From d57caa1f76cf1db8fecbf08b7b1a07495cb5dee4 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Wed, 27 Nov 2024 17:57:00 +0100
Subject: [PATCH 1/3] feat: make autotls cert lifetime configurable

---
 crates/stackable-operator/CHANGELOG.md            |  6 ++++++
 .../stackable-operator/src/builder/pod/volume.rs  | 15 +++++++++++++++
 .../stackable-operator/src/kvp/annotation/mod.rs  |  9 +++++++++
 3 files changed, 30 insertions(+)

diff --git a/crates/stackable-operator/CHANGELOG.md b/crates/stackable-operator/CHANGELOG.md
index c01e7972e..7a6b95705 100644
--- a/crates/stackable-operator/CHANGELOG.md
+++ b/crates/stackable-operator/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- Added cert lifetime setter to `SecretOperatorVolumeSourceBuilder` ([#915])
+
+[#915]: https://github.com/stackabletech/operator-rs/pull/915
+
 ## [0.82.0] - 2024-11-23
 
 ### Fixed
diff --git a/crates/stackable-operator/src/builder/pod/volume.rs b/crates/stackable-operator/src/builder/pod/volume.rs
index 8f160d1ec..bb15c2c09 100644
--- a/crates/stackable-operator/src/builder/pod/volume.rs
+++ b/crates/stackable-operator/src/builder/pod/volume.rs
@@ -15,6 +15,7 @@ use tracing::warn;
 use crate::{
     builder::meta::ObjectMetaBuilder,
     kvp::{Annotation, AnnotationError, Annotations, LabelError, Labels},
+    time::Duration,
 };
 
 /// A builder to build [`Volume`] objects. May only contain one `volume_source`
@@ -280,6 +281,7 @@ pub struct SecretOperatorVolumeSourceBuilder {
     format: Option<SecretFormat>,
     kerberos_service_names: Vec<String>,
     tls_pkcs12_password: Option<String>,
+    auto_tls_cert_lifetime: Option<Duration>,
 }
 
 impl SecretOperatorVolumeSourceBuilder {
@@ -290,9 +292,15 @@ impl SecretOperatorVolumeSourceBuilder {
             format: None,
             kerberos_service_names: Vec::new(),
             tls_pkcs12_password: None,
+            auto_tls_cert_lifetime: None,
         }
     }
 
+    pub fn with_auto_tls_cert_lifetime(&mut self, lifetime: impl Into<Duration>) -> &mut Self {
+        self.auto_tls_cert_lifetime = Some(lifetime.into());
+        self
+    }
+
     pub fn with_node_scope(&mut self) -> &mut Self {
         self.scopes.push(SecretOperatorVolumeScope::Node);
         self
@@ -364,6 +372,13 @@ impl SecretOperatorVolumeSourceBuilder {
             }
         }
 
+        if let Some(lifetime) = &self.auto_tls_cert_lifetime {
+            annotations.insert(
+                Annotation::auto_tls_cert_lifetime(&lifetime.to_string())
+                    .context(ParseAnnotationSnafu)?,
+            );
+        }
+
         Ok(EphemeralVolumeSource {
             volume_claim_template: Some(PersistentVolumeClaimTemplate {
                 metadata: Some(ObjectMetaBuilder::new().annotations(annotations).build()),
diff --git a/crates/stackable-operator/src/kvp/annotation/mod.rs b/crates/stackable-operator/src/kvp/annotation/mod.rs
index ed9ee4215..a64f327e0 100644
--- a/crates/stackable-operator/src/kvp/annotation/mod.rs
+++ b/crates/stackable-operator/src/kvp/annotation/mod.rs
@@ -137,6 +137,15 @@ impl Annotation {
         ))?;
         Ok(Self(kvp))
     }
+
+    /// Constructs a `secrets.stackable.tech/backend.autotls.cert.lifetime` annotation.
+    pub fn auto_tls_cert_lifetime(lifetime: &str) -> Result<Self, AnnotationError> {
+        let kvp = KeyValuePair::try_from((
+            "secrets.stackable.tech/backend.autotls.cert.lifetime",
+            lifetime,
+        ))?;
+        Ok(Self(kvp))
+    }
 }
 
 /// A validated set/list of Kubernetes annotations.

From 820ce1b7744c79992eafb58cfd46ed42f6a93a89 Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Thu, 28 Nov 2024 21:00:39 +0100
Subject: [PATCH 2/3] fix: changelog

---
 crates/stackable-operator/CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crates/stackable-operator/CHANGELOG.md b/crates/stackable-operator/CHANGELOG.md
index bf8e850cd..daf88eb30 100644
--- a/crates/stackable-operator/CHANGELOG.md
+++ b/crates/stackable-operator/CHANGELOG.md
@@ -2,12 +2,12 @@
 
 ## [Unreleased]
 
+All notable changes to this project will be documented in this file.
+
 ### Added
 
 - Added cert lifetime setter to `SecretOperatorVolumeSourceBuilder` ([#915])
 
-All notable changes to this project will be documented in this file.
-
 ### Changed
 
 - Replace unmaintained `derivative` crate with `educe` ([#907]).

From e2f7f7f144229f5f50230343ee0157f290788dee Mon Sep 17 00:00:00 2001
From: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
Date: Fri, 29 Nov 2024 10:06:35 +0100
Subject: [PATCH 3/3] fix changelog (again)

---
 crates/stackable-operator/CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crates/stackable-operator/CHANGELOG.md b/crates/stackable-operator/CHANGELOG.md
index daf88eb30..70b915cf2 100644
--- a/crates/stackable-operator/CHANGELOG.md
+++ b/crates/stackable-operator/CHANGELOG.md
@@ -1,9 +1,9 @@
 # Changelog
 
-## [Unreleased]
-
 All notable changes to this project will be documented in this file.
 
+## [Unreleased]
+
 ### Added
 
 - Added cert lifetime setter to `SecretOperatorVolumeSourceBuilder` ([#915])