fix(generate-gentx): write validator operator key under uid node_admin#186
Closed
bdchatham wants to merge 2 commits into
Closed
fix(generate-gentx): write validator operator key under uid node_admin#186bdchatham wants to merge 2 commits into
bdchatham wants to merge 2 commits into
Conversation
The gentx task previously wrote the operator key under uid "validator" while the rest of the stack — sei-k8s-controller's CRD default for SecretOperatorKeyringSource.KeyName, scenario task params, runbooks — uses "node_admin". Consumers that look up the key by uid (the sidecar's sign-and-broadcast flow, every gov-vote / gov-software-upgrade task) got "key not found" on every signing attempt. Rename the const value to "node_admin" so the gentx-written key resolves under the same uid as a BYO-Secret operator keyring. Both controller paths (test backend on the data PVC, file backend from a projected Secret) now produce the same identity name, so scenario authors and runbooks don't need to switch keyName per deployment shape. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace. To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard. |
7 tasks
Same load-bearing content; fewer words. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace. To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The gentx task wrote the operator key under uid `validator`, but the rest of the stack — sei-k8s-controller's CRD default for `SecretOperatorKeyringSource.KeyName`, scenario task params, runbooks — uses `node_admin`. Consumers that look up the key by uid (the sidecar's sign-and-broadcast flow, every gov-vote / gov-software-upgrade task) got `key not found` on every signing attempt.
Rename the const value to `node_admin` so the gentx-written key resolves under the same uid as a BYO-Secret operator keyring. Both controller paths (test backend on the data PVC, file backend from a projected Secret) now produce the same identity name — scenario authors and runbooks don't need to switch `keyName` per deployment shape.
Companion PR
Test plan
🤖 Generated with Claude Code