fix: BFF_ALLOWED_REDIRECT_URIS as array

[busla]

...

Attach a link to issue if relevant

What

Specify what you're trying to achieve

Why

Specify why you need to achieve this

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• New Features

  • Enhanced configuration structure for allowed redirect URIs in the admin service.
  • Updated health check path for the web service to improve readiness state determination.

• Bug Fixes

  • Adjusted scaling parameters for multiple services to optimize performance.

• Chores

  • Updated environment variables for various services to refine runtime configurations.

[coderabbitai]

Walkthrough

The pull request introduces several modifications to service configurations within the charts/islandis/values.prod.yaml and infra/src/dsl/bff.ts files. Key changes include the update of the BFF_ALLOWED_REDIRECT_URIS environment variable in services-bff-portals-admin from a string to a JSON array format. The readiness health check path for the web service has been changed to /readiness, and Horizontal Pod Autoscaler settings have been adjusted across multiple services. Additionally, various environment variables have been updated to refine runtime configurations.

Changes

File Path	Change Summary
charts/islandis/values.prod.yaml	- Updated BFF_ALLOWED_REDIRECT_URIS in services-bff-portals-admin from string to JSON array. - Changed readiness health check path in web from /liveness to /readiness. - Adjusted HPA settings for services-bff-portals-admin, user-notification, and services-university-gateway. - Updated various environment variables across services.
infra/src/dsl/bff.ts	- Modified bffConfig function to update BFF_ALLOWED_REDIRECT_URIS for production from string to JSON array.

Possibly related PRs

• feat(new-primary-school): Data implementation and remove not used pages #16096: This PR modifies the readiness health check path to /readiness, which is consistent with the changes made in the main PR regarding health check paths.
• fix(clients): prod path #16554: This PR also updates the readiness health check paths and modifies environment variables, including changes to the XROAD_JUDICIAL_SYSTEM_SP_PATH, which may relate to the overall configuration adjustments seen in the main PR.
• fix(intellectual-properties): Fix invalid xroad urls #16664: Similar to the main PR, this PR updates the readiness health check paths and modifies environment variables, indicating a focus on standardizing service configurations.
• fix(services-bff): Fix bff proxy download service aws cognito #16719: This PR includes updates to the ingress configuration for the services-bff-portals-admin, which aligns with the changes made to the services-bff-portals-admin section in the main PR regarding environment variables and overall service configuration.

Suggested labels

automerge

Suggested reviewers

• thordurhhh

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[svanaeinars]

LGTM

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

infra/src/dsl/bff.ts (1)

Line range hint 1-89: Consider adding DSL documentation

The DSL configuration is well-structured but lacks documentation explaining the purpose of each environment variable and their expected formats. Consider adding JSDoc comments to improve maintainability.

Example addition:

/**
 * Generates BFF configuration for different environments
 * @param {BffInfo} config - BFF configuration parameters
 * @returns {Object} Environment-specific configuration including:
 *   - IDENTITY_SERVER_* - Identity server connection settings
 *   - BFF_* - BFF-specific settings including redirect URIs (as JSON arrays)
 */
export const bffConfig = ({ key, services, clientName, clientId }: BffInfo) => {

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 3a971c5 and a199e47.

📒 Files selected for processing (2)

• charts/islandis/values.prod.yaml (1 hunks)
• infra/src/dsl/bff.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

infra/src/dsl/bff.ts (1)

Pattern infra/src/dsl/**/*: "Confirm that the code adheres to the following:

• The clarity and expressiveness of the DSL syntax.
• Integration with Helm charts and Kubernetes resources.
• Documentation on how to use the DSL to create complex Helm values."

🔇 Additional comments (1)

infra/src/dsl/bff.ts (1)

55-55: LGTM: Format consistency improvement

The change to use json(['https://island.is']) aligns the production configuration with other environments and provides proper type safety through array format.

Let's verify the usage of this configuration across the codebase:

✅ Verification successful

Change is safe: BFF already expects array format

The verification confirms this is a safe change:

• The BFF config (bff.config.ts) uses env.requiredJSON() to parse the value, expecting JSON array format
• Test setup already uses array format: '["http://test-client.com/testclient"]'
• All environment values files (dev, staging, prod) already use JSON array string format
• The change in the DSL only standardizes the configuration generation, while maintaining the expected array format

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any direct string references to BFF_ALLOWED_REDIRECT_URIS
# to ensure all consumers expect array format

rg -l "BFF_ALLOWED_REDIRECT_URIS" --type ts --type yaml

Length of output: 319

---

Script:

#!/bin/bash
# Check how BFF_ALLOWED_REDIRECT_URIS is used in the configuration and tests
rg "BFF_ALLOWED_REDIRECT_URIS" -A 5 -B 5 apps/services/bff/src/app/bff.config.ts apps/services/bff/test/setup.ts

Length of output: 2001

---

Script:

#!/bin/bash
# Check the values files to see how this is configured in different environments
rg "BFF_ALLOWED_REDIRECT_URIS" -A 2 -B 2 charts/islandis/values.*.yaml

Length of output: 1458

[coderabbitai]

💡 Codebase verification

⚠️ Potential issue

Additional redirect URIs needed for production environment

Based on the seeder files and configuration analysis, the current BFF_ALLOWED_REDIRECT_URIS setting is incomplete. The following paths should also be included:

• https://island.is/umsoknir/signin-oidc
• https://island.is/umsoknir/silent/signin-oidc

These URIs are used in production as evidenced by the seeder file 20210323153127-applications-redirecturis.js and are essential for the application's authentication flow to work correctly.

🔗 Analysis chain

Verify completeness of allowed redirect URIs list

The change to make BFF_ALLOWED_REDIRECT_URIS an array is correct, but please verify if "https://island.is" is the only allowed redirect URI needed for production. Common patterns often require additional URLs like:

• www subdomain variant
• Development/staging environments
• Additional valid paths

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for current redirect URI usage in the codebase
rg -l "redirect.*island\.is"

Length of output: 307

---

Script:

#!/bin/bash
# Check content of seeder files for redirect URIs
cat libs/auth-api-lib/seeders/20210426083138-add-admin-uris.js libs/auth-api-lib/seeders/20210323153127-applications-redirecturis.js

# Search for redirect URI configurations in the codebase
rg -A 5 "redirectUri|redirect_uri|REDIRECT_URI" --type yaml

Length of output: 10676