docs(spec): Credential Kind — design spec for RHOAIENG-55817#1110
docs(spec): Credential Kind — design spec for RHOAIENG-55817#1110markturansky merged 4 commits intoalphafrom
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
jwm4
left a comment
jwm4
left a comment
There was a problem hiding this comment.
The basic idea here seems sound: it feels like credentials should be an important part of a data model. The enumerated types of credentials seem well aligned with the particular services that are of high priority for the platform. I'm not clear on how the "other" type credentials are intended to work or what purpose they are at this point so I have comments, but I'm not marking this as "request changes" because maybe everything here is fine and I just don't understand it.
markturansky
force-pushed
the
feat/RHOAIENG-55817-credentials-api
branch
3 times, most recently
from
e0b9005 to
ddec196
Compare
|
@jwm4 per our convo in slack, removing 'other'. that use case will be covered with BYOMCP. |
…ne (RHOAIENG-55817) Defines the Credential Kind data model, provider enum (github < /dev/null | gitlab|jira|google), RBAC roles (credential:owner/reader/token-reader), API endpoints, and CLI mapping. Removes 'other' provider per review feedback. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…BLED dev note (RHOAIENG-55817) 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
…n (RHOAIENG-55817)
Adds full Credential CRUD plugin with GET /credentials/{id}/token endpoint.
Removes 'other' provider from OpenAPI enum. Adds ResourceCredential, PermCredential*,
and RoleCredential* constants to permissions.go. Adds integration tests verifying
token is never returned in GET/LIST responses, /token endpoint works and requires auth.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
…ubcommands (RHOAIENG-55817) Adds CredentialAPI to go-sdk with Create/Get/List/Update/Delete/GetToken/ListAll. Adds acpctl credential subcommands (list, get, create, update, delete, token). Removes 'other' provider from CLI flag help strings per review. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
markturansky
force-pushed
the
feat/RHOAIENG-55817-credentials-api
branch
from
ddec196 to
5043177
Compare
|
'other' removed. tests are green. validated locally. merging. |
2 participants
Summary
Credentialas a first-class Ambient Kind in the platform data model specdocs/internal/design/credentials-session.md— full design spec with ERD, ownership model, API/CLI reference, usage examples, and open questionsdocs/internal/design/ambient-model.spec.mdto reflect the desired state: new Credential entity,RoleBinding.scopeextended withcredential, new roles (credential:owner,credential:reader), Credentials API and CLI sectionsWhat this is
This is a spec-only PR — no code changes. The goal is design review before implementation begins. The reconciler will use this spec as the desired state to surface implementation gaps.
Key design decisions captured:
Credentialis platform-scoped (not project/agent-scoped) to support shared Robot AccountsRoleBinding(scope=credential, role=credential:owner)— consistent with Agent ownership patternTest plan
docs/internal/design/credentials-session.mdambient-model.spec.mdare consistent with the design doccredentials-session.mdbefore implementation beginsCloses RHOAIENG-55817 (design phase)
🤖 Generated with Claude Code