Skip to content

HYPERFLEET-1146 - docs: update development env configuration#224

Open
ldornele wants to merge 2 commits into
openshift-hyperfleet:mainfrom
ldornele:HYPERFLEET-1146
Open

HYPERFLEET-1146 - docs: update development env configuration#224
ldornele wants to merge 2 commits into
openshift-hyperfleet:mainfrom
ldornele:HYPERFLEET-1146

Conversation

@ldornele

@ldornele ldornele commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary

Documents the analysis and decision for HYPERFLEET-1146: keep e_development.go with improved documentation and add production security warnings to deployment guides.

Changes

Documentation Updates

  • docs/deployment.md:

    • Added production security warning table highlighting JWT/TLS/Database defaults
    • Clarified Helm chart default (false) vs application default (true) for JWT
    • Added best practice: never set HYPERFLEET_ENV=development in production

  • docs/development.md:

    • Added "Development Environment Configuration" section documenting HYPERFLEET-1146 analysis
    • Explained when to use HYPERFLEET_ENV=development vs make run-no-auth vs production mode
    • Documented correct CLI flags (--server-https-enabled, --db-ssl-mode)

Decision

KEEP e_development.go — Provides semantic "development mode" that forces JWT/TLS/DB SSL off with one environment variable. More convenient than three separate flags, consistent with test environments,
and production-safe (EnvironmentDefault = ProductionEnv).

Follow-up Work

  • HYPERFLEET-1235: Complete E2E JWT/TLS architecture assessment
    • Investigate TLS termination architecture (application vs infrastructure)
    • Determine JWT approach (GCP Identity Token vs Mock OIDC)
    • Finalize E2E test security enablement effort estimate

Testing

  • ✅ Documentation review via /review-local
  • ✅ Links validated (api-operator-guide.md exists)
  • ✅ No code changes — documentation only

Related Issues

  • Closes: HYPERFLEET-1146
  • Follow-up: HYPERFLEET-1235

@openshift-ci openshift-ci Bot requested review from Mischulee and tirthct June 17, 2026 02:34
@openshift-ci

openshift-ci Bot commented Jun 17, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign sherine-k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: acced54e-eb73-4519-a4df-8af29a6f266d

📥 Commits

Reviewing files that changed from the base of the PR and between 2655255 and cedcab3.

📒 Files selected for processing (1)
  • docs/deployment.md
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
✅ Files skipped from review due to trivial changes (1)
  • docs/deployment.md
📝 Walkthrough

Summary by CodeRabbit

  • Documentation
    • Added a Production Security Warning section with a mandatory checklist covering required Helm settings for JWT authentication, TLS, and secure database configuration
    • Expanded deployment documentation with a Helm Values reference, including clarified default behavior for JWT enablement
    • Updated the development guide with guidance on secure production defaults versus development-only insecure settings, plus alternatives for configuring JWT/TLS/DB SSL

Walkthrough

docs/deployment.md adds a "Production Security Warning" section with a table of required Helm settings (JWT auth, TLS, external database) and link to the API Operator Guide. The documented Helm default for config.server.jwt.enabled is corrected to false, with a note that the application default remains true. A production best-practices entry explicitly prohibits HYPERFLEET_ENV=development.

docs/development.md replaces prior make run-no-auth/binary-flag guidance with a note that production is the default runtime environment. A new "Development Environment Configuration" section documents that HYPERFLEET_ENV=development forces JWT, TLS, and DB SSL off and is strictly a local development switch, while production deployments must rely on EnvironmentDefault (ProductionEnv) or explicit Helm values.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Security Review Notes

CWE-276 (Incorrect Default Permissions) / CWE-665 (Improper Initialization): The Helm values.yaml default for config.server.jwt.enabled must be verified against the actual chart. If the shipped Helm default is false but the code's EnvironmentDefault is ProductionEnv (JWT on), confirm the initialization wire-up closes any gap where a fresh deployment could boot without JWT enforcement. Verify EnvironmentDefaultProductionEnv initialization path sets JWT/TLS/DB SSL to true with no intervening default-to-false override.

CWE-732 (Incorrect Permission Assignment): The HYPERFLEET_ENV=development environment variable is a broad insecure-mode flag disabling JWT, TLS, and DB SSL simultaneously. Documentation prohibition alone does not prevent injection: verify no Helm chart, operator controller, or pod mutation webhook can introduce HYPERFLEET_ENV=development into production namespaces. If running on OpenShift, enforce via ValidatingWebhookConfiguration rejecting HYPERFLEET_ENV=development in non-development namespaces.

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
No Hardcoded Secrets ⚠️ Warning Hardcoded database password 'secretpassword' added at line 542 of docs/deployment.md in GKE example (CWE-798: Use of Hardcoded Credentials). Replace 'secretpassword' with placeholder like '' or 'CHANGE-ME' to match line 91 pattern.
✅ Passed checks (10 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: documentation updates for HYPERFLEET-1146 addressing development environment configuration.
Description check ✅ Passed The description is directly related to the changeset, documenting the decision to keep e_development.go and providing production security warnings.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed Documentation-only PR modifying docs/deployment.md and docs/development.md. No code files or log statements with secrets found. Check applies only to code logging statements (CWE-532).
No Weak Cryptography ✅ Passed Pull request is documentation-only with changes to docs/deployment.md and docs/development.md. No code files modified; no weak cryptographic primitives (MD5, DES, RC4, SHA1), ECB mode, custom crypt...
No Injection Vectors ✅ Passed PR contains documentation-only changes. No code modifications present. Injection vectors (CWE-89, CWE-78, CWE-79, CWE-502) cannot be introduced in documentation files.
No Privileged Containers ✅ Passed PR contains only documentation updates to docs/deployment.md and docs/development.md. No Kubernetes manifests, Helm templates, or Dockerfiles were modified, making the privileged container check no...
No Pii Or Sensitive Data In Logs ✅ Passed Documentation-only PR with no source code changes. Check targets logging statements (slog, logr, zap, fmt.Print*); none present. No PII or sensitive data exposed in documentation examples.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
✨ Simplify code
  • Create PR with simplified code

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Jun 17, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
docs/deployment.md (2)

293-320: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Duplicate "Helm Values Reference" tables—merge artifact.

