Brokerage data sync (Trading 212, Schwab, Fidelity, IMAP-CSV) → Wealthfolio. Image is published as viktor/wealthfolio-sync per the wealthfolio stack convention.
1d0769c9e6
Context ------- Live run of `broker-sync trading212` hit a PermissionError and typer's rich traceback printed every local variable, including the cleartext WF_PASSWORD and the T212 api_key strings, into pod logs. Kubernetes pod logs are world-readable cluster-wide — that's a security incident. This change ----------- - Pass `pretty_exceptions_enable=False` to the typer.Typer constructor. Plain stdlib tracebacks don't dump frame locals. - Rich is still available for help text; only crash formatting changes. Follow-up in infra/stacks/broker-sync: add `security_context.fs_group = 10001` to every pod spec so the PVC is owned by the broker user (the original PermissionError that triggered the traceback was the broker user being unable to write /data/watermarks). Test plan --------- ## Automated - poetry run pytest -q → 70 passed - poetry run mypy broker_sync tests → clean - poetry run ruff check . → clean ## Manual Verification Re-run the backfill Job after the image is rebuilt + the infra fsGroup change is applied. |
||
|---|---|---|
| .github/workflows | ||
| .woodpecker | ||
| broker_sync | ||
| tests | ||
| .gitignore | ||
| Dockerfile | ||
| poetry.lock | ||
| pyproject.toml | ||