From 570a6169c305ac33b4678ce2bddbc79c8277deb7 Mon Sep 17 00:00:00 2001 From: Codex Date: Mon, 15 Jun 2026 04:27:45 +0000 Subject: [PATCH] fix: use lane-local admin API key source --- scripts/src/hwlab-node.ts | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/scripts/src/hwlab-node.ts b/scripts/src/hwlab-node.ts index 30134eb1..bfe02e10 100644 --- a/scripts/src/hwlab-node.ts +++ b/scripts/src/hwlab-node.ts @@ -114,7 +114,6 @@ interface NodeRuntimeGitMirrorTargetSpec { gitopsBranch: string; } -const MASTER_ADMIN_API_KEY_ENV = "/root/.config/hwlab-v02/master-server-admin-api-key.env"; const MASTER_ADMIN_API_KEY_KEY = "api-key"; const BOOTSTRAP_ADMIN_PASSWORD_HASH_KEY = "password-hash"; const BOOTSTRAP_ADMIN_SOURCE_NAMESPACE = "hwlab-v02"; @@ -3462,7 +3461,7 @@ function runNodeSecret(options: NodeSecretOptions): Record { } const bootstrapAdminMaterial = options.preset === "bootstrap-admin" ? readBootstrapAdminSecretMaterial(spec) : null; const input = options.preset === "master-server-admin-api-key" && options.action === "ensure" && !options.dryRun - ? readMasterAdminApiKey().key + ? readMasterAdminApiKey(spec).key : options.preset === "bootstrap-admin" && options.action === "ensure" && !options.dryRun && bootstrapAdminMaterial?.ok === true ? bootstrapAdminMaterial.passwordHash ?? "" : ""; @@ -5931,13 +5930,18 @@ export function nodeSecretStatusFromTextForTest(text: string, commandOk: boolean return secretStatusFromText(text, commandOk, exitCode, stderr, runtimeSecretSpec({ node, lane })); } -function readMasterAdminApiKey(): { key: string; source: string } { - if (!existsSync(MASTER_ADMIN_API_KEY_ENV)) throw new Error(`HWLAB_API_KEY source missing: ${MASTER_ADMIN_API_KEY_ENV}`); - const content = readFileSync(MASTER_ADMIN_API_KEY_ENV, "utf8"); +function masterAdminApiKeyEnvPath(spec: RuntimeSecretSpec): string { + return `/root/.config/hwlab-${spec.lane}/master-server-admin-api-key.env`; +} + +function readMasterAdminApiKey(spec: RuntimeSecretSpec): { key: string; source: string } { + const source = masterAdminApiKeyEnvPath(spec); + if (!existsSync(source)) throw new Error(`HWLAB_API_KEY source missing: ${source}`); + const content = readFileSync(source, "utf8"); const match = content.match(/^HWLAB_API_KEY=(.+)$/m); const raw = (match?.[1] ?? "").trim().replace(/^['"]|['"]$/g, ""); - if (!raw.startsWith("hwl_live_")) throw new Error(`HWLAB_API_KEY source invalid: ${MASTER_ADMIN_API_KEY_ENV}`); - return { key: raw, source: MASTER_ADMIN_API_KEY_ENV }; + if (!raw.startsWith("hwl_live_")) throw new Error(`HWLAB_API_KEY source invalid: ${source}`); + return { key: raw, source }; } function optionValue(args: string[], name: string): string | undefined {