From 4b244a44a886ab3eaa928a33433f36bf992200d1 Mon Sep 17 00:00:00 2001
From: Alex Snaps <alex@wcgw.dev>
Date: Wed, 4 Sep 2024 10:43:52 -0400
Subject: [PATCH] Tentative at dealing with no opa.External provided

Signed-off-by: Alex Snaps <alex@wcgw.dev>
---
 controllers/auth_config_controller.go | 36 ++++++++++++++++-----------
 1 file changed, 21 insertions(+), 15 deletions(-)

diff --git a/controllers/auth_config_controller.go b/controllers/auth_config_controller.go
index a4bde94b..78a97be6 100644
--- a/controllers/auth_config_controller.go
+++ b/controllers/auth_config_controller.go
@@ -377,25 +377,31 @@ func (r *AuthConfigReconciler) translateAuthConfig(ctx context.Context, authConf
 		case api.OpaAuthorization:
 			policyName := authConfig.GetNamespace() + "/" + authConfig.GetName() + "/" + authzName
 			opa := authorization.Opa
-			externalRegistry := opa.External
 			secret := &v1.Secret{}
-			var sharedSecret string
 
-			if externalRegistry.SharedSecret != nil {
-				if err := r.Client.Get(ctx, types.NamespacedName{
-					Namespace: authConfig.Namespace,
-					Name:      externalRegistry.SharedSecret.Name},
-					secret); err != nil {
-					return nil, err // TODO: Review this error, perhaps we don't need to return an error, just reenqueue.
+			var (
+				sharedSecret   string
+				externalSource *authorization_evaluators.OPAExternalSource
+			)
+
+			if opa.External != nil {
+				externalRegistry := opa.External
+				if externalRegistry.SharedSecret != nil {
+					if err := r.Client.Get(ctx, types.NamespacedName{
+						Namespace: authConfig.Namespace,
+						Name:      externalRegistry.SharedSecret.Name},
+						secret); err != nil {
+						return nil, err // TODO: Review this error, perhaps we don't need to return an error, just reenqueue.
+					}
+					sharedSecret = string(secret.Data[externalRegistry.SharedSecret.Key])
 				}
-				sharedSecret = string(secret.Data[externalRegistry.SharedSecret.Key])
-			}
 
-			externalSource := &authorization_evaluators.OPAExternalSource{
-				Endpoint:        externalRegistry.Url,
-				SharedSecret:    sharedSecret,
-				AuthCredentials: newAuthCredential(externalRegistry.Credentials),
-				TTL:             externalRegistry.TTL,
+				externalSource = &authorization_evaluators.OPAExternalSource{
+					Endpoint:        externalRegistry.Url,
+					SharedSecret:    sharedSecret,
+					AuthCredentials: newAuthCredential(externalRegistry.Credentials),
+					TTL:             externalRegistry.TTL,
+				}
 			}
 
 			var err error