64 lines
2.5 KiB
Text
64 lines
2.5 KiB
Text
# Verify policy contracts — backup verification as parallel provisioning.
|
|
# Drill-as-recipe: instead of a boolean flag, declare a sandbox infra recipe
|
|
# the daemon coordinator spins up, restores into, and runs an integration
|
|
# test suite against. The only credible verification is one that actually
|
|
# restores and exercises the data.
|
|
|
|
let bp = import "backup_policy.ncl" in
|
|
|
|
{
|
|
# Test step discriminated union. The manager runs each step in order,
|
|
# collecting pass/fail/skip; an optional step does not abort on failure.
|
|
TestStep = {
|
|
kind | [| 'http_check, 'sql_query, 'file_exists, 'cmd, 'integration |],
|
|
name | String,
|
|
optional | Bool | default = false,
|
|
timeout | bp.Duration | default = "60s",
|
|
|
|
# 'http_check
|
|
url | String | optional,
|
|
expected_status | Number | optional,
|
|
|
|
# 'sql_query
|
|
connection_ref | String | optional | doc "Reference to a connection profile (vault path or alias)",
|
|
query | String | optional,
|
|
expected | String | optional,
|
|
|
|
# 'file_exists
|
|
path | String | optional,
|
|
|
|
# 'cmd
|
|
run | String | optional,
|
|
expect_zero_exit | Bool | default = true,
|
|
|
|
# 'integration — invokes a higher-level scenario by name
|
|
component | String | optional,
|
|
scenario | String | optional,
|
|
},
|
|
|
|
# Reference to a parallel provisioning recipe that materialises the sandbox.
|
|
# The recipe lives under infra/<workspace>/verify-recipes/ and is itself
|
|
# declarative Nickel exported to the orchestrator.
|
|
ProvisioningRecipeRef = {
|
|
name | String | doc "Recipe identifier (looked up in infra/<workspace>/verify-recipes/)",
|
|
args | { _ | String } | doc "Per-invocation parameters passed to the recipe" | default = {},
|
|
},
|
|
|
|
# Drill specification consumed by the daemon coordinator on a verify schedule.
|
|
DrillSpec = {
|
|
name | String,
|
|
parallel_infra | ProvisioningRecipeRef,
|
|
test_suite | Array TestStep,
|
|
cleanup | [| 'always, 'on_success, 'never |] | default = 'on_success,
|
|
timeout | bp.Duration | default = "30m",
|
|
schedule | bp.Schedule | optional | doc "Drill cadence; defaults to manual invocation when omitted",
|
|
},
|
|
|
|
# Top-level verify policy: a level (cheapest → costliest) plus an optional
|
|
# drill spec for 'restore_drill / 'full_dr levels.
|
|
VerifyPolicy = {
|
|
level | [| 'quick, 'deep, 'restore_drill, 'full_dr |] | default = 'quick,
|
|
schedule | bp.Schedule | optional,
|
|
drill | DrillSpec | optional,
|
|
},
|
|
}
|