feat: Add TLS cert lifetime setter to SecretOperatorVolumeSourceBuilder (#915)

* feat: make autotls cert lifetime configurable

* fix: changelog

* fix changelog (again)

Author: razvan

crates/stackable-operator/CHANGELOG.md

@@ -4,12 +4,17 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- Added cert lifetime setter to `SecretOperatorVolumeSourceBuilder` ([#915])
+
 ### Changed
 
 - Replace unmaintained `derivative` crate with `educe` ([#907]).
 - Bump dependencies, notably rustls 0.23.15 to 0.23.19 to fix [RUSTSEC-2024-0399] ([#917]).
 
 [#907]: https://github.com/stackabletech/operator-rs/pull/907
+[#915]: https://github.com/stackabletech/operator-rs/pull/915
 [#917]: https://github.com/stackabletech/operator-rs/pull/917
 [RUSTSEC-2024-0399]: https://rustsec.org/advisories/RUSTSEC-2024-0399
 

crates/stackable-operator/src/builder/pod/volume.rs

@@ -15,6 +15,7 @@ use tracing::warn;
 use crate::{
     builder::meta::ObjectMetaBuilder,
     kvp::{Annotation, AnnotationError, Annotations, LabelError, Labels},
+    time::Duration,
 };
 
 /// A builder to build [`Volume`] objects. May only contain one `volume_source`
@@ -280,6 +281,7 @@ pub struct SecretOperatorVolumeSourceBuilder {
     format: Option<SecretFormat>,
     kerberos_service_names: Vec<String>,
     tls_pkcs12_password: Option<String>,
+    auto_tls_cert_lifetime: Option<Duration>,
 }
 
 impl SecretOperatorVolumeSourceBuilder {
@@ -290,9 +292,15 @@ impl SecretOperatorVolumeSourceBuilder {
             format: None,
             kerberos_service_names: Vec::new(),
             tls_pkcs12_password: None,
+            auto_tls_cert_lifetime: None,
         }
     }
 
+    pub fn with_auto_tls_cert_lifetime(&mut self, lifetime: impl Into<Duration>) -> &mut Self {
+        self.auto_tls_cert_lifetime = Some(lifetime.into());
+        self
+    }
+
     pub fn with_node_scope(&mut self) -> &mut Self {
         self.scopes.push(SecretOperatorVolumeScope::Node);
         self
@@ -364,6 +372,13 @@ impl SecretOperatorVolumeSourceBuilder {
             }
         }
 
+        if let Some(lifetime) = &self.auto_tls_cert_lifetime {
+            annotations.insert(
+                Annotation::auto_tls_cert_lifetime(&lifetime.to_string())
+                    .context(ParseAnnotationSnafu)?,
+            );
+        }
+
         Ok(EphemeralVolumeSource {
             volume_claim_template: Some(PersistentVolumeClaimTemplate {
                 metadata: Some(ObjectMetaBuilder::new().annotations(annotations).build()),

crates/stackable-operator/src/kvp/annotation/mod.rs

@@ -137,6 +137,15 @@ impl Annotation {
         ))?;
         Ok(Self(kvp))
     }
+
+    /// Constructs a `secrets.stackable.tech/backend.autotls.cert.lifetime` annotation.
+    pub fn auto_tls_cert_lifetime(lifetime: &str) -> Result<Self, AnnotationError> {
+        let kvp = KeyValuePair::try_from((
+            "secrets.stackable.tech/backend.autotls.cert.lifetime",
+            lifetime,
+        ))?;
+        Ok(Self(kvp))
+    }
 }
 
 /// A validated set/list of Kubernetes annotations.