metadata

const (
	// ConfigManagementPrefix is the prefix for all Nomos annotations and labels.
	ConfigManagementPrefix = configmanagement.GroupName + "/"

	// ClusterNameAnnotationKey is the annotation key set on Nomos-managed resources that refers to
	// the name of the cluster that the selectors are applied for.
	// This annotation is set by Config Sync on a managed resource.
	ClusterNameAnnotationKey = ConfigManagementPrefix + "cluster-name"

	// LegacyClusterSelectorAnnotationKey is the annotation key set on Nomos-managed resources that refers
	// to the name of the ClusterSelector resource.
	// This annotation is set by Config Sync users on a managed resource.
	LegacyClusterSelectorAnnotationKey = ConfigManagementPrefix + "cluster-selector"

	// NamespaceSelectorAnnotationKey is the annotation key set on Nomos-managed resources that refers
	// to name of NamespaceSelector resource.
	// This annotation is set by Config Sync users on a managed resource.
	NamespaceSelectorAnnotationKey = ConfigManagementPrefix + "namespace-selector"

	// DeclaredConfigAnnotationKey is the annotation key that stores the declared configuration of
	// a resource in Git.
	// This annotation is set by Config Sync on a managed resource.
	DeclaredConfigAnnotationKey = ConfigManagementPrefix + "declared-config"

	// SourcePathAnnotationKey is the annotation key representing the relative path from POLICY_DIR
	// where the object was originally declared. Paths are slash-separated and OS-agnostic.
	// This annotation is set by Config Sync on a managed resource.
	SourcePathAnnotationKey = ConfigManagementPrefix + "source-path"

	// SyncTokenAnnotationKey is the annotation key representing the last version token that a Nomos-
	// managed resource was successfully synced from.
	// This annotation is set by Config Sync on a managed resource.
	SyncTokenAnnotationKey = ConfigManagementPrefix + "token"

	// ResourceStatusErrorsKey is the annotation that indicates any errors, encoded as a JSON array.
	// This annotation is set by Config Sync on a managed resource.
	ResourceStatusErrorsKey = ConfigManagementPrefix + "errors"

	// ResourceStatusReconcilingKey is the annotation that indicates reasons why a resource is
	// reconciling, encoded as a JSON array.
	// This annotation is set by Config Sync on a managed resource.
	ResourceStatusReconcilingKey = ConfigManagementPrefix + "reconciling"
)

const (
	// ConfigMapAnnotationKey is the annotation key representing the hash of all the configmaps
	// required to run a root-reconciler, namespace-reconciler, or otel-collector pod.
	// This annotation is set by Config Sync on a root-reconciler, namespace-reconciler, or otel-collector pod.
	ConfigMapAnnotationKey = configsync.ConfigSyncPrefix + "configmap"

	// DeclaredFieldsKey is the annotation key that stores the declared configuration of
	// a resource in Git. This uses the same format as the managed fields of server-side apply.
	// This annotation is set by Config Sync on a managed resource.
	DeclaredFieldsKey = configsync.ConfigSyncPrefix + "declared-fields"

	// GitContextKey is the annotation key for the git source-of-truth a resource is synced from.
	// This annotation is set by Config Sync on a managed resource.
	GitContextKey = configsync.ConfigSyncPrefix + "git-context"

	// ResourceManagerKey is the annotation that indicates which multi-repo reconciler is managing
	// the resource.
	// This annotation is set by Config Sync on a managed resource.
	ResourceManagerKey = configsync.ConfigSyncPrefix + "manager"

	// ClusterNameSelectorAnnotationKey is the annotation key set on ConfigSync-managed resources that refers
	// to the name of the ClusterSelector resource.
	// This annotation is set by Config Sync users on a managed resource.
	ClusterNameSelectorAnnotationKey = configsync.ConfigSyncPrefix + "cluster-name-selector"

	// ResourceIDKey is the annotation that indicates the resource's GKNN.
	// This annotation is set by Config  on a managed resource.
	ResourceIDKey = configsync.ConfigSyncPrefix + "resource-id"

	// OriginalHNCManagedByValue is the annotation that stores the original value of the
	// hnc.x-k8s.io/managed-by annotation before Config Sync overrides the annotation.
	// This annotation is set by Config Sync on a managed namespace resource.
	OriginalHNCManagedByValue = configsync.ConfigSyncPrefix + "original-hnc-managed-by-value"

