Handle create/rotate operations from Vault

Add isCreateOrRotatePath helper to detect create/rotate-related
operations and use it in the event stream handler. Update the
dynamicSecretEventPath unit test to pass a VaultDynamicSecret instance.

Author: jaireddjawed

controllers/vaultdynamicsecret_controller.go

@@ -870,8 +870,8 @@ func (r *VaultDynamicSecretReconciler) streamDynamicSecretEvents(ctx context.Con
 			logger.Info("Modified event received from Vault",
 				"path", path, "operation", operation, "vdsPath", vdsPath)
 
-			// handle update during a lease renewal
-			if operation == "creds-renew" && path == vdsPath {
+			// handle update during credential creation or role rotation
+			if isCreateOrRotatePath(operation) && path == vdsPath {
 				logger.Info("Create/update event received on VaultDynamicSecret, triggering reconciliation",
 					"operation", operation, "path", path)
 
@@ -1065,6 +1065,11 @@ func (r *VaultDynamicSecretReconciler) vaultClientCallback(ctx context.Context,
 	}
 }
 
+// isCreateOrRotatePath checks if the operation is a create or rotate operation
+func isCreateOrRotatePath(operation string) bool {
+	return operation == "creds-create" || operation == "static-creds-create" || operation == "rotate"
+}
+
 func computeRotationTime(o *secretsv1beta1.VaultDynamicSecret) time.Time {
 	var ts int64
 	var horizon time.Duration

controllers/vaultdynamicsecret_controller_test.go

@@ -1022,7 +1022,12 @@ func Test_dynamicSecretEventPath(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			assert.Equal(t, tt.want, dynamicSecretEventPath)
+			vds := &secretsv1beta1.VaultDynamicSecret{
+				Spec: secretsv1beta1.VaultDynamicSecretSpec{
+					Mount: tt.mount,
+				},
+			}
+			assert.Equal(t, tt.want, dynamicSecretEventPath(vds))
 		})
 	}
 }