Auto restart one password custom resource will be be added to converted kubernetes secret

pkg/kubernetessecrets/kubernetes_secrets_builder.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 
 	"github.com/1Password/connect-sdk-go/onepassword"
+	"github.com/1Password/onepassword-operator/pkg/utils"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -13,21 +14,30 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 )
 
-const onepasswordPrefix = "onepasswordoperator"
-const NameAnnotation = onepasswordPrefix + "/item-name"
-const VersionAnnotation = onepasswordPrefix + "/item-version"
-const restartAnnotation = onepasswordPrefix + "/lastRestarted"
-const ItemPathAnnotation = onepasswordPrefix + "/item-path"
+const OnepasswordPrefix = "onepasswordoperator"
+const NameAnnotation = OnepasswordPrefix + "/item-name"
+const VersionAnnotation = OnepasswordPrefix + "/item-version"
+const restartAnnotation = OnepasswordPrefix + "/lastRestarted"
+const ItemPathAnnotation = OnepasswordPrefix + "/item-path"
+const RestartDeploymentsAnnotation = OnepasswordPrefix + "/auto_restart"
 
 var log = logf.Log
 
-func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item) error {
+func CreateKubernetesSecretFromItem(kubeClient kubernetesClient.Client, secretName, namespace string, item *onepassword.Item, autoRestart string) error {
 
 	itemVersion := fmt.Sprint(item.Version)
 	annotations := map[string]string{
 		VersionAnnotation:  itemVersion,
 		ItemPathAnnotation: fmt.Sprintf("vaults/%v/items/%v", item.Vault.ID, item.ID),
 	}
+	if autoRestart != "" {
+		_, err := utils.StringToBool(autoRestart)
+		if err != nil {
+			log.Error(err, "Error parsing %v annotation on Secret %v. Must be true or false. Defaulting to false.", RestartDeploymentsAnnotation, secretName)
+			return err
+		}
+		annotations[RestartDeploymentsAnnotation] = autoRestart
+	}
 	secret := BuildKubernetesSecretFromOnePasswordItem(secretName, namespace, annotations, *item)
 
 	currentSecret := &corev1.Secret{}

pkg/kubernetessecrets/kubernetes_secrets_builder_test.go

@@ -13,6 +13,8 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 )
 
+const restartDeploymentAnnotation = "false"
+
 type k8s struct {
 	clientset kubernetes.Interface
 }
@@ -28,7 +30,7 @@ func TestCreateKubernetesSecretFromOnePasswordItem(t *testing.T) {
 	item.ID = "h46bb3jddvay7nxopfhvlwg35q"
 
 	kubeClient := fake.NewFakeClient()
-	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item)
+	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation)
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
@@ -53,7 +55,7 @@ func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) {
 	item.ID = "h46bb3jddvay7nxopfhvlwg35q"
 
 	kubeClient := fake.NewFakeClient()
-	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item)
+	err := CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &item, restartDeploymentAnnotation)
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
@@ -64,7 +66,7 @@ func TestUpdateKubernetesSecretFromOnePasswordItem(t *testing.T) {
 	newItem.Version = 456
 	newItem.Vault.ID = "hfnjvi6aymbsnfc2xeeoheizda"
 	newItem.ID = "h46bb3jddvay7nxopfhvlwg35q"
-	err = CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &newItem)
+	err = CreateKubernetesSecretFromItem(kubeClient, secretName, namespace, &newItem, restartDeploymentAnnotation)
 	if err != nil {
 		t.Errorf("Unexpected error: %v", err)
 	}
@@ -125,6 +127,10 @@ func compareAnnotationsToItem(annotations map[string]string, item onepassword.It
 	if annotations[VersionAnnotation] != fmt.Sprint(item.Version) {
 		t.Errorf("Expected annotation version to be %v but was %v", item.Version, annotations[VersionAnnotation])
 	}
+
+	if annotations[RestartDeploymentsAnnotation] != "false" {
+		t.Errorf("Expected restart deployments annotation to be %v but was %v", restartDeploymentAnnotation, RestartDeploymentsAnnotation)
+	}
 }
 
 func compareFields(actualFields []*onepassword.ItemField, secretData map[string][]byte, t *testing.T) {