From 47c5f77c8125194f751c917b30709c1ba4ce2a6c Mon Sep 17 00:00:00 2001 From: Marcel Date: Mon, 11 May 2026 12:00:34 +0200 Subject: [PATCH] fix(infra): fail loud when archiv-app is missing the readwrite policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous `mc admin policy attach … || true` swallowed every failure mode: a renamed policy, an mc CLI signature change, or a transient MinIO error would leave the bootstrap container exiting zero with the service account possessing no permissions, and the backend would then fail every S3 call after a "successful" deploy. Replace the silent fallback with verify-after: keep the attach (idempotent in current mc, redundant in older versions), then assert via `mc admin user info` that `readwrite` ends up on archiv-app. A genuine attach failure now exits 1 and blocks the stack from starting. Co-Authored-By: Claude Opus 4.7 --- docker-compose.prod.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 1fdbd6c5..71634b76 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -94,8 +94,8 @@ services: /usr/bin/mc mb myminio/familienarchiv --ignore-existing; /usr/bin/mc anonymous set private myminio/familienarchiv; /usr/bin/mc admin user add myminio archiv-app $$MINIO_APP_PASSWORD || /usr/bin/mc admin user enable myminio archiv-app; - /usr/bin/mc admin policy attach myminio readwrite --user archiv-app || true; - exit 0; + /usr/bin/mc admin policy attach myminio readwrite --user archiv-app 2>/dev/null || true; + /usr/bin/mc admin user info myminio archiv-app | grep -q readwrite || { echo 'FATAL: archiv-app is missing the readwrite policy'; exit 1; }; " # Dev-only mail catcher; gated behind the staging profile so production