Skip to content

HYPERFLEET-1147 - feat: enable caller identity header in API helm values #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
kuudori wants to merge 1 commit into
base: main
Choose a base branch
from
+18 −0
Open

HYPERFLEET-1147 - feat: enable caller identity header in API helm values #60

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions helmfile/configs/base/adapters/adapter1/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
Comment on lines +184 to +185

@coderabbitai coderabbitai Bot Jun 25, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Do not hardcode the identity header name.

base-api.yaml.gotmpl makes config.server.identity_header configurable via API_IDENTITY_HEADER, and hyperfleet-api consumes that setting at runtime. Hardcoding X-HyperFleet-Identity here means any override will stop adapter status calls from sending the header the API actually reads, breaking audit attribution for these updates (CWE-345). Drive this header name from the same rendered value source as the API config.

As per path instructions, "All env vars are defined with ?= in the env files, so values can be overridden on the CLI (use this to verify API_IDENTITY_HEADER overrides behavior)."

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@helmfile/configs/base/adapters/adapter1/adapter-task-config.yaml` around
lines 184 - 185, The adapter task config is hardcoding the identity header name
instead of using the same configurable source as the API. Update the header
entry in the adapter task configuration to be driven by the rendered value
derived from API_IDENTITY_HEADER, matching the identity header setting used by
base-api.yaml.gotmpl and consumed by hyperfleet-api at runtime. Keep the
identity value as-is, but make the header name overridable through the same
config path so status calls continue sending the header the API expects when the
env var is changed.

Sources: Path instructions, Linked repositories

- name: "Content-Type"
value: "application/json"
body: "{{ .statusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/configs/base/adapters/adapter2/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -381,6 +381,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
- name: "Content-Type"
value: "application/json"
body: "{{ .statusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/configs/base/adapters/adapter3/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/nodepools/{{ .nodepoolId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
- name: "Content-Type"
value: "application/json"
body: "{{ .statusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/configs/e2e/adapters/cl-deployment/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
- name: "Content-Type"
value: "application/json"
body: "{{ .clusterStatusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/configs/e2e/adapters/cl-job/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
- name: "Content-Type"
value: "application/json"
body: "{{ .clusterStatusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/configs/e2e/adapters/cl-maestro/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
- name: "Content-Type"
value: "application/json"
body: "{{ .statusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/configs/e2e/adapters/cl-namespace/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
- name: "Content-Type"
value: "application/json"
body: "{{ .clusterStatusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/configs/e2e/adapters/np-configmap/adapter-task-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,8 @@ post:
method: "PUT"
url: "/clusters/{{ .clusterId }}/nodepools/{{ .nodepoolId }}/statuses"
headers:
- name: "X-HyperFleet-Identity"
value: "adapter@adapter.local"
- name: "Content-Type"
value: "application/json"
body: "{{ .nodepoolStatusPayload }}"
2 changes: 2 additions & 0 deletions helmfile/values/base-api.yaml.gotmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ service:
type: {{ .Values.serviceType }}

config:
server:
identity_header: {{ env "API_IDENTITY_HEADER" | default "X-HyperFleet-Identity" }}
adapters:
required:
cluster:
Expand Down