From fb86a5c070c00c37d6c529310e9dbbdc3bd9d55c Mon Sep 17 00:00:00 2001
From: Maxi Wittich <maximilian.wittich@stackable.tech>
Date: Fri, 2 Aug 2024 09:16:45 +0200
Subject: [PATCH 1/6] Adding import for custom security manager

---
 rust/operator-binary/src/config.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs
index 21c2b562..c6fd1398 100644
--- a/rust/operator-binary/src/config.rs
+++ b/rust/operator-binary/src/config.rs
@@ -23,6 +23,8 @@ pub const PYTHON_IMPORTS: &[&str] = &[
     "from superset.stats_logger import StatsdStatsLogger",
     "from flask_appbuilder.security.manager import (AUTH_DB, AUTH_LDAP, AUTH_OAUTH, AUTH_OID, AUTH_REMOTE_USER)",
     "from log_config import StackableLoggingConfigurator",
+    // Custom logout manager to securely logout while using Keycloak SSO. Issue: https://github.com/apache/superset/issues/24713
+    "from security.CustomKeycloakSecurityManager import CustomSsoSecurityManager",
     ];
 
 pub fn add_superset_config(

From b2dff562cd3f073bbb222a91ca9b99315dfc2c15 Mon Sep 17 00:00:00 2001
From: Maxi Wittich <maximilian.wittich@stackable.tech>
Date: Fri, 2 Aug 2024 09:49:14 +0200
Subject: [PATCH 2/6] Changing path to custom security manager

---
 rust/operator-binary/src/config.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs
index c6fd1398..a6e427ba 100644
--- a/rust/operator-binary/src/config.rs
+++ b/rust/operator-binary/src/config.rs
@@ -24,7 +24,7 @@ pub const PYTHON_IMPORTS: &[&str] = &[
     "from flask_appbuilder.security.manager import (AUTH_DB, AUTH_LDAP, AUTH_OAUTH, AUTH_OID, AUTH_REMOTE_USER)",
     "from log_config import StackableLoggingConfigurator",
     // Custom logout manager to securely logout while using Keycloak SSO. Issue: https://github.com/apache/superset/issues/24713
-    "from security.CustomKeycloakSecurityManager import CustomSsoSecurityManager",
+    "from superset.security.CustomKeycloakSecurityManager import CustomSsoSecurityManager",
     ];
 
 pub fn add_superset_config(

From 75165fd7682c24b629e91a4669174aae31c2c50c Mon Sep 17 00:00:00 2001
From: Maxi Wittich <maximilian.wittich@stackable.tech>
Date: Fri, 2 Aug 2024 12:09:11 +0200
Subject: [PATCH 3/6] Importing AUTH_OAUTH, needed by superset_config.py

---
 rust/operator-binary/src/config.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs
index a6e427ba..4b047cae 100644
--- a/rust/operator-binary/src/config.rs
+++ b/rust/operator-binary/src/config.rs
@@ -25,6 +25,7 @@ pub const PYTHON_IMPORTS: &[&str] = &[
     "from log_config import StackableLoggingConfigurator",
     // Custom logout manager to securely logout while using Keycloak SSO. Issue: https://github.com/apache/superset/issues/24713
     "from superset.security.CustomKeycloakSecurityManager import CustomSsoSecurityManager",
+    "from flask_appbuilder.security.manager import AUTH_OAUTH"
     ];
 
 pub fn add_superset_config(

From 47668a3d9a67566336e1b2ac1e37e99ed59a4b9a Mon Sep 17 00:00:00 2001
From: Maxi Wittich <maximilian.wittich@stackable.tech>
Date: Mon, 5 Aug 2024 12:48:09 +0200
Subject: [PATCH 4/6] Adding new imports for tests

---
 rust/operator-binary/src/config.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs
index 4b047cae..d9edb2b4 100644
--- a/rust/operator-binary/src/config.rs
+++ b/rust/operator-binary/src/config.rs
@@ -25,7 +25,9 @@ pub const PYTHON_IMPORTS: &[&str] = &[
     "from log_config import StackableLoggingConfigurator",
     // Custom logout manager to securely logout while using Keycloak SSO. Issue: https://github.com/apache/superset/issues/24713
     "from superset.security.CustomKeycloakSecurityManager import CustomSsoSecurityManager",
-    "from flask_appbuilder.security.manager import AUTH_OAUTH"
+    // "from flask_appbuilder.security.manager import AUTH_OAUTH"
+    "from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, AUTH_LDAP, AUTH_OAUTH",
+    "import os"
     ];
 
 pub fn add_superset_config(

From 30df7136ac6dab24a3fb9b4e9ee51b1ddbd6dcc9 Mon Sep 17 00:00:00 2001
From: Maxi Wittich <maximilian.wittich@stackable.tech>
Date: Mon, 5 Aug 2024 14:16:28 +0200
Subject: [PATCH 5/6] Using OIDCSecurityManager

