feat/http proxy host header UI#1258
Conversation
Add a Host header override field to the AI Edge Configuration card with its own edit dialog, closing the parity gap with the `datumctl Set-Host-Header` flow. Primary use case is Datum Desktop tunnels to localhost where the local service expects a specific Host value (per enhancement datum-cloud/enhancements#569). Key changes: - Add `hostHeader` field on the adapted HttpProxy shape; read/write rule-level `requestHeaderModifier.set[name=Host]` (case-insensitive read, capitalised write) to round-trip with `datumctl`-managed resources - Surface FR-4 form-editability classification (`simple`, `host-only`, `advanced`) on the adapted shape so callers can decide between the edit form and a read-only banner without re-reading the raw resource - Permissive client-side validation (RFC 1123 + `localhost` / `*.internal`); reject bare IPv4/IPv6 with a clear message - Render Host header row on the Configuration card with em-dash when unset; pencil icon opens the edit dialog - Read-only banner with `datumctl` guidance when the resource has filters the form cannot represent without data loss - Add 48 Cypress component unit tests covering classify, validate, extract, read/write paths, and round-trip parity with the wiki example
🧪 Test Summary
📎 ArtifactsNo artifacts (all tests passed). |
🧪 Test Summary
📎 ArtifactsNo artifacts (all tests passed). |
kevwilliams
left a comment
kevwilliams
left a comment
There was a problem hiding this comment.
I also think we should consider adding this to the create flow in the advanced section so that way the first request when the proxy starts doesn't get rejected. Making it so you can only do this after its created means its going to have some failures if the upstream is looking for a specific host.
🧪 Test Summary
📎 ArtifactsNo artifacts (all tests passed). |
Address review feedback on the Host header override field:
- Reject wildcards (e.g. *.example.com) with a clear message. The Host
header is forwarded verbatim by Envoy, so wildcards are meaningless:
no upstream certificate or virtual host can match a wildcard literal.
Wildcards belong in spec.hostnames, not here.
- Reframe IP-literal rejection. IP addresses are technically valid per
RFC 7230, but no upstream TLS cert or virtual host will match an IP,
so the request would fail in practice. Message now reads "Upstream
TLS certificates will not match an IP..." instead of calling IPs
invalid.
- Tighten the field placeholder to reflect the real use case ("make the
upstream see the cert hostname it expects") with a neutral example
pair: inference.example.com or api.internal.
Keep validateHostHeader (adapter) and _validateHostHeaderForSchema
(zod) in sync, and update Cypress component tests to assert the new
behaviour and error messages.
Co-authored-by: Cursor <cursoragent@cursor.com>
We specifically opted to make the create process as slim as possible for AI Edge to get people up and running as quickly as possible. I would prefer to keep it that way for now if we can. |
🧪 Test Summary
📎 ArtifactsNo artifacts (all tests passed). |
Seems reasonable, if it starts to become a problem we could add it later. |
…header-ui Co-authored-by: Cursor <cursoragent@cursor.com> # Conflicts: # app/routes/project/detail/edge/detail/index.tsx
🧪 Test Summary
📎 ArtifactsNo artifacts (all tests passed). |
2 participants
Added the option to add a custom host header to an AI Edge. Also cleaned up some AI UI bits.
NSO change: datum-cloud/network-services-operator#159
Ref: datum-cloud/enhancements#569