Commit graph

3 commits

Author SHA1 Message Date
jedarden
822c8a8e1e feat(rebalancer): complete RF restoration flow with node transition
- Add `restoring_node` field to RebalanceJob to track which node is being restored
- Transition node from Restoring to Active when RF restoration completes
- Add comprehensive runbook for node recovery and RF restoration

This completes the RF restoration flow (plan §2). When a failed node
recovers, it is marked as Restoring and background replication copies
data from surviving replicas. Once all shards are replicated, the node
transitions to Active automatically.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-26 21:18:16 -04:00
jedarden
e7721f962f test(search-ui): add HTTP endpoint tests and scoped key rotation documentation
Added comprehensive tests for the POST /_miroir/ui/search/{index}/rotate-scoped-key
endpoint and verified old key rejection after rotation. Also added documentation
for the scoped key rotation procedure.

New tests:
- test_http_endpoint_rotate_scoped_key_with_admin_auth: Verifies HTTP endpoint
  triggers rotation with admin authentication
- test_http_endpoint_force_rotation_bypasses_timing: Verifies force=true
  bypasses the timing gate
- test_old_scoped_key_rejected_after_rotation: Verifies old scoped keys are
  cleared from Redis after rotation completes

Documentation:
- docs/runbooks/scoped-key-rotation.md: Complete runbook for scoped key rotation
  covering automatic rotation flow, manual rotation via API/UI, timing and cadence,
  monitoring, troubleshooting, and verification steps.

All acceptance criteria for bead bf-5dy9k are now satisfied:
1.  Comprehensive tests for rotate-scoped-key endpoint
2.  Leader-coordinated rotation before expiry (timing gate) - existing tests
3.  Force=true bypasses timing gate - existing tests
4.  Revocation safety gate confirmed - existing tests
5.  Old scoped keys rejected after rotation - new test
6.  Rotation procedure and timing documented
7.  Integration tests for full rotation lifecycle - existing tests

Closes: bf-5dy9k
2026-05-26 18:29:11 -04:00
jedarden
26fe2970fc P10.2: nodeMasterKey zero-downtime rotation flow
Add `miroir-ctl key rotate-node-master` command implementing plan §9
4-step zero-downtime rotation: create new admin-scoped key on all
Meilisearch nodes, print K8s Secret update instructions, wait for
rolling restart confirmation, delete old key. Supports --dry-run,
node auto-discovery via topology API, and rollback on step 1 failure.

Add `address` field to topology API NodeInfo for CLI node discovery.
Add runbooks for both nodeMasterKey (zero-downtime) and startup master
key (maintenance window required) rotation.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-19 15:49:40 -04:00