From 811069cac7a8a080764591ba5e95f3aeb2d61674 Mon Sep 17 00:00:00 2001
From: Jonathan Prates <jonathan.prates@farfetch.com>
Date: Tue, 29 Jun 2021 16:20:30 +0100
Subject: [PATCH] fix: do not create secret labels if template is empty

Signed-off-by: jonathansp <jonathansimonprates@gmail.com>
---
 .../internal/secretsmanager/secret.go         | 24 ++++++++++++-------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/pkg/controller/certificates/internal/secretsmanager/secret.go b/pkg/controller/certificates/internal/secretsmanager/secret.go
index 1b9b8ebf4..386e6177a 100644
--- a/pkg/controller/certificates/internal/secretsmanager/secret.go
+++ b/pkg/controller/certificates/internal/secretsmanager/secret.go
@@ -213,18 +213,24 @@ func (s *SecretsManager) setValues(crt *cmapi.Certificate, secret *corev1.Secret
 		delete(secret.Data, cmmeta.TLSCAKey)
 	}
 
-	if secret.Labels == nil {
-		secret.Labels = make(map[string]string)
-	}
-	for k, v := range crt.Spec.SecretTemplate.Labels {
-		secret.Labels[k] = v
-	}
-
 	if secret.Annotations == nil {
 		secret.Annotations = make(map[string]string)
 	}
-	for k, v := range crt.Spec.SecretTemplate.Annotations {
-		secret.Annotations[k] = v
+
+	if crt.Spec.SecretTemplate != nil {
+		// Only initialise Labels map if crt.Spec.SecretTemplate.Labels
+		// contains data. Otherwise keep it nil.
+		if len(crt.Spec.SecretTemplate.Labels) > 0 && secret.Labels == nil {
+			secret.Labels = make(map[string]string)
+		}
+
+		for k, v := range crt.Spec.SecretTemplate.Labels {
+			secret.Labels[k] = v
+		}
+
+		for k, v := range crt.Spec.SecretTemplate.Annotations {
+			secret.Annotations[k] = v
+		}
 	}
 
 	secret.Annotations[cmapi.CertificateNameKey] = crt.Name