From e1830c603a0ec56e4818546d29babf94ef244841 Mon Sep 17 00:00:00 2001
From: Andy Pixley <3723676+pixman20@users.noreply.github.com>
Date: Fri, 24 Oct 2025 17:38:33 -0400
Subject: [PATCH 1/2] [BRE-1272] Adding custom label support for SM operator

---
 charts/sm-operator/templates/_helpers.tpl | 3 +++
 charts/sm-operator/values.schema.json     | 7 +++++++
 charts/sm-operator/values.yaml            | 7 +++++++
 3 files changed, 17 insertions(+)

diff --git a/charts/sm-operator/templates/_helpers.tpl b/charts/sm-operator/templates/_helpers.tpl
index 7e6e651a1..dfbe518ce 100644
--- a/charts/sm-operator/templates/_helpers.tpl
+++ b/charts/sm-operator/templates/_helpers.tpl
@@ -40,6 +40,9 @@ helm.sh/chart: {{ include "sm-operator.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
 {{- end }}
 
 {{/*
diff --git a/charts/sm-operator/values.schema.json b/charts/sm-operator/values.schema.json
index cf1792652..ee5cadcc2 100644
--- a/charts/sm-operator/values.schema.json
+++ b/charts/sm-operator/values.schema.json
@@ -1,6 +1,13 @@
 {
     "$schema": "http://json-schema.org/draft-07/schema",
     "properties": {
+        "commonLabels": {
+            "type": "object",
+            "additionalProperties": {
+                "type": "string"
+            },
+            "default": {}
+        },
         "containers": {
             "properties": {
                 "manager": {
diff --git a/charts/sm-operator/values.yaml b/charts/sm-operator/values.yaml
index 99f81c799..739e76404 100644
--- a/charts/sm-operator/values.yaml
+++ b/charts/sm-operator/values.yaml
@@ -14,6 +14,13 @@ settings:
   # The number of operator pod replicas to run.  When in doubt, leave at 1
   replicas: 1
 
+# Optional: Custom labels to be applied to all resources created by the operator
+# This can be used to identify the Bitwarden Secrets Manager project or for any other labeling needs
+# Example:
+#   commonLabels:
+#     custom-label: custom-label-value
+commonLabels: {}
+
 # Settings specific to the pod containers
 containers:
   manager:

From 691e2a897aafaa002029246634948f51238249d1 Mon Sep 17 00:00:00 2001
From: Andy Pixley <3723676+pixman20@users.noreply.github.com>
Date: Fri, 24 Oct 2025 17:52:07 -0400
Subject: [PATCH 2/2] [BRE-1272] Adding custom label tests

---
 .github/workflows/tests.yml            | 26 ++++++++++++++++++++++++++
 charts/sm-operator/ci/test-values.yaml |  5 +++++
 2 files changed, 31 insertions(+)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 19df97c17..0f4f683ab 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -219,6 +219,32 @@ jobs:
             exit 1
           fi
 
+          echo "*****VERIFYING CUSTOM LABELS*****"
+
+          # Array of resource types to check for custom labels
+          resource_types=("deployment" "service" "serviceaccount" "configmap")
+          failed_resources=()
+
+          # Loop through each resource type and verify custom labels
+          for resource_type in "${resource_types[@]}"; do
+            echo "Checking $resource_type for custom labels..."
+            labels=$(kubectl get "$resource_type" -l app.kubernetes.io/name=sm-operator -o jsonpath='{.items[0].metadata.labels}')
+            echo "$resource_type labels: $labels"
+
+            if ! echo "$labels" | grep -q "test-label"; then
+              echo "::error::Custom label 'test-label' not found on $resource_type."
+              failed_resources+=("$resource_type")
+            fi
+          done
+
+          # Exit if any resources failed the check
+          if [ ${#failed_resources[@]} -gt 0 ]; then
+            echo "::error::Custom labels verification failed for: ${failed_resources[*]}"
+            exit 1
+          fi
+
+          echo "Custom labels verified successfully on all resources!"
+
           echo "*****CREATING AUTH SECRET*****"
           kubectl create secret generic bw-auth-token -n bitwarden --from-literal=token="$AUTH_TOKEN"
           echo "*****CREATING BW SECRET*****"
diff --git a/charts/sm-operator/ci/test-values.yaml b/charts/sm-operator/ci/test-values.yaml
index b767f0a91..eaaa3bcdb 100644
--- a/charts/sm-operator/ci/test-values.yaml
+++ b/charts/sm-operator/ci/test-values.yaml
@@ -1,3 +1,8 @@
+# Custom labels to be applied to all resources created by the operator
+# These labels are used in CI testing to verify the custom label feature works correctly
+commonLabels:
+  test-label: test-value
+
 settings:
   # How often the secrets synchronize in seconds.  Minimum value is 180.
   bwSecretsManagerRefreshInterval: 300