Skip to content

Support configurable KB URL and bearer token#273

Open
soimkim wants to merge 1 commit into
mainfrom
auth
Open

Support configurable KB URL and bearer token#273
soimkim wants to merge 1 commit into
mainfrom
auth

Conversation

@soimkim
Copy link
Copy Markdown
Contributor

@soimkim soimkim commented May 25, 2026
edited by coderabbitai Bot
Loading

Description

Support configurable KB URL and bearer token.

Summary by CodeRabbit

  • New Features
    • Added --kb_url command-line option to specify custom KB API endpoints
    • Added --kb_token option for KB authentication with bearer tokens
    • KB configuration now supports flexible priority: command-line parameters override environment variables, which override defaults

Review Change Stack

@soimkim soimkim self-assigned this May 25, 2026
@soimkim soimkim added the enhancement [PR/Issue] New feature or request label May 25, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 25, 2026
edited
Loading

📝 Walkthrough

Walkthrough

KB endpoint and authentication token are now configurable via CLI flags (--kb_url, --kb_token) and environment variables instead of hardcoded, with priority ordering (parameter > environment > default). Bearer token authentication is added to KB API requests, and configuration is threaded through run_scanners(), health checks, and item enrichment.

Changes

Configurable KB Connection Parameters

Layer / File(s) Summary
KB Configuration Infrastructure
src/fosslight_source/_scan_item.py		 DEFAULT_KB_URL constant replaces the hardcoded KB_URL, and new resolve_kb_config() function normalizes KB URL and token from parameters, environment variables, or defaults with documented precedence.
CLI Input Interface
src/fosslight_source/_help.py, src/fosslight_source/cli.py		 New --kb_url and --kb_token flags are added to help text and argument parser; parsed values are stored in local variables for propagation into run_scanners().
KB API Request Authentication
src/fosslight_source/_scan_item.py		 _get_origin_url_from_md5_hash() now accepts kb_url and kb_token parameters and conditionally includes Authorization: Bearer <token> header in KB POST requests.
SourceItem Configuration Flow
src/fosslight_source/_scan_item.py		 set_oss_item() signature expanded to accept kb_url and kb_token, with forwarding to _get_origin_url_from_md5_hash() for transparent configuration propagation.
Scanning Pipeline Wiring
src/fosslight_source/cli.py		 KB configuration flows from CLI through run_scanners() (which calls resolve_kb_config()), into check_kb_server_reachable() with auth header support, and into merge_results() which passes parameters to SourceItem.set_oss_item() for KB enrichment of both primary and extra discovered items.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly Related PRs

  • fosslight/fosslight_source_scanner#253: Both PRs refactor KB base URL handling and the health endpoint check; this PR adds full configurable parameter and token authentication support.
  • fosslight/fosslight_source_scanner#257: Both PRs modify KB-enrichment workflows in _get_origin_url_from_md5_hash() and check_kb_server_reachable(); this PR layers configurable credentials and Bearer auth on top.

Suggested labels

enhancement

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Support configurable KB URL and bearer token' directly matches the main change across all modified files (help text, _scan_item.py, and cli.py), which focuses on making KB URL and bearer token configurable throughout the codebase.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch auth

Warning

Review ran into problems

🔥 Problems

Stopped waiting for pipeline failures after 30000ms. One of your pipelines takes longer than our 30000ms fetch window to run, so review may not consider pipeline-failure results for inline comments if any failures occurred after the fetch window. Increase the timeout if you want to wait longer or run a @coderabbit review after the pipeline has finished.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 25, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/fosslight_source/cli.py (1)

336-336: 💤 Low value

Type hint uses implicit Optional.

PEP 484 prohibits implicit Optional. Consider using explicit union type.

Suggested fix 
-    excluded_files: set = None, hide_progress: bool = False, kb_url: str = "", kb_token: str = ""
+    excluded_files: set | None = None, hide_progress: bool = False, kb_url: str = "", kb_token: str = ""
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/fosslight_source/cli.py` at line 336, The parameter type hint for
excluded_files uses an implicit Optional (set = None); update the signature to
an explicit union like excluded_files: Optional[Set[str]] = None (or
Union[Set[str], None]) and add the necessary typing imports (Optional and Set)
at the top of the module so the annotation is explicit and PEP 484 compliant;
the other parameters (hide_progress, kb_url, kb_token) can remain unchanged.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/fosslight_source/cli.py`:
- Line 336: The parameter type hint for excluded_files uses an implicit Optional
(set = None); update the signature to an explicit union like excluded_files:
Optional[Set[str]] = None (or Union[Set[str], None]) and add the necessary
typing imports (Optional and Set) at the top of the module so the annotation is
explicit and PEP 484 compliant; the other parameters (hide_progress, kb_url,
kb_token) can remain unchanged.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e2abeed4-be4e-4713-a097-d9cff0d4d879

📥 Commits

Reviewing files that changed from the base of the PR and between 9ae8f45 and 5c78c24.

📒 Files selected for processing (3)
  • src/fosslight_source/_help.py
  • src/fosslight_source/_scan_item.py
  • src/fosslight_source/cli.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

@soimkim soimkim

Labels

enhancement [PR/Issue] New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@soimkim