These will probably need to be hardcoded on the frontend as well, since this doesn't seem to get generated.

We have external provisioners running today on some customer deployments. Will this be ok if they are assigned to the built in?

Should we assign the existing rows to thepsk at33333333-3333-3333-3333-33333333333, and have the startup code fix the built in rows?

So I did try to consider the outputs here and picked this one since it felt like the least impact, but let me know if you feel otherwise:

• There's no data in the DB that lets us know if it's a built-in or PSK today
• External provisioners will need to reconnect after a coderd upgrade anyways, and on reconnection they will be assigned the correct333... id.
• On the average deployment we would most likely see more built-ins than external, so if we have to pick one, built-in is probably less incorrect
• I considered allowing null and not back porting the reference but that felt extra messy in the resulting queries and handler logic.

So basically with this migration the external provisioners will be incorrectly labeled as built-in until the provisioners reconnect. Because we only show recent provisioners the ones that do not connect again (and stay incorrectly labeled) will only be shown for a short while before being removed from the list we show users.

Also worth noting that right now this key reference is only for grouping in read operations, no mutation logic is performed based on this value today.

1. a built-in constant we control feels like a good target foruuid.MustParse
2. these are already just basic strings, yeah?

const (ProvisionerKeyIDBuiltIn="00000000-0000-0000-0000-000000000001"ProvisionerKeyIDUserAuth="00000000-0000-0000-0000-000000000002"ProvisionerKeyIDPSK="00000000-0000-0000-0000-000000000003")

They should be safe, but I'd rather just follow the no panic principal here so we at least return a proper error in the response

this'll prevent the frontend from warning about non-recent provisioners. I could see this being useful as a query/filter parameter but I'm not sure it's the right default.

The recency threshold here is the same as the deployment level provisioners page. If that page has non-recent warnings, I wonder if the warning threshold is lower than the "recent" threshold on the backend.

I guess it's fine to match the health page for now

I don't think this should be a query param. The current stale timer is a hack imo.

In the future, we should just show the current connected provisioner daemons. They all hold open a websocket to 1 Coderd. So we could implement a method of detecting when a provisioner goes away immediately, and not wait for heartbeats.

The realtime data on connected provisioners was a reach goal for GA that we decided was not required, so I think it's totally something we can look at on a future pass.

if there's more than one provisioner per key on average, this'll reallocate. a safer upper-bound would belen(recentDaemons), but there is the possibility that it could overshoot by a bit. I'm fine with either, just making sure the tradeoffs have been considered!

Reallocating is not a big deal.

Why does the api exclude reserved? Why not include psk and built ins?

This endpoint is used by the CLI and I don't think it's necessary to show them in isolation or without a reference to the daemon counterparts since they are more placeholder.

Do you think we can deprecate the old endpoint at some point in the future? Should we mark it deprecated in swagger?