Update authserver hotsname

[VivekVinushanth]

Purpose

Describe the problems, issues, or needs driving this feature/fix and include links to related issues in the following format: Resolves issue1, issue2, etc.

Goals

Describe the solutions that this feature/fix will introduce to resolve the problems described above

Approach

Describe how you are implementing the solutions. Include an animated GIF or screenshot if the change affects the UI (email [email protected] to review all UI text). Include a link to a Markdown file or Google doc if the feature write-up is too long to paste here.

User stories

Summary of user stories addressed by this change>

Release note

Brief description of the new feature or bug fix as it will appear in the release notes

Documentation

Link(s) to product documentation that addresses the changes of this PR. If no doc impact, enter “N/A” plus brief explanation of why there’s no doc impact

Training

Link to the PR for changes to the training content in https://github.com/wso2/WSO2-Training, if applicable

Certification

Type “Sent” when you have provided new/updated certification questions, plus four answers for each question (correct answer highlighted in bold), based on this change. Certification questions/answers should be sent to [email protected] and NOT pasted in this PR. If there is no impact on certification exams, type “N/A” and explain why.

Marketing

Link to drafts of marketing content that will describe and promote this feature, including product page changes, technical articles, blog posts, videos, etc., if applicable

Automation tests

• Unit tests

  Code coverage information

• Integration tests

  Details about the test cases and coverage

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines? yes/no
• Ran FindSecurityBugs plugin and verified report? yes/no
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets? yes/no

Samples

Provide high-level details about the samples related to this feature

Related PRs

List any other related PRs

Migrations (if applicable)

Describe migration steps and platforms on which migration has been tested

Test environment

List all JDK versions, operating systems, databases, and browser/versions on which this feature/fix was tested

Learning

Describe the research phase and any blog posts, patterns, libraries, or add-ons you used to solve the problem.

Summary by CodeRabbit

• Chores
  • Updated identity server endpoint configuration in deployment settings. Modified the host address and adjusted port parameters for service integration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The Helm values configuration for the identity server has been updated to change the host endpoint from an internal service reference to an external domain and remove the port specification. This modifies the CDS service's identity server connectivity settings.

Changes

Cohort / File(s)	Summary
Identity Server Configuration install/helm/values.yaml	Updated identityServer host from identity-service to dev.api.asgardeo.io and cleared port from 9443 to an empty string

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A config hop, a URL shift,
From local to cloud, what a gift!
Port cleared away, the endpoint now gleams,
Identity flows through Asgardeo's streams!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description contains only the empty template structure with no actual content filled in; all sections lack implementation details, rationale, testing information, and other required information.	Fill in the description template with concrete details about the purpose of the hostname change, goals, approach, testing performed, security validation, and any related documentation or migrations required.
Title check	❓ Inconclusive	The title 'Update authserver hotsname' contains a typo ('hotsname' instead of 'hostname') and lacks specificity about the actual change (host endpoint modification from identity-service to dev.api.asgardeo.io).	Revise the title to be more specific and correct the spelling, such as 'Update identity server hostname in Helm values' or 'Change authserver endpoint to dev.api.asgardeo.io'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch VivekVinushanth-patch-5

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 314ac22 and 6ccb441.

📒 Files selected for processing (1)

• install/helm/values.yaml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: Lakshan-Banneheke
Repo: wso2/identity-customer-data-service PR: 90
File: install/helm/templates/cds-env-secret.yaml:27-33
Timestamp: 2025-12-02T04:49:53.790Z
Learning: In the identity-customer-data-service project, secrets referenced in install/helm/templates/cds-env-secret.yaml are managed via Azure Key Vault and injected from the deployment pipeline, not hardcoded in values.yaml.

📚 Learning: 2025-12-02T04:49:53.790Z

Learnt from: Lakshan-Banneheke
Repo: wso2/identity-customer-data-service PR: 90
File: install/helm/templates/cds-env-secret.yaml:27-33
Timestamp: 2025-12-02T04:49:53.790Z
Learning: In the identity-customer-data-service project, secrets referenced in install/helm/templates/cds-env-secret.yaml are managed via Azure Key Vault and injected from the deployment pipeline, not hardcoded in values.yaml.