	// UnknownScopeAnnotationKey is the annotation that indicates the scope of a resource is unknown.
	// This annotation is set by Config Sync on a managed resource whose scope is unknown.
	UnknownScopeAnnotationKey = configsync.ConfigSyncPrefix + "unknown-scope"

	// UnknownScopeAnnotationValue is the value for UnknownScopeAnnotationKey
	// to indicate that the scope of a resource is unknown.
	UnknownScopeAnnotationValue = "true"

	// RequiresRenderingAnnotationKey is the annotation key set on
	// RootSync/RepoSync objects to indicate whether the source of truth
	// requires last mile hydration. The reconciler writes the value of this
	// annotation and the reconciler-manager reads it. If set to true, the
	// reconciler-manager will create the reconciler with the hydration-controller
	// sidecar container.
	RequiresRenderingAnnotationKey = configsync.ConfigSyncPrefix + "requires-rendering"

	// DynamicNSSelectorEnabledAnnotationKey is the annotation key set on R*Sync
	// object to indicate whether the source of truth contains at least one
	// NamespaceSelector using the dynamic mode, which requires the Namespace
	// controller. The reconciler writes the value of this annotation and the
	// reconciler-manager reads it. If set to true, the reconciler-manager will
	// create the reconciler with the Namespace controller in the reconciler container.
	DynamicNSSelectorEnabledAnnotationKey = configsync.ConfigSyncPrefix + "dynamic-ns-selector-enabled"

	// ImageToSyncAnnotationKey is the annotation key used to store the full image reference
	// (including the digest) for OCI and Helm (with oci:// URL) sources.
	// This annotation is set by Config Sync on the RootSync/RepoSync object
	// to indicate the exact image that should be synced.
	ImageToSyncAnnotationKey = configsync.ConfigSyncPrefix + "image-to-sync"

	// StatusModeAnnotationKey annotates a ResourceGroup CR
	// to communicate with the ResourceGroup controller.
	// When the value is set to "disabled", the ResourceGroup controller
	// ignores the ResourceGroup CR.
	StatusModeAnnotationKey = configsync.ConfigSyncPrefix + "status"
)

const (
	// LifecyclePrefix is the prefix for all lifecycle annotations.
	LifecyclePrefix = "client.lifecycle.config.k8s.io"

	// LifecycleMutationAnnotation is the lifecycle annotation key for the mutation
	// operation. The annotation must be declared in the repository in order to
	// function properly. This annotation only has effect when the object
	// updated in the cluster or the declaration changes. It has no impact on
	// behavior related to object creation/deletion, or if the object does not
	// already exist.
	// This annotation is set by Config Sync users on a managed resource.
	LifecycleMutationAnnotation = LifecyclePrefix + "/mutation"

	// IgnoreMutation is the value used with LifecycleMutationAnnotation to
	// prevent mutating a resource. That is, if the resource exists on the cluster
	// then ACM will make no attempt to modify it.
	IgnoreMutation = "ignore"
)

const (
	// LocalConfigAnnotationKey is the annotation key to mark
	// a resource is only local. When its value is "true",
	// the resource shouldn't be applied to the cluster.
	// This annotation is set by Config Sync users on a resource that
	// should be only used by local tools such as kpt function.
	LocalConfigAnnotationKey = filters.LocalConfigAnnotation

	// Any value except for NoLocalConfigAnnoVal will mark a resource as a local configuration.
	NoLocalConfigAnnoVal = "false"
)

const (
	// ApplySetPartOfLabel is the key of the label which indicates that the
	// object is a member of an ApplySet. The value of the label MUST match the
	// value of ApplySetParentIDLabel on the parent object.
	ApplySetPartOfLabel = kubectlapply.ApplysetPartOfLabel

