237 lines
7.7 KiB
JSON
237 lines
7.7 KiB
JSON
{
|
|
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
"$id": "https://awoooi.wooo.work/schemas/backup_restore_escrow_inventory_v1.schema.json",
|
|
"title": "IwoooS backup / restore / escrow / retention repo-only 清冊",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"schema_version",
|
|
"generated_at",
|
|
"git_commit",
|
|
"status",
|
|
"source_scope",
|
|
"summary",
|
|
"execution_boundaries",
|
|
"expected_scopes",
|
|
"backup_surfaces",
|
|
"write_capable_surfaces",
|
|
"next_collection_order",
|
|
"operator_interpretation"
|
|
],
|
|
"properties": {
|
|
"schema_version": {
|
|
"const": "backup_restore_escrow_inventory_v1"
|
|
},
|
|
"generated_at": {
|
|
"type": "string"
|
|
},
|
|
"git_commit": {
|
|
"type": "string"
|
|
},
|
|
"status": {
|
|
"const": "repo_only_inventory_ready"
|
|
},
|
|
"source_scope": {
|
|
"const": "committed_repo_files_only"
|
|
},
|
|
"summary": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"surface_count",
|
|
"source_exists_count",
|
|
"expected_scope_count",
|
|
"backup_script_surface_count",
|
|
"restore_drill_surface_count",
|
|
"offsite_escrow_surface_count",
|
|
"velero_surface_count",
|
|
"retention_surface_count",
|
|
"credential_surface_count",
|
|
"alert_surface_count",
|
|
"dr_readiness_contract_surface_count",
|
|
"write_capable_surface_count",
|
|
"surfaces_requiring_owner_response_count",
|
|
"surfaces_requiring_live_evidence_count",
|
|
"owner_response_received_count",
|
|
"owner_response_accepted_count",
|
|
"live_evidence_received_count",
|
|
"restore_drill_accepted_count",
|
|
"offsite_sync_accepted_count",
|
|
"credential_escrow_accepted_count",
|
|
"retention_change_accepted_count",
|
|
"maintenance_window_accepted_count",
|
|
"rollback_owner_accepted_count",
|
|
"runtime_gate_count",
|
|
"action_button_count",
|
|
"coverage_percent_before_inventory",
|
|
"coverage_percent_after_inventory"
|
|
],
|
|
"properties": {
|
|
"surface_count": { "const": 38 },
|
|
"source_exists_count": { "const": 38 },
|
|
"expected_scope_count": { "const": 38 },
|
|
"backup_script_surface_count": { "const": 15 },
|
|
"restore_drill_surface_count": { "const": 4 },
|
|
"offsite_escrow_surface_count": { "const": 8 },
|
|
"velero_surface_count": { "const": 5 },
|
|
"retention_surface_count": { "const": 3 },
|
|
"credential_surface_count": { "const": 5 },
|
|
"alert_surface_count": { "const": 1 },
|
|
"dr_readiness_contract_surface_count": { "const": 3 },
|
|
"write_capable_surface_count": { "const": 27 },
|
|
"surfaces_requiring_owner_response_count": { "const": 38 },
|
|
"surfaces_requiring_live_evidence_count": { "const": 38 },
|
|
"owner_response_received_count": { "const": 0 },
|
|
"owner_response_accepted_count": { "const": 0 },
|
|
"live_evidence_received_count": { "const": 0 },
|
|
"restore_drill_accepted_count": { "const": 0 },
|
|
"offsite_sync_accepted_count": { "const": 0 },
|
|
"credential_escrow_accepted_count": { "const": 0 },
|
|
"retention_change_accepted_count": { "const": 0 },
|
|
"maintenance_window_accepted_count": { "const": 0 },
|
|
"rollback_owner_accepted_count": { "const": 0 },
|
|
"runtime_gate_count": { "const": 0 },
|
|
"action_button_count": { "const": 0 },
|
|
"coverage_percent_before_inventory": { "const": 52 },
|
|
"coverage_percent_after_inventory": { "const": 58 }
|
|
}
|
|
},
|
|
"execution_boundaries": {
|
|
"type": "object",
|
|
"additionalProperties": { "const": false },
|
|
"required": [
|
|
"runtime_execution_authorized",
|
|
"host_write_authorized",
|
|
"backup_run_authorized",
|
|
"restore_run_authorized",
|
|
"restore_drill_authorized",
|
|
"offsite_sync_authorized",
|
|
"offsite_remote_delete_authorized",
|
|
"credential_escrow_marker_write_authorized",
|
|
"retention_change_authorized",
|
|
"restic_prune_authorized",
|
|
"rclone_config_authorized",
|
|
"velero_restore_authorized",
|
|
"velero_backup_authorized",
|
|
"kubectl_action_authorized",
|
|
"ssh_read_authorized",
|
|
"ssh_write_authorized",
|
|
"secret_value_collection_allowed",
|
|
"active_scan_authorized",
|
|
"action_buttons_allowed"
|
|
]
|
|
},
|
|
"expected_scopes": {
|
|
"type": "array",
|
|
"minItems": 38,
|
|
"maxItems": 38,
|
|
"items": { "type": "string" }
|
|
},
|
|
"backup_surfaces": {
|
|
"type": "array",
|
|
"minItems": 38,
|
|
"maxItems": 38,
|
|
"items": {
|
|
"$ref": "#/$defs/backup_surface"
|
|
}
|
|
},
|
|
"write_capable_surfaces": {
|
|
"type": "array",
|
|
"minItems": 27,
|
|
"maxItems": 27,
|
|
"items": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"surface_id",
|
|
"label",
|
|
"config_kind",
|
|
"expected_scope",
|
|
"required_gate"
|
|
],
|
|
"properties": {
|
|
"surface_id": { "type": "string" },
|
|
"label": { "type": "string" },
|
|
"config_kind": { "type": "string" },
|
|
"expected_scope": { "type": "string" },
|
|
"required_gate": {
|
|
"const": "owner_response_plus_maintenance_window_plus_rollback_owner"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"next_collection_order": {
|
|
"type": "array",
|
|
"minItems": 10,
|
|
"items": { "type": "string" }
|
|
},
|
|
"operator_interpretation": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
}
|
|
},
|
|
"$defs": {
|
|
"backup_surface": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"required": [
|
|
"surface_id",
|
|
"label",
|
|
"source_path",
|
|
"expected_scope",
|
|
"config_kind",
|
|
"control_tier",
|
|
"current_state",
|
|
"backup_scope",
|
|
"requires_live_evidence",
|
|
"requires_owner_response",
|
|
"next_owner_action",
|
|
"source_exists",
|
|
"line_count",
|
|
"sha256",
|
|
"owner_response_received",
|
|
"owner_response_accepted",
|
|
"live_evidence_received",
|
|
"restore_drill_accepted",
|
|
"offsite_sync_accepted",
|
|
"credential_escrow_accepted",
|
|
"retention_change_accepted",
|
|
"maintenance_window_accepted",
|
|
"rollback_owner_accepted",
|
|
"runtime_gate_open",
|
|
"action_buttons_allowed"
|
|
],
|
|
"properties": {
|
|
"surface_id": { "type": "string" },
|
|
"label": { "type": "string" },
|
|
"source_path": { "type": "string" },
|
|
"expected_scope": { "type": "string" },
|
|
"config_kind": { "type": "string" },
|
|
"control_tier": { "const": "C0" },
|
|
"current_state": { "type": "string" },
|
|
"backup_scope": {
|
|
"type": "array",
|
|
"items": { "type": "string" }
|
|
},
|
|
"requires_live_evidence": { "const": true },
|
|
"requires_owner_response": { "const": true },
|
|
"next_owner_action": { "type": "string" },
|
|
"source_exists": { "const": true },
|
|
"line_count": { "type": "integer", "minimum": 1 },
|
|
"sha256": { "type": "string", "minLength": 64, "maxLength": 64 },
|
|
"owner_response_received": { "const": false },
|
|
"owner_response_accepted": { "const": false },
|
|
"live_evidence_received": { "const": false },
|
|
"restore_drill_accepted": { "const": false },
|
|
"offsite_sync_accepted": { "const": false },
|
|
"credential_escrow_accepted": { "const": false },
|
|
"retention_change_accepted": { "const": false },
|
|
"maintenance_window_accepted": { "const": false },
|
|
"rollback_owner_accepted": { "const": false },
|
|
"runtime_gate_open": { "const": false },
|
|
"action_buttons_allowed": { "const": false }
|
|
}
|
|
}
|
|
}
|
|
}
|