Skip to content

🤖 fix: unblock operator access token secret bootstrap#51

Merged
ThomasK33 merged 1 commit into
control-plane-5q3hfrom
cluster-ops-5vay
Feb 11, 2026
Merged

🤖 fix: unblock operator access token secret bootstrap#51
ThomasK33 merged 1 commit into
control-plane-5q3hfrom
cluster-ops-5vay

Conversation

@ThomasK33
Copy link
Copy Markdown
Member

@ThomasK33 ThomasK33 commented Feb 11, 2026
edited
Loading

Summary

Fixes operator-access bootstrap so the controller can reliably create the generated operator API token Secret for CoderControlPlane resources.

Background

While validating the CloudNativePG example, operator access remained pending and no <name>-operator-token Secret was created. The bootstrap provisioner hit a lib/pq protocol error while ensuring organization memberships.

Implementation

  • Updated ensureOperatorMemberships in internal/coderbootstrap/operator_access_postgres.go to:
    • read all organization IDs first,
    • close the result rows explicitly,
    • then run membership upserts.
  • Preserved existing defensive assertions and added an explicit error on row-close failure.

Validation

  • make test
  • make build
  • make lint
  • ⚠️ make verify-vendor currently fails in this environment due an upstream module checksum mismatch unrelated to this change:
    • github.com/MirrexOne/unqueryvet@v1.4.0
  • ✅ Kind smoke verification after redeploy:
    • coder-operator-token Secret created in coder namespace
    • status.operatorAccessReady: true
    • status.operatorTokenSecretRef.name: coder-operator-token

Risks

Low risk. Change is localized to operator-access bootstrap transaction sequencing; behavior is unchanged aside from eliminating a driver/protocol failure path.

Generated with mux • Model: openai:gpt-5.3-codex • Thinking: xhigh • Cost: $0.00

@ThomasK33
🤖 fix: close organization rows before operator token upserts
355b3bc 
Collect and close organization rows before executing membership upserts in the same transaction.

This avoids lib/pq protocol errors during operator-access bootstrap and allows the operator token secret to be created.

Signed-off-by: Thomas Kosiewski <tk@coder.com>

---
_Generated with [`mux`](https://github.com/coder/mux) • Model: `openai:gpt-5.3-codex` • Thinking: `xhigh` • Cost: `bash.00`_

<!-- mux-attribution: model=openai:gpt-5.3-codex thinking=xhigh costs=0.00 -->

Change-Id: I47d6a3c644be463a0b81c0720b05b61897200154
@ThomasK33
Copy link
Copy Markdown
Member Author

ThomasK33 commented Feb 11, 2026

@codex review

Please review this fix for operator token bootstrap in ensureOperatorMemberships.

@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector Bot commented Feb 11, 2026

Codex Review: Didn't find any major issues. Bravo.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@ThomasK33 ThomasK33 merged commit 3794e84 into control-plane-5q3h Feb 11, 2026
8 checks passed
@ThomasK33 ThomasK33 deleted the cluster-ops-5vay branch February 11, 2026 14:44
@ThomasK33
Copy link
Copy Markdown
Member Author

ThomasK33 commented Feb 11, 2026

https://mux.md/Bh7dd#Y_yRdojW2fFamw

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThomasK33