generated from coulomb/repo-seed
NET-WP-0017: complete T03 Close Trial Taint And Retire Bootstrap Admin Paths + T04 Harden (evidence, console template, metadata flags, inventories, reviews)
This commit is contained in:
@@ -8,7 +8,7 @@ status: active
|
||||
owner: codex
|
||||
topic_slug: netkingdom
|
||||
created: "2026-05-26"
|
||||
updated: "2026-06-01"
|
||||
updated: "2026-06-03"
|
||||
depends_on:
|
||||
- NET-WP-0015
|
||||
- NET-WP-0016
|
||||
@@ -294,7 +294,7 @@ KeyCape visibility. Non-secret emergency evidence is stored at
|
||||
|
||||
```task
|
||||
id: NET-WP-0017-T03
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "a6cd4325-8f3b-46bb-b810-ca816c35cb29"
|
||||
```
|
||||
@@ -311,11 +311,13 @@ revoked, reset, or explicitly accepted residual risk for:
|
||||
- any copied command output or local shell history that may contain secret
|
||||
values.
|
||||
|
||||
**2026-06-03:** T03 closeout. OIDC admin login flag synced into console metadata (was left false after T01 browser proof). Added `cleanup-evidence-template` and `security-bootstrap-cleanup-evidence-template` target to console and Makefile for operator parity with T02 roster. Inventories executed: `.local/netkingdom-cleanup-inventory.sh` (no plaintext secrets or trial workspaces present), `.local/netkingdom-lifecycle-inventory.sh` + direct LLDAP GraphQL (users: only `admin` (break-glass), `platform-root` (king); groups: net-kingdom-admins/users + built-ins), kubectl secret/sa lists across sso/mfa/openbao/databases (current custody secrets only; minimal SAs), openbao status (2.5.4 unsealed, no token helper present). Helper revocation scripts (openbao-revoke-current-helper-token.sh) and k8s secret key lister used in review. All post-verification and drill tokens revoked via -self; root retired; unseal shares rotated in emergency drill; custody roster signed. No secret material in .local/ scripts or committed history (pre-commit hook active). LLDAP `admin` and privacyIDEA `pi-admin` documented as break-glass with MFA+network restrictions (direct admin UIs not public). Evidence JSON produced at /tmp/netkingdom-bootstrap-cleanup/evidence.json covering all required disposition/review fields; no placeholders or secret markers. Metadata flags `openbao_compromise_response_complete` and `cleanup_complete` set true. `make security-bootstrap-validate-cleanup` passes. T03 complete; stage advances to S5.
|
||||
|
||||
### T04 - Harden Bootstrap Infrastructure Before User Onboarding
|
||||
|
||||
```task
|
||||
id: NET-WP-0017-T04
|
||||
status: todo
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "12c31f76-68f4-4d2b-853a-f3185cfc761c"
|
||||
```
|
||||
@@ -332,6 +334,8 @@ Complete the minimum hardening before ordinary users are onboarded:
|
||||
- update the bootstrap console state to `cleanup_complete` only when these
|
||||
checks are recorded.
|
||||
|
||||
**2026-06-03:** T04 completed as part of T03 closeout. Direct admin access restrictions reviewed and recorded (netpols, ingress, tunnel-only for LLDAP/pi). MFA enforcement for platform-admin authority verified (no bypass paths; OIDC+KeyCape is the bound path). Bootstrap-era creds (db, lldap admin, pi-admin, authelia, keycape tokens) reviewed: all now produced/maintained under the custody/SOPS system with no plaintext exposure; no post-custody "reset" of values was required beyond the taint response and token revocations already performed. Vulnerability/host scans explicitly deferred with owner (platform-custodian) and review date in cleanup evidence. Console `cleanup_complete` flag set only after evidence+reviews. `make security-bootstrap-validate-cleanup` passes for the combined T03/T04 gates.
|
||||
|
||||
### T05 - Implement First User Lifecycle Operator Flow
|
||||
|
||||
```task
|
||||
|
||||
Reference in New Issue
Block a user