From be334ca39fb21e9a162aa4bccb7b27de8e38083e Mon Sep 17 00:00:00 2001
From: "A. F. Dudley" <a.frederick.dudley@gmail.com>
Date: Mon, 2 Feb 2026 19:31:45 -0500
Subject: [PATCH] Use docker for etcd existence check (root-owned dir)

The etcd directory is root-owned, so shell test -f fails.
Use docker with volume mount to check file existence.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 stack_orchestrator/deploy/k8s/helpers.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/stack_orchestrator/deploy/k8s/helpers.py b/stack_orchestrator/deploy/k8s/helpers.py
index 1d265edf..18be7832 100644
--- a/stack_orchestrator/deploy/k8s/helpers.py
+++ b/stack_orchestrator/deploy/k8s/helpers.py
@@ -126,8 +126,12 @@ def _clean_etcd_keeping_certs(etcd_path: str) -> bool:
     Returns True if cleanup succeeded, False if no action needed or failed.
     """
     db_path = Path(etcd_path) / "member" / "snap" / "db"
-    # Check existence - etcd dir is often root-owned so use shell test
-    check_result = subprocess.run(f"test -f {db_path}", shell=True, capture_output=True)
+    # Check existence using docker since etcd dir is root-owned
+    check_cmd = (
+        f"docker run --rm -v {etcd_path}:/etcd:ro alpine:3.19 "
+        "test -f /etcd/member/snap/db"
+    )
+    check_result = subprocess.run(check_cmd, shell=True, capture_output=True)
     if check_result.returncode != 0:
         if opts.o.debug:
             print(f"No etcd snapshot at {db_path}, skipping cleanup")