LCORE-973: Updated TLS configuration

[tisnik]

Description

LCORE-973: Updated TLS configuration

Type of change

• Refactor
• New feature
• Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up service version
• Bump-up dependent library
• Bump-up library or tool used for development (does not change the final image)
• CI configuration change
• Konflux configuration change
• Unit tests improvement
• Integration tests improvement
• End to end tests improvement

Tools used to create PR

Identify any AI code assistants used in this PR (for transparency and review context)

• Assisted-by: N/A
• Generated by: N/A

Related Tickets & Documents

• Related Issue #LCORE-973

Summary by CodeRabbit

• Documentation
  • Expanded TLS documentation with "See also" references to HTTPS/TLS guidance.
  • Clarified TLS field descriptions (certificate, key, key password) and SQLite DB path description.
  • Renamed "Configuration options" to "Components" and added a Base URL section plus an APIs header for clearer structure.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Extended documentation and OpenAPI metadata for TLS and SQLite configuration: expanded TLSConfiguration class docstring and added "See also" links; updated field titles/descriptions for TLS and SQLiteDatabaseConfiguration.db_path; several generated docs/OpenAPI files updated. No runtime logic or validation changes.

Changes

Cohort / File(s)	Summary
Code docstring src/models/config.py	Extended TLSConfiguration class docstring with a descriptive paragraph and "See also" links to FastAPI HTTPS deployment guidance and a TLS overview. No signature/behavior changes.
Generated OpenAPI / schema docs/openapi.json, docs/openapi.md	Updated schema metadata: TLSConfiguration description expanded (See also links); field titles/descriptions updated for tls_certificate_path, tls_key_path, tls_key_password; SQLiteDatabaseConfiguration.db_path title/description added. No type or required-property changes.
Rendered docs / markdown/html docs/config.md, docs/config.html, docs/output.md	Added "Base URL" section (empty table), renamed "Configuration options" → "Components", inserted TLS "See also" references, and expanded TLS/SQLite field descriptions across documentation pages.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Scope: documentation and OpenAPI metadata updates only; no behavioral code changes.
• Files to spot-check:
  • src/models/config.py — confirm docstring formatting and links are correct.
  • docs/openapi.json — verify field title/description strings and JSON syntax.
  • docs/config.html / docs/config.md — ensure docs render cleanly and duplicated "See also" entries are intentional.

Possibly related PRs

• LCORE-973: descriptions for TLS configuration #834 — Overlapping TLSConfiguration metadata changes and field defaults; likely touches same model/schema fields.
• Regenerated config doc #835 — Documentation updates for TLSConfiguration; similar generated docs/schema edits.
• LCORE-287: fixed field descriptions #535 — Modifies TLS-related OpenAPI/schema metadata; closely related to the openapi.json edits in this PR.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main changes in the PR, which focus on updating TLS configuration documentation and field descriptions across multiple files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (5)

docs/openapi.json (5)

7187-7189: Fix capitalization, grammar, and add file-path format for SQLite db_path.

Use Title Case, clarify wording, and align with other path fields that specify format.

 "db_path": {
-    "type": "string",
-    "title": "DB path",
-    "description": "Path to file where SQLite database is stored"
+    "type": "string",
+    "format": "file-path",
+    "title": "DB Path",
+    "description": "Path to the file where the SQLite database is stored."
 }

---

7354-7356: Title case and clarify cert path semantics.

Match title casing and state pairing requirement with key path.

-        "title": "TLS certificate path",
-        "description": "SSL/TLS certificate file path for HTTPS support."
+        "title": "TLS Certificate Path",
+        "description": "PEM-encoded certificate file path for HTTPS support. Must be set together with tls_key_path."

---

7367-7369: Title case and clarify key path semantics.

Match title casing and note it must accompany the certificate path.

-        "title": "TLS key path",
-        "description": "SSL/TLS private key file path for HTTPS support."
+        "title": "TLS Key Path",
+        "description": "PEM-encoded private key file path for HTTPS support. Must be set together with tls_certificate_path."

---

7380-7382: Disambiguate password path naming and wording.

Title case; clarify language. Consider renaming the property in a future version to tls_key_password_path to match behavior (breaking change).

-        "title": "SSL/TLS key password path",
-        "description": "Path to file containing the password to decrypt the SSL/TLS private key."
+        "title": "TLS Key Password Path",
+        "description": "Path to a file containing the password used to decrypt the TLS private key."

---

7387-7387: Add explicit pairing rule to TLSConfiguration description (doc-only).

Append a note: “tls_certificate_path and tls_key_path must be provided together; tls_key_password is optional and only used if the key is encrypted.” Also consider JSON Schema dependentRequired to enforce this in tooling (optional).

