- Add `restoring_node` field to RebalanceJob to track which node is being restored
- Transition node from Restoring to Active when RF restoration completes
- Add comprehensive runbook for node recovery and RF restoration
This completes the RF restoration flow (plan §2). When a failed node
recovers, it is marked as Restoring and background replication copies
data from surviving replicas. Once all shards are replicated, the node
transitions to Active automatically.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Added comprehensive tests for the POST /_miroir/ui/search/{index}/rotate-scoped-key
endpoint and verified old key rejection after rotation. Also added documentation
for the scoped key rotation procedure.
New tests:
- test_http_endpoint_rotate_scoped_key_with_admin_auth: Verifies HTTP endpoint
triggers rotation with admin authentication
- test_http_endpoint_force_rotation_bypasses_timing: Verifies force=true
bypasses the timing gate
- test_old_scoped_key_rejected_after_rotation: Verifies old scoped keys are
cleared from Redis after rotation completes
Documentation:
- docs/runbooks/scoped-key-rotation.md: Complete runbook for scoped key rotation
covering automatic rotation flow, manual rotation via API/UI, timing and cadence,
monitoring, troubleshooting, and verification steps.
All acceptance criteria for bead bf-5dy9k are now satisfied:
1. ✅ Comprehensive tests for rotate-scoped-key endpoint
2. ✅ Leader-coordinated rotation before expiry (timing gate) - existing tests
3. ✅ Force=true bypasses timing gate - existing tests
4. ✅ Revocation safety gate confirmed - existing tests
5. ✅ Old scoped keys rejected after rotation - new test
6. ✅ Rotation procedure and timing documented
7. ✅ Integration tests for full rotation lifecycle - existing tests
Closes: bf-5dy9k
Add `miroir-ctl key rotate-node-master` command implementing plan §9
4-step zero-downtime rotation: create new admin-scoped key on all
Meilisearch nodes, print K8s Secret update instructions, wait for
rolling restart confirmation, delete old key. Supports --dry-run,
node auto-discovery via topology API, and rollback on step 1 failure.
Add `address` field to topology API NodeInfo for CLI node discovery.
Add runbooks for both nodeMasterKey (zero-downtime) and startup master
key (maintenance window required) rotation.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>