gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 14:51:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(compose): set CERTCTL_DEMO_MODE_ACK=true in demo compose (cold-DB smoke fix)

Browse Source 
The cold-db-compose-smoke job (Auditable Codebase Bundle item 6) fired
on first run and surfaced a real bug: certctl-server fail-fasts at
startup with:

  Failed to load configuration: CERTCTL_AUTH_TYPE=none with non-loopback
  CERTCTL_SERVER_HOST="0.0.0.0" requires CERTCTL_DEMO_MODE_ACK=true to
  acknowledge that every request will be served as the synthetic admin
  actor `actor-demo-anon`.

Root cause: the 2026-05-10 HIGH-12 closure (Fix 11) added the
fail-fast guard in internal/config/config.go::Validate() but did NOT
update deploy/docker-compose.yml to provide the explicit ACK. The
clean default compose IS the bundled demo path
(CERTCTL_AUTH_TYPE=none + KEYGEN_MODE=server + DEMO_SEED=true per the
inline comments on lines 137-143), so the ACK is correct here by
design.

Latent in master since the HIGH-12 fix landed. Nobody hit it because
warm containers + warm DBs masked the boot-time validation. The
cold-DB compose smoke caught it on the first true cold-boot run —
exactly the bug class it was built for.

Fix:
  - Add CERTCTL_DEMO_MODE_ACK: "true" to the certctl-server env block
    in deploy/docker-compose.yml.
  - Add a head-comment explaining why the ACK is correct in this
    compose (it IS the demo path) and that production deploys override
    AUTH_TYPE + KEYGEN_MODE + DEMO_SEED + DEMO_MODE_ACK via their own
    compose.

Verified:
  - YAML parse clean.
  - scripts/ci-guards/complete-path-config-coverage.sh green (194
    env vars; new CERTCTL_DEMO_MODE_ACK reference in deploy/ counts
    as a consumer).

Audit-Closes: post-v2.1.0-anti-rot/item-6
Audit-Closes: audit-2026-05-10/HIGH-12-followon
This commit is contained in:
shankar0123
2026-05-12 14:58:16 +00:00
parent b4378942fc
commit 6d0f7747df
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/docker-compose.yml
+9
View File
@@ -130,6 +130,15 @@ services:
CERTCTL_SERVER_TLS_KEY_PATH: /etc/certctl/tls/server.key CERTCTL_SERVER_TLS_KEY_PATH: /etc/certctl/tls/server.key
CERTCTL_LOG_LEVEL: info CERTCTL_LOG_LEVEL: info
CERTCTL_AUTH_TYPE: none CERTCTL_AUTH_TYPE: none
# Audit 2026-05-10 HIGH-12 closure: when AUTH_TYPE=none AND the
# server binds to a non-loopback address (SERVER_HOST=0.0.0.0
# above), every request is served as the synthetic actor
# `actor-demo-anon`. The server fail-fasts at startup unless
# DEMO_MODE_ACK=true acknowledges that posture. This compose IS
# the bundled demo path (see DEMO_SEED comment below), so the
# ACK is correct here. Production deploys override AUTH_TYPE +
# KEYGEN_MODE + DEMO_SEED + DEMO_MODE_ACK via their own compose.
CERTCTL_DEMO_MODE_ACK: "true"
CERTCTL_KEYGEN_MODE: server # Demo uses server-side keygen; production should use "agent" CERTCTL_KEYGEN_MODE: server # Demo uses server-side keygen; production should use "agent"
CERTCTL_NETWORK_SCAN_ENABLED: "true" # Enable network scan GUI with seeded demo targets CERTCTL_NETWORK_SCAN_ENABLED: "true" # Enable network scan GUI with seeded demo targets
CERTCTL_CONFIG_ENCRYPTION_KEY: ${CERTCTL_CONFIG_ENCRYPTION_KEY:-change-me-32-char-encryption-key} # AES-256-GCM for dynamic issuer/target config CERTCTL_CONFIG_ENCRYPTION_KEY: ${CERTCTL_CONFIG_ENCRYPTION_KEY:-change-me-32-char-encryption-key} # AES-256-GCM for dynamic issuer/target config