b9264f4ed7
All checks were successful
CI / secret-scan (push) Successful in 9s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 45s
CI / php-lint (pull_request) Successful in 25s
CI / static-tests (pull_request) Successful in 35s
CI / auto-merge (push) Has been skipped
CI / secret-scan (pull_request) Successful in 9s
CI / auto-merge (pull_request) Successful in 7s
Les vars de retention (AUDIT_LOG_RETENTION_DAYS, THROTTLE_PURGE_AFTER_HOURS) etaient documentees comme purges cron mais aucun script/job n'existait, et les vars n'etaient pas injectees au conteneur wakdo-cron (faux-semblant de conformite). - purge-audit-log.sh : DELETE audit_log au-dela de AUDIT_LOG_RETENTION_DAYS (defaut 365). Unique exception documentee a l'append-only (RG-T14) : purge de retention planifiee, pas une mutation applicative. - purge-throttle.sh : DELETE login_throttle + pin_throttle sans verrou actif et plus vieux que THROTTLE_PURGE_AFTER_HOURS (defaut 24), predicat mlt.md 13.5. - crontab : jobs actives (15 4 audit, 45 4 throttle), fenetre de maintenance. - docker-compose.yml : injection des 2 vars (avec defaut) au conteneur cron ; commentaire env aligne sur le user en moindre privilege. Hors scope : la purge de customer_order (ORDER_RETENTION_DAYS) reste differee tant que le domaine commande n'existe pas (RGPD = anonymisation a definir avec le domaine, pas un simple DELETE). Verifie : scripts lances dans l'image cron rebuildee contre la base dev (user scope) -> exit 0 ; test positif/negatif sur login_throttle : la ligne stale sans verrou est purgee, la ligne a verrou actif est conservee.
34 lines
1.4 KiB
Bash
Executable file
34 lines
1.4 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
#
|
|
# Wakdo - purge de retention du journal d'audit (mlt.md 13.4).
|
|
#
|
|
# Supprime les lignes audit_log plus anciennes que AUDIT_LOG_RETENTION_DAYS
|
|
# (interet legitime / tracabilite fiscale, configurable). L'imputabilite recente
|
|
# est preservee. C'est l'unique exception documentee a l'append-only de audit_log
|
|
# (RG-T14) : une purge de retention planifiee, jamais une mutation applicative.
|
|
#
|
|
# Variables d'env (injectees par docker-compose depuis .env) :
|
|
# DB_HOST DB_PORT DB_NAME DB_USER DB_PASSWORD
|
|
# AUDIT_LOG_RETENTION_DAYS (defaut 365)
|
|
#
|
|
# Exit codes : 0 OK | 1 env manquant/invalide | 2 requete SQL echouee
|
|
set -euo pipefail
|
|
|
|
log() { echo "[purge-audit-log $(date -Iseconds)] $*" >&2; }
|
|
|
|
for var in DB_HOST DB_PORT DB_NAME DB_USER DB_PASSWORD; do
|
|
if [ -z "${!var:-}" ]; then log "ERROR: variable $var vide ou non definie"; exit 1; fi
|
|
done
|
|
|
|
DAYS="${AUDIT_LOG_RETENTION_DAYS:-365}"
|
|
case "$DAYS" in
|
|
''|*[!0-9]*) log "ERROR: AUDIT_LOG_RETENTION_DAYS non entier ('$DAYS')"; exit 1 ;;
|
|
esac
|
|
|
|
if ! n="$(mariadb --host="$DB_HOST" --port="$DB_PORT" --user="$DB_USER" --password="$DB_PASSWORD" \
|
|
--default-character-set=utf8mb4 -N -B "$DB_NAME" \
|
|
-e "DELETE FROM audit_log WHERE created_at < NOW() - INTERVAL ${DAYS} DAY; SELECT ROW_COUNT();")"; then
|
|
log "ERROR: purge audit_log a echoue"
|
|
exit 2
|
|
fi
|
|
log "audit_log: ${n} ligne(s) purgee(s) (> ${DAYS} jours)"
|