fix: api regional endpoint [IDE-1488] #1045
Conversation
|
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Summary of ChangesHello @bogdanm-s25, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical authentication problem in the language server where regional API endpoints were being incorrectly selected over the primary default API endpoint, specifically impacting EU production debugging. The change introduces a robust mechanism to detect and correctly prioritize the default API URL when a custom endpoint is a subdomain, thereby resolving the authentication failures and ensuring consistent API access. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses an issue with regional API endpoints by ensuring that when a custom URL is a subdomain of the default API URL (e.g., a regional endpoint), the default URL is used instead. This is achieved by introducing a new helper function, isApiSubdomain, and adding a corresponding check in getPrioritizedApiUrl. The change is accompanied by a new test case that validates this specific scenario. My review includes a suggestion to simplify the implementation of the new isApiSubdomain function for improved readability and maintainability.
bogdanm-s25
force-pushed
the
fix/IDE-1488_snyk-api-endpoint
branch
from
28564b7 to
707a783
Compare
| return engineUrl | ||
| } | ||
|
|
||
| // #IDE-1488 Fix for production debugging issue on the EU server. |
There was a problem hiding this comment.
Why is this comment needed?
There was a problem hiding this comment.
Scope of the comment is to link the bug fix to a ticket.
Sometimes when fixing a bug, the change does not make sense after some time and this would help avoid removing or refactoring it.
If this does not fit team's conventions, I will remove it.
| return customUrl | ||
| } | ||
|
|
||
| func isApiSubdomain(domain, subdomain string) bool { |
There was a problem hiding this comment.
If I read the code correctly, this method returns, whether the given domain starts with api. I do not understand what we want to achieve with the code from L178ff.
There was a problem hiding this comment.
The method tests if a given subdomain URL is a region subdomain of the parent domain, but only do it if both URLs start with api. to avoid altering existing behaviour for other types of URLs.
| } | ||
|
|
||
| // #IDE-1488 Fix for production debugging issue on the EU server. | ||
| if isApiSubdomain(defaultUrl, customUrl) { |
There was a problem hiding this comment.
What is the logical reasoning for this?
There was a problem hiding this comment.
The idea is to only apply the switch between URLs for those particular cases.
| expectedResult: customUrl, | ||
| }, | ||
| { | ||
| name: "Default URL when custom URL is subdomain", |
There was a problem hiding this comment.
Why? This does not seem right.
There was a problem hiding this comment.
This will only apply the switch in the case when both URLs start with api and the custom one is actually a region of default one.
All the existing tests are still passing, no change in existing behavior and I added an extra test for this exact situation.
|
I do not think that the solution is valid. A custom URL should overwrite the default URL returned. I'm not sure if we can fix it on our side, apart from showing a warning that a different endpoint URL is configured for the user and the given endpoint address is wrong. Most likely we need to display an error about the endpoint configuration in this scenario. For the example, we should check with our authentication team (access), if the returned URL is correct or not. |
From my understanding, we needed to use the parent domain when performing authentication and I tried to capture this in the PR description. What exact team should I check this with? The initial thread mentiones a bug on our side: https://snyk.slack.com/archives/C073S2B45J6/p1760079795011899?thread_ts=1760016536.850679&cid=C073S2B45J6 As suggested in Standup, I have asked about it on |
let's move the discussion to slack. |
Description
The language server is using the wrong API endpoint for code analysis. It defaults to
api.snyk.iobut attempts to useapi.eu.snyk.iofor code, causing authentication errors.For production debugging purpose on the EU server, when custom endpoint is specified, it triggers error:
Instance specified in callback ([api.snyk.io](http://api.snyk.io/)) does not match pre-configured value ([api.eu.snyk.io](http://api.eu.snyk.io/))Based on ticket https://snyksec.atlassian.net/browse/IDE-1488 and Slack thread https://snyk.slack.com/archives/C073S2B45J6/p1760079795011899?thread_ts=1760016536.850679&cid=C073S2B45J6
Changes
Added an extra check to see if custom API URL is a subdomain of the default API URL.
In this case, default URL will be returned and not the regional one.
Checklist
make generate)make lint-fix)