replaced random key with hard-coded one with comment

adwk67 · adwk67 · commit 9dfe57ecf7e3 · 2025-06-02T15:38:49.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.nix b/Cargo.nix
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,15 +14,13 @@ product-config = { git = "https://github.com/stackabletech/product-config.git",
 stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", features = ["telemetry", "versioned"], tag = "stackable-operator-0.93.1" }
 
 anyhow = "1.0"
-base64 = "0.22.1"
 built = { version = "0.7", features = ["chrono", "git2"] }
 clap = "4.5"
 const_format = "0.2"
 fnv = "1.0"
 futures = { version = "0.3", features = ["compat"] }
 indoc = "2.0"
 lazy_static = "1.4"
-rand = "0.8.5"
 rstest = "0.25"
 semver = "1.0"
 serde = { version = "1.0", features = ["derive"] }
diff --git a/docs/modules/airflow/partials/supported-versions.adoc b/docs/modules/airflow/partials/supported-versions.adoc
@@ -2,6 +2,7 @@
 // This is a separate file, since it is used by both the direct Airflow-Operator documentation, and the overarching
 // Stackable Platform documentation.
 
+- 3.0.1 (experimental)
 - 2.10.5
 - 2.10.4 (deprecated)
 - 2.9.3 (LTS)
diff --git a/rust/operator-binary/Cargo.toml b/rust/operator-binary/Cargo.toml
@@ -13,13 +13,11 @@ product-config.workspace = true
 stackable-operator.workspace = true
 
 anyhow.workspace = true
-base64.workspace = true
 clap.workspace = true
 const_format.workspace = true
 fnv.workspace = true
 futures.workspace = true
 lazy_static.workspace = true
-rand.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 serde_yaml.workspace = true
diff --git a/rust/operator-binary/src/env_vars.rs b/rust/operator-binary/src/env_vars.rs
@@ -3,10 +3,7 @@ use std::{
     path::PathBuf,
 };
 
-use base64::{Engine, engine::general_purpose::STANDARD};
-use lazy_static::lazy_static;
 use product_config::types::PropertyNameKind;
-use rand::Rng;
 use snafu::Snafu;
 use stackable_operator::{
     commons::product_image_selection::ResolvedProductImage,
@@ -56,14 +53,12 @@ const ADMIN_EMAIL: &str = "ADMIN_EMAIL";
 
 const PYTHONPATH: &str = "PYTHONPATH";
 
-lazy_static! {
-    pub static ref JWT_KEY: String = {
-        let mut rng = rand::thread_rng();
-        // Generate 16 random bytes and encode to base64 string
-        let random_bytes: [u8; 16] = rng.gen();
-        STANDARD.encode(random_bytes)
-    };
-}
+/// TODO This key is only intended for use during experimental support and will
+/// be replaced with a secret at a later stage. The key should be consistent
+/// across replicas/roles for a given cluster, but should be cluster-specific
+/// and should be accessed from a secret to avoid cluster restarts being
+/// triggered by an operator restart.
+const JWT_KEY: &str = "ThisKeyIsNotIntendedForProduction!";
 
 #[derive(Snafu, Debug)]
 pub enum Error {
@@ -477,7 +472,7 @@ fn add_version_specific_env_vars(
             "AIRFLOW__API_AUTH__JWT_SECRET".into(),
             EnvVar {
                 name: "AIRFLOW__API_AUTH__JWT_SECRET".into(),
-                value: Some(JWT_KEY.clone()),
+                value: Some(JWT_KEY.into()),
                 ..Default::default()
             },
         );
