[WIP] Add Incident events

Introduce incident events. TBD: schema and README updates Partially-fixes: #59 Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
cdevents · Jan 24, 2023 · 98a25c8 · 98a25c8
1 parent 83aa9ea
commit 98a25c8
Show file tree

Hide file tree

Showing 6 changed files with 86 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -70,11 +70,15 @@ Definition of specific events that are fundamental to pipeline execution and orc
 
 Handling Events relating to changes in version management of Source Code and related assets
 
-### [Continuous Integration Events](./continuous-integration-pipeline-events.md)
+### [Continuous Integration Events](./continuous-integration.md)
 
 Handling Events associated with Continuous Integration activities, typically involving build and test
 
-### [Continuous Deployment Events](./continuous-deployment-pipeline-events.md)
+### [Continuous Deployment Events](./continuous-deployment.md)
+
+Handling Events associated with Continuous Deployment activities
+
+### [Continuous Operatorations](./continuous-operations.md)
 
 Handling Events associated with Continuous Deployment activities
 

diff --git a/continuous-deployment-pipeline-events.md → continuous-deployment.md b/continuous-deployment-pipeline-events.md → continuous-deployment.md
diff --git a/continuous-integration-pipeline-events.md → continuous-integration.md b/continuous-integration-pipeline-events.md → continuous-integration.md
diff --git a/continuous-operations.md b/continuous-operations.md
@@ -0,0 +1,73 @@
+<!--
+---
+linkTitle: "Continuous Operations Events"
+weight: 70
+description: >
+   Continuous Operations Events
+---
+-->
+# Continuous Operations Events
+
+Continuous Operations events are related to the operation of services deployed in target environments, tracking of incidents and their remediation. Incidents, and their resolution, can be detected by a number of different actors, like the end-user, a quality gate, a monitoring system, an SRE through a ticketing system or event the service itself.
+Multiple events may be associated to the same incident as well as its resolution, coming from diverse sources.
+
+## Subjects
+
+This specification defines one subject in this stage, the [`incident`](#incident). To quote the definition of the term from the NIST glossary, and [incident][] is:
+
+> An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
+
+| Subject | Description | Predicates |
+|---------|-------------|------------|
+| [`incident`](#incident) | A problem in a production environment | [`reported`](#incident-reported), [`resolved`](#incident-resolved)|
+
+### `incident`
+
+An `incident` represents a problem in a production environment.
+
+| Field | Type | Description | Examples |
+|-------|------|-------------|----------|
+| id    | `String` | Uniquely identifies the subject within the source. | `04896C75-F34D-40FF-A584-3F2B71CB9D47`, `issue123`, `risk-CVE123` |
+| source | `URI-Reference` | [source](../spec.md#source) from the context | `region1/production`, `monitoring-system/metricA`|
+| description | `String` | Short, free style description of the incident | "Response time above 10ms", "New CVE-123 detected" |
+| environment | `Object` ([`environment`](./continuous-deployment.md#environment)) | Reference to the environment | `{"id": "production"}`, `{"id": "staging"}`, `{"id": "prod123", "source": "iaas-region-1"}` |
+| service | `Object` ([`service`](./continuous-deployment.md#service)) | Reference to the service | `{"id": "service123"}`, `{"id": "service123", "source": "region1/k8s/namespace"}` |
+| artifactId | `Purl` | Identifier of the artifact deployed with this service |  `0b31b1c02ff458ad9b7b81cbdf8f028bd54699fa151f221d1e8de6817db93427`, `927aa808433d17e315a258b98e2f1a55f8258e0cb782ccb76280646d0dbe17b5`, `six-1.14.0-py2.py3-none-any.whl` |
+
+## Events
+
+### `incident reported`
+
+This event represents an incident that has been detected by a system or human.
+
+- Event Type: __`dev.cdevents.incident.reported.0.1.0-draft`__
+- Predicate: reported
+- Subject: [`incident`](#incident)
+
+| Field | Type | Description | Examples | Mandatory ✅ |
+|-------|------|-------------|----------|----------------------------|
+| id    | `String` | Uniquely identifies the subject within the source. | `04896C75-F34D-40FF-A584-3F2B71CB9D47`, `issue123`, `risk-CVE123` | ✅ |