---
 rust/operator-binary/src/config.rs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs
index d9edb2b4..8982ee98 100644
--- a/rust/operator-binary/src/config.rs
+++ b/rust/operator-binary/src/config.rs
@@ -24,9 +24,8 @@ pub const PYTHON_IMPORTS: &[&str] = &[
     "from flask_appbuilder.security.manager import (AUTH_DB, AUTH_LDAP, AUTH_OAUTH, AUTH_OID, AUTH_REMOTE_USER)",
     "from log_config import StackableLoggingConfigurator",
     // Custom logout manager to securely logout while using Keycloak SSO. Issue: https://github.com/apache/superset/issues/24713
-    "from superset.security.CustomKeycloakSecurityManager import CustomSsoSecurityManager",
+    "from superset.security.CustomKeycloakSecurityManager import OIDCSecurityManager",
     // "from flask_appbuilder.security.manager import AUTH_OAUTH"
-    "from flask_appbuilder.security.manager import AUTH_OID, AUTH_REMOTE_USER, AUTH_DB, AUTH_LDAP, AUTH_OAUTH",
     "import os"
     ];
 

From d79453f76071fd709c8a9274b300c5768388b34c Mon Sep 17 00:00:00 2001
From: Maxi Wittich <maximilian.wittich@stackable.tech>
Date: Tue, 6 Aug 2024 14:51:10 +0200
Subject: [PATCH 6/6] Only load custom secuirty manager if product version is
 4.0.1

---
 rust/operator-binary/src/config.rs            |  9 ++++--
 .../src/superset_controller.rs                | 32 +++++++++++++------
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/rust/operator-binary/src/config.rs b/rust/operator-binary/src/config.rs
index 8982ee98..bef93d5a 100644
--- a/rust/operator-binary/src/config.rs
+++ b/rust/operator-binary/src/config.rs
@@ -19,14 +19,19 @@ pub enum Error {
 }
 
 pub const PYTHON_IMPORTS: &[&str] = &[
+    "import os",
+    "from superset.stats_logger import StatsdStatsLogger",
+    "from flask_appbuilder.security.manager import (AUTH_DB, AUTH_LDAP, AUTH_OAUTH, AUTH_OID, AUTH_REMOTE_USER)",
+    "from log_config import StackableLoggingConfigurator",
+    ];
+
+pub const PYTHON_IMPORTS_OIDC: &[&str] = &[
     "import os",
     "from superset.stats_logger import StatsdStatsLogger",
     "from flask_appbuilder.security.manager import (AUTH_DB, AUTH_LDAP, AUTH_OAUTH, AUTH_OID, AUTH_REMOTE_USER)",
     "from log_config import StackableLoggingConfigurator",
     // Custom logout manager to securely logout while using Keycloak SSO. Issue: https://github.com/apache/superset/issues/24713
     "from superset.security.CustomKeycloakSecurityManager import OIDCSecurityManager",
-    // "from flask_appbuilder.security.manager import AUTH_OAUTH"
-    "import os"
     ];
 
 pub fn add_superset_config(
diff --git a/rust/operator-binary/src/superset_controller.rs b/rust/operator-binary/src/superset_controller.rs
index a559c7e3..6b666443 100644
--- a/rust/operator-binary/src/superset_controller.rs
+++ b/rust/operator-binary/src/superset_controller.rs
@@ -64,7 +64,7 @@ use strum::{EnumDiscriminants, IntoStaticStr};
 
 use crate::{
     commands::add_cert_to_python_certifi_command,
-    config::{self, PYTHON_IMPORTS},
+    config::{self, PYTHON_IMPORTS, PYTHON_IMPORTS_OIDC},
     controller_commons::{self, CONFIG_VOLUME_NAME, LOG_CONFIG_VOLUME_NAME, LOG_VOLUME_NAME},
     operations::{graceful_shutdown::add_graceful_shutdown_config, pdb::add_pdbs},
     product_logging::{
@@ -521,16 +521,28 @@ fn build_rolegroup_config_map(
             .cloned()
             .unwrap_or_default(),
     );
-
     let mut config_file = Vec::new();
-    flask_app_config_writer::write::<SupersetConfigOptions, _, _>(
-        &mut config_file,
-        config_properties.iter(),
-        PYTHON_IMPORTS,
-    )
-    .with_context(|_| BuildRoleGroupConfigFileSnafu {
-        rolegroup: rolegroup.clone(),
-    })?;
+    // For superset OIDC logout, we need to import the custom security manager containing the login and logout functions
+    // therefore we need another import if we have version 4.0.2 ( This can change )
+    if resolved_product_image.product_version != "4.0.2" {
+        flask_app_config_writer::write::<SupersetConfigOptions, _, _>(
+            &mut config_file,
+            config_properties.iter(),
+            PYTHON_IMPORTS,
+        )
+        .with_context(|_| BuildRoleGroupConfigFileSnafu {
+            rolegroup: rolegroup.clone(),
+        })?;
+    } else {
+        flask_app_config_writer::write::<SupersetConfigOptions, _, _>(
+            &mut config_file,
+            config_properties.iter(),
+            PYTHON_IMPORTS_OIDC,
+        )
+        .with_context(|_| BuildRoleGroupConfigFileSnafu {
+            rolegroup: rolegroup.clone(),
+        })?;
+    }
 
     let mut cm_builder = ConfigMapBuilder::new();