Updating some approaches

Maleware · Maleware · commit e237a7a4e19e · 2024-12-27T13:38:31.000+01:00
diff --git a/deploy/helm/superset-operator/Chart.yaml b/deploy/helm/superset-operator/Chart.yaml
@@ -1,8 +1,8 @@
 ---
 apiVersion: v2
 name: superset-operator
-version: "0.0.0-dev"
-appVersion: "0.0.0-dev"
+version: ""
+appVersion: ""
 description: The Stackable Operator for Apache Superset
 home: https://github.com/stackabletech/superset-operator
 maintainers:
diff --git a/rust/crd/src/lib.rs b/rust/crd/src/lib.rs
@@ -119,7 +119,8 @@ impl FlaskAppConfigOptions for SupersetConfigOptions {
             SupersetConfigOptions::LoggingConfigurator => PythonType::Expression,
             SupersetConfigOptions::AuthType => PythonType::Expression,
             SupersetConfigOptions::AuthUserRegistration => PythonType::BoolLiteral,
-            SupersetConfigOptions::AuthUserRegistrationRole => PythonType::StringLiteral,
+            // Going to be an expression as we default it from env, if and only if opa is used
+            SupersetConfigOptions::AuthUserRegistrationRole => PythonType::Expression,
             SupersetConfigOptions::AuthRolesSyncAtLogin => PythonType::BoolLiteral,
             SupersetConfigOptions::AuthLdapServer => PythonType::StringLiteral,
             SupersetConfigOptions::AuthLdapBindUser => PythonType::Expression,
diff --git a/rust/operator-binary/src/authorization/opa.rs b/rust/operator-binary/src/authorization/opa.rs
@@ -20,9 +20,15 @@ impl SupersetOpaConfig {
         // Get opa_base_url for later use in CustomOpaSecurityManager
         let opa_endpoint = opa_config
             .full_document_url_from_config_map(client, superset, None, OpaApiVersion::V1)
-            .await?;
+            .await?
+            // Not pretty.
+            // Need to remove the resource name. Appended by default.
+            // TODO: Decide where to handle this
+            // could be better in security manager!
+            .replace("/v1/data/superset", "");
 
         let opa_package = opa_config.package.clone();
+
         Ok(SupersetOpaConfig {
             opa_endpoint,
             opa_package,
@@ -39,7 +45,9 @@ impl SupersetOpaConfig {
                 "CUSTOM_SECURITY_MANAGER".to_string(),
                 Some("OpaSupersetSecurityManager".to_string()),
             ),
-            // TODO: Make this more smart.
+            // This is now a PythonType::Expression. Makes it easy to find a default.
+            // only necessary when opa role mapping is activated, as the user
+            // has to have a role to be valid.
             (
                 "AUTH_USER_REGISTRATION_ROLE".to_string(),
                 Some("os.getenv('AUTH_USER_REGISTRATION_ROLE', 'Public')".to_string()),
