fix(main): heal ADMIN_TOKEN placeholder in global_secrets on startup (#831) #893
Merged
devops-engineer
merged 1 commits from 2026-05-13 21:46:47 +00:00
fix/831-go-only into staging
1 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 5aa747241a |
fix(main): heal ADMIN_TOKEN placeholder in global_secrets on startup (#831)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 17s
Harness Replays / detect-changes (pull_request) Successful in 22s
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 19s
qa-review / approved (pull_request) Failing after 23s
security-review / approved (pull_request) Failing after 24s
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m1s
CI / Detect changes (pull_request) Successful in 1m4s
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m8s
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m4s
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m18s
Harness Replays / Harness Replays (pull_request) Successful in 6s
CI / Canvas (Next.js) (pull_request) Successful in 7s
CI / Shellcheck (E2E scripts) (pull_request) Successful in 6s
CI / Python Lint & Test (pull_request) Successful in 17s
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 12s
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 14s
E2E API Smoke Test / E2E API Smoke Test (pull_request) Failing after 1m17s
gate-check-v3 / gate-check (pull_request) Successful in 34s
CI / Canvas Deploy Reminder (pull_request) Has been skipped
sop-checklist-gate / gate (pull_request) Successful in 25s
sop-tier-check / tier-check (pull_request) Successful in 24s
CI / Platform (Go) (pull_request) Failing after 4m2s
CI / all-required (pull_request) Successful in 6s
sop-checklist / all-items-acked (pull_request) acked: 7/7
audit-force-merge / audit (pull_request) Successful in 40s
Issue #831: integration-tester workspace (33bb2f71) has ADMIN_TOKEN="placeholder-will-ask-for-real" in its container env because loadWorkspaceSecrets reads ALL rows from global_secrets and injects them into every workspace container. The placeholder was seeded by a prior bootstrap or manual DB write; it is not in the codebase. The correct ADMIN_TOKEN lives in the platform's host environment (os.Getenv) but was never propagated to global_secrets. The fix adds fixAdminTokenPlaceholder() which runs once at platform startup (SaaS tenants only, cpProv != nil): 1. Reads the real ADMIN_TOKEN from the host environment. 2. Reads the current global_secrets value and decrypts it. 3. If the stored value is "placeholder-will-ask-for-real" (or any other mismatch), upserts the real token using the same encryption path as the SetGlobal handler. 4. Logs the action taken so operators can audit the fix. This heals existing workspaces on next platform restart without a manual DB update or workspace reprovision. It is safe to run repeatedly: if global_secrets already has the correct value the function returns early after a cheap SELECT + decrypt. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
