feat: consolidate TLS flags into single --insecure option#333
feat: consolidate TLS flags into single --insecure option#333mangelajo merged 20 commits intojumpstarter-dev:mainfrom
Conversation
✅ Deploy Preview for jumpstarter-docs ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughConsolidates multiple TLS/insecure CLI flags into a single Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant User as User
participant CLI as CLI (jmp)
participant Auth as AuthServer
participant Config as LocalConfig
rect rgba(200,200,255,0.5)
User->>CLI: run `jmp login --insecure [--nointeractive]`
end
CLI->>CLI: confirm_insecure(insecure, nointeractive)
CLI->>Auth: fetch_auth_config(login_endpoint, insecure)
Auth-->>CLI: auth config (or error)
CLI->>Config: build TLSConfig(insecure)
CLI->>Auth: perform token exchange using TLSConfig
Auth-->>CLI: token / error
CLI->>Config: save credentials
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@python/packages/jumpstarter-cli/jumpstarter_cli/login.py`:
- Around line 30-33: The code currently only adds a scheme when missing, which
allows an explicit "http://" login_endpoint to bypass the insecure flag; update
the logic in the login function (where login_endpoint and insecure are handled)
to first check for an explicit "http://" prefix and, if present and insecure is
False, fail/require confirmation (i.e., raise or surface the same
warning/confirmation path), otherwise proceed; only if no scheme is present
(login_endpoint does not start with "http://" or "https://") should you
normalize by prepending scheme = "http" if insecure else "https". Ensure you
reference and enforce the insecure flag when
login_endpoint.startswith("http://") so explicit HTTP endpoints cannot bypass
the gate.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: eafff20c-ca0f-4672-9f80-b788be09119e
📒 Files selected for processing (12)
.gitignoree2e/tests.batspython/docs/source/getting-started/configuration/authentication.mdpython/docs/source/getting-started/guides/setup-distributed-mode.mdpython/packages/jumpstarter-cli-admin/jumpstarter_cli_admin/create.pypython/packages/jumpstarter-cli-admin/jumpstarter_cli_admin/create_test.pypython/packages/jumpstarter-cli-admin/jumpstarter_cli_admin/import_res.pypython/packages/jumpstarter-cli-admin/jumpstarter_cli_admin/import_res_test.pypython/packages/jumpstarter-cli-common/jumpstarter_cli_common/opt.pypython/packages/jumpstarter-cli-common/jumpstarter_cli_common/opt_test.pypython/packages/jumpstarter-cli/jumpstarter_cli/login.pypython/packages/jumpstarter-driver-flashers/README.md
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@python/packages/jumpstarter-cli/jumpstarter_cli/login_test.py`:
- Around line 13-17: The test test_fetch_auth_config_allows_http_with_insecure
currently relies on a real network failure; instead, patch
aiohttp.ClientSession.get (or use a local async test server) to make the test
deterministic: mock ClientSession.get to capture the requested URL and ensure it
is called with "http://login.example.com" when invoking
fetch_auth_config("http://login.example.com", insecure=True), then either return
a controlled mock response or raise a specific, expected exception and assert
the call occurred; update the assertion to verify the mocked call was made and
that insecure=True path in fetch_auth_config was exercised rather than catching
any Exception.
