feat(api): 新增復原演練批准包模板
All checks were successful
CD Pipeline / tests (push) Successful in 1m24s
Code Review / ai-code-review (push) Successful in 10s
CD Pipeline / build-and-deploy (push) Successful in 3m59s
CD Pipeline / post-deploy-checks (push) Successful in 2m23s

This commit is contained in:
Your Name
2026-06-05 01:20:50 +08:00
parent 2857da80b4
commit a367227d3a
12 changed files with 1609 additions and 34 deletions

View File

@@ -0,0 +1,145 @@
"""
Backup / DR restore drill approval package template snapshot.
Loads the latest committed, read-only approval package template for restore
drills, credential escrow review, K8s resource recovery, observability
recovery, and route reconstruction. The template never runs backups, restores,
offsite sync, credential marker writes, schedule changes, workflow writes,
Telegram test notifications, destructive prune, secret plaintext export, paid
API calls, shadow/canary, or production routing changes.
"""
from __future__ import annotations
import json
from pathlib import Path
from typing import Any
from src.services.snapshot_paths import default_evaluations_dir
_DEFAULT_EVALUATIONS_DIR = default_evaluations_dir(Path(__file__))
_SNAPSHOT_PATTERN = "backup_restore_drill_approval_package_template_*.json"
_SCHEMA_VERSION = "backup_restore_drill_approval_package_template_v1"
def load_latest_backup_restore_drill_approval_package_template(
evaluations_dir: Path | None = None,
) -> dict[str, Any]:
"""Load the newest committed Backup / DR restore drill approval package template."""
directory = evaluations_dir or _DEFAULT_EVALUATIONS_DIR
candidates = sorted(directory.glob(_SNAPSHOT_PATTERN))
if not candidates:
raise FileNotFoundError(
f"no Backup / DR restore drill approval package template snapshots found in {directory}"
)
latest = candidates[-1]
with latest.open(encoding="utf-8") as handle:
payload = json.load(handle)
if not isinstance(payload, dict):
raise ValueError(f"{latest}: expected JSON object")
_require_schema(payload, _SCHEMA_VERSION, str(latest))
_require_read_only_boundaries(payload, str(latest))
_require_operation_boundaries(payload, str(latest))
_require_rollup_consistency(payload, str(latest))
return payload
def _require_schema(payload: dict[str, Any], expected: str, label: str) -> None:
actual = payload.get("schema_version")
if actual != expected:
raise ValueError(f"{label}: expected schema_version={expected}, got {actual!r}")
def _require_read_only_boundaries(payload: dict[str, Any], label: str) -> None:
program_status = payload.get("program_status") or {}
if program_status.get("read_only_mode") is not True:
raise ValueError(f"{label}: program_status.read_only_mode must be true")
boundaries = payload.get("approval_boundaries") or {}
blocked_flags = {
"sdk_installation_allowed",
"paid_api_call_allowed",
"shadow_or_canary_allowed",
"production_routing_allowed",
"destructive_operation_allowed",
"restore_execution_allowed",
"offsite_sync_execution_allowed",
"credential_marker_write_allowed",
}
allowed = sorted(flag for flag in blocked_flags if boundaries.get(flag) is not False)
if allowed:
raise ValueError(f"{label}: approval boundaries must remain false: {allowed}")
def _require_operation_boundaries(payload: dict[str, Any], label: str) -> None:
boundaries = payload.get("operation_boundaries") or {}
if boundaries.get("read_only_template_allowed") is not True:
raise ValueError(f"{label}: read_only_template_allowed must be true")
blocked_flags = {
"backup_execution_allowed",
"restore_execution_allowed",
"offsite_sync_execution_allowed",
"credential_marker_write_allowed",
"schedule_change_allowed",
"workflow_write_allowed",
"telegram_test_notification_allowed",
"destructive_prune_allowed",
"secret_plaintext_allowed",
"production_routing_allowed",
"sdk_installation_allowed",
"paid_api_call_allowed",
"shadow_or_canary_allowed",
}
allowed = sorted(flag for flag in blocked_flags if boundaries.get(flag) is not False)
if allowed:
raise ValueError(f"{label}: operation boundaries must remain false: {allowed}")
def _require_rollup_consistency(payload: dict[str, Any], label: str) -> None:
templates = payload.get("package_templates") or []
rollups = payload.get("rollups") or {}
if rollups.get("total_templates") != len(templates):
raise ValueError(f"{label}: rollups.total_templates must match package_templates")
ready_ids = {
template.get("template_id")
for template in templates
if template.get("status") == "template_ready"
}
if set(rollups.get("template_ready_ids") or []) != ready_ids:
raise ValueError(f"{label}: rollups.template_ready_ids must match template_ready templates")
hitl_ids = {
template.get("template_id")
for template in templates
if "HITL approval" in (template.get("manual_approvals") or [])
}
if set(rollups.get("hitl_required_template_ids") or []) != hitl_ids:
raise ValueError(f"{label}: rollups.hitl_required_template_ids must match HITL templates")
blocked_target_ids = _target_ids_by_readiness(templates, "blocked")
if set(rollups.get("blocked_source_target_ids") or []) != blocked_target_ids:
raise ValueError(
f"{label}: rollups.blocked_source_target_ids must match blocked source targets"
)
action_required_target_ids = _target_ids_by_readiness(templates, "action_required")
if set(rollups.get("action_required_source_target_ids") or []) != action_required_target_ids:
raise ValueError(
f"{label}: rollups.action_required_source_target_ids must match action_required source targets"
)
if (payload.get("decision_gate_contract") or {}).get("hitl_required") is not True:
raise ValueError(f"{label}: decision_gate_contract.hitl_required must be true")
def _target_ids_by_readiness(templates: list[dict[str, Any]], readiness: str) -> set[str]:
return {
target.get("target_id")
for template in templates
for target in template.get("source_target_statuses", [])
if target.get("readiness") == readiness
}