	// ApplySetParentIDLabel is the key of the label that makes object an
	// ApplySet parent object. Its value MUST use the format specified in
	// k8s.io/kubectl/pkg/cmd/apply.V1ApplySetIdFormat.
	ApplySetParentIDLabel = kubectlapply.ApplySetParentIDLabel
)

const (
	// ApplySetToolingAnnotation is the key of the label that indicates which
	// tool is used to manage this ApplySet. Tooling should refuse to mutate
	// ApplySets belonging to other tools. The value must be in the format
	// <toolname>/<semver>. Example value: "kubectl/v1.27" or "helm/v3" or
	// "kpt/v1.0.0"
	ApplySetToolingAnnotation = kubectlapply.ApplySetToolingAnnotation

	// ApplySetToolingName is the name used to represent Config Sync in the
	// ApplySet tooling annotation.
	ApplySetToolingName = configsync.GroupName

	// ApplySetToolingVersion is the version used to represent Config Sync in
	// the ApplySet tooling annotation.
	//
	// The ApplySetKEP and kubectl require this to be a semantic version,
	// implying that it should be the version of the tool. But we're using a
	// static version instead, to allow listing all objects managed Config Sync,
	// regardless of version.
	ApplySetToolingVersion = "v1"
)

const (
	// ReconcilerFinalizer is the finalizer added to the RootSync/RepoSync by
	// the reconciler when the deletion-propagation-policy is Foreground to
	// ensure deletion of the user objects it manages, before the
	// RootSync/RepoSync is deleted.
	ReconcilerFinalizer = configsync.ConfigSyncPrefix + reconcilermanager.Reconciler

	// ReconcilerManagerFinalizer is the finalizer added to the
	// RootSync/RepoSync by the reconciler-manager to ensure
	// deletion of the reconciler and its dependencies, before the
	// RootSync/RepoSync is deleted.
	ReconcilerManagerFinalizer = configsync.ConfigSyncPrefix + reconcilermanager.ManagerName
)

const (
	// ManagedByValue marks the resource as managed by Nomos.
	ManagedByValue = configmanagement.GroupName
	// SystemLabel is the system Nomos label.
	SystemLabel = ConfigManagementPrefix + "system"
	// ArchLabel is the arch Nomos label.
	ArchLabel = ConfigManagementPrefix + "arch"
)

const (
	// ReconcilerLabel is the unique label given to each reconciler pod.
	// This label is set by Config Sync on a root-reconciler or namespace-reconciler pod.
	ReconcilerLabel = configsync.ConfigSyncPrefix + "reconciler"

	// DeclaredVersionLabel declares the API Version in which a resource was initially
	// declared.
	// This label is set by Config Sync on a managed resource.
	DeclaredVersionLabel = configsync.ConfigSyncPrefix + "declared-version"

	// SyncNamespaceLabel indicates the namespace of RootSync or RepoSync.
	SyncNamespaceLabel = configsync.ConfigSyncPrefix + "sync-namespace"

	// SyncNameLabel indicates the name of RootSync or RepoSync.
	SyncNameLabel = configsync.ConfigSyncPrefix + "sync-name"

	// SyncKindLabel indicates the RSync kind: RootSync or RepoSync.
	SyncKindLabel = configsync.ConfigSyncPrefix + "sync-kind"

	// SyncGenerationLabel indicates the generation of RootSync or RepoSync.
	SyncGenerationLabel = configsync.ConfigSyncPrefix + "sync-generation"

	// DeploymentNameLabel indicates the name of the Deployment.
	// This is used to enable selecting pods by label, primarily for printing logs.
	// Example: kubectl logs deployment/<deploy-name> <container-name> -n config-management-system
	DeploymentNameLabel = configsync.ConfigSyncPrefix + "deployment-name"

	// ConfigSyncManagedByLabel indicates which Config Sync component is managing
	// the resource. Similar to the well known app.kubernetes.io/managed-by label,
	// but scoped to Config Sync.
	ConfigSyncManagedByLabel = configsync.ConfigSyncPrefix + "managed-by"
)

const AutoPilotAnnotation = "autopilot.gke.io/resource-adjustment"

const DepthSuffix = ".tree.hnc.x-k8s.io/depth"

const FleetWorkloadIdentityCredentials = "config.kubernetes.io/fleet-workload-identity"

const HNCManagedBy = "hnc.x-k8s.io/managed-by"

const KustomizeOrigin = "config.kubernetes.io/origin"

const ManagedByKey = "app.kubernetes.io/managed-by"

const OwningInventoryKey = inventory.OwningInventoryKey