f1a39c4ce3
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Notify Smoke Test / Notify Unit Tests (push) Has been cancelled
Notify Smoke Test / Notifier Service Tests (push) Has been cancelled
Notify Smoke Test / Notification Smoke Test (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Manifest Integrity / Validate Schema Integrity (push) Has been cancelled
Manifest Integrity / Validate Contract Documents (push) Has been cancelled
Manifest Integrity / Validate Pack Fixtures (push) Has been cancelled
Manifest Integrity / Audit SHA256SUMS Files (push) Has been cancelled
Manifest Integrity / Verify Merkle Roots (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
2.7 KiB
2.7 KiB
Attestor TTL Validation Runbook
Purpose: confirm MongoDB TTL indexes and Redis expirations for the attestation dedupe store behave as expected on a production-like stack.
Prerequisites
- Docker Desktop or compatible daemon with the Compose plugin enabled.
- Local ports
27017and6379free. dotnetSDK 10.0 preview (same as repo toolchain).- Network access to pull
mongo:7andredis:7images.
Quickstart
-
From the repo root export any required proxy settings, then run
scripts/run-attestor-ttl-validation.shThe helper script:
- Spins up
mongo:7andredis:7containers. - Sets
ATTESTOR_LIVE_MONGO_URI/ATTESTOR_LIVE_REDIS_URI. - Executes the live TTL test suite (
Category=LiveTTL) inStellaOps.Attestor.Tests. - Tears the stack down automatically.
- Spins up
-
Capture the test output (
ttl-validation-<timestamp>.log) and attach it to the sprint evidence folder (docs/modules/attestor/evidence/).
Result handling
- Success: Tests complete in ~3–4 minutes with
Total tests: 2, Passed: 2. Store the log and note the run indocs/implplan/archived/SPRINT_0100_0001_0001_identity_signing.mdunder ATTESTOR-72-003. - Failure: Preserve:
docker compose logsfor both services.mongoshoutput ofdb.dedupe.getIndexes()and sample documents.redis-cli --raw ttl attestor:ttl:live:bundle:<id>. File an incident in the Attestor Guild channel and link the captured artifacts.
Manual verification (optional)
If the helper script cannot be used:
- Start MongoDB and Redis manually with equivalent configuration.
- Set
ATTESTOR_LIVE_MONGO_URIandATTESTOR_LIVE_REDIS_URI. - Run
dotnet test src/Attestor/StellaOps.Attestor.sln --no-build --filter "Category=LiveTTL". - Follow the evidence handling steps above.
Ownership
- Primary: Attestor Service Guild.
- Partner: QA Guild (observes TTL metrics, confirms evidence archiving).
2025-11-03 validation summary
- Stack:
mongod7.0.5 (tarball) +mongosh2.0.2,redis-server7.2.4 (source build) running on localhost without Docker. - Mongo results:
dedupeTTL index (ttlAt,expireAfterSeconds: 0) confirmed; document inserted with 20 s TTL expired automatically after ~80 s (expected allocator sweep). Evidence:docs/modules/attestor/evidence/2025-11-03-mongo-ttl-validation.txt. - Redis results: Key
attestor:ttl:live:bundle:validationset with 45 s TTL reachedTTL=-2after ~47 s confirming expiry propagation. Evidence:docs/modules/attestor/evidence/2025-11-03-redis-ttl-validation.txt. - Notes: Local binaries built/run to accommodate sandbox without Docker; services shut down after validation.