fix: unblock jd01 sentinel quick verify secrets
This commit is contained in:
@@ -1336,7 +1336,7 @@ export function readBootstrapAdminSecretMaterial(spec: RuntimeSecretSpec): Boots
|
||||
sourceKey,
|
||||
sourceLine,
|
||||
sourcePath: password.sourcePath,
|
||||
sourcePresent: true,
|
||||
sourcePresent: password.sourcePresent,
|
||||
sourceFingerprint: shortSecretFingerprint(password.value),
|
||||
passwordHash: hwlabPasswordHash(password.value),
|
||||
error: null,
|
||||
@@ -1365,7 +1365,7 @@ export function readBootstrapAdminPasswordMaterial(spec: RuntimeSecretSpec): Boo
|
||||
sourceKey,
|
||||
sourceLine,
|
||||
sourcePath: password.sourcePath,
|
||||
sourcePresent: true,
|
||||
sourcePresent: password.sourcePresent,
|
||||
sourceFingerprint: shortSecretFingerprint(password.value),
|
||||
password: password.value,
|
||||
error: null,
|
||||
@@ -1377,22 +1377,27 @@ function readBootstrapAdminUsername(spec: RuntimeSecretSpec): { ok: true; value:
|
||||
if (ref === undefined) return { ok: true, value: spec.bootstrapAdminUsername };
|
||||
const key = spec.bootstrapAdminUsernameSourceKey ?? "username";
|
||||
const material = readSecretSourceScalar(ref, key, spec.bootstrapAdminUsernameSourceLine ?? null);
|
||||
if (!material.ok && material.error === "secret-source-missing" && spec.bootstrapAdminUsername.length > 0) return { ok: true, value: spec.bootstrapAdminUsername };
|
||||
if (!material.ok) return { ok: false, error: `username-${material.error}` };
|
||||
return { ok: true, value: material.value };
|
||||
}
|
||||
|
||||
function readSecretSourceScalar(sourceRef: string, sourceKey: string, sourceLine: number | null): { ok: true; value: string; sourcePath: string; sourcePresent: true } | { ok: false; sourcePath: string; sourcePresent: boolean; error: string } {
|
||||
function readSecretSourceScalar(sourceRef: string, sourceKey: string, sourceLine: number | null): { ok: true; value: string; sourcePath: string; sourcePresent: boolean } | { ok: false; sourcePath: string; sourcePresent: boolean; error: string } {
|
||||
const paths = secretSourcePaths(sourceRef);
|
||||
const sourcePath = paths.find((candidate) => existsSync(candidate)) ?? paths[0] ?? join(repoRoot, ".state", "secrets", sourceRef);
|
||||
if (!existsSync(sourcePath)) return { ok: false, sourcePath, sourcePresent: false, error: "secret-source-missing" };
|
||||
const runtimeValue = process.env[sourceKey];
|
||||
if (!existsSync(sourcePath)) {
|
||||
if (runtimeValue !== undefined && runtimeValue.length > 0) return { ok: true, value: runtimeValue, sourcePath, sourcePresent: false };
|
||||
return { ok: false, sourcePath, sourcePresent: false, error: "secret-source-missing" };
|
||||
}
|
||||
const text = readFileSync(sourcePath, "utf8");
|
||||
if (sourceLine !== null) {
|
||||
const line = text.split(/\r?\n/u)[sourceLine - 1]?.replace(/\r$/u, "") ?? "";
|
||||
if (line.length === 0 && runtimeValue !== undefined && runtimeValue.length > 0) return { ok: true, value: runtimeValue, sourcePath, sourcePresent: true };
|
||||
if (line.length === 0) return { ok: false, sourcePath, sourcePresent: true, error: "secret-line-missing" };
|
||||
return { ok: true, value: line, sourcePath, sourcePresent: true };
|
||||
}
|
||||
const values = parseEnvFile(text);
|
||||
const runtimeValue = process.env[sourceKey];
|
||||
const value = values[sourceKey] ?? runtimeValue;
|
||||
if (value === undefined || value.length === 0) return { ok: false, sourcePath, sourcePresent: true, error: "secret-key-missing" };
|
||||
return { ok: true, value, sourcePath, sourcePresent: true };
|
||||
|
||||
Reference in New Issue
Block a user