Skip to content

feat(swarm): add global_id handling in secret initialization script#177

Merged
zbitname merged 5 commits into
mainfrom
feature/custom-globalid
Jul 2, 2026
Merged

feat(swarm): add global_id handling in secret initialization script#177
zbitname merged 5 commits into
mainfrom
feature/custom-globalid

Conversation

@zbitname

@zbitname zbitname commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • Bug Fixes
    • Improved secret initialization to always read the global identifier from configuration and ensure its reference is present.
    • Added a safeguard that creates the identifier lookup record when it doesn’t already exist, preventing downstream initialization issues.
    • Enhanced the DNS manager bootstrap to automatically create the required cluster policy affinity rule if it’s missing, ensuring cluster policy affinity is correctly established.

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@zbitname, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 37 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e73458b5-6116-44f4-bb03-af1e49f4eed9

📥 Commits

Reviewing files that changed from the base of the PR and between e673da5 and 7df46d5.

📒 Files selected for processing (3)
  • src/swarm-scripts/00-initialize-secrets.sh
  • src/swarm-scripts/74.setup-dns-manager.sh
  • src/swarm-scripts/swarm-cli.py

Walkthrough

The initialization script now reads global_id from config and creates the matching pointer record when missing. The DNS manager setup script now derives an affinity-rule id and bootstraps a missing ClusterPolicyAffinityRule for knot.

Changes

Global ID initialization

Layer / File(s) Summary
Load and persist global ID
src/swarm-scripts/00-initialize-secrets.sh
Reads global_id from config.yaml, defines a helper that inserts the SwarmIdPointer row when missing, and invokes it during initialization.

DNS manager affinity bootstrap

Layer / File(s) Summary
Ensure knot affinity rule
src/swarm-scripts/74.setup-dns-manager.sh
Derives AFFINITY_RULE_ID, checks that the knot cluster policy exists, and creates the ClusterPolicyAffinityRule when it is absent.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 I hopped through config by starlit light,
Found one new pointer and one rule set right.
A global ID and knot affinity gleam,
Two little bootstraps in a tidy stream.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately reflects the main secret-initialization change around handling global_id.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/custom-globalid

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/swarm-scripts/00-initialize-secrets.sh`:
- Around line 72-87: The ensure_global_id_pointer function is missing DB
password handling and is doing unsafe manual SQL escaping. Update the mysql
calls in ensure_global_id_pointer to use the same DB credentials as the rest of
the init flow, including DB_PASSWORD from the environment, so the SELECT/INSERT
can authenticate correctly. Replace the inline sed-based escaping for the INSERT
value with a safer approach by delegating to swarm-cli.py or another
parameterized/escaping mechanism that correctly handles backslashes and quotes.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 06420a02-5788-4244-8e3c-648a835ad6f8

📥 Commits

Reviewing files that changed from the base of the PR and between d6ac3f0 and c53a3d3.

📒 Files selected for processing (1)
  • src/swarm-scripts/00-initialize-secrets.sh

Comment thread src/swarm-scripts/00-initialize-secrets.sh

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/swarm-scripts/74.setup-dns-manager.sh`:
- Around line 71-87: The final success message is being printed before the new
ClusterPolicyAffinityRule setup path completes, so move the completion log to
after the AFFINITY_RULE_ID check/create block in setup-dns-manager.sh. Update
the script flow around the new affinity-rule logic so the existing “Done...”
message is emitted only after the cluster policy and swarm-cli.py operations
finish successfully.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 31113a90-0d5a-423c-af46-71ed70bbf56a

📥 Commits

Reviewing files that changed from the base of the PR and between c53a3d3 and 7db4d30.

📒 Files selected for processing (2)
  • src/swarm-scripts/00-initialize-secrets.sh
  • src/swarm-scripts/74.setup-dns-manager.sh
💤 Files with no reviewable changes (1)
  • src/swarm-scripts/00-initialize-secrets.sh

Comment thread src/swarm-scripts/74.setup-dns-manager.sh
AgentRX
AgentRX previously approved these changes Jun 26, 2026
zbitname added 5 commits July 2, 2026 14:32
Implemented logic to check for and create a ClusterPolicyAffinityRule for 'knot-affinity' in the DNS manager setup script. This ensures the rule is only created if it does not already exist, enhancing the provisioning process.
Replaced direct MySQL commands with Python script calls for checking and creating the global_id in the SwarmIdPointer. This enhances the script's maintainability and aligns with the recent refactor of secret initialization.
Reintroduced the completion message indicating that the provision worker will reconcile the service shortly, enhancing user feedback during the DNS manager setup process.
@zbitname zbitname force-pushed the feature/custom-globalid branch from 4402978 to 7df46d5 Compare July 2, 2026 11:33
@zbitname zbitname merged commit 5bc74a4 into main Jul 2, 2026
5 of 6 checks passed
@zbitname zbitname deleted the feature/custom-globalid branch July 2, 2026 13:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants