Add policy_eval_script/src/policy_eval_script/cli.py
This commit is contained in:
parent
e187b0b3b0
commit
1a1e66701e
1 changed files with 77 additions and 0 deletions
77
policy_eval_script/src/policy_eval_script/cli.py
Normal file
77
policy_eval_script/src/policy_eval_script/cli.py
Normal file
|
|
@ -0,0 +1,77 @@
|
||||||
|
import argparse
|
||||||
|
import json
|
||||||
|
import hashlib
|
||||||
|
import os
|
||||||
|
from pathlib import Path
|
||||||
|
from typing import Any, Dict
|
||||||
|
|
||||||
|
from policy_eval_script.core import evaluate_policy
|
||||||
|
|
||||||
|
|
||||||
|
def _load_json_file(path: Path) -> Dict[str, Any]:
|
||||||
|
if not path.exists() or not path.is_file():
|
||||||
|
raise FileNotFoundError(f"Datei nicht gefunden: {path}")
|
||||||
|
with path.open('r', encoding='utf-8') as f:
|
||||||
|
try:
|
||||||
|
return json.load(f)
|
||||||
|
except json.JSONDecodeError as e:
|
||||||
|
raise ValueError(f"Ungültiges JSON in {path}: {e}") from e
|
||||||
|
|
||||||
|
|
||||||
|
def _save_json_file(path: Path, data: Dict[str, Any]) -> None:
|
||||||
|
path.parent.mkdir(parents=True, exist_ok=True)
|
||||||
|
with path.open('w', encoding='utf-8') as f:
|
||||||
|
json.dump(data, f, ensure_ascii=False, indent=2)
|
||||||
|
|
||||||
|
|
||||||
|
def _compute_policy_hash(constants: Dict[str, Any]) -> str:
|
||||||
|
serialized = json.dumps(constants, sort_keys=True)
|
||||||
|
return hashlib.sha256(serialized.encode('utf-8')).hexdigest()
|
||||||
|
|
||||||
|
|
||||||
|
def main() -> None:
|
||||||
|
parser = argparse.ArgumentParser(
|
||||||
|
description="Evaluates policy compliance based on drift report and policy constants."
|
||||||
|
)
|
||||||
|
parser.add_argument('--drift', required=True, help='Pfad zur Drift-Report-JSON-Datei.')
|
||||||
|
parser.add_argument('--constants', required=True, help='Pfad zu den Policy-Konstanten.')
|
||||||
|
parser.add_argument('--output', required=False, default='output/evaluation_result.json',
|
||||||
|
help='Pfad für das Ergebnis-JSON (Standard: output/evaluation_result.json).')
|
||||||
|
parser.add_argument('--dry-run', action='store_true', help='Nicht-blockierender Modus (FAIL wird nicht als Exit-Error gewertet).')
|
||||||
|
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
drift_path = Path(args.drift)
|
||||||
|
constants_path = Path(args.constants)
|
||||||
|
output_path = Path(args.output)
|
||||||
|
|
||||||
|
drift_report = _load_json_file(drift_path)
|
||||||
|
policy_constants = _load_json_file(constants_path)
|
||||||
|
|
||||||
|
try:
|
||||||
|
result = evaluate_policy(drift_report)
|
||||||
|
except Exception as e:
|
||||||
|
print(f"Fehler bei Policy-Evaluierung: {e}")
|
||||||
|
exit(2)
|
||||||
|
|
||||||
|
policy_hash = _compute_policy_hash(policy_constants)
|
||||||
|
|
||||||
|
if isinstance(result, dict):
|
||||||
|
# Sicherstellen, dass alle Felder für ci_ready enthalten sind
|
||||||
|
result.setdefault('policy_hash', policy_hash)
|
||||||
|
else:
|
||||||
|
raise ValueError('evaluate_policy muss ein Dictionary zurückgeben.')
|
||||||
|
|
||||||
|
_save_json_file(output_path, result)
|
||||||
|
|
||||||
|
decision = result.get('decision', '').upper()
|
||||||
|
print(f"Policy Evaluation: {decision}")
|
||||||
|
|
||||||
|
if not args.dry_run:
|
||||||
|
if decision == 'FAIL':
|
||||||
|
print('Policy FAIL erkannt – Abbruch.')
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
||||||
Loading…
Reference in a new issue