Previously, editing a forward and keeping its local port unchanged
failed the wizard's port-availability check: the in-config scan
found the forward's own entry and reported '✗ Port N already
assigned to <self.ID>'. Users had to pick a different port,
edit, then change back.
checkPortCmd now accepts an excludeID. The wizard passes
wizard.originalID when isEditing so the forward being edited is
ignored during the in-config conflict scan. The OS-level port
check is unchanged (still catches actual port collisions).
New regression test: TestCheckPortCmd_ExcludeID_AllowsKeepingOwnPort.
Adds an HTTP-log enable toggle to the wizard's confirmation step so
users can flip httpLog on a forward without editing YAML by hand.
Behaviour:
- 'h' on the confirmation step toggles HTTPLog when not focused on
the alias text input. When focus is on alias, 'h' is treated as
text so users can still type aliases like 'host' or 'http-proxy'.
- The confirmation summary shows '[x] enabled' or '[ ] disabled'.
- New forwards: toggle on -> &HTTPLogSpec{Enabled: true}; off -> nil.
- Edit mode: pre-populates the toggle from the existing forward and
preserves any advanced HTTPLog fields the user had configured in
YAML (logFile, includeHeaders, maxBodySize, filterPath) by copying
the original spec on save. Toggling off discards the advanced
fields (consistent with 'absent in YAML = disabled').
State changes:
- ForwardStatus gains *config.HTTPLogSpec so the wizard can see the
full original spec on edit.
- AddWizardState gains httpLog bool + httpLogOriginal *HTTPLogSpec.
Three new tests:
- TestHandleAddWizardKeys_HToggleHTTPLog
- TestHandleAddWizardKeys_HOnAliasFocusIsTextInput
- TestEditPrefill_PreservesHTTPLog
Real kubeconfig context names commonly contain characters the
validator rejected:
- 'admin@home', 'user@cluster.example.com' (kubectl rename, EKS
aws-iam-authenticator)
- 'cluster.example.com', 'gke_proj_zone_cluster.prod' (FQDN, GKE)
- 'arn:aws:eks:us-east-1:123:cluster/foo' (EKS ARN)
kubeconfig itself imposes no character restrictions, so requiring
[a-zA-Z0-9_-] only was kportal-specific over-validation that blocked
legitimate users. Widen the allowed set to add '@', '.', ':', '/'.
Names must still start and end with a letter or digit so YAML
specials and leading whitespace remain rejected.
Tests cover the new positive cases and tighten negative coverage
(starts-with-@, ends-with-/, ends-with-dot).
Previously a second Stop() call would panic from a double-close on
eventBus and re-stop the healthChecker/watchdog whose contexts had
already been cancelled. Wrapping the body in sync.Once makes
sequential and concurrent double-Stop safe.
TestManager_Stop_Idempotent covers both paths.
P0 #1 — HTTP traffic logger captured Authorization, Cookie, Set-Cookie,
X-Api-Key, X-Auth-Token, X-Csrf-Token, Proxy-Authorization, X-Access-Token
verbatim into log entries (file 0600 + UI subscribers). Bearer tokens
and session cookies were ending up on disk whenever httpLog.includeHeaders
was enabled.
flattenHeaders now redacts:
- the explicit list above (case-insensitive via http.CanonicalHeaderKey)
- any header name containing 'token', 'secret', 'password', 'apikey'
Header names remain visible; values become [REDACTED].
Redaction is unconditional and on-by-default — no opt-out flag. Users
who want raw headers can use tcpdump.
P0 #6 — Headless mode without -v silently routed both structured and
stdlib logs to io.Discard. A daemon under launchd/systemd had no way to
report errors. Headless now defaults log destination to os.Stderr; -v
controls only the level (debug vs info). TUI-quiet path is preserved.
Tests in internal/httplog/redact_test.go cover all explicit names,
substring patterns, and case variants.
In the remove-wizard's confirming state, pressing Esc was reflexively
calling removeForwardsCmd — i.e. confirming deletion. The on-screen
help text said 'Esc: Cancel'. Reflexive Esc-to-cancel destroyed data.
Esc now sets confirming=false and resets the cursor; deletion
requires Enter on Yes. Non-confirming Esc behavior (exit wizard with
ClearScreen) is unchanged.
Three regression tests added in handlers_test.go.
P0 #2 — currentConfig data race
Manager.currentConfig was written without locking in Start/Reload but
read from the health-checker callback goroutine. All accesses now go
through workersMu (read or write as appropriate).
P0 #3 — Reload kills health checker permanently
Reload's zero-forward branch called m.Stop() which tore down the
health checker, watchdog, and event bus. After that, EnableForward
silently registered callbacks against dead components. Now the branch
stops only the running workers; the supervisory infrastructure stays
alive across config changes.
P0 #4 — rest.Config write-write race
executePortForward was mutating .Dial on the cached *rest.Config
shared by all forwards in the same kube context. Cloning the config
with rest.CopyConfig before mutation isolates per-forward dialers.
P0 #5 — ForwardWorker.Stop() double-close panic
close(w.stopChan) is now wrapped in sync.Once, so concurrent Stop
calls (Manager.Stop racing stopWorkerInternal) are safe.
New tests in internal/forward/concurrency_test.go exercise each fix
under -race: 16 concurrent worker Stops, repeated sequential Stops,
empty-Reload preserves infra pointers, and concurrent currentConfig
read/write.
CI runners have no kubeconfig, so clientcmd's loader returns an empty
config (no error) and CurrentContext == "". The previous assertion
'NotEmpty(context)' on the success branch was incorrect — an empty
current-context is valid for an empty kubeconfig.
Mirrors the looser pattern in TestDiscovery_ListContexts.
- [x] Add golangci-lint v2 configuration with formatters section
- [x] Reorganize linters-settings under linters section
- [x] Replace if-else chains with switch statements for clarity
- [x] Wrap all ignored error returns with `_ = ` pattern
- [x] Add OSC 8 hyperlink helper function for clickable ports
- [x] Add blank line in table styling function
- [x] Remove unnecessary type assertion in test
When user starts kportal for the first time, and there is no config file,
kportal should create an empty config file with default values and empty
forwarding rules, so that user can easily edit the config file and add their
own rules.
When adding a service via the wizard, resolve the service's targetPort to the actual pod container port instead of using the service port directly.
Problem: Service port 80 → Pod port 8000, but kportal was trying to forward to port 80 on the pod.
Solution: Look up the pod's actual containerPort when the service uses a named targetPort (like http), and use that for port-forwarding.
* Fix enter misbehaving.
* Cleanup after previous tui implementation.
* Fix race condition and improve logging
* Add filtering of the namespaces by text input in the wizard UI
lukaszraczylo