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b50ee85 and 11b752e.

📒 Files selected for processing (5)

• docs/config.html (2 hunks)
• docs/config.md (2 hunks)
• docs/openapi.json (4 hunks)
• docs/openapi.md (2 hunks)
• docs/output.md (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• docs/openapi.md

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-08-18T10:56:55.349Z

Learnt from: matysek
Repo: lightspeed-core/lightspeed-stack PR: 292
File: pyproject.toml:0-0
Timestamp: 2025-08-18T10:56:55.349Z
Learning: The lightspeed-stack project intentionally uses a "generic image" approach, bundling many dependencies directly in the base runtime image to work for everyone, rather than using lean base images with optional dependency groups.

Applied to files:

• docs/config.md

🪛 markdownlint-cli2 (0.18.1)

docs/config.md

377-377: Bare URL used

(MD034, no-bare-urls)

---

378-378: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build-pr
• GitHub Check: Konflux kflux-prd-rh02 / lightspeed-stack-on-pull-request
• GitHub Check: e2e_tests (ci)
• GitHub Check: e2e_tests (azure)

🔇 Additional comments (5)

docs/config.md (2)

5-10: Empty Base URL section may need content.

The new "Base URL" section contains an empty table. Verify whether this is intentional as a placeholder or if it should be populated with the actual service base URL.

---

350-350: Documentation enhancements for TLS and SQLite configuration are clear and helpful.

The additions to TLSConfiguration (See also references and field descriptions) and SQLiteDatabaseConfiguration (db_path description) enhance user understanding. Field descriptions clarify the purpose of each TLS setting for HTTPS support.

Also applies to: 376-385

docs/output.md (1)

5-10: Base URL content and configuration field descriptions are well-populated.

The Base URL section in this file appropriately includes a realistic example (localhost:8080) and description for the OpenAPI context. The TLSConfiguration field descriptions and SQLiteDatabaseConfiguration db_path clarification are clear and helpful.

Also applies to: 4809-4809, 4881-4883

docs/config.html (2)

175-185: Empty Base URL section mirrors docs/config.md placeholder.

This HTML file inherits the empty Base URL table from the markdown source. Verify whether this is intentional or if it should be populated.

---

984-985: HTML rendering of configuration documentation is clean and well-structured.

The TLSConfiguration See also references and field descriptions render clearly in HTML. The SQLiteDatabaseConfiguration db_path description is properly displayed. The documentation structure supports user comprehension of TLS setup requirements.

Also applies to: 1001-1014, 925-925

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Wrap bare URLs in markdown link syntax.

The static analyzer flagged bare URLs (MD034). Wrap the links in markdown link syntax for proper formatting:

 See also:
-- https://fastapi.tiangolo.com/deployment/https/
-- https://en.wikipedia.org/wiki/Transport_Layer_Security
+- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
+- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	See also:
	- https://fastapi.tiangolo.com/deployment/https/
	- https://en.wikipedia.org/wiki/Transport_Layer_Security
	See also:
	- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
	- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)

🧰 Tools

🪛 markdownlint-cli2 (0.18.1)

377-377: Bare URL used

(MD034, no-bare-urls)

---

378-378: Bare URL used

(MD034, no-bare-urls)

🤖 Prompt for AI Agents

In docs/config.md around lines 376 to 378, there are bare URLs listed which
trigger MD034; replace each bare URL with proper Markdown link syntax (e.g.
[FastAPI HTTPS docs](https://fastapi.tiangolo.com/deployment/https/) and
[Transport Layer Security -
Wikipedia](https://en.wikipedia.org/wiki/Transport_Layer_Security)) so the links
are wrapped in []() with a brief descriptive label.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Wrap bare URLs in markdown link syntax (consistent with docs/config.md).

The See also links for TLSConfiguration should use markdown link syntax:

 See also:
-- https://fastapi.tiangolo.com/deployment/https/
-- https://en.wikipedia.org/wiki/Transport_Layer_Security
+- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
+- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	See also:
	- https://fastapi.tiangolo.com/deployment/https/
	- https://en.wikipedia.org/wiki/Transport_Layer_Security
	See also:
	- [FastAPI HTTPS Deployment](https://fastapi.tiangolo.com/deployment/https/)
	- [Transport Layer Security Overview](https://en.wikipedia.org/wiki/Transport_Layer_Security)

🤖 Prompt for AI Agents

In docs/output.md around lines 4874 to 4876, the "See also" section contains
bare URLs; update them to use Markdown link syntax (consistent with
docs/config.md) by replacing each bare URL with a bracketed link label and the
URL in parentheses (e.g., [FastAPI HTTPS docs](https://...) and [Transport Layer
Security - Wikipedia](https://...)), preserving order and punctuation.