🌱 Use dedicated Secret type for externalized object Secrets

[pedjak]

Description

Set custom Secret type olm.operatorframework.io/object-data on Secrets that store externalized COS object content. This distinguishes OLM-managed Secrets from user-created ones and enables easy identification and filtering.

Reviewer Checklist

• API Go Documentation
• Tests: Unit Tests (and E2E Tests, if appropriate)
• Comprehensive Commit Messages
• Links to related GitHub Issue(s)

[netlify]

✅ Deploy Preview for olmv1 ready!

Name	Link
🔨 Latest commit	53d7be9
🔍 Latest deploy log	https://app.netlify.com/projects/olmv1/deploys/69cc128a5e1e4e0008b1c2fb
😎 Deploy Preview	https://deploy-preview-2613--olmv1.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull request overview

This PR introduces a dedicated Secret type (olm.operatorframework.io/phase-data) for Secrets that store externalized object content referenced by ClusterObjectSet ref entries. This distinguishes OLM-managed ref Secrets from user-created Secrets and enables easy identification of system-managed resources.

Changes:

• Add custom SecretTypeRefData constant in the labels package with value olm.operatorframework.io/phase-data
• Update SecretPacker to set this type when creating ref Secrets
• Add unit test assertion verifying the Secret type is set correctly
• Add E2E test step and scenario validating ref Secrets have the correct type
• Update design documentation with the new Secret type convention and examples

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
internal/operator-controller/labels/labels.go	Defines new SecretTypeRefData constant for the custom Secret type
internal/operator-controller/applier/secretpacker.go	Sets the custom type when creating ref Secrets
internal/operator-controller/applier/secretpacker_test.go	Verifies the Secret type is set correctly in unit tests
test/e2e/steps/steps.go	Adds new E2E test step to verify ref Secrets have the correct type
test/e2e/features/install.feature	Adds E2E test scenario validating the Secret type
docs/concepts/large-bundle-support.md	Updates design documentation with Secret type conventions and examples

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.81%. Comparing base (435e9c5) to head (53d7be9).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2613      +/-   ##
==========================================
- Coverage   68.86%   68.81%   -0.05%     
==========================================
  Files         139      139              
  Lines        9872     9931      +59     
==========================================
+ Hits         6798     6834      +36     
- Misses       2557     2580      +23     
  Partials      517      517              

Flag	Coverage Δ
e2e	37.50% <0.00%> (+0.03%)	⬆️
experimental-e2e	52.38% <100.00%> (-0.20%)	⬇️
unit	53.53% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[fgiudici]

I'm still not very familiar with the code base, but as soon as we put the missing emoji in the PR heading, this PR looks good to me!

As a side note, now that we have the olm.operatorframework.io/phase-data for the secrets, wondering if there could be a more intuitive label than olm.operatorframework.io/revision-phase-data for the chained secrets type.

[fgiudici]

/lgtm

[joelanford]

I would suggest moving this file elsewhere. The concepts docs are user-facing docs that describe functions/behaviors that users need to be aware of and directly interact with.

The typical doc flow is to put everything in drafts and then do a separate "promotion" out of drafts.

We probably also now need a specific process for design doc organization.

[perdasilva]

yeah - let's do that. Or maybe even drop the docs from this PR. I've just put up a doc PR. Maybe we could iterate there?

[pedjak]

I would suggest moving this file elsewhere. The concepts docs are user-facing docs that describe functions/behaviors that users need to be aware of and directly interact with.

Sure, but let's do that in a separate - follow up PR.

[joelanford]

/approve

[fgiudici]

/lgtm

[rashmigottipati]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joelanford, rashmigottipati

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [joelanford]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment