Merge remote-tracking branch 'origin/main' into codex/sre-typed-automation-20260715
This commit is contained in:
@@ -166,7 +166,11 @@ emit ai_decision pass "candidate_additive_immutable_inactive_source_deploy"
|
||||
emit risk_policy_decision pass "medium_no_active_pointer_no_secret_no_raw_sqlite"
|
||||
|
||||
remote_check() {
|
||||
bounded_ssh "${SSH_OPTIONS[@]}" "${TARGET_HOST}" bash -s -- \
|
||||
# The immutable root is deliberately 0700/root-owned. Run this bounded
|
||||
# verifier as root so it can distinguish exact from absent without relaxing
|
||||
# directory permissions. REMOTE_CHECK contains only stat/hash/process/API
|
||||
# reads and performs no writes.
|
||||
bounded_ssh "${SSH_OPTIONS[@]}" "${TARGET_HOST}" sudo -n bash -s -- \
|
||||
"${REMOTE_ROOT}" "${BUNDLE_ID}" "${REMOTE_TIMEOUT_SECONDS}" \
|
||||
"${KILL_AFTER_SECONDS}" "${SOURCE_HASHES[@]}" <<'REMOTE_CHECK'
|
||||
set -euo pipefail
|
||||
|
||||
@@ -174,6 +174,13 @@ def test_shared_operation_lock_is_existing_read_only_and_fail_closed() -> None:
|
||||
assert "exec 8>>/tmp/awoooi-signoz-backup-operation.lock" not in source
|
||||
|
||||
|
||||
def test_remote_check_uses_privileged_read_only_visibility() -> None:
|
||||
source = DEPLOYER.read_text(encoding="utf-8")
|
||||
remote_check = source.split("remote_check() {", 1)[1].split("\n}", 1)[0]
|
||||
assert '"${TARGET_HOST}" sudo -n bash -s --' in remote_check
|
||||
assert "REMOTE_CHECK contains only stat/hash/process/API" in remote_check
|
||||
|
||||
|
||||
def test_exact_five_file_supply_chain_and_modes_are_fixed() -> None:
|
||||
source = DEPLOYER.read_text(encoding="utf-8")
|
||||
for path in (
|
||||
|
||||
@@ -858,6 +858,7 @@ def evaluate(root: Path, contract_path: Path) -> dict[str, Any]:
|
||||
"signoz_sqlite_application_consistent_backup", {}
|
||||
)
|
||||
metadata_export_source_contract = sqlite_backup.get("source_contract", {})
|
||||
metadata_deployment = metadata_export_source_contract.get("deployment", {})
|
||||
declared_metadata_export_hashes = metadata_export_source_contract.get("hashes", {})
|
||||
actual_metadata_export_hashes = _current_metadata_export_source_hashes(root)
|
||||
checks["signoz_metadata_export_source_hashes_bound"] = (
|
||||
@@ -865,7 +866,7 @@ def evaluate(root: Path, contract_path: Path) -> dict[str, Any]:
|
||||
== len(METADATA_EXPORT_SOURCE_PATHS)
|
||||
and set(declared_metadata_export_hashes) == set(METADATA_EXPORT_SOURCE_PATHS)
|
||||
and declared_metadata_export_hashes == actual_metadata_export_hashes
|
||||
and metadata_export_source_contract.get("test_terminal") == "20_passed"
|
||||
and metadata_export_source_contract.get("test_terminal") == "21_passed"
|
||||
)
|
||||
offsite_backup = pending_verifiers.get("signoz_backup_offsite_dr", {})
|
||||
failed_artifacts = pending_verifiers.get(
|
||||
@@ -888,8 +889,7 @@ def evaluate(root: Path, contract_path: Path) -> dict[str, Any]:
|
||||
== "pending_supported_non_raw_export_or_coordinated_snapshot"
|
||||
and sqlite_backup.get("raw_sqlite_read_or_sync_allowed") is False
|
||||
and sqlite_backup.get("sqlite_cli_present_in_runtime") is False
|
||||
and sqlite_backup.get("source_contract_status")
|
||||
== "implemented_tested_not_deployed"
|
||||
and sqlite_backup.get("source_contract_status") == "deployed_inactive_verified"
|
||||
and metadata_export_source_contract.get("policy")
|
||||
== "config/signoz/metadata-export-policy.json"
|
||||
