agent: secrets fail-loud on corrupt blob + small polish
Save and SaveAdmin now propagate loadBundle errors instead of silently overwriting a corrupt file (data-loss fix). Tests added for both paths. reportStats logs a Debug on RunStats failure; r in runJob gets a comment explaining the prune-runner asymmetry; runner_test comment tightened.
This commit is contained in:
@@ -288,6 +288,14 @@ func (d *dispatcher) runJob(ctx context.Context, p api.CommandRunPayload, tx wsc
|
||||
if creds.Empty() {
|
||||
return fmt.Errorf("repo credentials not configured (waiting for server config.update push)")
|
||||
}
|
||||
// r is the everyday runner — bound to the host's repo
|
||||
// (append-only) credentials. Reused by every kind except
|
||||
// JobPrune, which builds its own runner against the
|
||||
// admin-credentials slot when p.RequiresAdminCreds is set
|
||||
// (admin creds are not loaded for any other kind, so they're
|
||||
// not on r). If you find yourself adding a new JobKind that
|
||||
// needs delete authority, mirror the JobPrune pattern below
|
||||
// — don't try to overload r.
|
||||
r := runner.New(runner.Config{
|
||||
ResticBin: d.resticBin,
|
||||
RepoURL: creds.URL,
|
||||
|
||||
Reference in New Issue
Block a user