feat: Add experimental Entra user-info-fetcher backend

deploy/helm/opa-operator/crds/crds.yaml

@@ -65,7 +65,7 @@ spec:
                             - required:
                                 - experimentalActiveDirectory
                             - required:
-                                - experimentalEntraBackend
+                                - experimentalEntra
                           properties:
                             experimentalActiveDirectory:
                               description: Backend that fetches user information from Active Directory
@@ -139,7 +139,7 @@ spec:
                                 - kerberosSecretClassName
                                 - ldapServer
                               type: object
-                            experimentalEntraBackend:
+                            experimentalEntra:
                               description: Backend that fetches user information from Microsoft Entra
                               properties:
                                 clientCredentialsSecret:
@@ -162,54 +162,44 @@ spec:
                                   description: The Microsoft Entra tenant ID.
                                   type: string
                                 tls:
-                                  default:
-                                    tls:
-                                      verification:
-                                        server:
-                                          caCert:
-                                            webPki: {}
-                                  description: Use a TLS connection. Should usually be set to WebPki.
+                                  description: Use a TLS connection. If not specified no TLS will be used.
+                                  nullable: true
                                   properties:
-                                    tls:
-                                      description: Use a TLS connection. If not specified no TLS will be used.
-                                      nullable: true
+                                    verification:
+                                      description: The verification method used to verify the certificates of the server and/or the client.
+                                      oneOf:
+                                        - required:
+                                            - none
+                                        - required:
+                                            - server
                                       properties:
-                                        verification:
-                                          description: The verification method used to verify the certificates of the server and/or the client.
-                                          oneOf:
-                                            - required:
-                                                - none
-                                            - required:
-                                                - server
+                                        none:
+                                          description: Use TLS but don't verify certificates.
+                                          type: object
+                                        server:
+                                          description: Use TLS and a CA certificate to verify the server.
                                           properties:
-                                            none:
-                                              description: Use TLS but don't verify certificates.
-                                              type: object
-                                            server:
-                                              description: Use TLS and a CA certificate to verify the server.
+                                            caCert:
+                                              description: CA cert to verify the server.
+                                              oneOf:
+                                                - required:
+                                                    - webPki
+                                                - required:
+                                                    - secretClass
                                               properties:
-                                                caCert:
-                                                  description: CA cert to verify the server.
-                                                  oneOf:
-                                                    - required:
-                                                        - webPki
-                                                    - required:
-                                                        - secretClass
-                                                  properties:
-                                                    secretClass:
-                                                      description: Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method.
-                                                      type: string
-                                                    webPki:
-                                                      description: Use TLS and the CA certificates trusted by the common web browsers to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services.
-                                                      type: object
+                                                secretClass:
+                                                  description: Name of the [SecretClass](https://docs.stackable.tech/home/nightly/secret-operator/secretclass) which will provide the CA certificate. Note that a SecretClass does not need to have a key but can also work with just a CA certificate, so if you got provided with a CA cert but don't have access to the key you can still use this method.
+                                                  type: string
+                                                webPki:
+                                                  description: Use TLS and the CA certificates trusted by the common web browsers to verify the server. This can be useful when you e.g. use public AWS S3 or other public available services.
                                                   type: object
-                                              required:
-                                                - caCert
                                               type: object
+                                          required:
+                                            - caCert
                                           type: object
-                                      required:
-                                        - verification
                                       type: object
+                                  required:
+                                    - verification
                                   type: object
                               required:
                                 - clientCredentialsSecret

rust/operator-binary/src/crd/user_info_fetcher.rs

@@ -40,7 +40,7 @@ pub mod versioned {
         ActiveDirectory(v1alpha1::ActiveDirectoryBackend),
 
         /// Backend that fetches user information from Microsoft Entra
-        #[serde(rename = "experimentalEntraBackend")]
+        #[serde(rename = "experimentalEntra")]
         Entra(v1alpha1::EntraBackend),
     }