fix: Construction of OIDC endpoint when rootPath has a trailing slash (#569)

* fix: Calculation of OIDC endpoint when rootPath has no trailing slash

* changelog

* fix URL calculation

* refactor

* Naming feedback from review

* Rename known_config_url -> well_known_config_url

* cargo fmt

Author: sbernauer

CHANGELOG.md

@@ -19,11 +19,13 @@
 ### Fixed
 
 - Invalid `SupersetCluster`, `DruidConnection` or `AuthenticationClass` objects don't stop the operator from reconciling ([#551]).
+- Fix OIDC endpoint construction in case the `rootPath` does have a trailing slash ([#569]).
 
 [#528]: https://github.com/stackabletech/superset-operator/pull/528
 [#530]: https://github.com/stackabletech/superset-operator/pull/530
 [#549]: https://github.com/stackabletech/superset-operator/pull/549
 [#551]: https://github.com/stackabletech/superset-operator/pull/551
+[#569]: https://github.com/stackabletech/superset-operator/pull/569
 
 ## [24.7.0] - 2024-07-24
 

Cargo.lock

@@ -17,14 +17,16 @@ fnv = "1.0"
 futures = { version = "0.3", features = ["compat"] }
 indoc = "2.0"
 product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.7.0" }
+rstest = "0.23"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_yaml = "0.9"
 snafu = "0.8"
-stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.80.0" }
+stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.82.0" }
 strum = { version = "0.26", features = ["derive"] }
 tokio = { version = "1.40", features = ["full"] }
 tracing = "0.1"
 
 # [patch."https://github.com/stackabletech/operator-rs.git"]
 # stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" }
+# stackable-operator = { path = "../operator-rs/crates/stackable-operator" }

Cargo.nix

@@ -141,7 +141,7 @@ pub enum SupersetAuthenticationClassResolved {
     },
     Oidc {
         provider: oidc::AuthenticationProvider,
-        oidc: oidc::ClientAuthenticationOptions<()>,
+        client_auth_options: oidc::ClientAuthenticationOptions<()>,
     },
 }
 
@@ -310,7 +310,7 @@ impl SupersetClientAuthenticationDetailsResolved {
 
         Ok(SupersetAuthenticationClassResolved::Oidc {
             provider: provider.to_owned(),
-            oidc: auth_details
+            client_auth_options: auth_details
                 .common
                 .oidc_or_error(auth_class_name)
                 .context(OidcConfigurationInvalidSnafu)?
@@ -415,7 +415,7 @@ mod tests {
                     oidc:
                       hostname: first.oidc.server
                       port: 443
-                      rootPath: /realms/main
+                      rootPath: /realms/main/
                       principalClaim: preferred_username
                       scopes:
                         - openid
@@ -436,7 +436,7 @@ mod tests {
                   provider:
                     oidc:
                       hostname: second.oidc.server
-                      rootPath: /realms/test
+                      rootPath: /realms/test/
                       principalClaim: preferred_username
                       scopes:
                         - openid
@@ -453,7 +453,7 @@ mod tests {
                         provider: oidc::AuthenticationProvider::new(
                             HostName::try_from("first.oidc.server".to_string()).unwrap(),
                             Some(443),
-                            "/realms/main".into(),
+                            "/realms/main/".into(),
                             TlsClientDetails {
                                 tls: Some(Tls {
                                     verification: TlsVerification::Server(TlsServerVerification {
@@ -465,7 +465,7 @@ mod tests {
                             vec!["openid".into(), "email".into(), "profile".into()],
                             Some(IdentityProviderHint::Keycloak)
                         ),
-                        oidc: oidc::ClientAuthenticationOptions {
+                        client_auth_options: oidc::ClientAuthenticationOptions {
                             client_credentials_secret_ref: "superset-oidc-client1".into(),
                             extra_scopes: vec!["groups".into()],
                             product_specific_fields: ()
@@ -475,13 +475,13 @@ mod tests {
                         provider: oidc::AuthenticationProvider::new(
                             HostName::try_from("second.oidc.server".to_string()).unwrap(),
                             None,
-                            "/realms/test".into(),
+                            "/realms/test/".into(),
                             TlsClientDetails { tls: None },
                             "preferred_username".into(),
                             vec!["openid".into(), "email".into(), "profile".into()],
                             None
                         ),
-                        oidc: oidc::ClientAuthenticationOptions {
+                        client_auth_options: oidc::ClientAuthenticationOptions {
                             client_credentials_secret_ref: "superset-oidc-client2".into(),
                             extra_scopes: Vec::new(),
                             product_specific_fields: ()

Cargo.toml

@@ -24,5 +24,8 @@ strum.workspace = true
 tokio.workspace = true
 tracing.workspace = true
 
+[dev-dependencies]
+rstest.workspace = true
+
 [build-dependencies]
 built.workspace = true