourceLabelValue singularName = "tenantsecret" kindTenantSecret = "TenantSecret" kindTenantSecretList = "TenantSecretList" diff --git a/pkg/registry/core/tenantsecretstable/rest.go b/pkg/registry/core/tenantsecretstable/rest.go index 644f2c98..841bfa32 100644 --- a/pkg/registry/core/tenantsecretstable/rest.go +++ b/pkg/registry/core/tenantsecretstable/rest.go @@ -1,6 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 // TenantSecretsTable registry – namespaced, read-only flattened view over -// Secrets labelled "internal.cozystack.io/tenantsecret=true". Each data key is a separate object. +// Secrets labelled "internal.cozystack.io/tenantresource=true". Each data key is a separate object. package tenantsecretstable @@ -29,8 +29,8 @@ import ( ) const ( - tsLabelKey = "apps.cozystack.io/tenantresource" - tsLabelValue = "true" + tsLabelKey = corev1alpha1.TenantResourceLabelKey + tsLabelValue = corev1alpha1.TenantResourceLabelValue kindObj = "TenantSecretsTable" kindObjList = "TenantSecretsTableList" singularName = "tenantsecretstable"