centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
photoncloud-monorepo/nix/test-cluster/run-core-control-plane-ops-proof.sh
centra 72a68e8fc4 まとめてコミット
2026-05-05 22:49:03 +09:00

124 lines
4.6 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
export PATH="/run/current-system/sw/bin:/usr/bin:/bin:${PATH}"
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_ROOT="$(cd "${SCRIPT_DIR}/../.." && pwd)"
WORK_ROOT="${ULTRACLOUD_WORK_ROOT:-${REPO_ROOT}/work}"
timestamp() {
date +%Y%m%dT%H%M%S%:z
}
DEFAULT_LOG_ROOT="${WORK_ROOT}/core-control-plane-ops-proof/$(timestamp)"
LOG_ROOT="${1:-${DEFAULT_LOG_ROOT}}"
mkdir -p "${LOG_ROOT}"
log() {
printf '[core-control-plane-ops-proof] %s\n' "$*"
}
run_case() {
local name="$1"
shift
local logfile="${LOG_ROOT}/${name}.log"
local metafile="${LOG_ROOT}/${name}.meta"
local started_at ended_at rc
started_at="$(date -Is)"
printf 'command=' >"${metafile}"
printf '%q ' "$@" >>"${metafile}"
printf '\nstarted_at=%s\n' "${started_at}" >>"${metafile}"
log "running ${name}: $*"
set +e
(
cd "${REPO_ROOT}"
"$@"
) >"${logfile}" 2>&1
rc=$?
set -e
ended_at="$(date -Is)"
printf 'ended_at=%s\n' "${ended_at}" >>"${metafile}"
printf 'exit_code=%s\n' "${rc}" >>"${metafile}"
if (( rc != 0 )); then
log "${name} failed; see ${logfile}"
return "${rc}"
fi
log "${name} passed"
}
write_environment() {
{
printf 'started_at=%s\n' "$(date -Is)"
printf 'repo_root=%s\n' "${REPO_ROOT}"
printf 'log_root=%s\n' "${LOG_ROOT}"
printf 'branch=%s\n' "$(git -C "${REPO_ROOT}" branch --show-current)"
printf 'commit=%s\n' "$(git -C "${REPO_ROOT}" rev-parse HEAD)"
} >"${LOG_ROOT}/environment.txt"
}
write_scope_summary() {
cat >"${LOG_ROOT}/scope-fixed-contract.json" <<EOF
{"flaredb":{"supported_schema_contract":"additive-first schema evolution with durability-proof backup/restore before change and offline destructive cleanup after a fresh backup","destructive_ddl_online_supported":false,"fully_automated_online_migration_supported":false},"iam":{"supported_rotation_contract":"bootstrap hardening plus signing-key rotation, credential overlap-and-revoke rotation, and mTLS overlap-and-cutover rotation","multi_node_failover_supported":false}}
EOF
}
write_result() {
local rc="$1"
local finished_at
finished_at="$(date -Is)"
cat >"${LOG_ROOT}/result.json" <<EOF
{"success":$( [[ "${rc}" -eq 0 ]] && printf 'true' || printf 'false' ),"finished_at":"${finished_at}","log_root":"${LOG_ROOT}","scope_summary":"${LOG_ROOT}/scope-fixed-contract.json","iam_rotation_contract":"signing-key, credential, and mTLS overlap rotation","iam_multi_node_failover_supported":false,"flaredb_destructive_ddl_online_supported":false,"flaredb_fully_automated_online_migration_supported":false}
EOF
}
main() {
local rc=0
write_environment
write_scope_summary
run_case iam-key-rotation-tests \
cargo test --manifest-path iam/Cargo.toml -p iam-authn test_key_rotation_ --quiet || rc=$?
if (( rc == 0 )); then
run_case iam-credential-rotation-tests \
cargo test --manifest-path iam/Cargo.toml -p iam-api credential_rotation_cutover_keeps_new_key_live --quiet || rc=$?
fi
if (( rc == 0 )); then
run_case iam-mtls-rotation-tests \
cargo test --manifest-path iam/Cargo.toml -p iam-authn test_mtls_ --quiet || rc=$?
fi
if (( rc == 0 )); then
run_case chainfire-membership-contract \
rg -n 'MemberAdd|MemberRemove|MemberList|LeaderTransfer|TimeoutNow|chainfire-live-membership-proof|current-leader removal|leader transfer|temporary-voter restart|one-voter transitions|joint consensus|live membership' \
README.md docs/control-plane-ops.md docs/testing.md nix/test-cluster/README.md chainfire/proto/chainfire.proto chainfire/crates/chainfire-api/src/cluster_service.rs || rc=$?
fi
if (( rc == 0 )); then
run_case flaredb-migration-contract \
rg -n 'online migration|schema evolution|backup/restore baseline|additive-first|destructive DDL|fully automated online migration|outside the supported product contract' \
README.md docs TODO.md flaredb/crates/flaredb-raft/src/raft_node.rs || rc=$?
fi
if (( rc == 0 )); then
run_case iam-lifecycle-contract \
rg -n 'bootstrap hardening|IAM_CRED_MASTER_KEY|signing key|credential rotation|mTLS overlap-and-cutover rotation|multi-node IAM failover|outside the supported product contract|allow_unauthenticated' \
README.md docs TODO.md iam/crates/iam-server/src/main.rs iam/crates/iam-authn/src/token.rs iam/crates/iam-authn/src/mtls.rs iam/crates/iam-api/src/credential_service.rs || rc=$?
fi
write_result "${rc}"
if (( rc != 0 )); then
return "${rc}"
fi
if [[ "${LOG_ROOT}" == "${DEFAULT_LOG_ROOT}" ]]; then
ln -sfn "${LOG_ROOT}" "${WORK_ROOT}/core-control-plane-ops-proof/latest"
fi
log "core control plane operator proof passed; logs in ${LOG_ROOT}"
}
main "$@"
Reference in a new issue View git blame Copy permalink