Skip to content

LCORE-973: Updated TLS configuration#844

Merged
tisnik merged 2 commits into
lightspeed-core:mainfrom
tisnik:lcore-973-tls-configuration
Nov 26, 2025
Merged

LCORE-973: Updated TLS configuration#844
tisnik merged 2 commits into
lightspeed-core:mainfrom
tisnik:lcore-973-tls-configuration

Conversation

@tisnik
Copy link
Copy Markdown
Contributor

@tisnik tisnik commented Nov 26, 2025
edited by coderabbitai Bot
Loading

Description

LCORE-973: Updated TLS configuration

Type of change

  • Refactor
  • New feature
  • Bug fix
  • CVE fix
  • Optimization
  • Documentation Update
  • Configuration Update
  • Bump-up service version
  • Bump-up dependent library
  • Bump-up library or tool used for development (does not change the final image)
  • CI configuration change
  • Konflux configuration change
  • Unit tests improvement
  • Integration tests improvement
  • End to end tests improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

  • Assisted-by: N/A
  • Generated by: N/A

Related Tickets & Documents

  • Related Issue #LCORE-973

Summary by CodeRabbit

  • Documentation
    • Expanded TLS documentation with "See also" references to HTTPS/TLS guidance.
    • Clarified TLS field descriptions (certificate, key, key password) and SQLite DB path description.
    • Renamed "Configuration options" to "Components" and added a Base URL section plus an APIs header for clearer structure.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Nov 26, 2025
edited
Loading

Walkthrough

Extended documentation and OpenAPI metadata for TLS and SQLite configuration: expanded TLSConfiguration class docstring and added "See also" links; updated field titles/descriptions for TLS and SQLiteDatabaseConfiguration.db_path; several generated docs/OpenAPI files updated. No runtime logic or validation changes.

Changes

Cohort / File(s) Summary
Code docstring
src/models/config.py		 Extended TLSConfiguration class docstring with a descriptive paragraph and "See also" links to FastAPI HTTPS deployment guidance and a TLS overview. No signature/behavior changes.
Generated OpenAPI / schema
docs/openapi.json, docs/openapi.md		 Updated schema metadata: TLSConfiguration description expanded (See also links); field titles/descriptions updated for tls_certificate_path, tls_key_path, tls_key_password; SQLiteDatabaseConfiguration.db_path title/description added. No type or required-property changes.
Rendered docs / markdown/html
docs/config.md, docs/config.html, docs/output.md		 Added "Base URL" section (empty table), renamed "Configuration options" → "Components", inserted TLS "See also" references, and expanded TLS/SQLite field descriptions across documentation pages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Scope: documentation and OpenAPI metadata updates only; no behavioral code changes.
  • Files to spot-check:
    • src/models/config.py — confirm docstring formatting and links are correct.
    • docs/openapi.json — verify field title/description strings and JSON syntax.
    • docs/config.html / docs/config.md — ensure docs render cleanly and duplicated "See also" entries are intentional.

Possibly related PRs

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately reflects the main changes in the PR, which focus on updating TLS configuration documentation and field descriptions across multiple files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Nov 26, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (5)
docs/openapi.json (5)

7187-7189: Fix capitalization, grammar, and add file-path format for SQLite db_path.

Use Title Case, clarify wording, and align with other path fields that specify format.

 "db_path": {
-    "type": "string",
-    "title": "DB path",
-    "description": "Path to file where SQLite database is stored"
+    "type": "string",
+    "format": "file-path",
+    "title": "DB Path",
+    "description": "Path to the file where the SQLite database is stored."
 }

7354-7356: Title case and clarify cert path semantics.

Match title casing and state pairing requirement with key path.

-        "title": "TLS certificate path",
-        "description": "SSL/TLS certificate file path for HTTPS support."
+        "title": "TLS Certificate Path",
+        "description": "PEM-encoded certificate file path for HTTPS support. Must be set together with tls_key_path."

7367-7369: Title case and clarify key path semantics.

Match title casing and note it must accompany the certificate path.

-        "title": "TLS key path",
-        "description": "SSL/TLS private key file path for HTTPS support."
+        "title": "TLS Key Path",
+        "description": "PEM-encoded private key file path for HTTPS support. Must be set together with tls_certificate_path."

7380-7382: Disambiguate password path naming and wording.

Title case; clarify language. Consider renaming the property in a future version to tls_key_password_path to match behavior (breaking change).

-        "title": "SSL/TLS key password path",
-        "description": "Path to file containing the password to decrypt the SSL/TLS private key."
+        "title": "TLS Key Password Path",
+        "description": "Path to a file containing the password used to decrypt the TLS private key."

7387-7387: Add explicit pairing rule to TLSConfiguration description (doc-only).

Append a note: “tls_certificate_path and tls_key_path must be provided together; tls_key_password is optional and only used if the key is encrypted.” Also consider JSON Schema dependentRequired to enforce this in tooling (optional).

