gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 17:51:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bundle-5): CI green-up — drop unused sync.Once + document new env vars

Browse Source 
Two CI gate failures from the Bundle 5 push:

1. golangci-lint (unused) — agent_bootstrap.go declared
   `var bootstrapWarnOnce sync.Once` but never called .Do(). The
   one-shot WARN actually lives in cmd/server/main.go (per-process at
   startup, not per-request) so the handler-side variable was dead code.
   Dropped the var + sync import; left a comment explaining where the
   WARN lives.

2. G-3 env-var docs guardrail — Bundle 5 added two new env vars
   (CERTCTL_AGENT_BOOTSTRAP_TOKEN, CERTCTL_AUDIT_FLUSH_TIMEOUT_SECONDS)
   but the G-3 closure CI step asserts every CERTCTL_* env defined in
   internal/config/config.go is mentioned in docs/features.md. Added
   three new sub-sections to docs/features.md after the Body Size
   Limits block:
     * Agent Bootstrap Token (H-007 contract + generation guidance)
     * Graceful Shutdown Audit Flush (M-011 timeout knob)
     * Liveness vs Readiness Probes (H-006 /health vs /ready table)

No production behaviour change; pure CI-gate fix.

Verification
- go vet ./internal/api/handler/...   → clean
- go test -count=1 -run 'TestVerifyBootstrapToken|TestRegisterAgent_BootstrapToken' ./internal/api/handler/...  → all pass
- grep CERTCTL_AGENT_BOOTSTRAP_TOKEN docs/features.md     → present
- grep CERTCTL_AUDIT_FLUSH_TIMEOUT_SECONDS docs/features.md → present
This commit is contained in:
shankar0123
2026-04-26 00:03:03 +00:00
parent 1a845a9490
commit a2a82a6cf8
2 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/handler/agent_bootstrap.go
+3 -4
View File
@@ -5,7 +5,6 @@ import (
"errors"
"net/http"
"strings"
"sync"
)
// Bundle-5 / Audit H-007 / CWE-306 + CWE-288:
@@ -42,9 +41,9 @@ import (
// Handlers translate this into HTTP 401 with a fixed error string.
var ErrBootstrapTokenInvalid = errors.New("invalid or missing agent bootstrap token")
// bootstrapWarnOnce gates the one-shot deprecation WARN to a single emission
// per process so a busy registration endpoint doesn't flood the log.
var bootstrapWarnOnce sync.Once
// Operator-visible deprecation WARN for the warn-mode default lives in
// cmd/server/main.go — emitted once at startup, not per-request, so a
// busy registration endpoint doesn't flood the log.
// verifyBootstrapToken returns nil when the request should proceed and
// ErrBootstrapTokenInvalid when it should be rejected.