🤖 feat: remove provisioner bootstrap credentials#79
Conversation
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 007ff79ac2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
ThomasK33
force-pushed
the
provisioner-rh49
branch
from
007ff79 to
7f5e3ce
Compare
|
@codex review Addressed the namespace mismatch feedback by aligning the paired CoderControlPlane sample and tutorial commands to |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7f5e3cead1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Remove CoderProvisioner spec.bootstrap credentialsSecretRef and migrate provisioner key reconciliation to operator-managed access from the referenced CoderControlPlane status. This updates API types/CRD/docs/samples and adjusts the provisioner controller and tests to require operatorAccessReady + operatorTokenSecretRef with clear requeueing status reasons when unavailable. --- _Generated with [`mux`](https://github.com/coder/mux) • Model: `openai:gpt-5.3-codex` • Thinking: `xhigh` • Cost: `$0.00`_ <!-- mux-attribution: model=openai:gpt-5.3-codex thinking=xhigh costs=0.00 -->
ThomasK33
force-pushed
the
provisioner-rh49
branch
from
7f5e3ce to
241fca1
Compare
|
@codex review Addressed follow-up feedback:
|
|
Codex Review: Didn't find any major issues. Can't wait for the next one! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
1 participant
Summary
Remove
CoderProvisionerbootstrap credential configuration (spec.bootstrap.credentialsSecretRef) and make provisioner key management rely exclusively on operator-managed access from the referencedCoderControlPlanestatus.Background
CoderProvisioneraccepted user-supplied bootstrap tokens whileCoderControlPlanenow manages an operator token lifecycle. This change aligns provisioner reconciliation with the operator-managed token source and removes duplicate credential wiring in v1alpha1.Implementation
CoderProvisionerBootstrapSpecCoderProvisionerSpec.BootstrapCoderProvisionerConditionBootstrapSecretReadywithCoderProvisionerConditionOperatorAccessReadystatus.operatorAccessReady == truestatus.operatorTokenSecretRefpresent and validspec.bootstrapcoderCoderProvisioneroperatorTokenSecretRefValidation
make verify-vendormake testmake buildmake lintmake codegenmake manifestsKUBEBUILDER_ASSETS="$(GOFLAGS=-mod=vendor go run ./vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest use 1.35.x --bin-dir $(pwd)/bin/envtest -p path)" GOFLAGS=-mod=vendor go test ./internal/controller/...mkdocs build --strictRisks
spec.bootstraponCoderProvisionermust be updated.CoderControlPlaneoperator access status/secret ref readiness.CoderWorkspaceProxybootstrap credential semantics were intentionally left unchanged.Generated with
mux• Model:$MUX_MODEL_STRING• Thinking:$MUX_THINKING_LEVEL• Cost:$$MUX_COSTS_USD