mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 20:51:30 +00:00
shankar0123
3f27c60f59
The Rank 5 cloud-target seed rows in `seed_demo.sql` referenced a non-existent `ag-server` agent_id. On every fresh-clone `docker compose -f deploy/docker-compose.yml -f deploy/docker-compose.demo.yml up` the server crash-looped at the demo-seed step: pq: insert or update on table "deployment_targets" violates foreign key constraint "deployment_targets_agent_id_fkey" Origin: commit89b6d71("docs, seed: cloud-target operator runbook + AWS ACM / Azure KV demo seed rows") added the rows but didn't insert or rebind to a matching agents row. The `ag-server` ID never existed in seed_demo.sql or anywhere else. Fix: bind the two cloud targets to the existing cloud sentinel agents that were already inserted at lines 78-79 (alongside `cloud-gcp-sm`): - tgt-aws-acm-prod → cloud-aws-sm - tgt-azure-kv-prod → cloud-azure-kv These cloud sentinels were inserted in commit 89b6d71's same family specifically to back agentless cloud targets — exact semantic match. Why the existing test didn't catch this: TestRunDemoSeed_AppliesIdempotently in internal/repository/postgres/seed_test.go calls the same RunSeed + RunDemoSeed pair the server uses at boot, so it WOULD have caught the FK violation. But the test depends on a live PostgreSQL container via testcontainers-go and is gated under `testing.Short()` → the default `go test ./... -short` lane that `make verify` runs always skipped it. The dedicated integration lane that strips `-short` either wasn't run on commit89b6d71or the failure was missed. Promoting the test out from under `-short` is a separate hardening conversation (CI runs need docker-in-docker which isn't free); that's out of scope for this hotfix. Static FK audit confirms the fix: Defined agent IDs (12): ag-{data,edge-01,iis,k8s,lb,mac-dev, web-prod,web-staging}-prod, cloud-{aws-sm,azure-kv,gcp-sm}, server-scanner Referenced agent_id values in deployment_targets after fix: ag-data-prod, ag-edge-01, ag-iis-prod, ag-k8s-prod, ag-lb-prod, ag-web-prod, ag-web-staging, cloud-aws-sm, cloud-azure-kv Unresolved: zero. Acceptance gate (operator-side): - docker compose -f deploy/docker-compose.yml \ -f deploy/docker-compose.demo.yml up -d --build against a fresh clone — server boots clean within 30s, dashboard at https://localhost:8443 shows the seeded demo data.