UserInfoFetcher: ActiveDirectory backend (#622)

* Initial prototype of an AD UIF backend

* Handle errors

* Query user groups

* Allow mapping custom attributes

* Special-case mapping special LDAP attributes

* Factor out group fetching

* Error handling and cleanup

* Make base DN configurable

* Authenticate to AD with Kerberos

* Encrypt LDAP connections with TLS

* move util -> utils::http

* Unify TLS configuration (to the extent possible), allow multi-CA bundles

* Documentation

* Move new UIF dependencies into workspace toml

* Changelog

* Update docs/modules/opa/pages/usage-guide/user-info-fetcher.adoc

Co-authored-by: Sebastian Bernauer <[email protected]>

* Group up backends, clarify that response details will depend on the active backend

* s/ldapHostname/ldapServer

* More debug logging

* Add custom attribute mappings to docs

* Align LDAP hostname in the example with ad-init

---------

Co-authored-by: Sebastian Bernauer <[email protected]>

Author: nightkr

CHANGELOG.md

@@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file.
 - Added support for OPA 0.67.1 ([#616]).
 - The operator can now run on Kubernetes clusters using a non-default cluster domain.
   Use the env var `KUBERNETES_CLUSTER_DOMAIN` or the operator Helm chart property `kubernetesClusterDomain` to set a non-default cluster domain ([#637]).
+- Added Active Directory backend for user-info-fetcher ([#622]).
 
 ### Changed
 
@@ -31,6 +32,7 @@ All notable changes to this project will be documented in this file.
 [#580]: https://github.com/stackabletech/opa-operator/pull/580
 [#616]: https://github.com/stackabletech/opa-operator/pull/616
 [#621]: https://github.com/stackabletech/opa-operator/pull/621
+[#622]: https://github.com/stackabletech/opa-operator/pull/622
 [#637]: https://github.com/stackabletech/opa-operator/pull/637
 [#638]: https://github.com/stackabletech/opa-operator/pull/638