wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
main
awoooi/docs/security/k8s-argocd-owner-request-draft.snapshot.json

589 lines
18 KiB
JSON
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"blocked_actions": [
"argocd_sync",
"kubectl_apply",
"kubectl_patch",
"kubectl_delete",
"helm_upgrade",
"secret_value_collection",
"live_cluster_write",
"manual_pod_restart",
"scale_workload",
"change_network_policy",
"change_rbac",
"restore_backup",
"open_runtime_gate"
],
"evidence_gaps": [
"owner_response",
"rendered_manifest_diff",
"argocd_health_readback",
"argocd_sync_revision",
"kubectl_dry_run_or_server_validation_plan",
"rollout_blast_radius",
"rollback_revision",
"postcheck_metrics"
],
"execution_boundaries": {
"action_buttons_allowed": false,
"argocd_api_read_authorized": false,
"argocd_sync_authorized": false,
"argocd_sync_executed": false,
"kubectl_action_authorized": false,
"kubectl_action_executed": false,
"live_cluster_read_authorized": false,
"live_cluster_read_executed": false,
"not_authorization": true,
"owner_response_accepted": false,
"owner_response_received": false,
"production_write_authorized": false,
"recipient_confirmed": false,
"rendered_manifest_diff_ready": false,
"request_sent": false,
"runtime_execution_authorized": false,
"secret_value_collection_allowed": false
},
"generated_at": "2026-06-14T21:35:00+08:00",
"git_commit": "e8876c45",
"next_steps": [
"人工送件前確認 recipient role / team、snapshot 版本與 affected scope。",
"收到 owner response 後先做欄位完整性與敏感 payload 隔離,不得直接 sync 或 apply。",
"若未來要 live readback、ArgoCD sync 或 kubectl action必須另開維護窗口、rollback revision 與 post-check gate。"
],
"request_drafts": [
{
"action_buttons_allowed": false,
"affected_scope": "pending_affected_scope",
"argocd_health_readback_received": false,
"argocd_health_readback_ref": null,
"argocd_sync_authorized": false,
"argocd_sync_executed": false,
"argocd_sync_revision_ref": null,
"blocked_actions": [
"argocd_sync",
"kubectl_apply",
"kubectl_patch",
"kubectl_delete",
"helm_upgrade",
"secret_value_collection",
"live_cluster_write",
"manual_pod_restart",
"scale_workload",
"change_network_policy",
"change_rbac",
"restore_backup",
"open_runtime_gate"
],
"control_tier": "C0",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"evidence_gaps": [
"owner_response",
"rendered_manifest_diff",
"argocd_health_readback",
"argocd_sync_revision",
"kubectl_dry_run_or_server_validation_plan",
"rollout_blast_radius",
"rollback_revision",
"postcheck_metrics"
],
"file_count": 25,
"followup_owner": "pending_followup_owner",
"gate_tags": [
"availability_and_scaling",
"backup_restore",
"network_policy",
"rbac",
"secret_metadata",
"supporting_source",
"workload_or_schedule"
],
"group_id": "awoooi_prod",
"kubectl_action_authorized": false,
"kubectl_action_executed": false,
"label": "AWOOOI production namespace manifests",
"live_cluster_read_authorized": false,
"live_cluster_read_executed": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_role_or_team",
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"rendered_manifest_diff_ready": false,
"request_fields": [
"request_id",
"group_id",
"root",
"control_tier",
"file_count",
"yaml_manifest_file_count",
"supporting_source_file_count",
"top_level_kind_marker_count",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan",
"not_approval"
],
"request_id": "k8s_argocd_owner_request:awoooi_prod",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan"
],
"rollback_revision": "pending_rollback_revision",
"root": "k8s/awoooi-prod",
"runtime_gate": false,
"secret_value_collection_allowed": false,
"source_snapshot_ref": "docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"status": "draft_not_dispatched",
"supporting_source_file_count": 1,
"top_level_kind_marker_count": 39,
"top_level_kinds": [
"ClusterRole",
"ClusterRoleBinding",
"ConfigMap",
"CronJob",
"Deployment",
"HorizontalPodAutoscaler",
"Kustomization",
"LimitRange",
"Namespace",
"NetworkPolicy",
"PodDisruptionBudget",
"ResourceQuota",
"Secret",
"Service",
"ServiceAccount",
"VerticalPodAutoscaler"
],
"validation_plan": "pending_validation_plan",
"yaml_manifest_file_count": 24
},
{
"action_buttons_allowed": false,
"affected_scope": "pending_affected_scope",
"argocd_health_readback_received": false,
"argocd_health_readback_ref": null,
"argocd_sync_authorized": false,
"argocd_sync_executed": false,
"argocd_sync_revision_ref": null,
"blocked_actions": [
"argocd_sync",
"kubectl_apply",
"kubectl_patch",
"kubectl_delete",
"helm_upgrade",
"secret_value_collection",
"live_cluster_write",
"manual_pod_restart",
"scale_workload",
"change_network_policy",
"change_rbac",
"restore_backup",
"open_runtime_gate"
],
"control_tier": "C0",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"evidence_gaps": [
"owner_response",
"rendered_manifest_diff",
"argocd_health_readback",
"argocd_sync_revision",
"kubectl_dry_run_or_server_validation_plan",
"rollout_blast_radius",
"rollback_revision",
"postcheck_metrics"
],
"file_count": 4,
"followup_owner": "pending_followup_owner",
"gate_tags": [
"argocd_application",
"network_policy",
"supporting_source"
],
"group_id": "argocd",
"kubectl_action_authorized": false,
"kubectl_action_executed": false,
"label": "ArgoCD application and metrics exposure",
"live_cluster_read_authorized": false,
"live_cluster_read_executed": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_role_or_team",
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"rendered_manifest_diff_ready": false,
"request_fields": [
"request_id",
"group_id",
"root",
"control_tier",
"file_count",
"yaml_manifest_file_count",
"supporting_source_file_count",
"top_level_kind_marker_count",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan",
"not_approval"
],
"request_id": "k8s_argocd_owner_request:argocd",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan"
],
"rollback_revision": "pending_rollback_revision",
"root": "k8s/argocd",
"runtime_gate": false,
"secret_value_collection_allowed": false,
"source_snapshot_ref": "docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"status": "draft_not_dispatched",
"supporting_source_file_count": 1,
"top_level_kind_marker_count": 5,
"top_level_kinds": [
"Application",
"NetworkPolicy",
"Service"
],
"validation_plan": "pending_validation_plan",
"yaml_manifest_file_count": 3
},
{
"action_buttons_allowed": false,
"affected_scope": "pending_affected_scope",
"argocd_health_readback_received": false,
"argocd_health_readback_ref": null,
"argocd_sync_authorized": false,
"argocd_sync_executed": false,
"argocd_sync_revision_ref": null,
"blocked_actions": [
"argocd_sync",
"kubectl_apply",
"kubectl_patch",
"kubectl_delete",
"helm_upgrade",
"secret_value_collection",
"live_cluster_write",
"manual_pod_restart",
"scale_workload",
"change_network_policy",
"change_rbac",
"restore_backup",
"open_runtime_gate"
],
"control_tier": "C0",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"evidence_gaps": [
"owner_response",
"rendered_manifest_diff",
"argocd_health_readback",
"argocd_sync_revision",
"kubectl_dry_run_or_server_validation_plan",
"rollout_blast_radius",
"rollback_revision",
"postcheck_metrics"
],
"file_count": 7,
"followup_owner": "pending_followup_owner",
"gate_tags": [
"backup_restore",
"rbac",
"secret_metadata",
"workload_or_schedule"
],
"group_id": "velero",
"kubectl_action_authorized": false,
"kubectl_action_executed": false,
"label": "Velero backup / restore manifests",
"live_cluster_read_authorized": false,
"live_cluster_read_executed": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_role_or_team",
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"rendered_manifest_diff_ready": false,
"request_fields": [
"request_id",
"group_id",
"root",
"control_tier",
"file_count",
"yaml_manifest_file_count",
"supporting_source_file_count",
"top_level_kind_marker_count",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan",
"not_approval"
],
"request_id": "k8s_argocd_owner_request:velero",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan"
],
"rollback_revision": "pending_rollback_revision",
"root": "k8s/velero",
"runtime_gate": false,
"secret_value_collection_allowed": false,
"source_snapshot_ref": "docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"status": "draft_not_dispatched",
"supporting_source_file_count": 1,
"top_level_kind_marker_count": 8,
"top_level_kinds": [
"BackupStorageLocation",
"ClusterRoleBinding",