and metadata_export_source_contract.get("exporter")
|
||||
@@ -902,12 +902,48 @@ def evaluate(root: Path, contract_path: Path) -> dict[str, Any]:
|
||||
and metadata_export_source_contract.get("raw_volume_read") is False
|
||||
and metadata_export_source_contract.get("secret_value_persistence") is False
|
||||
and metadata_export_source_contract.get("full_sqlite_completion_claim") is False
|
||||
and metadata_deployment.get("status") == "deployed_inactive_verified"
|
||||
and metadata_deployment.get("asset_id") == "host110-signoz-metadata-toolchain"
|
||||
and metadata_deployment.get("target_host") == "192.168.0.110"
|
||||
and metadata_deployment.get("bundle_id")
|
||||
== "bb6d78b67f506072b2e45e92bc1d415364e25852282a9b068900665c578df011"
|
||||
and metadata_deployment.get("directory_owner") == "root:root"
|
||||
and metadata_deployment.get("directory_mode") == "0750"
|
||||
and metadata_deployment.get("active_pointer_present") is False
|
||||
and metadata_deployment.get("runtime_export_executed") is False
|
||||
and metadata_deployment.get("raw_sqlite_read") is False
|
||||
and metadata_deployment.get("raw_volume_read") is False
|
||||
and metadata_deployment.get("initial_failed_attempt", {}).get("terminal")
|
||||
== "failed_no_active_pointer_write"
|
||||
and metadata_deployment.get("bounded_execution", {}).get(
|
||||
"durable_inner_terminal"
|
||||
)
|
||||
== "pass_source_deployed_inactive"
|
||||
and metadata_deployment.get("bounded_execution", {}).get("outer_terminal")
|
||||
== "failed_source_deploy_unverified"
|
||||
and metadata_deployment.get("independent_root_postcheck", {}).get("terminal")
|
||||
== "check_pass_no_write"
|
||||
and metadata_deployment.get("independent_root_postcheck", {}).get(
|
||||
"remote_state"
|
||||
)
|
||||
== "exact"
|
||||
and metadata_deployment.get("independent_root_postcheck", {}).get("drift_count")
|
||||
== 0
|
||||
and metadata_deployment.get("idempotent_closure", {}).get("execution_terminal")
|
||||
== "idempotent_no_write"
|
||||
and metadata_deployment.get("idempotent_closure", {}).get("terminal")
|
||||
== "pass_source_deployed_inactive"
|
||||
and metadata_deployment.get("idempotent_closure", {}).get(
|
||||
"independent_post_verifier"
|
||||
)
|
||||
== "pass"
|
||||
and metadata_deployment.get("learning_writeback") == "partial_degraded"
|
||||
and sqlite_backup.get("runtime_export_terminal")
|
||||
== "pending_authenticated_stable_export"
|
||||
and sqlite_backup.get("runtime_restore_terminal")
|
||||
== "pending_isolated_same_version_target"
|
||||
and sqlite_backup.get("runtime_zero_residue_terminal") == "pending"
|
||||
and len(sqlite_backup.get("required_preconditions", [])) == 6
|
||||
and len(sqlite_backup.get("required_preconditions", [])) == 5
|
||||
and offsite_backup.get("status")
|
||||
== "pending_offsite_snapshot_and_restore_verifier"
|
||||
and offsite_backup.get("current_repository_scope")
|
||||
|
||||
@@ -834,9 +834,7 @@ def test_post_release_verifier_and_native_backup_close_with_remaining_gaps() ->
|
||||
]
|
||||
assert sqlite_pending["raw_sqlite_read_or_sync_allowed"] is False
|
||||
assert sqlite_pending["sqlite_cli_present_in_runtime"] is False
|
||||
assert sqlite_pending["source_contract_status"] == (
|
||||
"implemented_tested_not_deployed"
|
||||
)
|
||||
assert sqlite_pending["source_contract_status"] == ("deployed_inactive_verified")
|
||||
source_contract = sqlite_pending["source_contract"]
|
||||
assert source_contract["policy"] == "config/signoz/metadata-export-policy.json"
|
||||
assert source_contract["exporter"] == ("scripts/backup/signoz-metadata-export.py")
|
||||
@@ -877,7 +875,40 @@ def test_post_release_verifier_and_native_backup_close_with_remaining_gaps() ->
|
||||
field: hashlib.sha256((ROOT / relative).read_bytes()).hexdigest()
|
||||
for field, relative in metadata_paths.items()
|
||||
}
|
||||
assert source_contract["test_terminal"] == "20_passed"
|
||||
assert source_contract["test_terminal"] == "21_passed"
|
||||
deployment = source_contract["deployment"]
|
||||
assert deployment["status"] == "deployed_inactive_verified"
|
||||
assert deployment["asset_id"] == "host110-signoz-metadata-toolchain"
|
||||
assert deployment["target_host"] == "192.168.0.110"
|
||||
assert deployment["bundle_id"] == (
|
||||
"bb6d78b67f506072b2e45e92bc1d415364e25852282a9b068900665c578df011"
|
||||
)
|
||||
assert deployment["directory_owner"] == "root:root"
|
||||
assert deployment["directory_mode"] == "0750"
|
||||
assert deployment["active_pointer_present"] is False
|
||||
assert deployment["runtime_export_executed"] is False
|
||||
assert deployment["initial_failed_attempt"]["terminal"] == (
|
||||
"failed_no_active_pointer_write"
|
||||
)
|
||||
assert deployment["bounded_execution"]["durable_inner_terminal"] == (
|
||||
"pass_source_deployed_inactive"
|
||||
)
|
||||
assert deployment["bounded_execution"]["outer_terminal"] == (
|
||||
"failed_source_deploy_unverified"
|
||||
)
|
||||
assert deployment["independent_root_postcheck"]["terminal"] == (
|
||||
"check_pass_no_write"
|
||||
)
|
||||
assert deployment["independent_root_postcheck"]["remote_state"] == "exact"
|
||||
assert deployment["independent_root_postcheck"]["drift_count"] == 0
|
||||
assert deployment["idempotent_closure"]["execution_terminal"] == (
|
||||
"idempotent_no_write"
|
||||
)
|
||||
assert deployment["idempotent_closure"]["terminal"] == (
|
||||
"pass_source_deployed_inactive"
|
||||
)
|
||||
assert deployment["idempotent_closure"]["independent_post_verifier"] == "pass"
|
||||
assert deployment["learning_writeback"] == "partial_degraded"
|
||||
assert source_contract["raw_sqlite_read"] is False
|
||||
assert source_contract["raw_volume_read"] is False
|
||||
assert source_contract["secret_value_persistence"] is False
|
||||
@@ -889,7 +920,7 @@ def test_post_release_verifier_and_native_backup_close_with_remaining_gaps() ->
|
||||
"pending_isolated_same_version_target"
|
||||
)
|
||||
assert sqlite_pending["runtime_zero_residue_terminal"] == "pending"
|
||||
assert len(sqlite_pending["required_preconditions"]) == 6
|
||||
assert len(sqlite_pending["required_preconditions"]) == 5
|
||||
offsite = receipt["pending_verifiers"]["signoz_backup_offsite_dr"]
|
||||
assert offsite["current_repository_scope"] == "local_same_failure_domain"
|
||||
assert offsite["offsite_verified"] is False
|
||||
@@ -1063,7 +1094,7 @@ def test_post_closure_contract_mirror_and_program_blockers_are_consistent() -> N
|
||||
post_closure["signoz_sqlite_application_consistent_backup_status"] == "pending"
|
||||
)
|
||||
assert post_closure["signoz_metadata_export_source_contract_status"] == (
|
||||
"implemented_tested_not_deployed"
|
||||
"deployed_inactive_verified"
|
||||
)
|
||||
assert post_closure["signoz_metadata_export_policy"] == (
|
||||
"config/signoz/metadata-export-policy.json"
|
||||
|
||||
Reference in New Issue
Block a user