feat: Add SecretOperatorVolumeSourceBuilder::with_auto_tls_cert_domain_components_in_subject_dn

crates/stackable-operator/CHANGELOG.md

@@ -8,13 +8,16 @@ All notable changes to this project will be documented in this file.
 
 - Add `Client::{get_feature_gates,get_enabled_feature_gates,get_disabled_feature_gates}` associated
   functions to retrieve all, enabled, or disabled feature gates from the Kubernetes apiserver ([#1207]).
+- Support the annotation `secrets.stackable.tech/backend.autotls.cert.domain-components-in-subject-dn`
+  in the `SecretOperatorVolumeSourceBuilder` ([#1209]).
 
 ### Changed
 
 - BREAKING: Use `serde_json::Value` instead of `String` for user-provided JSON `configOverrides`. This change is marked as breaking, as it causes a breaking change to the CRDs ([#1206]).
 
 [#1206]: https://github.com/stackabletech/operator-rs/pull/1206
 [#1207]: https://github.com/stackabletech/operator-rs/pull/1207
+[#1209]: https://github.com/stackabletech/operator-rs/pull/1209
 
 ## [0.111.1] - 2026-04-28
 

crates/stackable-operator/src/builder/pod/volume.rs

@@ -280,6 +280,7 @@ pub struct SecretOperatorVolumeSourceBuilder {
     kerberos_service_names: Vec<String>,
     tls_pkcs12_password: Option<String>,
     auto_tls_cert_lifetime: Option<Duration>,
+    auto_tls_cert_domain_components_in_subject_dn: Option<bool>,
     provision_parts: SecretClassVolumeProvisionParts,
 }
 
@@ -302,6 +303,7 @@ impl SecretOperatorVolumeSourceBuilder {
             kerberos_service_names: Vec::new(),
             tls_pkcs12_password: None,
             auto_tls_cert_lifetime: None,
+            auto_tls_cert_domain_components_in_subject_dn: None,
             provision_parts,
         }
     }
@@ -311,6 +313,14 @@ impl SecretOperatorVolumeSourceBuilder {
         self
     }
 
+    pub fn with_auto_tls_cert_domain_components_in_subject_dn(
+        &mut self,
+        enabled: impl Into<bool>,
+    ) -> &mut Self {
+        self.auto_tls_cert_domain_components_in_subject_dn = Some(enabled.into());
+        self
+    }
+
     pub fn with_node_scope(&mut self) -> &mut Self {
         self.scopes.push(SecretOperatorVolumeScope::Node);
         self
@@ -391,6 +401,12 @@ impl SecretOperatorVolumeSourceBuilder {
             );
         }
 
+        if let Some(enabled) = self.auto_tls_cert_domain_components_in_subject_dn {
+            annotations.insert(Annotation::auto_tls_cert_domain_components_in_subject_dn(
+                enabled,
+            ));
+        }
+
         Ok(EphemeralVolumeSource {
             volume_claim_template: Some(PersistentVolumeClaimTemplate {
                 metadata: Some(ObjectMetaBuilder::new().annotations(annotations).build()),

crates/stackable-operator/src/kvp/annotation/mod.rs

@@ -161,11 +161,24 @@ impl Annotation {
     pub fn autoscaling_retry(retry: bool) -> Self {
         // SAFETY: We use expect here, because the input parameter can only be one of two possible
         // values: true or false. This fact in combination with the known annotation key length
-        // allows use to use expect here, instead of bubbling up the error.
+        // allows us to use expect here, instead of bubbling up the error.
         let kvp = KeyValuePair::try_from(("autoscaling.stackable.tech/retry", retry.to_string()))
             .expect("autoscaling retry annotation must be valid");
         Self(kvp)
     }
+
+    /// Constructs a `secrets.stackable.tech/backend.autotls.cert.domain-components-in-subject-dn` annotation.
+    pub fn auto_tls_cert_domain_components_in_subject_dn(enabled: bool) -> Self {
+        // SAFETY: We use expect here, because the input parameter can only be one of two possible
+        // values: true or false. This fact in combination with the known annotation key length
+        // allows us to use expect here, instead of bubbling up the error.
+        let kvp = KeyValuePair::try_from((
+            "secrets.stackable.tech/backend.autotls.cert.domain-components-in-subject-dn",
+            enabled.to_string(),
+        ))
+        .expect("annotation must be valid");
+        Self(kvp)
+    }
 }
 
 /// A validated set/list of Kubernetes annotations.
@@ -357,4 +370,13 @@ mod test {
 
         assert_eq!(annotations.len(), 2);
     }
+
+    #[test]
+    fn test_boolean_annotations() {
+        // Check that the functions do not fail for all possible inputs
+        for value in [false, true] {
+            Annotation::autoscaling_retry(value);
+            Annotation::auto_tls_cert_domain_components_in_subject_dn(value);
+        }
+    }
 }