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b50ee85 and 11b752e.

📒 Files selected for processing (5)
  • docs/config.html (2 hunks)
  • docs/config.md (2 hunks)
  • docs/openapi.json (4 hunks)
  • docs/openapi.md (2 hunks)
  • docs/output.md (2 hunks)
✅ Files skipped from review due to trivial changes (1)
  • docs/openapi.md
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-08-18T10:56:55.349Z 
Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:0-0
Timestamp: 2025-08-18T10:56:55.349Z
Learning: The lightspeed-stack project intentionally uses a "generic image" approach, bundling many dependencies directly in the base runtime image to work for everyone, rather than using lean base images with optional dependency groups.

Applied to files:

  • docs/config.md
🪛 markdownlint-cli2 (0.18.1)
docs/config.md

377-377: Bare URL used

(MD034, no-bare-urls)

378-378: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: build-pr
  • GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
  • GitHub Check: e2e_tests (ci)
  • GitHub Check: e2e_tests (azure)
🔇 Additional comments (5)
docs/config.md (2)

5-10: Empty Base URL section may need content.

The new "Base URL" section contains an empty table. Verify whether this is intentional as a placeholder or if it should be populated with the actual service base URL.

350-350: Documentation enhancements for TLS and SQLite configuration are clear and helpful.

The additions to TLSConfiguration (See also references and field descriptions) and SQLiteDatabaseConfiguration (db_path description) enhance user understanding. Field descriptions clarify the purpose of each TLS setting for HTTPS support.

Also applies to: 376-385

docs/output.md (1)

5-10: Base URL content and configuration field descriptions are well-populated.

The Base URL section in this file appropriately includes a realistic example (localhost:8080) and description for the OpenAPI context. The TLSConfiguration field descriptions and SQLiteDatabaseConfiguration db_path clarification are clear and helpful.

Also applies to: 4809-4809, 4881-4883

docs/config.html (2)

175-185: Empty Base URL section mirrors docs/config.md placeholder.

This HTML file inherits the empty Base URL table from the markdown source. Verify whether this is intentional or if it should be populated.

984-985: HTML rendering of configuration documentation is clean and well-structured.

The TLSConfiguration See also references and field descriptions render clearly in HTML. The SQLiteDatabaseConfiguration db_path description is properly displayed. The documentation structure supports user comprehension of TLS setup requirements.

Also applies to: 1001-1014, 925-925

Comment thread docs/config.md
Comment on lines +376 to +378
See also:
- https://fastapi.tiangolo.com/deployment/https/
- https://en.wikipedia.org/wiki/Transport_Layer_Security
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Wrap bare URLs in markdown link syntax.

The static analyzer flagged bare URLs (MD034). Wrap the links in markdown link syntax for proper formatting:

 See also:
-- https://fastapi.tiangolo.com/deployment/https/
-- https://en.wikipedia.org/wiki/Transport_Layer_Security
+- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
+- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
See also:
- https://fastapi.tiangolo.com/deployment/https/
- https://en.wikipedia.org/wiki/Transport_Layer_Security
See also:
- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)

377-377: Bare URL used

(MD034, no-bare-urls)

378-378: Bare URL used

(MD034, no-bare-urls)

🤖 Prompt for AI Agents 
In docs/config.md around lines 376 to 378, there are bare URLs listed which
trigger MD034; replace each bare URL with proper Markdown link syntax (e.g.
[FastAPI HTTPS docs](https://fastapi.tiangolo.com/deployment/https/) and
[Transport Layer Security -
Wikipedia](https://en.wikipedia.org/wiki/Transport_Layer_Security)) so the links
are wrapped in []() with a brief descriptive label.

Comment thread docs/output.md
Comment on lines +4874 to +4876
See also:
- https://fastapi.tiangolo.com/deployment/https/
- https://en.wikipedia.org/wiki/Transport_Layer_Security
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Wrap bare URLs in markdown link syntax (consistent with docs/config.md).

The See also links for TLSConfiguration should use markdown link syntax:

 See also:
-- https://fastapi.tiangolo.com/deployment/https/
-- https://en.wikipedia.org/wiki/Transport_Layer_Security
+- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
+- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
See also:
- https://fastapi.tiangolo.com/deployment/https/
- https://en.wikipedia.org/wiki/Transport_Layer_Security
See also:
- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)
🤖 Prompt for AI Agents 
In docs/output.md around lines 4874 to 4876, the "See also" section contains
bare URLs; update them to use Markdown link syntax (consistent with
docs/config.md) by replacing each bare URL with a bracketed link label and the
URL in parentheses (e.g., [FastAPI HTTPS docs](https://...) and [Transport Layer
Security - Wikipedia](https://...)), preserving order and punctuation.

@tisnik tisnik merged commit b26bc6a into lightspeed-core:main Nov 26, 2025
21 of 23 checks passed
@coderabbitai coderabbitai Bot mentioned this pull request Nov 26, 2025
Merged
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tisnik