[Merged by Bors] - Add support for secret-operator volumes to pod volume builder

[nightkr]

Description

Review Checklist

• Code contains useful comments
• (Integration-)Test cases added (or not applicable)
• Documentation added (or not applicable)
• Changelog updated (or not applicable)

[sbernauer]

Thanks a lot!
In the AuthenticationClass we get a user-provided scope from the user (see below). My understanding is, that the attribute spec.protocol.ldap.bindCredentials.scope is a string and is just passed to the Pod volume, is that correct?
In that case we would need a way to just pass in the secrets.stackable.tech/scope string and skip creating Rust vectors.

apiVersion: authentication.stackable.tech/v1alpha1
kind: AuthenticationClass
metadata:
  name: myldap
spec:
  protocol:
    ldap:
      hostname: ldap.server
      port: 389
      domain: domain.local
      bindCredentials:
        secretClass: superset-with-ldap-ldap-bind
        scope: Service

[nightkr]

My understanding is, that the attribute spec.protocol.ldap.bindCredentials.scope is a string and is just passed to the Pod volume, is that correct?

Sort of.. the question there would be how much we want to validate in the operator vs just passing it through. We might also want to force certain scopes when we know that a service will require them.. not sure there.

[sbernauer]

Alright, i will think of a solution

[sbernauer]

I will also add some unit test as I'm working on new features for SecretOperatorVolumeSourceBuilder.
So I'm going to check that in the Review Checklist

[nightkr]

Kinda getting mixed signals here... :P

[sbernauer]

I'm happy to merge this as is. I'm working on the "passing a scope string to SecretOperatorVolumeSourceBuilder" but will open a separate PR for that.

[nightkr]

Alright.

bors r+

[bors]

Pull request successfully merged into main.

Build succeeded:

• All tests passed