carverauto/serviceradar

Fork 0

fixing zen crash #2663

Merged

mfreeman451 merged 1 commit from refs/pull/2663/head into staging

2026-01-14 04:20:24 +00:00

mfreeman451 commented

2026-01-14 04:20:00 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2283
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2283
Original created: 2026-01-14T04:20:00Z
Original updated: 2026-01-14T04:21:07Z
Original head: carverauto/serviceradar:chore/fix-zen-demo-staging
Original base: staging
Original merged: 2026-01-14T04:20:24Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Bug fix

Description

Add support for auto-generated NATS credentials in Zen deployment
Fix incorrect YAML field name from name to secretName
Ensure NATS credentials volume mounts when auto-generation is enabled

Diagram Walkthrough

flowchart LR
  A["Zen Deployment Config"] -->|Add autoGenerate condition| B["NATS Volume Mount"]
  A -->|Fix secretName field| C["NATS Secret Reference"]
  B --> D["Proper credential mounting"]
  C --> D

File Walkthrough

Relevant files

Bug fix

zen.yaml

Fix NATS credentials mounting and secret field name

helm/serviceradar/templates/zen.yaml

Added .Values.natsCreds.autoGenerate condition to NATS credentials
volume mount check (line 29)
Added .Values.natsCreds.autoGenerate condition to NATS credentials
volume definition check (line 93)
Fixed incorrect YAML field name from name to secretName in NATS secret
reference (line 103)

+3/-3

Imported from GitHub pull request. Original GitHub pull request: #2283 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2283 Original created: 2026-01-14T04:20:00Z Original updated: 2026-01-14T04:21:07Z Original head: carverauto/serviceradar:chore/fix-zen-demo-staging Original base: staging Original merged: 2026-01-14T04:20:24Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Bug fix ___ ### **Description** - Add support for auto-generated NATS credentials in Zen deployment - Fix incorrect YAML field name from `name` to `secretName` - Ensure NATS credentials volume mounts when auto-generation is enabled ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Zen Deployment Config"] -->|Add autoGenerate condition| B["NATS Volume Mount"] A -->|Fix secretName field| C["NATS Secret Reference"] B --> D["Proper credential mounting"] C --> D ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>zen.yaml</strong><dd><code>Fix NATS credentials mounting and secret field name</code>            </dd></summary> <hr> helm/serviceradar/templates/zen.yaml <ul><li>Added <code>.Values.natsCreds.autoGenerate</code> condition to NATS credentials <br>volume mount check (line 29)<br> <li> Added <code>.Values.natsCreds.autoGenerate</code> condition to NATS credentials <br>volume definition check (line 93)<br> <li> Fixed incorrect YAML field name from <code>name</code> to <code>secretName</code> in NATS secret <br>reference (line 103)</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2283/files#diff-6ad57a6af05e6ac723002f0979b35265589bd65639d2ea1605465c695f51364b">+3/-3</a>      </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2026-01-14 04:20:17 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2283#issuecomment-3747625364
Original created: 2026-01-14T04:20:17Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2283#issuecomment-3747625364 Original created: 2026-01-14T04:20:17Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td>🟢</td><td><details><summary><strong>No security concerns identified</strong></summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary>🎫 <strong>No ticket provided </strong></summary> - [ ] Create ticket/issue  </details></td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=6>🟢</td><td> <details><summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2026-01-14 04:21:07 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2283#issuecomment-3747626915
Original created: 2026-01-14T04:21:07Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Add emptyDir for autoGenerate volumes When `.Values.natsCreds.autoGenerate` is true, use an `emptyDir` volume for `nats-creds` instead of a `secret` to avoid deployment failures. helm/serviceradar/templates/zen.yaml [98-102] `-{{- if or .Values.natsCreds.platform .Values.natsCreds.system .Values.natsCreds.autoGenerate }} +{{- if or .Values.natsCreds.platform .Values.natsCreds.system }} - name: nats-creds secret: secretName: serviceradar-nats-creds +{{- else if .Values.natsCreds.autoGenerate }} +- name: nats-creds + emptyDir: {} {{- end }}` Apply / Chat Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a critical bug where the pod would fail to start if `autoGenerate` is true because it would try to mount a non-existent secret. The proposed fix to use an `emptyDir` volume is the correct pattern for this scenario.	High
Possible issue	Separate mount for autoGenerate without readOnly Separate the volume mount logic for `autoGenerate` to make the path writable, as it should not be read-only like secret-based mounts. helm/serviceradar/templates/zen.yaml [34-38] `-{{- if or .Values.natsCreds.platform .Values.natsCreds.system .Values.natsCreds.autoGenerate }} +{{- if or .Values.natsCreds.platform .Values.natsCreds.system }} - name: nats-creds mountPath: /etc/serviceradar/creds readOnly: true +{{- else if .Values.natsCreds.autoGenerate }} +- name: nats-creds + mountPath: /etc/serviceradar/creds {{- end }}` Apply / Chat Suggestion importance[1-10]: 4 __ Why: The suggestion correctly identifies that the path for `autoGenerate` needs to be writable, but its proposed change of just removing `readOnly: true` is incomplete without also changing the volume definition itself, as a secret volume mount is always read-only.	Low
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2283#issuecomment-3747626915 Original created: 2026-01-14T04:21:07Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=2>Possible issue</td> <td> <details><summary>Add emptyDir for autoGenerate volumes</summary> ___ **When <code>.Values.natsCreds.autoGenerate</code> is true, use an <code>emptyDir</code> volume for <br><code>nats-creds</code> instead of a <code>secret</code> to avoid deployment failures.** [helm/serviceradar/templates/zen.yaml [98-102]](https://github.com/carverauto/serviceradar/pull/2283/files#diff-6ad57a6af05e6ac723002f0979b35265589bd65639d2ea1605465c695f51364bR98-R102) ```diff -{{- if or .Values.natsCreds.platform .Values.natsCreds.system .Values.natsCreds.autoGenerate }} +{{- if or .Values.natsCreds.platform .Values.natsCreds.system }} - name: nats-creds secret: secretName: serviceradar-nats-creds +{{- else if .Values.natsCreds.autoGenerate }} +- name: nats-creds + emptyDir: {} {{- end }} ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 9</summary> __ Why: This suggestion correctly identifies a critical bug where the pod would fail to start if `autoGenerate` is true because it would try to mount a non-existent secret. The proposed fix to use an `emptyDir` volume is the correct pattern for this scenario. </details></details></td><td align=center>High </td></tr><tr><td> <details><summary>Separate mount for autoGenerate without readOnly</summary> ___ **Separate the volume mount logic for <code>autoGenerate</code> to make the path writable, as <br>it should not be read-only like secret-based mounts.** [helm/serviceradar/templates/zen.yaml [34-38]](https://github.com/carverauto/serviceradar/pull/2283/files#diff-6ad57a6af05e6ac723002f0979b35265589bd65639d2ea1605465c695f51364bR34-R38) ```diff -{{- if or .Values.natsCreds.platform .Values.natsCreds.system .Values.natsCreds.autoGenerate }} +{{- if or .Values.natsCreds.platform .Values.natsCreds.system }} - name: nats-creds mountPath: /etc/serviceradar/creds readOnly: true +{{- else if .Values.natsCreds.autoGenerate }} +- name: nats-creds + mountPath: /etc/serviceradar/creds {{- end }} ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 4</summary> __ Why: The suggestion correctly identifies that the path for `autoGenerate` needs to be writable, but its proposed change of just removing `readOnly: true` is incomplete without also changing the volume definition itself, as a secret volume mount is always read-only. </details></details></td><td align=center>Low </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>