azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-06-21 13:01:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6e1e147562d18413d0a4f9f38b80933df1e7a415
admin/env/api/env.ps1
T
Oleksandr Bezdieniezhnykh f369153149 [AZ-552] [AZ-553] [AZ-554] [AZ-555] Cycle-2 hotfix: deploy/infra chain 
Batch 5 (cycle 2 hotfix sprint, batch 1 of 2). 6 story points under epic
AZ-530. Addresses 2 Critical + 2 High deploy-blocking findings from
security_report_cycle2.md (F-INFRA-1..F-INFRA-4).

AZ-552 — drop_jwt_secret_deploy_preflight (1 pt, F-INFRA-1 Critical)
  scripts/start-services.sh swaps obsolete JwtConfig__Secret preflight
  for the cycle-2 trio (KeysFolder + ActiveKid + DataProtection.KeysFolder).
  .env.example, env/api/env.ps1, _docs/04_deploy/* updated to match. Repo
  scan in scripts/ and .env.example returns 0 offenders.

AZ-553 — bind_mount_es256_keys (2 pts, F-INFRA-2 Critical)
  start-services.sh bind-mounts DEPLOY_HOST_JWT_KEYS_DIR read-only at
  /etc/azaion/jwt-keys; preflight fails fast on a missing or empty host
  directory with operator-actionable error messages.

AZ-554 — persist_dataprotection_keys (2 pts, F-INFRA-3 High)
  Program.cs DataProtection wiring now fails fast in Production when
  KeysFolder is unset OR not probe-writable. start-services.sh bind-mounts
  DEPLOY_HOST_DP_KEYS_DIR read-write at /var/lib/azaion/dp-keys.
  Development behaviour unchanged (ephemeral default).

AZ-555 — secrets_readme_es256_rewrite (1 pt, F-INFRA-4 High)
  secrets/README.md schema fully rewritten; new "Host-side directories"
  subsection with bind-mount table + ownership/permission guidance.
  Cycle-1 JwtConfig__Secret removed from live schema (one prose
  deprecation paragraph retained).

Adjacent hygiene
  module-layout.md "Owns" extended to include scripts/, secrets/, env/,
  .env.example (gap from Step 9 new-task layout-delta).

Tests
  e2e/Azaion.E2E/Tests/Cycle2HotfixDeployTests.cs — 19 facts (8 exec,
  11 Skip with rationale per AZ-537/AZ-538 precedent). Skipped tests
  cover preflight/restart/Production-only paths verified at deploy gate.

Build: 0W 0E across Azaion.AdminApi + Azaion.E2E.
Test run deferred to autodev Step 11 (Run Tests).
Tracker transition deferred to next batch (MCP availability unverified
in this session — Leftovers pattern).

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-14 09:35:57 +03:00

16 lines
1.0 KiB
PowerShell
Raw Blame History

f (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
$arguments = "-Command `"& { Set-ExecutionPolicy Bypass -Scope Process -Force; & '$PSCommand' $($args -join ' ') }`""
Start-Process -Verb RunAs -FilePath "powershell.exe" -ArgumentList $arguments
exit # Terminate the current non-elevated script
}
& "setx" "foo" "bar"
setx ASPNETCORE_ConnectionStrings__AzaionDb Host=localhost;Database=azaion;Username=azaion_reader;Password=Az_read;
setx ASPNETCORE_ConnectionStrings__AzaionDbAdmin Host=localhost;Database=azaion;Username=azaion_admin;Password=Az_admin;
# AZ-552 — JWT signing moved from HS256 symmetric secret to ES256 asymmetric.
# Dev: generate a PEM via WSL with `bash scripts/generate-jwt-key.sh` and point
# KeysFolder at the resulting directory. ActiveKid is the PEM filename minus .pem.
setx ASPNETCORE_JwtConfig__KeysFolder $PSScriptRoot\..\..\secrets\jwt-keys
setx ASPNETCORE_JwtConfig__ActiveKid kid-dev-local
Reference in New Issue View Git Blame Copy Permalink