mirror of
https://github.com/azaion/admin.git
synced 2026-06-21 15:51:10 +00:00
Oleksandr Bezdieniezhnykh
f369153149
Batch 5 (cycle 2 hotfix sprint, batch 1 of 2). 6 story points under epic AZ-530. Addresses 2 Critical + 2 High deploy-blocking findings from security_report_cycle2.md (F-INFRA-1..F-INFRA-4). AZ-552 — drop_jwt_secret_deploy_preflight (1 pt, F-INFRA-1 Critical) scripts/start-services.sh swaps obsolete JwtConfig__Secret preflight for the cycle-2 trio (KeysFolder + ActiveKid + DataProtection.KeysFolder). .env.example, env/api/env.ps1, _docs/04_deploy/* updated to match. Repo scan in scripts/ and .env.example returns 0 offenders. AZ-553 — bind_mount_es256_keys (2 pts, F-INFRA-2 Critical) start-services.sh bind-mounts DEPLOY_HOST_JWT_KEYS_DIR read-only at /etc/azaion/jwt-keys; preflight fails fast on a missing or empty host directory with operator-actionable error messages. AZ-554 — persist_dataprotection_keys (2 pts, F-INFRA-3 High) Program.cs DataProtection wiring now fails fast in Production when KeysFolder is unset OR not probe-writable. start-services.sh bind-mounts DEPLOY_HOST_DP_KEYS_DIR read-write at /var/lib/azaion/dp-keys. Development behaviour unchanged (ephemeral default). AZ-555 — secrets_readme_es256_rewrite (1 pt, F-INFRA-4 High) secrets/README.md schema fully rewritten; new "Host-side directories" subsection with bind-mount table + ownership/permission guidance. Cycle-1 JwtConfig__Secret removed from live schema (one prose deprecation paragraph retained). Adjacent hygiene module-layout.md "Owns" extended to include scripts/, secrets/, env/, .env.example (gap from Step 9 new-task layout-delta). Tests e2e/Azaion.E2E/Tests/Cycle2HotfixDeployTests.cs — 19 facts (8 exec, 11 Skip with rationale per AZ-537/AZ-538 precedent). Skipped tests cover preflight/restart/Production-only paths verified at deploy gate. Build: 0W 0E across Azaion.AdminApi + Azaion.E2E. Test run deferred to autodev Step 11 (Run Tests). Tracker transition deferred to next batch (MCP availability unverified in this session — Leftovers pattern). Co-authored-by: Cursor <cursoragent@cursor.com>
33 lines
1.5 KiB
Bash
33 lines
1.5 KiB
Bash
# Plain-text overlay for staging — committed; safe to read.
|
|
# Loaded BEFORE the sops-decrypted overlay; secret values stay encrypted.
|
|
|
|
ASPNETCORE_ENVIRONMENT=Staging
|
|
ASPNETCORE_URLS=http://+:8080
|
|
|
|
# Idempotent appsettings overrides — these match production for parity.
|
|
ASPNETCORE_JwtConfig__Issuer=AzaionApi
|
|
ASPNETCORE_JwtConfig__Audience=Annotators/OrangePi/Admins
|
|
# AZ-532: cycle-2 access tokens are 15 min, refresh tokens own the longer window.
|
|
ASPNETCORE_JwtConfig__AccessTokenLifetimeMinutes=15
|
|
# AZ-552/AZ-553: container-side path is fixed; host dir is bind-mounted by start-services.sh.
|
|
ASPNETCORE_JwtConfig__KeysFolder=/etc/azaion/jwt-keys
|
|
# AZ-553: ActiveKid MUST be set on every deploy. Set in operator shell during
|
|
# generate-jwt-key.sh rotation.
|
|
# ASPNETCORE_JwtConfig__ActiveKid=<set in operator shell or encrypted overlay>
|
|
# AZ-554: persisted DataProtection key ring. Container-side path; host dir is RW bind-mount.
|
|
ASPNETCORE_DataProtection__KeysFolder=/var/lib/azaion/dp-keys
|
|
ASPNETCORE_ResourcesConfig__ResourcesFolder=Content
|
|
|
|
# Deploy-host plumbing.
|
|
DEPLOY_CONTAINER_NAME=azaion.api
|
|
DEPLOY_HOST_PORT=4000
|
|
DEPLOY_HOST_CONTENT_DIR=/root/api/content
|
|
DEPLOY_HOST_LOGS_DIR=/root/api/logs
|
|
# AZ-553/AZ-554: host-side directories bind-mounted into the container.
|
|
DEPLOY_HOST_JWT_KEYS_DIR=/var/lib/azaion/jwt-keys
|
|
DEPLOY_HOST_DP_KEYS_DIR=/var/lib/azaion/dp-keys
|
|
|
|
# Registry. REGISTRY_USER / REGISTRY_TOKEN come from the encrypted overlay.
|
|
REGISTRY_HOST=docker.azaion.com
|
|
REGISTRY_IMAGE=azaion/admin
|