Skip to main content

canic_host/deployment_truth/model/root_verification/
mod.rs

1use super::{DeploymentCheckV1, DeploymentRootObservationSourceV1, SafetyFindingV1};
2use serde::{Deserialize, Serialize};
3
4///
5/// DeploymentRootVerificationRequestV1
6///
7#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
8pub struct DeploymentRootVerificationRequestV1 {
9    pub report_id: String,
10    pub requested_at: String,
11    pub deployment_name: String,
12    pub network: String,
13    pub expected_fleet_template: String,
14    pub expected_root_principal: String,
15    pub current_root_verification: DeploymentRootVerificationStateV1,
16    pub source: DeploymentRootVerificationSourceV1,
17    pub deployment_check: DeploymentCheckV1,
18}
19
20///
21/// DeploymentRootVerificationReportV1
22///
23#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
24pub struct DeploymentRootVerificationReportV1 {
25    pub schema_version: u32,
26    pub report_id: String,
27    pub report_digest: String,
28    pub requested_at: String,
29    pub evidence_status: DeploymentRootVerificationEvidenceStatusV1,
30    pub state_transition: DeploymentRootVerificationStateTransitionV1,
31    pub deployment_name: String,
32    pub network: String,
33    pub expected_fleet_template: String,
34    pub expected_root_principal: String,
35    pub observed_deployment_name: Option<String>,
36    pub observed_network: Option<String>,
37    pub observed_fleet_template: Option<String>,
38    pub observed_root_principal: Option<String>,
39    pub observed_root_canister_id: Option<String>,
40    pub observed_root_observation_source: Option<DeploymentRootObservationSourceV1>,
41    pub source: DeploymentRootVerificationSourceV1,
42    pub source_check_id: String,
43    pub source_check_digest: String,
44    pub source_deployment_plan_id: String,
45    pub source_deployment_plan_digest: String,
46    pub source_inventory_id: String,
47    pub source_inventory_digest: String,
48    pub current_root_verification: DeploymentRootVerificationStateV1,
49    pub identity_checks: Vec<DeploymentRootVerificationCheckV1>,
50    pub evidence_checks: Vec<DeploymentRootVerificationCheckV1>,
51    pub blockers: Vec<SafetyFindingV1>,
52    pub warnings: Vec<SafetyFindingV1>,
53    pub recommended_next_actions: Vec<String>,
54}
55
56///
57/// DeploymentRootVerificationReceiptV1
58///
59#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
60pub struct DeploymentRootVerificationReceiptV1 {
61    pub schema_version: u32,
62    pub receipt_id: String,
63    pub receipt_digest: String,
64    pub deployment_name: String,
65    pub network: String,
66    pub fleet_template: String,
67    pub root_principal: String,
68    pub previous_root_verification: DeploymentRootVerificationStateV1,
69    pub new_root_verification: DeploymentRootVerificationStateV1,
70    pub state_transition: DeploymentRootVerificationStateTransitionV1,
71    pub source_report_id: String,
72    pub source_report_digest: String,
73    pub source_report_requested_at: String,
74    pub source_report_source: DeploymentRootVerificationSourceV1,
75    pub source_report_evidence_status: DeploymentRootVerificationEvidenceStatusV1,
76    pub source_report_current_root_verification: DeploymentRootVerificationStateV1,
77    pub source_report_state_transition: DeploymentRootVerificationStateTransitionV1,
78    pub source_root_observation_source: DeploymentRootObservationSourceV1,
79    pub source_observed_root_canister_id: String,
80    pub source_check_id: String,
81    pub source_check_digest: String,
82    pub source_deployment_plan_id: String,
83    pub source_deployment_plan_digest: String,
84    pub source_inventory_id: String,
85    pub source_inventory_digest: String,
86    pub verified_at_unix_secs: u64,
87    pub local_state_path: String,
88    pub local_state_digest_before: String,
89    pub local_state_digest_after: String,
90    pub warnings: Vec<SafetyFindingV1>,
91}
92
93///
94/// DeploymentRootVerificationCheckV1
95///
96#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
97pub struct DeploymentRootVerificationCheckV1 {
98    pub name: String,
99    pub expected: Option<String>,
100    pub observed: Option<String>,
101    pub satisfied: bool,
102}
103
104///
105/// DeploymentRootVerificationSourceV1
106///
107#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
108pub enum DeploymentRootVerificationSourceV1 {
109    DeploymentTruthCheck,
110}
111
112///
113/// DeploymentRootVerificationEvidenceStatusV1
114///
115#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
116pub enum DeploymentRootVerificationEvidenceStatusV1 {
117    EvidenceSatisfied,
118    VerificationFailed,
119    NotApplicable,
120}
121
122///
123/// DeploymentRootVerificationStateTransitionV1
124///
125#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
126pub enum DeploymentRootVerificationStateTransitionV1 {
127    NotAttempted,
128    WouldPromoteNotVerifiedToVerified,
129    PromotedNotVerifiedToVerified,
130    NoStateChange,
131    Blocked,
132}
133
134///
135/// DeploymentRootVerificationStateV1
136///
137#[derive(Clone, Copy, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
138pub enum DeploymentRootVerificationStateV1 {
139    NotVerified,
140    Verified,
141}