+| source | `URI-Reference` | [source](../spec.md#source) from the context | `region1/production`, `monitoring-system/metricA`| |
+| description | `String` | Short, free style description of the incident | "Response time above 10ms", "New CVE-123 detected" | |
+| environment | `Object` ([`environment`](./continuous-deployment.md#environment)) | Reference to the environment | `{"id": "production"}`, `{"id": "staging"}`, `{"id": "prod123", "source": "iaas-region-1"}` | ✅ |
+| service | `Object` ([`service`](./continuous-deployment.md#service)) | Reference to the service | `{"id": "service123"}`, `{"id": "service123", "source": "region1/k8s/namespace"}` | |
+| artifactId | `Purl` | Identifier of the artifact deployed with this service |  `0b31b1c02ff458ad9b7b81cbdf8f028bd54699fa151f221d1e8de6817db93427`, `927aa808433d17e315a258b98e2f1a55f8258e0cb782ccb76280646d0dbe17b5`, `six-1.14.0-py2.py3-none-any.whl` | |
+
+### `incident resolved`
+
+This event represents an environment that has been modified.
+
+- Event Type: __`dev.cdevents.incident.resolved.0.1.0-draft`__
+- Predicate: resolved
+- Subject: [`incident`](#incident)
+
+| Field | Type | Description | Examples | Mandatory ✅ |
+|-------|------|-------------|----------|----------------------------|
+| id    | `String` | Uniquely identifies the subject within the source. | `04896C75-F34D-40FF-A584-3F2B71CB9D47`, `issue123`, `risk-CVE123` | ✅ |
+| source | `URI-Reference` | [source](../spec.md#source) from the context | `region1/production`, `monitoring-system/metricA`| |
+| description | `String` | Short, free style description of the incident resolution | "Response time restored below 10ms", "CVE-123 acknowledged as non-exploitable" | |
+| environment | `Object` ([`environment`](./continuous-deployment.md#environment)) | Reference to the environment | `{"id": "production"}`, `{"id": "staging"}`, `{"id": "prod123", "source": "iaas-region-1"}` | ✅ |
+| service | `Object` ([`service`](./continuous-deployment.md#service)) | Reference to the service | `{"id": "service123"}`, `{"id": "service123", "source": "region1/k8s/namespace"}` | |
+| artifactId | `Purl` | Identifier of the artifact deployed with this service |  `0b31b1c02ff458ad9b7b81cbdf8f028bd54699fa151f221d1e8de6817db93427`, `927aa808433d17e315a258b98e2f1a55f8258e0cb782ccb76280646d0dbe17b5`, `six-1.14.0-py2.py3-none-any.whl` | |
+
+[incident]: https://csrc.nist.gov/glossary/term/incident
diff --git a/spec.md b/spec.md
@@ -491,14 +491,18 @@ dedicated document in the spec:
 - __[Source Code Version Control](source-code-version-control.md)__: Events
   emitted by changes in source code or by the creation, modification or
   deletion of new repositories that hold source code.
-- __[Continuous Integration](continuous-integration-pipeline-events.md)__:
+- __[Continuous Integration](continuous-integration.md)__:
   includes events related to building, testings, packaging and releasing
   software artifacts, usually binaries.
-- __[Continuous Deployment](continuous-deployment-pipeline-events.md)__:
+- __[Continuous Deployment](continuous-deployment.md)__:
   include events related with environments where the artifacts produced by the
   integration pipelines actually run. These are usually services running in a
   specific environment (dev, QA, production), or embedded software running in
   a specific hardware.
+- __[Continuous Operations](continuous-operations.md)__: include events related
+  to the health of the services deployed and running in a specific environment.
+  Health may refer to different aspects such as performance, availability,
+  response time and more.
 
 The grouping may serve in future as a reference for different CDEvents
 compliance profiles, which can be supported individually by implementing

diff --git a/tools/event-version.sh b/tools/event-version.sh
@@ -158,7 +158,7 @@ VERSION="${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}${DRAFT_VERSION}"
 sed -i ".backup" -e 's,"dev.cdevents.*","dev.cdevents.'${SUBJECT}'.'${PREDICATE}'.'${VERSION}'",g' "${SCHEMA_FILE}"
 
 # Update examples in docs
-for doc in core source-code-version-control continuous-integration-pipeline-events continuous-deployment-pipeline-events; do
+for doc in core source-code-version-control continuous-integration continuous-deployment; do
     sed -i ".backup" -e 's,__`dev.cdevents.'${SUBJECT}'.'${PREDICATE}'.*`__,__`dev.cdevents.'${SUBJECT}'.'${PREDICATE}'.'${VERSION}'`__,g' "${doc}.md"
 done