feat: add secret creation with modelconfig in REST API#1781
feat: add secret creation with modelconfig in REST API#1781EItanya merged 4 commits intokagent-dev:mainfrom
Conversation
supreme-gg-gg
requested review from
iplay88keys,
jmhbh and
peterj
as code owners
There was a problem hiding this comment.
Pull request overview
Adds support for creating/updating “companion” Kubernetes Secrets as part of the ModelConfig REST create/update flows, enabling clients to submit secret material alongside a ModelConfig spec.
Changes:
- Extend REST API request payloads to accept
secrets(name/key/value/type) on create/update. - Implement validation + create/update logic for companion Secrets in the ModelConfig HTTP handler.
- Add handler tests covering successful companion secret creation/update and invalid secret names.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| ui/src/types/index.ts | Adds SecretMaterial and extends ModelConfig create/update request types with optional secrets. |
| go/api/httpapi/types.go | Adds SecretMaterial + secrets fields to ModelConfig create/update API request structs. |
| go/core/internal/httpserver/handlers/modelconfig.go | Validates secret material and creates/updates companion Secrets during ModelConfig create/update. |
| go/core/internal/httpserver/handlers/modelconfig_test.go | Adds tests for companion secret behavior and validation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
EItanya
left a comment
EItanya
left a comment
There was a problem hiding this comment.
I agree with Copilot's comments here. I think we should be careful about the secrets we edit/overwrite here. Since these are implicitly managed by kagent it may even be worth creating the ModelConfig first, and then using an OwnerReference to make sure these secrets are cleaned up when the ModelConfig is deleted.
| name: string; | ||
| key: string; | ||
| value: string; | ||
| type?: 'Opaque'; |
There was a problem hiding this comment.
Why do we need to specify type, let's keep it Opaque for now and add it if it becomes necessary later?
Signed-off-by: Jet Chiang <pokyuen.jetchiang-ext@solo.io>
This reverts commit 48fe02a. Signed-off-by: Jet Chiang <pokyuen.jetchiang-ext@solo.io>
Signed-off-by: Jet Chiang <pokyuen.jetchiang-ext@solo.io>
supreme-gg-gg
force-pushed
the
feat/modelconfig-secret
branch
from
4f20942 to
0892226
Compare
|
Yes I totally agree with that, I've address copilot's reviews as well. Now modelconfig is created first then the secret, on updates it checks that the secret is owned by the modelconfig, and deleting the modelconfig deletes the secrets as well (due to owner reference) |
No description provided.