shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: clarify MITM certificate naming in aibridgeproxyd (#22408)

Browse Source 
## Description

Renames internal fields, variables, and comments related to the proxy's certificate/key configuration to explicitly reference their MITM CA purpose.

The AI Bridge Proxy uses a CA certificate to sign dynamically generated leaf certificates during MITM interception of HTTPS traffic from AI clients. With the upcoming introduction of TLS listener certificates (for serving the proxy itself over HTTPS, implemented upstack https://github.com/coder/coder/pull/22411), the previous generic naming would become ambiguous. This refactor makes it clear which certificate is which.

No user-facing flags, environment variables, YAML keys, or JSON fields were changed, this is purely an internal rename to avoid confusion going forward.

Related to https://github.com/coder/internal/issues/1335
This commit is contained in:
Susana Ferreira
2026-03-05 09:06:38 +00:00
committed by GitHub
parent 94a2e440a8
commit c79e8f2707
8 changed files with 182 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files
codersdk/deployment.go
+8 -8
View File
@@ -3858,21 +3858,21 @@ Write out the current server config as YAML to stdout.`,
YAML: "listen_addr",
},
{
Name: "AI Bridge Proxy Certificate File",
Description: "Path to the CA certificate file for AI Bridge Proxy.",
Name: "AI Bridge Proxy MITM CA Certificate File",
Description: "Path to the CA certificate file used to intercept (MITM) HTTPS traffic from AI clients. This CA must be trusted by AI clients for the proxy to decrypt their requests.",
Flag: "aibridge-proxy-cert-file",
Env: "CODER_AIBRIDGE_PROXY_CERT_FILE",
Value: &c.AI.BridgeProxyConfig.CertFile,
Value: &c.AI.BridgeProxyConfig.MITMCertFile,
Default: "",
Group: &deploymentGroupAIBridgeProxy,
YAML: "cert_file",
},
{
Name: "AI Bridge Proxy Key File",
Description: "Path to the CA private key file for AI Bridge Proxy.",
Name: "AI Bridge Proxy MITM CA Key File",
Description: "Path to the CA private key file used to intercept (MITM) HTTPS traffic from AI clients.",
Flag: "aibridge-proxy-key-file",
Env: "CODER_AIBRIDGE_PROXY_KEY_FILE",
Value: &c.AI.BridgeProxyConfig.KeyFile,
Value: &c.AI.BridgeProxyConfig.MITMKeyFile,
Default: "",
Group: &deploymentGroupAIBridgeProxy,
YAML: "key_file",
@@ -4014,8 +4014,8 @@ type AIBridgeBedrockConfig struct {
type AIBridgeProxyConfig struct {
Enabled serpent.Bool `json:"enabled" typescript:",notnull"`
ListenAddr serpent.String `json:"listen_addr" typescript:",notnull"`
CertFile serpent.String `json:"cert_file" typescript:",notnull"`
KeyFile serpent.String `json:"key_file" typescript:",notnull"`
MITMCertFile serpent.String `json:"cert_file" typescript:",notnull"`
MITMKeyFile serpent.String `json:"key_file" typescript:",notnull"`
DomainAllowlist serpent.StringArray `json:"domain_allowlist" typescript:",notnull"`
UpstreamProxy serpent.String `json:"upstream_proxy" typescript:",notnull"`
UpstreamProxyCA serpent.String `json:"upstream_proxy_ca" typescript:",notnull"`