stacklok / toolhive / 18749204303
51%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 298
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 47.173% (+0.03%) from 47.14%
18749204303

push

github

web-flow 
Add insecure HTTP OIDC support for local development (#2292)

* Add insecure HTTP OIDC support for local development

Adds `insecureAllowHTTP` configuration option to allow HTTP (non-HTTPS)
OIDC issuers for local development and testing scenarios. This addresses
the issue where MCPRemoteProxy requires HTTPS for OIDC issuer URLs even
in local development environments with tools like Keycloak.

The new field is available in the MCPServer CRD under inline OIDC
configuration and is disabled by default for security. When enabled,
a warning is logged to alert operators of the security implications.

Changes:
- Add InsecureAllowHTTP field to InlineOIDCConfig CRD type
- Update OIDC resolver to propagate the flag through all config types
- Add ValidateEndpointURLWithInsecure() for conditional validation
- Update OIDC discovery to allow HTTP when flag is enabled
- Add security warning logs when insecure mode is active
- Preserve CA certificate and auth token support
- Update all function signatures and call sites
- Add tests and fix linting issues

Security: This flag defaults to false and is clearly marked as insecure
in all documentation and warning messages. It should only be used for
local development, testing, or trusted internal networks.

Fixes #2288

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>

* Bump operator-crds chart version and update generated docs

Bumps the operator-crds Helm chart version from 0.0.41 to 0.0.42 to
reflect CRD changes (addition of insecureAllowHTTP field).

Also regenerates:
- CRD API documentation (crd-api.md)
- Swagger/OpenAPI documentation for the server API
- Helm chart README with updated version badge

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Remove unused code and fix transport-level HTTP validation

This addresses PR feedback from ... (continued)

42 of 63 new or added lines in 10 files covered. (66.67%)

4 existing lines in 1 file now uncovered.

18744 of 39735 relevant lines covered (47.17%)

15.57 hits per line

New Missed Lines in Diff

Lines Coverage File
1
0.0
 0.0% cmd/thv-operator/pkg/controllerutil/oidc.go
1
0.0
 0.0% cmd/thv-proxyrunner/app/execution.go
1
89.21
 0.0% pkg/auth/oauth/oidc.go
4
26.19
 0.18% cmd/thv/app/run_flags.go
4
88.46
 -1.44% pkg/networking/http_client.go
4
81.43
 -4.94% pkg/networking/utilities.go
6
83.33
 -0.6% pkg/auth/token.go

Uncovered Existing Lines

Lines Coverage File
4
65.26
 10.53% pkg/secrets/keyring/keyctl_linux.go
Jobs
ID Job ID Ran Files Coverage
1 18749204303.1 298
47.17
 GitHub Action Run
Source Files on build 18749204303