stacklok / toolhive / 28310930043
67%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 762
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 67.449% (+0.01%) from 67.439%
28310930043

push

github

web-flow 
Expose InsecureAllowHTTP on EmbeddedAuthServerConfig for VirtualMCPServer (#5671)

* Expose InsecureAllowHTTP on EmbeddedAuthServerConfig for VirtualMCPServer

Implements changes for issue #5668:
- Add InsecureAllowHTTP bool to EmbeddedAuthServerConfig CRD field so
  deployers can explicitly opt in to http:// issuers for in-cluster
  Kubernetes deployments on trusted pod networks
- Add admission-time validation in validateAuthServerConfig that sets
  AuthServerConfigValidated=False when an http:// non-localhost issuer
  is used without InsecureAllowHTTP, surfacing the error via operator
  conditions instead of a pod startup crash
- Add InsecureAllowHTTP to authserver.RunConfig and authserver.Config;
  update validateIssuerURL to accept and respect the flag
- Wire InsecureAllowHTTP from the CRD field through BuildAuthServerRunConfig
  and the embedded authserver runner into Config.Validate()
- Regenerate deepcopy, CRD YAML manifests, and CRD API docs

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Address review feedback for InsecureAllowHTTP

- Add InsecureAllowHTTP test cases to TestBuildAuthServerRunConfig to
  verify the CRD field propagates to RunConfig
- Add comment explaining why the url.Parse error guard in
  validateAuthServerConfig is safe (CRD regex pre-validates at admission)

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Regenerate server API docs after InsecureAllowHTTP changes

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Fix doc scoping, guard correctness, and error idioms

Addresses stacklok/toolhive#5671 review comments:
- MEDIUM mcpexternalauthconfig_types.go (3487247015): Scope InsecureAllowHTTP
  admission check description to VirtualMCPServer; note MCPServer/MCPRemoteProxy
  defer to pod-startup Config.Validate(), matching the precedent set by
  the primaryUpstreamProvider comment above it. Regenerate CRD YAML and docs.
- LOW mcpexternalauthconfig_... (continued)

51 of 55 new or added lines in 5 files covered. (92.73%)

7 existing lines in 4 files now uncovered.

69816 of 103510 relevant lines covered (67.45%)

65.12 hits per line

Uncovered Changes

Lines Coverage File
2
65.09
 0.33% cmd/thv-operator/controllers/virtualmcpserver_controller.go
2
14.05
 0.0% pkg/vmcp/auth/types/zz_generated.deepcopy.go

Coverage Regressions

Lines Coverage File
2
93.94
 -6.06% pkg/foreach/foreach.go
2
94.77
 -1.31% pkg/vmcp/composer/dag_executor.go
2
67.21
 0.17% pkg/workloads/manager.go
1
14.05
 0.0% pkg/vmcp/auth/types/zz_generated.deepcopy.go
Jobs
ID Job ID Ran Files Coverage
1 28310930043.1 762
67.45
 GitHub Action Run
Source Files on build 28310930043