In `@python/packages/jumpstarter-cli/jumpstarter_cli/login.py`:
- Line 120: The current confirm_insecure(insecure, nointeractive) call
under-warns the case where a scheme-less login_target will fall back to plain
HTTP; update the login flow so the user sees an explicit HTTP fallback warning:
after parsing login_target into its endpoint (the code that resolves/normalizes
the target), either (A) call a new login-specific prompt (e.g.,
confirm_insecure_login(...)) that mentions "TLS disabled and will use plain HTTP
for this endpoint" or (B) extend confirm_insecure to accept a parameter like
will_use_http (or parsed_endpoint) and include the HTTP-specific text when true;
adjust the call site in login.py to pass the parsed endpoint/flag and ensure
nointeractive behavior is preserved.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: bd544a98-24bd-463d-bafd-003f1ccca04e
📒 Files selected for processing (2)
python/packages/jumpstarter-cli/jumpstarter_cli/login.pypython/packages/jumpstarter-cli/jumpstarter_cli/login_test.py
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@python/packages/jumpstarter-cli-common/jumpstarter_cli_common/opt.py`:
- Around line 102-105: Update the confirmation prompt in confirm_insecure to
reflect the broader "insecure mode" semantics (not just TLS verification) by
changing the message passed to click.confirm to mention that insecure mode may
disable TLS verification and allow plain HTTP; keep the same conditional flow
and abort behavior in the confirm_insecure function so the prompt text (in
confirm_insecure) is the only change.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 69258c9b-eb49-4fd8-9aa6-96bb5ef884ad
📒 Files selected for processing (1)
python/packages/jumpstarter-cli-common/jumpstarter_cli_common/opt.py
python/packages/jumpstarter-cli-common/jumpstarter_cli_common/opt.py
Outdated
Show resolved
Hide resolved
|
Insecure could mean a few things: I would suggest the behavior is instead: I think it's better to be explicit about what is insecure, tls in this case. But I would like to hear @bennyz @kirkbrauer @bkhizgiy |
raballew
force-pushed
the
003-fix-tls-flag-naming
branch
2 times, most recently
from
8b91d28 to
35f6bb3
Compare
Resolves jumpstarter-dev#318 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…flags Consolidate all TLS/insecure flags into a single --insecure flag. Remove --insecure-login-tls and --insecure-login-http since --insecure covers the entire connection chain including login endpoint. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The e2e login test still used the removed --insecure-login-http flag, causing 5 cascading test failures in CI. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace generic confirm_insecure with login-specific prompt that warns about both TLS disabled and plain HTTP usage - Mock aiohttp.ClientSession in test to avoid network dependency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…n login Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
raballew
force-pushed
the
003-fix-tls-flag-naming
branch
from
b0cea48 to
2d9a111
Compare
…eases Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@mangelajo I do agree that some of these flags are unnecessarily long, especially if they are required to be used often. However, having the arguments be longer is good to discourage use, but that's a bit premature here since it's still required as part of some of our setup instructions. If we are able to eliminate the need for many of these flags, then combining them might be fine as the user is just accepting risk whenever they use the flag such as |
|
I agree with @kirkbrauer I would propose: Then If --insecure-tls is passed and no URL scheme is provided for login, HTTPS + insecure TLS is used; otherwise http:// schema needs to be explicitly specified. WDYT? |
Keep both the insecure flag aliases from this branch and the validate_name function added on main. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The flag now only controls TLS certificate verification and no longer implies HTTP. When --insecure-tls is passed without a URL scheme, HTTPS is used with verification disabled. Plain HTTP requires explicit http:// in the URL. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
python/docs/source/getting-started/guides/setup-distributed-mode.md
Outdated
Show resolved
Hide resolved
…equests The --insecure-tls flag was only applied to the initial login endpoint fetch but not to subsequent OIDC discovery and token exchange requests, causing TLS handshake failures in environments with self-signed certs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…unused import Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
mangelajo
left a comment
mangelajo
left a comment
There was a problem hiding this comment.
just one nit with the flashers README.md change
…sue ref Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@raballew the simplified login fails now for some reason: all subsequent failures seem to be related to the failed login. |
raballew
left a comment
raballew
left a comment
There was a problem hiding this comment.
The e2e failure is because LOGIN_ENDPOINT is a plain HTTP server (login.${BASEDOMAIN}:8086), but with the flag consolidation, --insecure-tls only disables certificate verification — it still defaults to https:// when no scheme is given.
The fix is to explicitly specify the http:// scheme in the test:
- run jmp login test-client-oidc@${LOGIN_ENDPOINT} --insecure-tls --nointeractive \
+ run jmp login test-client-oidc@http://${LOGIN_ENDPOINT} --insecure-tls --nointeractive \The login endpoint in e2e is plain HTTP, so the test must specify the http:// scheme explicitly since --insecure-tls only disables certificate verification but still defaults to https://. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3 participants
Summary
--insecure-tls-config/--insecure-tlsto--insecureacross all CLI commands--insecure-login-tlsand--insecure-login-httpfromjmp login----insecurenow covers the entire connection chain--insecureis passed and no URL scheme is provided for login, HTTP is used; otherwise HTTPS with TLS verification disabledjmp login,jmp-admin create client/exporter,jmp-admin import client/exporterCloses #318
Test plan
--insecureflag accepted and defaults to falsejmp login --helpshows only--insecure, no--insecure-tls-*or--insecure-login-*flagsjmp-admin create client --helpshows--insecurejmp-admin create exporter --helpshows--insecurejmp-admin import client --helpshows--insecurejmp-admin import exporter --helpshows--insecure🤖 Generated with Claude Code
Summary by CodeRabbit
Documentation
Refactor
New Features
Tests
Chores