stackabletech
diff --git a/‎Cargo.lock
Lines changed: 3 additions & 3 deletions b/‎Cargo.lock
Lines changed: 3 additions & 3 deletions
diff --git a/‎Cargo.nix
Lines changed: 3 additions & 3 deletions b/‎Cargo.nix
Lines changed: 3 additions & 3 deletions
diff --git a/‎deploy/helm/airflow-operator/crds/crds.yaml
Lines changed: 2 additions & 1 deletion b/‎deploy/helm/airflow-operator/crds/crds.yaml
Lines changed: 2 additions & 1 deletion
diff --git a/‎rust/crd/src/authorization.rs
Lines changed: 1 addition & 1 deletion b/‎rust/crd/src/authorization.rs
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/templates/kuttl/opa/41_check-authorization.py
Lines changed: 66 additions & 68 deletions b/‎tests/templates/kuttl/opa/41_check-authorization.py
Lines changed: 66 additions & 68 deletions
@@ -513,7 +513,8 @@ spec:
                                 maxEntries:
                                   default: 1000
                                   description: Maximum number of entries in the cache; If this threshold is reached then the least recently used item is removed.
-                                  format: int32
+                                  format: uint32
+                                  minimum: 0.0
                                   type: integer
                               type: object
                             configMapName:
 
@@ -27,7 +27,7 @@ impl AirflowAuthorizationResolved {
 pub struct OpaConfigResolved {
     pub connection_string: String,
     pub cache_entry_time_to_live: Duration,
-    pub cache_max_entries: i32,
+    pub cache_max_entries: u32,
 }
 
 impl OpaConfigResolved {
 
@@ -9,151 +9,149 @@
 
 # Jane Doe has access to specific resources.
 user_jane_doe = {
-    'first_name': "Jane",
-    'last_name': "Doe",
-    'username': "jane.doe",
-    'email': "jane.doe@stackable.tech",
-    'roles': [{'name': "User"}],
-    'password': "T8mn72D9"
+    "first_name": "Jane",
+    "last_name": "Doe",
+    "username": "jane.doe",
+    "email": "jane.doe@stackable.tech",
+    "roles": [{"name": "User"}],
+    "password": "T8mn72D9",
 }
 # Richard Roe has no access.
 user_richard_roe = {
-    'first_name': "Richard",
-    'last_name': "Roe",
-    'username': "richard.roe",
-    'email': "richard.roe@stackable.tech",
-    'roles': [{'name': "User"}],
-    'password': "NvfpU518"
+    "first_name": "Richard",
+    "last_name": "Roe",
+    "username": "richard.roe",
+    "email": "richard.roe@stackable.tech",
+    "roles": [{"name": "User"}],
+    "password": "NvfpU518",
 }
 
+
 def create_user(user):
     requests.post(
-        'http://airflow-webserver:8080/auth/fab/v1/users',
-        auth=('airflow', 'airflow'),
-        json=user
+        "http://airflow-webserver:8080/auth/fab/v1/users",
+        auth=("airflow", "airflow"),
+        json=user,
     )
 
+
 def check_api_authorization_for_user(
-        user,
-        expected_status_code,
-        method,
-        endpoint,
-        data=None,
-        api="api/v1"
-    ):
-    api_url = f'http://airflow-webserver:8080/{api}'
-
-    auth = (user['username'], user['password'])
-    response = requests.request(method, f'{api_url}/{endpoint}', auth=auth, json=data)
+    user, expected_status_code, method, endpoint, data=None, api="api/v1"
+):
+    api_url = f"http://airflow-webserver:8080/{api}"
+
+    auth = (user["username"], user["password"])
+    response = requests.request(method, f"{api_url}/{endpoint}", auth=auth, json=data)
     assert response.status_code == expected_status_code
 
+
 def check_api_authorization(method, endpoint, data=None, api="api/v1"):
     check_api_authorization_for_user(
-        user_jane_doe,
-        200,
-        method=method,
-        endpoint=endpoint,
-        data=data,
-        api=api
+        user_jane_doe, 200, method=method, endpoint=endpoint, data=data, api=api
     )
     check_api_authorization_for_user(
-        user_richard_roe,
-        403,
-        method=method,
-        endpoint=endpoint,
-        data=data,
-        api=api
+        user_richard_roe, 403, method=method, endpoint=endpoint, data=data, api=api
     )
 
