defer(prevb): file F-prevb-C (mint_admin ApiKey in access-controlled RAW log; pre-existing, low-sev, out of scope)
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
autonomic-bot
@ -412,3 +412,18 @@ reachable via the operator/dev STAGES escape — production drone runs always ru
|
||||
### 2026-06-13 — deploy-proxy health-gate circular dependency (D8 risk)
|
||||
- [x] **CLOSED @2026-06-13 (Builder, phase pxgate).** Fixed in `runner/warm_reconcile.py` — traefik health probe changed from `ci.commoninternet.net/` (dashboard, ordered After=deploy-proxy) to `traefik.ci.commoninternet.net/api/version` (Traefik's own API, no backend dependency). Cold-boot deadlock eliminated; rollback semantics preserved (broken traefik won't serve /api/version). Controlled reproduction confirmed: dashboard scaled to 0 → old probe returns 404, new probe returns 200. M1 claimed. Adversary PASS pending for DONE. See DECISIONS.md 2026-06-13 pxgate entry.
|
||||
- **Filed by:** Adversary, phase pvfix (cross-filed by Builder)
|
||||
|
||||
### 2026-06-17 — discourse mint_admin prints minted ApiKey to the Drone RAW build log (low-sev)
|
||||
- **What:** `tests/discourse/custom/_discourse.py::mint_admin` mints a run-scoped Discourse admin ApiKey
|
||||
via `rails runner` which prints `CCCI_API_KEY=<plaintext>` to the container stdout; this can reach the
|
||||
**access-controlled Drone RAW build log** (401 without a token). NOT on the public dashboard/results UI
|
||||
(Adversary independently scanned the public surface — clean), and the key is class-B run-scoped
|
||||
(destroyed at teardown). Flagged by the Adversary as **[F-prevb-C, INFO]** during M2 cold acceptance.
|
||||
- **Why deferred (not fixed in prevb):** PRE-EXISTING — the `.key` print predates prevb; prevb only made
|
||||
the container PATH image-agnostic (b66abc4). D6's hard requirement (no secrets on the public results UI)
|
||||
is met. Out of prevb scope (dynamic base + previous/); fixing it is a discourse-custom-test hardening,
|
||||
not a prevb deliverable. Adversary did not VETO / did not block M2 on it.
|
||||
- **Needed from operator:** decide whether to harden — e.g. have `mint_admin` avoid emitting the plaintext
|
||||
key on stdout (write to a run-scoped sidecar the test reads), or register the minted key in the harness
|
||||
redaction set so even the RAW log is scrubbed. Low priority (RAW log is access-controlled; key is ephemeral).
|
||||
- **Filed by:** Builder, phase prevb (acknowledging Adversary [F-prevb-C]).
|
||||
|
||||
Reference in New Issue
Block a user