Applied to files:

• install/helm/values.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

cd install/helm && ls -la | grep values

Repository: wso2/identity-customer-data-service

Length of output: 139

---

🏁 Script executed:

rg -n 'identityServer' install/helm/values.yaml

Repository: wso2/identity-customer-data-service

Length of output: 105

---

🏁 Script executed:

rg -n 'port.*identityServer|identityServer.*port' --type yaml

Repository: wso2/identity-customer-data-service

Length of output: 187

---

🏁 Script executed:

find install/helm -type f -name "values*.yaml" | head -20

Repository: wso2/identity-customer-data-service

Length of output: 103

---

🏁 Script executed:

rg -rn 'identityServer\.' --type yaml --type json

Repository: wso2/identity-customer-data-service

Length of output: 1351

---

🏁 Script executed:

rg -rn '\.port|port:' --type js --type ts --type java --type go --type python -C 2 | head -100

Repository: wso2/identity-customer-data-service

Length of output: 109

---

🏁 Script executed:

rg -rn 'identityServer' --type js --type ts --type java --type go --type python -C 2 | head -100

Repository: wso2/identity-customer-data-service

Length of output: 109

---

🏁 Script executed:

cat -n install/helm/values.yaml

Repository: wso2/identity-customer-data-service

Length of output: 4095

---

🏁 Script executed:

cat -n install/helm/confs/deployment.yaml

Repository: wso2/identity-customer-data-service

Length of output: 3512

---

🏁 Script executed:

cat -n install/helm/templates/cds-deployment.yaml | head -100

Repository: wso2/identity-customer-data-service

Length of output: 4821

---

🏁 Script executed:

fd -n values deploy test -t f | grep -E "values.*\.yaml|override"

Repository: wso2/identity-customer-data-service

Length of output: 309

---

🏁 Script executed:

rg -rn "values.*=.*dev|environment.*override" --type yaml --type json | head -20

Repository: wso2/identity-customer-data-service

Length of output: 61

---

🏁 Script executed:

cat -n install/helm/templates/cds-config.yaml 2>/dev/null || echo "File not found"

Repository: wso2/identity-customer-data-service

Length of output: 1259

---

🏁 Script executed:

find . -name "*.yaml" -path "*/helm/*" | head -20

Repository: wso2/identity-customer-data-service

Length of output: 511

---

🏁 Script executed:

cat -n install/helm/Chart.yaml

Repository: wso2/identity-customer-data-service

Length of output: 1195

---

🏁 Script executed:

find . -name "values*.yaml" -o -name "*values*.yaml" | grep helm

Repository: wso2/identity-customer-data-service

Length of output: 105

---

🏁 Script executed:

git ls-files install/helm | grep -E "values|override|env"

Repository: wso2/identity-customer-data-service

Length of output: 146

---

🏁 Script executed:

cat -n install/helm/templates/cds-env-secret.yaml

Repository: wso2/identity-customer-data-service

Length of output: 1818

---

Confirm empty port handling and environment defaults are passed to application as-is.

1. Empty port rendered as null: The templated configuration will pass an empty/null port value to the application (deployment.yaml line 22). Verify the application correctly handles null port and defaults to HTTPS port (443) when constructing identity server URLs.

2. Dev-specific configuration in chart defaults: This Helm chart contains hardcoded dev environment settings (env: "dev" at line 27 and identityServer.host: "dev.api.asgardeo.io"). For production deployments, ensure these values are overridden at deployment time via -f values-prod.yaml or --set flags.

3. Architectural change from internal to external service: This shifts from an internal Kubernetes service to an external domain. Verify:

   • Network connectivity and firewall rules permit outbound HTTPS to dev.api.asgardeo.io
   • Certificate validation works with the external domain
   • All OAuth2 endpoints (introspection, token, revocation, claims) are accessible

🤖 Prompt for AI Agents

In install/helm/values.yaml around lines 48-49, the identityServer.port is empty
which will render null in the chart and you also have dev-specific defaults
(env: "dev" and host: "dev.api.asgardeo.io"); ensure the app receives a usable
port and production-safe defaults by (1) updating the Helm template or values to
coalesce an empty/null port to 443 (or document that the app will default to
443) so identity URLs are built correctly, (2) removing or clearly marking
dev-only defaults and adding instructions/comments to require overriding env and
host via values-prod.yaml or --set at deploy time, and (3) validating the
architectural change from internal->external by running outbound HTTPS
connectivity and TLS validation to dev.api.asgardeo.io and exercising all OAuth2
endpoints (introspect/token/revoke/claims) from cluster egress; make these
changes or add deploy-time checks/docs so production deployments won’t break.