improve annotations

Author: yuwenma

apis/secretmanager/v1beta1/secret_types.go

@@ -84,6 +84,19 @@ type SecretManagerSecretSpec struct {
 	//  The total size of annotation keys and values must be less than 16KiB.
 	Annotations map[string]string `json:"annotations,omitempty"`
 
+	// The labels assigned to this Secret.
+	//
+	//  Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
+	//  of maximum 128 bytes, and must conform to the following PCRE regular
+	//  expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}`
+	//
+	//  Label values must be between 0 and 63 characters long, have a UTF-8
+	//  encoding of maximum 128 bytes, and must conform to the following PCRE
+	//  regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
+	//
+	//  No more than 64 labels can be assigned to a given resource.
+	Labels map[string]string `json:"labels,omitempty"`
+
 	/*NOTYET
 	// Optional. Secret Version TTL after destruction request
 	//

apis/secretmanager/v1beta1/zz_generated.deepcopy.go

@@ -84,6 +84,22 @@ spec:
                   is scheduled to expire. This is always provided on output, regardless
                   of what was sent on input.
                 type: string
+              labels:
+                additionalProperties:
+                  type: string
+                description: |-
+                  The labels assigned to this Secret.
+
+                   Label keys must be between 1 and 63 characters long, have a UTF-8 encoding
+                   of maximum 128 bytes, and must conform to the following PCRE regular
+                   expression: `[\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}`
+
+                   Label values must be between 0 and 63 characters long, have a UTF-8
+                   encoding of maximum 128 bytes, and must conform to the following PCRE
+                   regular expression: `[\p{Ll}\p{Lo}\p{N}_-]{0,63}`
+
+                   No more than 64 labels can be assigned to a given resource.
+                type: object
               replication:
                 description: |-
                   Optional. Immutable. The replication policy of the secret data attached to

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_secretmanagersecrets.secretmanager.cnrm.cloud.google.com.yaml

@@ -99,6 +99,7 @@ func SecretManagerSecretSpec_ToProto(mapCtx *direct.MapContext, in *krm.SecretMa
 	// MISSING: VersionAliases
 	// out.VersionAliases = in.VersionAliases
 	out.Annotations = in.Annotations
+	out.Labels = in.Labels
 	// MISSING: VersionDestroyTtl
 	// MISSING: CustomerManagedEncryption
 	return out

pkg/controller/direct/secretmanager/mapper.generated.go

@@ -165,6 +165,7 @@ func (a *SecretVersionAdapter) Create(ctx context.Context, createOp *directbase.
 	log.V(2).Info("successfully created SecretVersion", "name", a.id)
 
 	// The default status for newly created resource is "enabled".
+	// This saves the waiting time for the next reconciliation.
 	if !*a.desired.Spec.Enabled {
 		log.V(2).Info("disabling the secret version", "name", a.id)
 		req := &pb.DisableSecretVersionRequest{

pkg/controller/direct/secretmanager/secret_mapping.go

@@ -10,10 +10,11 @@ metadata:
   generation: 1
   labels:
     cnrm-test: "true"
-    label-one: value-one
   name: secretmanagersecret-${uniqueId}
   namespace: ${uniqueId}
 spec:
+  labels:
+    label-one: value-one
   replication:
     userManaged:
       replicas:

pkg/controller/direct/secretmanager/secretversion_controller.go

@@ -31,9 +31,7 @@ x-goog-request-params: parent=projects%2F${projectId}
 
 {
   "labels": {
-    "cnrm-test": "true",
-    "label-one": "value-one",
-    "managed-by-cnrm": "true"
+    "label-one": "value-one"
   },
   "replication": {
     "userManaged": {
@@ -61,9 +59,7 @@ X-Xss-Protection: 0
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
   "labels": {
-    "cnrm-test": "true",
-    "label-one": "value-one",
-    "managed-by-cnrm": "true"
+    "label-one": "value-one"
   },
   "name": "projects/${projectNumber}/secrets/secretmanagersecret-${uniqueId}",
   "replication": {
@@ -99,9 +95,7 @@ X-Xss-Protection: 0
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
   "labels": {
-    "cnrm-test": "true",
-    "label-one": "value-one",
-    "managed-by-cnrm": "true"
+    "label-one": "value-one"
   },
   "name": "projects/${projectNumber}/secrets/secretmanagersecret-${uniqueId}",
   "replication": {

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/basicsecretmanagersecret/_generated_object_basicsecretmanagersecret.golden.yaml

@@ -18,10 +18,10 @@ metadata:
   annotations:
     cnrm.cloud.google.com/project-id: ${projectId}
   name: secretmanagersecret-${uniqueId}
-  labels:
-    label-one: value-one
 spec:
   replication:
     userManaged:
       replicas:
-      - location: us-central1
+      - location: us-central1
+  labels:
+    label-one: value-one

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/basicsecretmanagersecret/_http.log

@@ -10,14 +10,16 @@ metadata:
   generation: 2
   labels:
     cnrm-test: "true"
-    label-one: value-one
   name: secretmanagersecret-${uniqueId}
   namespace: ${uniqueId}
 spec:
   annotations:
     bar: secretmanagersecret-bar
     foo: secretmanagersecret
   expireTime: "2025-10-03T15:01:23Z"
+  labels:
+    label-one: value-one
+    label-two: value-two
   replication:
     auto:
       customerManagedEncryption: