v1.5.0: IRM — инциденты, задачи, эскалации

- docs/IRM.md; Alembic 002: incidents, tasks, escalation_policies - Модули incidents/tasks/escalations: API, UI, register_events(bus, pool) - Авто-инцидент из alert.received; тесты test_irm_modules.py Made-with: Cursor
2026-04-03 09:03:16 +03:00
parent 0787745098
commit 89b5983526
20 changed files with 772 additions and 16 deletions
--- a/onguard24/init.py
+++ b/onguard24/init.py
@ -1,3 +1,3 @@
 """onGuard24 — модульный монолит (ядро + модули)."""

-__version__ = "1.4.1"
+__version__ = "1.5.0"
--- a/onguard24/deps.py
+++ b/onguard24/deps.py
@ -0,0 +1,9 @@
+"""Общие зависимости FastAPI."""
+
+from __future__ import annotations
+
+from fastapi import Request
+
+
+def get_pool(request: Request):
+    return getattr(request.app.state, "pool", None)
--- a/onguard24/main.py
+++ b/onguard24/main.py
@ -34,7 +34,7 @@ async def lifespan(app: FastAPI):
    settings = get_settings()
    pool = await create_pool(settings)
    bus = InMemoryEventBus()
-    register_module_events(bus)
+    register_module_events(bus, pool)
    app.state.pool = pool
    app.state.settings = settings
    app.state.event_bus = bus
--- a/onguard24/modules/contacts.py
+++ b/onguard24/modules/contacts.py
@ -9,7 +9,7 @@ router = APIRouter(tags=["module-contacts"])
 ui_router = APIRouter(tags=["web-contacts"], include_in_schema=False)


-def register_events(_bus: EventBus) -> None:
+def register_events(_bus: EventBus, _pool=None) -> None:
    pass


--- a/onguard24/modules/escalations.py
+++ b/onguard24/modules/escalations.py
@ -0,0 +1,153 @@
+"""IRM: цепочки эскалаций (политики в JSON, дальше — исполнение по шагам)."""
+
+from __future__ import annotations
+
+import html
+import json
+from uuid import UUID
+
+import asyncpg
+from fastapi import APIRouter, Depends, HTTPException, Request
+from fastapi.responses import HTMLResponse
+from pydantic import BaseModel, Field
+
+from onguard24.deps import get_pool
+from onguard24.domain.events import EventBus
+from onguard24.modules.ui_support import wrap_module_html_page
+
+router = APIRouter(tags=["module-escalations"])
+ui_router = APIRouter(tags=["web-escalations"], include_in_schema=False)
+
+
+class PolicyCreate(BaseModel):
+    name: str = Field(..., min_length=1, max_length=200)
+    enabled: bool = True
+    steps: list[dict] = Field(default_factory=list)
+
+
+def register_events(_bus: EventBus, _pool: asyncpg.Pool | None = None) -> None:
+    pass
+
+
+async def render_home_fragment(request: Request) -> str:
+    pool = get_pool(request)
+    if pool is None:
+        return '<p class="module-note">Нужна БД для политик эскалации.</p>'
+    try:
+        async with pool.acquire() as conn:
+            n = await conn.fetchval("SELECT count(*)::int FROM escalation_policies WHERE enabled = true")
+    except Exception:
+        return '<p class="module-note">Таблица политик недоступна (миграции?).</p>'
+    return f'<div class="module-fragment"><p>Активных политик: <strong>{int(n)}</strong></p></div>'
+
+
+@router.get("/")
+async def list_policies_api(pool: asyncpg.Pool | None = Depends(get_pool)):
+    if pool is None:
+        return {"items": [], "database": "disabled"}
+    async with pool.acquire() as conn:
+        rows = await conn.fetch(
+            """
+            SELECT id, name, enabled, steps, created_at
+            FROM escalation_policies
+            ORDER BY name
+            """
+        )
+    items = []
+    for r in rows:
+        steps = r["steps"]
+        if isinstance(steps, str):
+            steps = json.loads(steps)
+        items.append(
+            {
+                "id": str(r["id"]),
+                "name": r["name"],
+                "enabled": r["enabled"],
+                "steps": steps if isinstance(steps, list) else [],
+                "created_at": r["created_at"].isoformat() if r["created_at"] else None,
+            }
+        )
+    return {"items": items}
+
+
+@router.post("/", status_code=201)
+async def create_policy_api(body: PolicyCreate, pool: asyncpg.Pool | None = Depends(get_pool)):
+    if pool is None:
+        raise HTTPException(status_code=503, detail="database disabled")
+    async with pool.acquire() as conn:
+        row = await conn.fetchrow(
+            """
+            INSERT INTO escalation_policies (name, enabled, steps)
+            VALUES ($1, $2, $3::jsonb)
+            RETURNING id, name, enabled, steps, created_at
+            """,
+            body.name.strip(),
+            body.enabled,
+            json.dumps(body.steps),
+        )
+    steps = row["steps"]
+    return {
+        "id": str(row["id"]),
+        "name": row["name"],
+        "enabled": row["enabled"],
+        "steps": list(steps) if steps else [],
+        "created_at": row["created_at"].isoformat() if row["created_at"] else None,
+    }
+
+
+@router.delete("/{policy_id}", status_code=204)
+async def delete_policy_api(policy_id: UUID, pool: asyncpg.Pool | None = Depends(get_pool)):
+    if pool is None:
+        raise HTTPException(status_code=503, detail="database disabled")
+    async with pool.acquire() as conn:
+        row = await conn.fetchrow(
+            "DELETE FROM escalation_policies WHERE id = $1::uuid RETURNING id",
+            policy_id,
+        )
+    if row is None:
+        raise HTTPException(status_code=404, detail="not found")
+
+
+@ui_router.get("/", response_class=HTMLResponse)
+async def escalations_ui_home(request: Request):
+    pool = get_pool(request)
+    rows_html = ""
+    err = ""
+    if pool is None:
+        err = "<p>База данных не настроена.</p>"
+    else:
+        try:
+            async with pool.acquire() as conn:
+                rows = await conn.fetch(
+                    "SELECT id, name, enabled, steps FROM escalation_policies ORDER BY name"
+                )
+            for r in rows:
+                steps = r["steps"]
+                if hasattr(steps, "__iter__") and not isinstance(steps, (str, bytes)):
+                    steps_preview = html.escape(json.dumps(steps, ensure_ascii=False)[:120])
+                else:
+                    steps_preview = "—"
+                rows_html += (
+                    "<tr>"
+                    f"<td>{html.escape(str(r['id']))[:8]}…</td>"
+                    f"<td>{html.escape(r['name'])}</td>"
+                    f"<td>{'да' if r['enabled'] else 'нет'}</td>"
+                    f"<td><code>{steps_preview}</code></td>"
+                    "</tr>"
+                )
+        except Exception as e:
+            err = f"<p class=\"module-err\">{html.escape(str(e))}</p>"
+    inner = f"""<h1>Цепочки эскалаций</h1>
+<p>Заготовка: шаги хранятся в JSON; исполнение по таймерам — следующие версии.</p>
+{err}
+<table class="irm-table">
+<thead><tr><th>ID</th><th>Имя</th><th>Вкл.</th><th>Шаги (фрагмент)</th></tr></thead>
+<tbody>{rows_html or '<tr><td colspan="4">Нет политик — создайте через API POST</td></tr>'}</tbody>
+</table>"""
+    return HTMLResponse(
+        wrap_module_html_page(
+            document_title="Эскалации — onGuard24",
+            current_slug="escalations",
+            main_inner_html=inner,
+        )
+    )
--- a/onguard24/modules/incidents.py
+++ b/onguard24/modules/incidents.py
@ -0,0 +1,200 @@
+"""IRM: инциденты — учёт сбоев, связь с сырым ingress и событием alert.received."""
+
+from __future__ import annotations
+
+import html
+import logging
+from uuid import UUID
+
+import asyncpg
+from fastapi import APIRouter, Depends, HTTPException, Request
+from fastapi.responses import HTMLResponse
+from pydantic import BaseModel, Field
+
+from onguard24.deps import get_pool
+from onguard24.domain.events import AlertReceived, DomainEvent, EventBus
+from onguard24.modules.ui_support import wrap_module_html_page
+
+log = logging.getLogger(__name__)
+
+router = APIRouter(tags=["module-incidents"])
+ui_router = APIRouter(tags=["web-incidents"], include_in_schema=False)
+
+
+class IncidentCreate(BaseModel):
+    title: str = Field(..., min_length=1, max_length=500)
+    status: str = Field(default="open", max_length=64)
+    severity: str = Field(default="warning", max_length=32)
+
+
+def register_events(bus: EventBus, pool: asyncpg.Pool | None = None) -> None:
+    if pool is None:
+        return
+
+    async def on_alert(ev: DomainEvent) -> None:
+        if not isinstance(ev, AlertReceived) or ev.raw_payload_ref is None:
+            return
+        a = ev.alert
+        title = (a.title if a else "Алерт без названия")[:500]
+        sev = (a.severity.value if a else "warning")
+        try:
+            async with pool.acquire() as conn:
+                await conn.execute(
+                    """
+                    INSERT INTO incidents (title, status, severity, source, ingress_event_id)
+                    VALUES ($1, 'open', $2, 'grafana', $3::uuid)
+                    """,
+                    title,
+                    sev,
+                    ev.raw_payload_ref,
+                )
+        except Exception:
+            log.exception("incidents: не удалось создать инцидент из alert.received")
+
+    bus.subscribe("alert.received", on_alert)
+
+
+async def render_home_fragment(request: Request) -> str:
+    pool = get_pool(request)
+    if pool is None:
+        return '<p class="module-note">Нужна БД для списка инцидентов.</p>'
+    try:
+        async with pool.acquire() as conn:
+            n = await conn.fetchval("SELECT count(*)::int FROM incidents")
+    except Exception:
+        return '<p class="module-note">Таблица инцидентов недоступна (миграции?).</p>'
+    return f'<div class="module-fragment"><p>Инцидентов в учёте: <strong>{int(n)}</strong></p></div>'
+
+
+@router.get("/")
+async def list_incidents_api(
+    pool: asyncpg.Pool | None = Depends(get_pool),
+    limit: int = 50,
+):
+    if pool is None:
+        return {"items": [], "database": "disabled"}
+    limit = min(max(limit, 1), 200)
+    async with pool.acquire() as conn:
+        rows = await conn.fetch(
+            """
+            SELECT id, title, status, severity, source, ingress_event_id, created_at
+            FROM incidents
+            ORDER BY created_at DESC
+            LIMIT $1
+            """,
+            limit,
+        )
+    items = []
+    for r in rows:
+        items.append(
+            {
+                "id": str(r["id"]),
+                "title": r["title"],
+                "status": r["status"],
+                "severity": r["severity"],
+                "source": r["source"],
+                "ingress_event_id": str(r["ingress_event_id"]) if r["ingress_event_id"] else None,
+                "created_at": r["created_at"].isoformat() if r["created_at"] else None,
+            }
+        )
+    return {"items": items}
+
+
+@router.post("/", status_code=201)
+async def create_incident_api(
+    body: IncidentCreate,
+    pool: asyncpg.Pool | None = Depends(get_pool),
+):
+    if pool is None:
+        raise HTTPException(status_code=503, detail="database disabled")
+    async with pool.acquire() as conn:
+        row = await conn.fetchrow(
+            """
+            INSERT INTO incidents (title, status, severity, source)
+            VALUES ($1, $2, $3, 'manual')
+            RETURNING id, title, status, severity, source, ingress_event_id, created_at
+            """,
+            body.title.strip(),
+            body.status,
+            body.severity,
+        )
+    return {
+        "id": str(row["id"]),
+        "title": row["title"],
+        "status": row["status"],
+        "severity": row["severity"],
+        "source": row["source"],
+        "ingress_event_id": None,
+        "created_at": row["created_at"].isoformat() if row["created_at"] else None,
+    }
+
+
+@router.get("/{incident_id}")
+async def get_incident_api(incident_id: UUID, pool: asyncpg.Pool | None = Depends(get_pool)):
+    if pool is None:
+        raise HTTPException(status_code=503, detail="database disabled")
+    async with pool.acquire() as conn:
+        row = await conn.fetchrow(
+            """
+            SELECT id, title, status, severity, source, ingress_event_id, created_at
+            FROM incidents WHERE id = $1::uuid
+            """,
+            incident_id,
+        )
+    if not row:
+        raise HTTPException(status_code=404, detail="not found")
+    return {
+        "id": str(row["id"]),
+        "title": row["title"],
+        "status": row["status"],
+        "severity": row["severity"],
+        "source": row["source"],
+        "ingress_event_id": str(row["ingress_event_id"]) if row["ingress_event_id"] else None,
+        "created_at": row["created_at"].isoformat() if row["created_at"] else None,
+    }
+
+
+@ui_router.get("/", response_class=HTMLResponse)
+async def incidents_ui_home(request: Request):
+    pool = get_pool(request)
+    rows_html = ""
+    err = ""
+    if pool is None:
+        err = "<p>База данных не настроена.</p>"
+    else:
+        try:
+            async with pool.acquire() as conn:
+                rows = await conn.fetch(
+                    """
+                    SELECT id, title, status, severity, source, created_at
+                    FROM incidents
+                    ORDER BY created_at DESC
+                    LIMIT 100
+                    """
+                )
+            for r in rows:
+                rows_html += (
+                    "<tr>"
+                    f"<td>{html.escape(str(r['id']))[:8]}…</td>"
+                    f"<td>{html.escape(r['title'])}</td>"
+                    f"<td>{html.escape(r['status'])}</td>"
+                    f"<td>{html.escape(r['severity'])}</td>"
+                    f"<td>{html.escape(r['source'])}</td>"
+                    "</tr>"
+                )
+        except Exception as e:
+            err = f"<p class=\"module-err\">{html.escape(str(e))}</p>"
+    inner = f"""<h1>Инциденты</h1>
+{err}
+<table class="irm-table">
+<thead><tr><th>ID</th><th>Заголовок</th><th>Статус</th><th>Важность</th><th>Источник</th></tr></thead>
+<tbody>{rows_html or '<tr><td colspan="5">Пока нет записей</td></tr>'}</tbody>
+</table>
+<p><small>Создание из Grafana: webhook → запись в <code>ingress_events</code> → событие → строка здесь.</small></p>"""
+    return HTMLResponse(
+        wrap_module_html_page(
+            document_title="Инциденты — onGuard24",
+            current_slug="incidents",
+            main_inner_html=inner,
+        )
+    )
--- a/onguard24/modules/registry.py
+++ b/onguard24/modules/registry.py
@ -5,6 +5,7 @@

 from __future__ import annotations

+import asyncpg
 from collections.abc import Awaitable, Callable
 from dataclasses import dataclass

@ -12,10 +13,18 @@ from fastapi import APIRouter
 from starlette.requests import Request

 from onguard24.domain.events import EventBus
-from onguard24.modules import contacts, schedules, statusboard
+from onguard24.modules import (
+    contacts,
+    escalations,
+    incidents,
+    schedules,
+    statusboard,
+    tasks,
+)

 # async (Request) -> str — фрагмент HTML для главной страницы (опционально)
 HomeFragment = Callable[[Request], Awaitable[str]]
+RegisterEvents = Callable[[EventBus, asyncpg.Pool | None], None]


@dataclass(frozen=True)
@ -24,7 +33,7 @@ class ModuleMount:

    router: APIRouter
    url_prefix: str
-    register_events: Callable[[EventBus], None]
+    register_events: RegisterEvents
    slug: str
    title: str
    ui_router: APIRouter | None = None
@ -33,6 +42,33 @@ class ModuleMount:

 def _mounts() -> list[ModuleMount]:
    return [
+        ModuleMount(
+            router=incidents.router,
+            url_prefix="/api/v1/modules/incidents",
+            register_events=incidents.register_events,
+            slug="incidents",
+            title="Инциденты",
+            ui_router=incidents.ui_router,
+            render_home_fragment=incidents.render_home_fragment,
+        ),
+        ModuleMount(
+            router=tasks.router,
+            url_prefix="/api/v1/modules/tasks",
+            register_events=tasks.register_events,
+            slug="tasks",
+            title="Задачи",
+            ui_router=tasks.ui_router,
+            render_home_fragment=tasks.render_home_fragment,
+        ),
+        ModuleMount(
+            router=escalations.router,
+            url_prefix="/api/v1/modules/escalations",
+            register_events=escalations.register_events,
+            slug="escalations",
+            title="Эскалации",
+            ui_router=escalations.ui_router,
+            render_home_fragment=escalations.render_home_fragment,
+        ),
        ModuleMount(
            router=schedules.router,
            url_prefix="/api/v1/modules/schedules",
@ -66,6 +102,6 @@ def _mounts() -> list[ModuleMount]:
 MODULE_MOUNTS: list[ModuleMount] = _mounts()


-def register_module_events(bus: EventBus) -> None:
+def register_module_events(bus: EventBus, pool: asyncpg.Pool | None = None) -> None:
    for m in MODULE_MOUNTS:
-        m.register_events(bus)
+        m.register_events(bus, pool)
--- a/onguard24/modules/schedules.py
+++ b/onguard24/modules/schedules.py
@ -9,7 +9,7 @@ router = APIRouter(tags=["module-schedules"])
 ui_router = APIRouter(tags=["web-schedules"], include_in_schema=False)


-def register_events(_bus: EventBus) -> None:
+def register_events(_bus: EventBus, _pool=None) -> None:
    """Подписка на доменные события (например alert.received)."""
    # _bus.subscribe("alert.received", handler)

--- a/onguard24/modules/statusboard.py
+++ b/onguard24/modules/statusboard.py
@ -9,7 +9,7 @@ router = APIRouter(tags=["module-statusboard"])
 ui_router = APIRouter(tags=["web-statusboard"], include_in_schema=False)


-def register_events(_bus: EventBus) -> None:
+def register_events(_bus: EventBus, _pool=None) -> None:
    pass


--- a/onguard24/modules/tasks.py
+++ b/onguard24/modules/tasks.py
@ -0,0 +1,159 @@
+"""IRM: задачи по инцидентам (или вне привязки)."""
+
+from __future__ import annotations
+
+import html
+from uuid import UUID
+
+import asyncpg
+from fastapi import APIRouter, Depends, HTTPException, Request
+from fastapi.responses import HTMLResponse
+from pydantic import BaseModel, Field
+
+from onguard24.deps import get_pool
+from onguard24.domain.events import EventBus
+from onguard24.modules.ui_support import wrap_module_html_page
+
+router = APIRouter(tags=["module-tasks"])
+ui_router = APIRouter(tags=["web-tasks"], include_in_schema=False)
+
+
+class TaskCreate(BaseModel):
+    title: str = Field(..., min_length=1, max_length=500)
+    incident_id: UUID | None = None
+
+
+def register_events(_bus: EventBus, _pool: asyncpg.Pool | None = None) -> None:
+    pass
+
+
+async def render_home_fragment(request: Request) -> str:
+    pool = get_pool(request)
+    if pool is None:
+        return '<p class="module-note">Нужна БД для задач.</p>'
+    try:
+        async with pool.acquire() as conn:
+            n = await conn.fetchval("SELECT count(*)::int FROM tasks")
+    except Exception:
+        return '<p class="module-note">Таблица задач недоступна (миграции?).</p>'
+    return f'<div class="module-fragment"><p>Задач: <strong>{int(n)}</strong></p></div>'
+
+
+@router.get("/")
+async def list_tasks_api(
+    pool: asyncpg.Pool | None = Depends(get_pool),
+    incident_id: UUID | None = None,
+    limit: int = 100,
+):
+    if pool is None:
+        return {"items": [], "database": "disabled"}
+    limit = min(max(limit, 1), 200)
+    async with pool.acquire() as conn:
+        if incident_id:
+            rows = await conn.fetch(
+                """
+                SELECT id, incident_id, title, status, created_at
+                FROM tasks WHERE incident_id = $1::uuid
+                ORDER BY created_at DESC LIMIT $2
+                """,
+                incident_id,
+                limit,
+            )
+        else:
+            rows = await conn.fetch(
+                """
+                SELECT id, incident_id, title, status, created_at
+                FROM tasks
+                ORDER BY created_at DESC
+                LIMIT $1
+                """,
+                limit,
+            )
+    items = []
+    for r in rows:
+        items.append(
+            {
+                "id": str(r["id"]),
+                "incident_id": str(r["incident_id"]) if r["incident_id"] else None,
+                "title": r["title"],
+                "status": r["status"],
+                "created_at": r["created_at"].isoformat() if r["created_at"] else None,
+            }
+        )
+    return {"items": items}
+
+
+@router.post("/", status_code=201)
+async def create_task_api(body: TaskCreate, pool: asyncpg.Pool | None = Depends(get_pool)):
+    if pool is None:
+        raise HTTPException(status_code=503, detail="database disabled")
+    if body.incident_id:
+        async with pool.acquire() as conn:
+            ok = await conn.fetchval(
+                "SELECT 1 FROM incidents WHERE id = $1::uuid",
+                body.incident_id,
+            )
+        if not ok:
+            raise HTTPException(status_code=400, detail="incident not found")
+    async with pool.acquire() as conn:
+        row = await conn.fetchrow(
+            """
+            INSERT INTO tasks (title, incident_id, status)
+            VALUES ($1, $2::uuid, 'open')
+            RETURNING id, incident_id, title, status, created_at
+            """,
+            body.title.strip(),
+            body.incident_id,
+        )
+    return {
+        "id": str(row["id"]),
+        "incident_id": str(row["incident_id"]) if row["incident_id"] else None,
+        "title": row["title"],
+        "status": row["status"],
+        "created_at": row["created_at"].isoformat() if row["created_at"] else None,
+    }
+
+
+@ui_router.get("/", response_class=HTMLResponse)
+async def tasks_ui_home(request: Request):
+    pool = get_pool(request)
+    rows_html = ""
+    err = ""
+    if pool is None:
+        err = "<p>База данных не настроена.</p>"
+    else:
+        try:
+            async with pool.acquire() as conn:
+                rows = await conn.fetch(
+                    """
+                    SELECT t.id, t.title, t.status, t.incident_id, t.created_at
+                    FROM tasks t
+                    ORDER BY t.created_at DESC
+                    LIMIT 100
+                    """
+                )
+            for r in rows:
+                iid = str(r["incident_id"])[:8] + "…" if r["incident_id"] else "—"
+                rows_html += (
+                    "<tr>"
+                    f"<td>{html.escape(str(r['id']))[:8]}…</td>"
+                    f"<td>{html.escape(r['title'])}</td>"
+                    f"<td>{html.escape(r['status'])}</td>"
+                    f"<td>{html.escape(iid)}</td>"
+                    "</tr>"
+                )
+        except Exception as e:
+            err = f"<p class=\"module-err\">{html.escape(str(e))}</p>"
+    inner = f"""<h1>Задачи</h1>
+{err}
+<table class="irm-table">
+<thead><tr><th>ID</th><th>Заголовок</th><th>Статус</th><th>Инцидент</th></tr></thead>
+<tbody>{rows_html or '<tr><td colspan="4">Пока нет задач</td></tr>'}</tbody>
+</table>"""
+    return HTMLResponse(
+        wrap_module_html_page(
+            document_title="Задачи — onGuard24",
+            current_slug="tasks",
+            main_inner_html=inner,
+        )
+    )
--- a/onguard24/modules/ui_support.py
+++ b/onguard24/modules/ui_support.py
@ -27,6 +27,9 @@ APP_SHELL_CSS = """
    .rail-item a:hover { background: #f4f4f5; }
    .rail-item.is-active a { background: #eff6ff; color: #1d4ed8; font-weight: 600; }
    .module-page-main h1 { margin-top: 0; font-size: 1.35rem; }
+    .irm-table { width: 100%; border-collapse: collapse; font-size: 0.9rem; }
+    .irm-table th, .irm-table td { border: 1px solid #e4e4e7; padding: 0.45rem 0.65rem; text-align: left; }
+    .irm-table thead th { background: #f4f4f5; }
 """