fix: rewrite download URL host to match HARNESS_BASE_URL for TLS compatibility#40
Open
mehulparmariitr wants to merge 1 commit intoharness:masterfrom
Open
Conversation
|
|
…atibility Fixes download_execution_logs TLS certificate errors when HARNESS_BASE_URL is set to a custom/vanity domain (e.g., mycompany.harness.io). The /blob/download API returns pre-signed URLs hardcoded to app.harness.io. This rewrites the host to match the configured base URL and uses the configured HTTP client with its TLS/proxy settings instead of bare http.Get(). Fixes harness#39 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
mehulparmariitr
force-pushed
the
fix/tls-download-logs-url-rewrite
branch
from
229f9c8 to
80522a1
Compare
yogeshkc
approved these changes
Mar 12, 2026
Author
|
When is this going to be merged @yogeshkc ? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
download_execution_logsTLS certificate errors whenHARNESS_BASE_URLis set to a custom/vanity domain (e.g.,mycompany.harness.io)http.Get()for the download requestRoot Cause
The Harness
/blob/downloadAPI returns pre-signed download URLs hardcoded toapp.harness.io. WhenHARNESS_BASE_URLpoints to a different domain, the second HTTP call toapp.harness.iofails because the corporate proxy/CA doesn't trust that certificate. Every other MCP tool works because they only make API calls to the configured base URL.Changes
common/client/logs.go— AddedrewriteDownloadURLHost()to replace the download URL host/scheme with the configuredBaseURLhost. Falls back gracefully to the original URL if rewriting fails.common/client/client.go— AddedHTTPClient()accessor to expose the underlying*http.Clientso callers can share the same TLS/transport config without auth header injection.common/pkg/tools/logs.go— AddedHTTPClientfield toDownloadLogsConfigand replaced barehttp.Get()with the configured client.common/client/logs_test.go— 5 test cases for URL rewriting (host rewrite, no-op when matching, nil base URL, query param preservation, path preservation).Fixes #39
Test plan
go test ./common/client/... ./common/pkg/tools/...)rewriteDownloadURLHostpass (5 cases)HARNESS_BASE_URLto a custom domain and verifydownload_execution_logssucceeds🤖 Generated with Claude Code