fix: repair host Docker pool key during validate
Pipelines as Code CI / hwlab-web-probe-sentinel-nc01- Success

This commit is contained in:
Codex
2026-07-09 15:42:36 +02:00
parent 44b716538e
commit 34b2b119ba
2 changed files with 35 additions and 6 deletions
@@ -1086,6 +1086,36 @@ def existing_sub2api_pool_api_key(token):
return None
return sub2api_key_value(existing)
def ensure_pool_api_key_for_validate(token, secret_value, source_action):
group, group_action = ensure_group(token)
group_id = group.get("id") if isinstance(group, dict) else None
if group_id is None:
raise RuntimeError("pool group id missing while ensuring validate API key")
api_key = secret_value or generate_api_key()
api_key_result = ensure_sub2api_api_key(token, api_key, group_id)
host_env_action = write_host_env_value(POOL_API_KEY_SECRET_KEY, api_key)
key_item = {
"id": api_key_result.get("id"),
"name": api_key_result.get("name") or POOL_API_KEY_NAME,
"group_id": api_key_result.get("groupId"),
"user_id": api_key_result.get("userId"),
"key": api_key,
}
return api_key, key_item, {
"ok": True,
"source": "sub2api-admin-api",
"sourceAction": source_action,
"secretPresent": bool(secret_value),
"lookup": "ensured-by-admin-api",
"groupAction": group_action,
"sub2apiAction": api_key_result.get("action"),
"sub2apiId": api_key_result.get("id"),
"hostEnvAction": host_env_action,
"hostEnvPath": HOST_DOCKER_ENV_PATH,
"hostEnvKey": POOL_API_KEY_SECRET_KEY,
"valuesPrinted": False,
}
def resolve_pool_api_key_for_validate(token):
secret_value = None
secret_error = None
@@ -1126,10 +1156,9 @@ def resolve_pool_api_key_for_validate(token):
"valuesPrinted": False,
}
if not secret_value:
detail = f"; envReadError={secret_error}" if secret_error else ""
raise RuntimeError(f"{pool_api_key_secret_location()} missing and Sub2API admin API key named {POOL_API_KEY_NAME} did not return a recoverable key{detail}")
return ensure_pool_api_key_for_validate(token, secret_value, "created-missing")
matched_name = matched_item.get("name") if isinstance(matched_item, dict) else None
raise RuntimeError(f"{pool_api_key_secret_location()} present but does not match pool key {POOL_API_KEY_NAME}; matchedName={matched_name or '-'}; admin API did not return a recoverable named key")
return ensure_pool_api_key_for_validate(token, secret_value, "repaired-mismatch:" + (matched_name or "-"))
if not secret_value:
raise RuntimeError(f"{POOL_API_KEY_SECRET_NAME}.{POOL_API_KEY_SECRET_KEY} missing")
return secret_value, matched_item, {
@@ -1722,10 +1751,10 @@ def ensure_sub2api_api_key(token, api_key, group_id):
created = ensure_success(curl_api("POST", "/api/v1/keys", bearer=token, payload=payload), "create pool API key")
existing = created if isinstance(created, dict) else existing
action = "created"
elif existing.get("id") is not None and existing.get("group_id") != group_id:
elif existing.get("id") is not None and (existing.get("group_id") != group_id or existing.get("name") != POOL_API_KEY_NAME):
updated = ensure_success(curl_api("PUT", f"/api/v1/keys/{existing['id']}", bearer=token, payload={"name": POOL_API_KEY_NAME, "group_id": group_id}), "update pool API key group")
existing = updated if isinstance(updated, dict) else existing
action = "updated-group"
action = "updated-name-group"
return {
"action": action,
"id": existing.get("id") if isinstance(existing, dict) else None,