Enables Credential Holder and propagate Context#2385
Merged
cb-github-robot merged 4 commits intocloud-barista:mainfrom Mar 27, 2026
Merged
Enables Credential Holder and propagate Context#2385cb-github-robot merged 4 commits intocloud-barista:mainfrom
cb-github-robot merged 4 commits intocloud-barista:mainfrom
Conversation
Signed-off-by: Seokho Son <shsongist@gmail.com>
Signed-off-by: Seokho Son <shsongist@gmail.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces Credential Holder support and propagates request-scoped metadata (credential holder, request ID) via context.Context so core logic can apply tenant-specific connection resolution without extensive parameter plumbing.
Changes:
- Adds Echo middleware to inject credential holder / request ID into
context.Context, and updates core/infra APIs to acceptcontext.Context. - Implements credential-holder discovery APIs (
GET /tumblebug/credentialHolder,GET /tumblebug/credentialHolder/:holderId) and related model types. - Updates Swagger annotations broadly, extends
init/init.pyto register credentials for multiple holders, and adds feature documentation.
Reviewed changes
Copilot reviewed 49 out of 52 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/interface/rest/server/util/netuil.go | Swagger header param docs for request ID. |
| src/interface/rest/server/server.go | Adds context-injection middleware; registers credential holder routes. |
| src/interface/rest/server/resource/vpn.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/vnet.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/template.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/subnet.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/sshkey.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/sqlDb.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/spec.go | Adds context usage for available-zones API; Swagger header param docs. |
| src/interface/rest/server/resource/securitygroup.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/objectStorage.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/objectStorage-lagacy.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/k8scluster.go | Swagger header param docs; passes ctx into core infra calls. |
| src/interface/rest/server/resource/image.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/firewallrule.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/dataDisk.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/customimage.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/resource/common.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/template.go | Passes ctx into core infra template apply call; Swagger updates. |
| src/interface/rest/server/infra/schedule.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/remoteCommand.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/recommendation.go | Passes ctx into core recommendation; Swagger updates. |
| src/interface/rest/server/infra/provisioning.go | Passes ctx into core provisioning/review/check functions; Swagger updates. |
| src/interface/rest/server/infra/orchestration.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/monitoring.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/manageInfo.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/loadbalance.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/control.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/infra/benchmark.go | Swagger header param docs for request ID / credential holder. |
| src/interface/rest/server/common/utility.go | Adds REST endpoints for credential holder listing/get; Swagger updates elsewhere. |
| src/interface/rest/server/common/test.go | Swagger header param docs for request ID. |
| src/interface/rest/server/common/namespace.go | Swagger header param docs for request ID. |
| src/interface/rest/server/common/label/label.go | Swagger header param docs for request ID. |
| src/interface/rest/server/common/config.go | Swagger header param docs for request ID. |
| src/interface/rest/server/auth/auth.go | Swagger header param docs for request ID. |
| src/core/resource/spec.go | Changes GetAvailableZonesForSpec to accept context.Context and read holder from context. |
| src/core/resource/common.go | Adds SharedResourceOptions.CredentialHolder and uses it to filter conn configs. |
| src/core/model/common.go | Adds credential holder header constant, typed context keys, and credential holder API model types. |
| src/core/infra/template.go | Changes core template apply path to accept context.Context. |
| src/core/infra/snapshot.go | Creates context with request ID when calling CreateMciDynamic. |
| src/core/infra/recommendation.go | Changes recommendation APIs to accept context.Context; holder-based provider filtering. |
| src/core/infra/provisioning.go | Propagates context.Context through dynamic provisioning flow; resolves connection names by holder. |
| src/core/infra/orchestration.go | Updates internal calls to new ctx-based signatures. |
| src/core/infra/loadbalance.go | Updates internal calls to new ctx-based signatures. |
| src/core/common/utility.go | Adds credential holder list/get derivation and connection-name resolution helper. |
| src/core/common/context.go | New context helper utilities for holder/request ID propagation. |
| init/init.py | Registers credentials for multiple holders from decrypted credential YAML. |
| docs/feature_guide/credential-and-connection.md | New end-to-end documentation for holders, connections, and context propagation. |
| docs/feature_guide/README.md | Links the new credential/connection feature guide. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: Seokho Son <shsongist@gmail.com>
Signed-off-by: Seokho Son <shsongist@gmail.com>
Member
Author
|
/approve |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR enables Credential Holder and propagate Context to core functions.
A Credential Holder is a logical identity that owns and isolates a group of credentials and their resulting connections. It enables multi-tenant credential management within a single CB-Tumblebug instance.
https://github.com/seokho-son/cb-tumblebug/blob/d2df9d46dc914e0f80bc6f0553a4f068fb1ebdaf/docs/feature_guide/credential-and-connection.md
Key Characteristics: