wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/BACKUP-RESTORE-OWNER-REQUEST-DRAFT.md

112 lines
5.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# IwoooS Backup / Restore / Escrow Owner Request Draft
| 項目 | 內容 |
|------|------|
| 日期 | 2026-06-14 |
| 狀態 | `owner_request_draft_ready_not_dispatched` |
| 工具 | `scripts/security/backup-restore-owner-request-draft.py` |
| Snapshot | `docs/security/backup-restore-owner-request-draft.snapshot.json` |
| Source inventory | `docs/security/backup-restore-escrow-inventory.snapshot.json` |
| runtime gate | `0` |
## 1. 目的
本文件承接 Backup / Restore / Escrow / Retention repo-only 清冊,把 38 個 surface 轉成人工送件前 request draft。它讓備份總控、服務備份、Restic retention、offsite sync、credential escrow、Velero、restore drill、alert / health 與 DR 文件有一致的 owner 回覆欄位。
這不是 live backup truth、不是備份成功證明、不是 restore drill 授權、不是 offsite sync 授權、不是 credential escrow marker 可寫入,也不是 retention policy 可變更。
## 2. 摘要
| 指標 | 目前值 | 說明 |
|------|--------|------|
| request draft | `38` | 每個 backup / restore / escrow surface 一份草稿 |
| write-capable request draft | `27` | backup、restore、offsite、escrow、retention、Velero、health exporter 等可寫 / 可執行 surface |
| live evidence required request | `38` | 全部都需 owner 提供非敏感 live evidence |
| request field | `24` | 草稿欄位總數 |
| required owner field | `14` | owner 必填欄位 |
| blocked action | `18` | backup、restore、offsite sync、remote delete、marker write、retention、prune、rclone、Velero、kubectl、SSH、secret collection、runtime gate 等 |
| request sent / recipient confirmed | `0 / 0` | 尚未送件 |
| owner response received / accepted | `0 / 0` | 尚未收到或驗收 |
| live evidence received | `0` | 不 SSH、不讀 offsite、不讀 live backup |
| restore / offsite / escrow / retention accepted | `0 / 0 / 0 / 0` | 不得執行或標記完成 |
| runtime gate / action button | `0 / 0` | 不提供操作入口 |
## 3. Request Draft 類型
| 類型 | 代表 request | 風險焦點 |
|------|--------------|----------|
| 備份總控 | `backup_restore_owner_request:backup_all_orchestrator` | 全服務備份、cron、失敗通知、restore drill owner |
| 服務備份 | `backup_restore_owner_request:backup_awoooi_service_script``backup_restore_owner_request:backup_harbor_service_script` | DB / registry / route / trace data 的 freshness、restore target isolation、secret redaction |
| Restic / retention | `backup_restore_owner_request:backup_common_restic_retention` | B2 / rclone owner、retention owner、prune window、no-secret-value evidence |
| Offsite / escrow | `backup_restore_owner_request:offsite_sync_controller``backup_restore_owner_request:credential_escrow_marker` | remote delete、full sync window、escrow evidence id、marker write gate |
| Velero | `backup_restore_owner_request:velero_restore_cronjob``backup_restore_owner_request:velero_credentials_manifest` | RBAC、MinIO endpoint、restore isolation、secret manager source |
| Alert / health | `backup_restore_owner_request:backup_health_exporter``backup_restore_owner_request:backup_restore_alert_rules` | false-green metric、alert reload owner、freshness SLO |
| DR / cold-start | `backup_restore_owner_request:cold_start_sop` | runbook freshness、restore observer、stop condition、rollback owner |
## 4. Owner 必填欄位
1. `owner_role_or_team`
2. `decision`
3. `decision_reason`
4. `affected_scope`
5. `redacted_evidence_refs`
6. `latest_backup_status_ref`
7. `restore_drill_plan`
8. `offsite_sync_evidence_ref`
9. `credential_escrow_evidence_ref`
10. `maintenance_window`
11. `rollback_owner`
12. `validation_plan`
13. `retention_owner`
14. `followup_owner`
## 5. 禁止動作
1. `backup_run`
2. `restore_run`
3. `restore_drill`
4. `offsite_sync`
5. `offsite_remote_delete`
6. `credential_escrow_marker_write`
7. `retention_change`
8. `restic_prune`
9. `rclone_config`
10. `velero_restore`
11. `velero_backup`
12. `kubectl_action`
13. `ssh_read`
14. `ssh_write`
15. `secret_value_collection`
16. `host_write`
17. `active_scan`
18. `runtime_gate_open`
## 6. 指令
產生 committed snapshot
```bash
python3 scripts/security/backup-restore-owner-request-draft.py \
--root . \
--inventory-report docs/security/backup-restore-escrow-inventory.snapshot.json \
--output docs/security/backup-restore-owner-request-draft.snapshot.json \
--generated-at 2026-06-14T23:05:00+08:00
```
驗證 guard
```bash
python3 scripts/security/security-mirror-progress-guard.py --root .
```
## 7. 完成度
| 工作 | 完成度 | 說明 |
|------|--------|------|
| owner request draft artifact | `100%` | 38 份 request draft、snapshot、文件與 guard 已固定 |
| request dispatch | `0%` | 尚未送件 |
| owner response received / accepted | `0%` | 尚未收到,尚未驗收 |
| live evidence collection | `0%` | 未 SSH、未讀 offsite、未讀 live backup |
| backup / restore / offsite / escrow / retention gate | `0%` | 未授權且未執行 |
| runtime gate / production write | `0%` | 未授權且未執行 |
Reference in New Issue View Git Blame Copy Permalink