Try to fix set array values in Gateway config.toml

[thisal23]

Purpose

The Gateway Controller fails to initialize the SQLite database on Windows due to a CGO limitation. This prevents the gateway from starting and blocks testing on Windows systems.
Resolves issue: SQLite initialization fails on Windows due to CGO_DISABLED.

Goals

Allow developers to run and test the Gateway Controller on Windows without needing to build the binary from source with CGO enabled. Provide clear instructions and configuration for database compatibility.

Summary by CodeRabbit

Release Notes

• New Features
  • Added environment-based configuration support for basic authentication users. Gateway controller authentication settings can now be dynamically provisioned at deployment time through environment variables, eliminating the need to modify configuration files. This enhancement provides greater operational flexibility for containerized and cloud-native deployments.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

A new function loadBasicAuthUsersFromEnv() is added to read basic authentication user credentials from a JSON environment variable (APIP_GW_GATEWAY_CONTROLLER_AUTH_BASIC_USERS_JSON), unmarshal them into configuration, and integrate this loading into the config initialization process.

Changes

Cohort / File(s)	Summary
Environment-based Basic Auth Configuration gateway/gateway-controller/pkg/config/config.go	Added loadBasicAuthUsersFromEnv() function to read and parse basic auth users from environment variable. Integrated into LoadConfig() with new imports for JSON encoding and OS access.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰✨ A little hop through config streams,
Reading secrets, parsing dreams,
Auth users bundled, JSON-bright,
Environment whispers set things right! 🔐

🚥 Pre-merge checks | ❌ 3

❌ Failed checks (3 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title is only partially related to the changeset. It mentions 'set array values in Gateway config.toml' but the actual changes involve adding environment-based basic auth user configuration, not array value handling in config files.	Revise the title to accurately reflect the main change, such as 'Add environment-based basic auth user configuration for Gateway Controller' or 'Load basic auth users from environment variable'.
Description check	⚠️ Warning	The description is largely incomplete and misaligned. The stated purpose about SQLite database initialization on Windows does not match the actual code changes about basic auth configuration. Required sections like Goals, Approach, Automation tests, and others are missing.	Rewrite the description to match the actual changes. Clarify the purpose of the basic auth environment configuration, describe the implementation approach, and provide details about testing and documentation.
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@gateway/gateway-controller/pkg/config/config.go`:
- Around line 422-434: The AuthUser struct fields used by
loadBasicAuthUsersFromEnv are missing encoding/json tags so snake_case keys
(e.g. password_hashed) in the APIP_GW_GATEWAY_CONTROLLER_AUTH_BASIC_USERS_JSON
env JSON are ignored; update the AuthUser type to add appropriate json tags
(e.g. map Username, Password, PasswordHashed to "username", "password",
"password_hashed") so json.Unmarshal in loadBasicAuthUsersFromEnv correctly sets
PasswordHashed and preserves hashed-password auth behavior.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find the AuthUser struct definition
rg -A 5 "type AuthUser struct" gateway/

Repository: wso2/api-platform

Length of output: 884

---

🏁 Script executed:

# Find the loadBasicAuthUsersFromEnv function
rg -B 2 -A 15 "func loadBasicAuthUsersFromEnv" gateway/

Repository: wso2/api-platform

Length of output: 1359

---

🏁 Script executed:

# Check the full context of the configuration file around the mentioned lines
sed -n '420,450p' gateway/gateway-controller/pkg/config/config.go

Repository: wso2/api-platform

Length of output: 851

---

🏁 Script executed:

# Look for where AuthUser is defined in the codebase
fd "config.go" gateway/ | xargs grep -l "type AuthUser"

Repository: wso2/api-platform

Length of output: 108

---

🏁 Script executed:

# Verify the EnvPrefix value to confirm the environment variable name
rg -B 2 -A 2 "EnvPrefix\s*=" gateway/gateway-controller/pkg/config/config.go | head -20

Repository: wso2/api-platform

Length of output: 190

---

🏁 Script executed:

# Check if there are any tests for loadBasicAuthUsersFromEnv that might reveal the expected behavior
rg -l "loadBasicAuthUsersFromEnv" gateway/ --type go

Repository: wso2/api-platform

Length of output: 108

---

🏁 Script executed:

# Verify the file is in the right path for the guideline
fd "config.go" gateway/gateway-controller/

Repository: wso2/api-platform

Length of output: 163

---

Add JSON tags so password_hashed is honored in env JSON.

encoding/json.Unmarshal is case-sensitive and ignores koanf tags. Without json tags, snake_case keys like password_hashed won't map to the PasswordHashed field, causing it to silently default to false. This breaks hashed password authentication when users are loaded from APIP_GW_GATEWAY_CONTROLLER_AUTH_BASIC_USERS_JSON. Add json tags to AuthUser to maintain snake_case compatibility.

🔧 Proposed fix (add JSON tags to AuthUser)

 type AuthUser struct {
-	Username       string   `koanf:"username"`
-	Password       string   `koanf:"password"`        // plain or hashed value depending on PasswordHashed
-	PasswordHashed bool     `koanf:"password_hashed"` // true when Password is a bcrypt hash
-	Roles          []string `koanf:"roles"`
+	Username       string   `koanf:"username" json:"username"`
+	Password       string   `koanf:"password" json:"password"`                // plain or hashed value depending on PasswordHashed
+	PasswordHashed bool     `koanf:"password_hashed" json:"password_hashed"`  // true when Password is a bcrypt hash
+	Roles          []string `koanf:"roles" json:"roles"`
 }

After merging, rebuild Docker images using cd gateway && make build-local.

🤖 Prompt for AI Agents

In `@gateway/gateway-controller/pkg/config/config.go` around lines 422 - 434, The
AuthUser struct fields used by loadBasicAuthUsersFromEnv are missing
encoding/json tags so snake_case keys (e.g. password_hashed) in the
APIP_GW_GATEWAY_CONTROLLER_AUTH_BASIC_USERS_JSON env JSON are ignored; update
the AuthUser type to add appropriate json tags (e.g. map Username, Password,
PasswordHashed to "username", "password", "password_hashed") so json.Unmarshal
in loadBasicAuthUsersFromEnv correctly sets PasswordHashed and preserves
hashed-password auth behavior.