Make CA lifetimes configurable

[nightkr]

Description

Fixes #354

Definition of Done Checklist

• Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
• Please make sure all these things are done and tick the boxes

Author

Beta Give feedback

1. Changes are OpenShift compatible
2. CRD changes approved
3. CRD documentation for all fields, following the style guide.
4. Helm chart can be installed and deployed operator works
5. Integration tests passed (for non trivial changes)
6. Changes need to be "offline" compatible

Reviewer

Beta Give feedback

1. Code contains useful comments
2. (Integration-)Test cases added
3. Documentation added or updated. Follows the style guide.
4. Changelog updated
5. Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

Beta Give feedback

1. Feature Tracker has been updated
2. Proper release label has been added

[fhennig]

Can you add some docs to this page? https://docs.stackable.tech/home/nightly/secret-operator/secretclass#backend-autotls

maybe the property could be lifetime instead of caLifetime since it's under the ca key already (sorry for the bikeshedding 😬 )

other than that, looks good to me 👍

[nightkr]

Added docs, updated to align with the CRD review.

[soenkeliebau]

This doesn't yet reflect the updated default CA duration of one year, right?
Should we make that change in here, or later on in a subsequent PR?

[fhennig]

Looks good to me.

regarding the 2y default in default_ca_certificate_lifetime I think it might be easiest to update it in here still. I can re-approve if you sitll want to change this @nightkr

If this change is not made here we need to make a ticket for it so we do not forget about it later

[sbernauer]

The ticket we discussed in Arch meeting is #358 ;)

[fhennig]

Alright so yeah fine either way, do it here and close #358 too or not 🆗

[nightkr]

I think either is fine, I'd personally do it in a separate PR and changelog entry.

[fhennig]

error: unresolved link to `Self::ca_lifetime`
   --> rust/operator-binary/src/backend/tls/ca.rs:154:28
    |
154 |     /// and smaller than [`Self::ca_lifetime`].
    |                            ^^^^^^^^^^^^^^^^^ the struct `Config` has no field or associated item named `ca_lifetime`
    |
    = note: `-D rustdoc::broken-intra-doc-links` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(rustdoc::broken_intra_doc_links)]`

error: could not document `stackable-secret-operator`

[nightkr]

Argh, you're right. Should be fixed now..

[fhennig]

LGTM!