"Deployment",
"List",
"Namespace",
"Secret",
"Service",
"ServiceAccount"
],
"validation_plan": "pending_validation_plan",
"yaml_manifest_file_count": 6
},
{
"action_buttons_allowed": false,
"affected_scope": "pending_affected_scope",
"argocd_health_readback_received": false,
"argocd_health_readback_ref": null,
"argocd_sync_authorized": false,
"argocd_sync_executed": false,
"argocd_sync_revision_ref": null,
"blocked_actions": [
"argocd_sync",
"kubectl_apply",
"kubectl_patch",
"kubectl_delete",
"helm_upgrade",
"secret_value_collection",
"live_cluster_write",
"manual_pod_restart",
"scale_workload",
"change_network_policy",
"change_rbac",
"restore_backup",
"open_runtime_gate"
],
"control_tier": "C1",
"decision": "pending_owner_decision",
"decision_reason": "pending_decision_reason",
"evidence_gaps": [
"owner_response",
"rendered_manifest_diff",
"argocd_health_readback",
"argocd_sync_revision",
"kubectl_dry_run_or_server_validation_plan",
"rollout_blast_radius",
"rollback_revision",
"postcheck_metrics"
],
"file_count": 13,
"followup_owner": "pending_followup_owner",
"gate_tags": [
"apply_capable_script",
"monitoring_alerting",
"supporting_source"
],
"group_id": "monitoring",
"kubectl_action_authorized": false,
"kubectl_action_executed": false,
"label": "K8s monitoring and alert source",
"live_cluster_read_authorized": false,
"live_cluster_read_executed": false,
"maintenance_window": "pending_maintenance_window",
"not_approval": true,
"owner_response_accepted": false,
"owner_response_received": false,
"owner_response_rejected": false,
"owner_role_or_team": "pending_owner_role_or_team",
"production_write_authorized": false,
"recipient_confirmed": false,
"redacted_evidence_refs": [],
"rendered_manifest_diff_ready": false,
"request_fields": [
"request_id",
"group_id",
"root",
"control_tier",
"file_count",
"yaml_manifest_file_count",
"supporting_source_file_count",
"top_level_kind_marker_count",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan",
"not_approval"
],
"request_id": "k8s_argocd_owner_request:monitoring",
"request_sent": false,
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan"
],
"rollback_revision": "pending_rollback_revision",
"root": "k8s/monitoring",
"runtime_gate": false,
"secret_value_collection_allowed": false,
"source_snapshot_ref": "docs/security/k8s-argocd-manifest-inventory.snapshot.json",
"status": "draft_not_dispatched",
"supporting_source_file_count": 1,
"top_level_kind_marker_count": 4,
"top_level_kinds": [
"PrometheusRule"
],
"validation_plan": "pending_validation_plan",
"yaml_manifest_file_count": 12
}
],
"request_fields": [
"request_id",
"group_id",
"root",
"control_tier",
"file_count",
"yaml_manifest_file_count",
"supporting_source_file_count",
"top_level_kind_marker_count",
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan",
"not_approval"
],
"required_owner_fields": [
"owner_role_or_team",
"decision",
"decision_reason",
"affected_scope",
"redacted_evidence_refs",
"argocd_health_readback_ref",
"argocd_sync_revision_ref",
"rollback_revision",
"followup_owner",
"maintenance_window",
"validation_plan"
],
"schema_version": "k8s_argocd_owner_request_draft_v1",
"source_inventory_schema_version": "k8s_argocd_manifest_inventory_v1",
"source_inventory_status": "repo_only_inventory_ready_no_live_cluster_read",
"status": "owner_request_draft_ready_not_dispatched",
"summary": {
"action_button_count": 0,
"argocd_health_readback_received_count": 0,
"argocd_sync_authorized_count": 0,
"argocd_sync_executed_count": 0,
"blocked_action_count": 13,
"c0_request_draft_count": 3,
"c1_request_draft_count": 1,
"evidence_gap_count": 8,
"kubectl_action_authorized_count": 0,
"kubectl_action_executed_count": 0,
"live_cluster_read_authorized_count": 0,
"live_cluster_read_executed_count": 0,
"owner_response_accepted_count": 0,
"owner_response_received_count": 0,
"owner_response_rejected_count": 0,
"recipient_confirmed_count": 0,
"rendered_manifest_diff_ready_count": 0,
"request_draft_count": 4,
"request_field_count": 20,
"request_sent_count": 0,
"required_owner_field_count": 11,
"runtime_gate_count": 0,
"secret_value_collection_allowed_count": 0
}
}
Reference in New Issue View Git Blame Copy Permalink