Skip to content

feat: add MULTI_TENANT_ALLOW_INSECURE_HTTP env var for explicit HTTP …#627

Merged
arthurkz merged 1 commit intodevelopfrom
feature/multi-tenant-allow-insecure-http
Apr 14, 2026
Merged

feat: add MULTI_TENANT_ALLOW_INSECURE_HTTP env var for explicit HTTP …#627
arthurkz merged 1 commit intodevelopfrom
feature/multi-tenant-allow-insecure-http

Conversation

@brunobls
Copy link
Copy Markdown
Member

@brunobls brunobls commented Apr 14, 2026

…control

Replace implicit insecure HTTP auto-detection (URL prefix + env check) with an explicit environment variable, giving operators direct control over whether plaintext HTTP is allowed for tenant-manager connections.

Pull Request Checklist

Pull Request Type

  • Manager
  • Worker
  • Frontend
  • Infrastructure
  • Packages
  • Pipeline
  • Tests
  • Documentation

Checklist

Please check each item after it's completed.

  • I have tested these changes locally.
  • I have updated the documentation accordingly.
  • I have added necessary comments to the code, especially in complex areas.
  • I have ensured that my changes adhere to the project's coding standards.
  • I have checked for any potential security issues.
  • I have ensured that all tests pass.
  • I have updated the version appropriately (if applicable).
  • I have confirmed this code is ready for review.

Additional Notes

Obs: Please, always remember to target your PR to develop branch instead of main.

@brunobls @claude
feat: add MULTI_TENANT_ALLOW_INSECURE_HTTP env var for explicit HTTP …
f865e21 
…control

Replace implicit insecure HTTP auto-detection (URL prefix + env check)
with an explicit environment variable, giving operators direct control
over whether plaintext HTTP is allowed for tenant-manager connections.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@brunobls brunobls requested review from a team as code owners April 14, 2026 16:11
@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented Apr 14, 2026

🔒 Security Scan Results — manager

Trivy

Filesystem Scan

✅ No vulnerabilities or secrets found.

Docker Image Scan

✅ No vulnerabilities found.

Docker Hub Health Score Compliance

✅ Policies — 4/4 met

Policy Status
Default non-root user ✅ Passed
No fixable critical/high CVEs ✅ Passed
No high-profile vulnerabilities ✅ Passed
No AGPL v3 licenses ✅ Passed

🔍 View full scan logs

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 14, 2026
edited
Loading

Walkthrough

This pull request introduces a new configuration flag MULTI_TENANT_ALLOW_INSECURE_HTTP to control insecure HTTP support in multi-tenant deployments. The flag replaces previous heuristic-based logic that checked URL schemes and environment names, replacing it with explicit configuration across both manager and worker components.

Changes

Cohort / File(s) Summary
Manager Component - Multi-tenant Insecure HTTP Configuration
components/manager/.env.example, components/manager/internal/bootstrap/config.go, components/manager/internal/bootstrap/init_tenant.go		 Added new MULTI_TENANT_ALLOW_INSECURE_HTTP configuration entry with default value false. Updated newTenantManagerClient to apply insecure HTTP setting via explicit config flag instead of URL scheme and environment name heuristics.
Worker Component - Multi-tenant Insecure HTTP Configuration
components/worker/.env.example, components/worker/internal/bootstrap/config.go, components/worker/internal/bootstrap/config_multitenant.go		 Added new MULTI_TENANT_ALLOW_INSECURE_HTTP configuration entry with default value false. Updated newTenantManagerClient and initMultiTenantConsumerWithRedis to apply insecure HTTP setting via explicit config flag. Multi-tenant consumer now receives the flag via mtConfig.AllowInsecureHTTP.

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Comment @coderabbitai help to get the list of available commands and usage tips.

@lerian-studio
Copy link
Copy Markdown
Contributor

lerian-studio commented Apr 14, 2026

🔒 Security Scan Results — worker

Trivy

Filesystem Scan

✅ No vulnerabilities or secrets found.

Docker Image Scan

✅ No vulnerabilities found.

Docker Hub Health Score Compliance

✅ Policies — 4/4 met

Policy Status
Default non-root user ✅ Passed
No fixable critical/high CVEs ✅ Passed
No high-profile vulnerabilities ✅ Passed
No AGPL v3 licenses ✅ Passed

🔍 View full scan logs

coderabbitai[bot]
coderabbitai bot requested changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@components/manager/internal/bootstrap/config.go`:
- Line 128: The manager currently rejects MULTI_TENANT_URL with an http scheme
in production regardless of the new MultiTenantAllowInsecureHTTP flag; update
the manager config validation logic that checks MULTI_TENANT_URL to
conditionally allow http URLs when the MultiTenantAllowInsecureHTTP bool is true
(i.e., only reject http in production when that flag is false), ensure the
validation references the MultiTenantAllowInsecureHTTP field when deciding to
error, and add/update unit tests to cover both true and false flag cases.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 22bd9465-37b4-4659-96ff-27d636495b41

📥 Commits

Reviewing files that changed from the base of the PR and between 745938d and f865e21.

📒 Files selected for processing (6)
  • components/manager/.env.example
  • components/manager/internal/bootstrap/config.go
  • components/manager/internal/bootstrap/init_tenant.go
  • components/worker/.env.example
  • components/worker/internal/bootstrap/config.go
  • components/worker/internal/bootstrap/config_multitenant.go

Comment thread components/manager/internal/bootstrap/config.go
@arthurkz arthurkz merged commit 8df2631 into develop Apr 14, 2026
9 checks passed
@arthurkz arthurkz deleted the feature/multi-tenant-allow-insecure-http branch April 14, 2026 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arthurkz arthurkz arthurkz approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

@brunobls brunobls

Labels

area: manager area: worker size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@brunobls @lerian-studio @arthurkz