+
 def check_website_authorization_for_user(user, expected_status_code):
-    username = user['username']
-    password = user['password']
+    username = user["username"]
+    password = user["password"]
     with requests.Session() as session:
         login_response = session.post(
-            'http://airflow-webserver:8080/login/',
+            "http://airflow-webserver:8080/login/",
             data=f"username={username}&password={password}",
             allow_redirects=False,
-            headers={'Content-Type': 'application/x-www-form-urlencoded'}
+            headers={"Content-Type": "application/x-www-form-urlencoded"},
         )
         assert login_response.ok, f"Login for {username} failed"
         home_response = session.get(
-            'http://airflow-webserver:8080/home',
-            allow_redirects=False
+            "http://airflow-webserver:8080/home", allow_redirects=False
         )
-        assert home_response.status_code == expected_status_code, \
-            f"GET /home returned status code {home_response.status_code}, but {expected_status_code} was expected."
+        assert (
+            home_response.status_code == expected_status_code
+        ), f"GET /home returned status code {home_response.status_code}, but {expected_status_code} was expected."
+
 
 def test_is_authorized_configuration():
     # section == null
-    check_api_authorization('GET', 'config')
+    check_api_authorization("GET", "config")
     # section != null
-    check_api_authorization('GET', 'config?section=core')
+    check_api_authorization("GET", "config?section=core")
+
 
-def test_is_authorized_connection(): 
+def test_is_authorized_connection():
     # conn_id == null
-    check_api_authorization('GET', 'connections')
+    check_api_authorization("GET", "connections")
     # conn_id != null
-    check_api_authorization('GET', 'connections/postgres_default')
+    check_api_authorization("GET", "connections/postgres_default")
+
 
 def test_is_authorized_dag():
     # access_entity == null and id == null
     # There is no API endpoint to test this case.
 
     # access_entity == null and id != null
-    check_api_authorization('GET', 'dags/example_trigger_target_dag')
+    check_api_authorization("GET", "dags/example_trigger_target_dag")
 
     # access_entity != null and id == null
     # Check "GET /dags/~/dagRuns" because access to "GET /dags" is always allowed
-    check_api_authorization('GET', 'dags/~/dagRuns')
+    check_api_authorization("GET", "dags/~/dagRuns")
 
     # access_entity != null and id != null
-    check_api_authorization('GET', 'dags/example_trigger_target_dag/dagRuns')
+    check_api_authorization("GET", "dags/example_trigger_target_dag/dagRuns")
+
 
 def test_is_authorized_dataset():
     # uri == null
-    check_api_authorization('GET', 'datasets')
+    check_api_authorization("GET", "datasets")
     # uri != null
-    check_api_authorization('GET', 'datasets/s3%3A%2F%2Fbucket%2Fmy-task')
+    check_api_authorization("GET", "datasets/s3%3A%2F%2Fbucket%2Fmy-task")
+
 
 def test_is_authorized_pool():
     # name == null
-    check_api_authorization('GET', 'pools')
+    check_api_authorization("GET", "pools")
     # name != null
-    check_api_authorization('GET', 'pools/default_pool')
+    check_api_authorization("GET", "pools/default_pool")
+
 
 def test_is_authorized_variable():
     # key != null
-    check_api_authorization('POST', 'variables', data={'key': 'myVar', 'value': '1'})
+    check_api_authorization("POST", "variables", data={"key": "myVar", "value": "1"})
     # key == null
-    check_api_authorization('GET', 'variables/myVar')
+    check_api_authorization("GET", "variables/myVar")
+
 
 def test_is_authorized_view():
     check_website_authorization_for_user(user_jane_doe, 200)
     check_website_authorization_for_user(user_richard_roe, 403)
 
+
 def test_is_authorized_custom_view():
     user_jane_doe_patched = user_jane_doe.copy()
-    user_jane_doe_patched['email'] = "jane@stackable.tech"
+    user_jane_doe_patched["email"] = "jane@stackable.tech"
     check_api_authorization_for_user(
         user_jane_doe,
         200,
-        'PATCH',
-        'users/jane.doe?update_mask=email',
+        "PATCH",
+        "users/jane.doe?update_mask=email",
         data=user_jane_doe_patched,
-        api='/auth/fab/v1'
+        api="/auth/fab/v1",
     )
 
     user_richard_roe_patched = user_richard_roe.copy()
-    user_richard_roe_patched['email'] = "richard@stackable.tech"
+    user_richard_roe_patched["email"] = "richard@stackable.tech"
     check_api_authorization_for_user(
         user_richard_roe,
         403,
-        'PATCH',
-        'users/richard.roe?update_mask=email',
+        "PATCH",
+        "users/richard.roe?update_mask=email",
         data=user_richard_roe_patched,
-        api='/auth/fab/v1'
+        api="/auth/fab/v1",
     )
 
+
 # Create test users
 create_user(user_jane_doe)
 create_user(user_richard_roe)
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ impl AirflowAuthorizationResolved {`
`27`	`27`	`pub struct OpaConfigResolved {`
`28`	`28`	`pub connection_string: String,`
`29`	`29`	`pub cache_entry_time_to_live: Duration,`
`30`		`- pub cache_max_entries: i32,`
	`30`	`+ pub cache_max_entries: u32,`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`impl OpaConfigResolved {`