The document contains two largely overlapping "Helm Values Reference" tables: one at lines 293–320 (inside merge conflict) and another at lines 377–402 (after "Custom Values File" example). Both describe the same Helm parameters (image.registry, image.repository, config.server.jwt.enabled, database options, etc.) with minor variations in row ordering and descriptions.

After resolving the merge conflicts above, consolidate these into a single authoritative reference table to avoid operator confusion.

Also applies to: 377-402

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/deployment.md` around lines 293 - 320, The document contains two
duplicate "Helm Values Reference" tables describing the same parameters with
minor variations in ordering and descriptions. Consolidate these overlapping
tables (one at lines 293-320 within the merge conflict section and another at
lines 377-402 after the "Custom Values File" example) into a single
authoritative reference table. Keep the table with the clearest and most
complete descriptions for each parameter, remove the duplicate table entirely,
and ensure all unique parameter entries are represented in the final
consolidated version to prevent operator confusion.

291-321: ⚠️ Potential issue | 🔴 Critical

Unresolved merge conflicts block documentation.

Lines 291–321 contain merge conflict markers around a "Helm Values" section (clean addition—HEAD is empty, incoming adds 20+ parameter descriptions). Lines 500–511 contain a second conflict: HEAD describes configuration file trust boundary and operator responsibility; incoming adds production best-practice bullets (environment defaults, external database, secrets, JWT, image tags, PDB, health probes). Both conflicts must be resolved before merge.

Conflict 1 is a pure insert. Conflict 2 needs reconciliation—the trust boundary note (line 501) and the hardening checklist (lines 503–510) are complementary, not mutually exclusive. Resolve by removing markers and merging relevant content, or choose one branch if intentional.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/deployment.md` around lines 291 - 321, The documentation file contains
two unresolved merge conflicts marked by HEAD/incoming branches. For the first
conflict at the "Helm Values" section: remove the conflict markers and keep the
entire table of parameter descriptions from the incoming branch since HEAD is
empty. For the second conflict around the configuration and production best
practices section: remove the conflict markers and combine both the trust
boundary note and the hardening checklist bullets from both branches since they
are complementary and both provide valuable documentation. Ensure all merge
conflict markers (<<<<<<< HEAD, =======, >>>>>>> branch name) are completely
removed after resolving.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docs/deployment.md`:
- Around line 500-511: The docs/deployment.md file contains unresolved merge
conflicts marked with `<<<<<<<`, `=======`, and `>>>>>>>` markers in the
configuration security section (around lines 500-511). The HEAD version
discusses configuration file path trust boundaries and permission safety
responsibilities, while the incoming version from commit 9ec002c contains
production deployment best practices. Resolve this conflict by either selecting
one version, or better yet, merge both versions coherently since they address
complementary security concerns — keep the trust boundary and permission safety
explanation from HEAD and integrate the production hardening checklist items
from the incoming version into a unified security guidance section that covers
both conceptual trust boundaries and practical deployment hardening steps.

---

Outside diff comments:
In `@docs/deployment.md`:
- Around line 293-320: The document contains two duplicate "Helm Values
Reference" tables describing the same parameters with minor variations in
ordering and descriptions. Consolidate these overlapping tables (one at lines
293-320 within the merge conflict section and another at lines 377-402 after the
"Custom Values File" example) into a single authoritative reference table. Keep
the table with the clearest and most complete descriptions for each parameter,
remove the duplicate table entirely, and ensure all unique parameter entries are
represented in the final consolidated version to prevent operator confusion.
- Around line 291-321: The documentation file contains two unresolved merge
conflicts marked by HEAD/incoming branches. For the first conflict at the "Helm
Values" section: remove the conflict markers and keep the entire table of
parameter descriptions from the incoming branch since HEAD is empty. For the
second conflict around the configuration and production best practices section:
remove the conflict markers and combine both the trust boundary note and the
hardening checklist bullets from both branches since they are complementary and
both provide valuable documentation. Ensure all merge conflict markers (<<<<<<<
HEAD, =======, >>>>>>> branch name) are completely removed after resolving.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: cdd4aafa-eb80-4d4d-9fb1-e4ff8839a8d5

📥 Commits

Reviewing files that changed from the base of the PR and between 9ec002c and 2655255.

📒 Files selected for processing (2)
  • docs/deployment.md
  • docs/development.md
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)

Comment thread docs/deployment.md Outdated
@hyperfleet-ci-bot

hyperfleet-ci-bot Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

Risk Score: 0 — risk/low

Signal Detail Points
PR size 116 lines +0
Sensitive paths none +0

Computed by hyperfleet-risk-scorer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@Mischulee Mischulee Awaiting requested review from Mischulee

@tirthct tirthct Awaiting requested review from tirthct

Assignees

No one assigned

Labels

risk/low

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ldornele