Josh Avant
|
788f56f30f
|
Secrets: hard-fail unsupported SecretRef policy and fix gateway restart token drift (#58141)
* Secrets: enforce C2 SecretRef policy and drift resolution
* Tests: add gateway auth startup/reload SecretRef runtime coverage
* Docs: sync C2 SecretRef policy and coverage matrix
* Config: hard-fail parent SecretRef policy writes
* Secrets: centralize unsupported SecretRef policy metadata
* Daemon: test service-env precedence for token drift refs
* Config: keep per-ref dry-run resolvability errors
* Docs: clarify config-set parent-object policy checks
* Gateway: fix drift fallback and schema-key filtering
* Gateway: align drift fallback with credential planner
* changelog
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
---------
Signed-off-by: joshavant <830519+joshavant@users.noreply.github.com>
|
2026-03-31 02:37:31 -05:00 |
|
Peter Steinberger
|
5716e52417
|
refactor: unify gateway credential planning
|
2026-03-11 01:37:25 +00:00 |
|
Vincent Koc
|
2c7fb54956
|
Config: fail closed invalid config loads (#39071)
* Config: fail closed invalid config loads
* CLI: keep diagnostics on explicit best-effort config
* Tests: cover invalid config best-effort diagnostics
* Changelog: note invalid config fail-closed fix
* Status: pass best-effort config through status-all gateway RPCs
* CLI: pass config through gateway secret RPC
* CLI: skip plugin loading from invalid config
* Tests: align daemon token drift env precedence
|
2026-03-07 17:48:13 -08:00 |
|
Peter Steinberger
|
7ac7b39eff
|
refactor(daemon): extract gateway token drift helper
|
2026-03-08 00:48:56 +00:00 |
|