Class: StandardAudit::Checks::Retention

Inherits:
Object
  • Object
show all
Defined in:
lib/standard_audit/checks/retention.rb

Overview

A StandardHealth-compatible readiness check that warns when audit_logs retention is unbounded on a production deployment.

It is intentionally duck-typed (no hard dependency on standard_health): it exposes the ‘#initialize(name:, critical:)` + `#run` contract the StandardHealth aggregator calls, so it loads even where standard_health is absent.

Register it (NON-critical) in config/initializers/standard_health.rb:

c.register_check :audit_retention,
                 StandardAudit::Checks::Retention,
                 critical: false

A :warn result rolls /health/ready up to :degraded, which is still HTTP 200 — it surfaces the advisory in the readiness JSON WITHOUT failing the probe or blocking a deploy. Only a critical check failure returns 503, and this check is never critical.

“Production” is ENV == “production” when that var is set (so staging — which also runs RAILS_ENV=production — is not flagged); otherwise it falls back to Rails.env.production?.

Instance Method Summary collapse

Constructor Details

#initialize(name: :audit_retention, critical: false) ⇒ Retention

Returns a new instance of Retention.



26
27
28
29
 
# File 'lib/standard_audit/checks/retention.rb', line 26

def initialize(name: :audit_retention, critical: false)
  @name = name
  @critical = critical
end

Instance Method Details

#runObject 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/standard_audit/checks/retention.rb', line 31

def run
  unless production?
    return { status: :ok, detail: "retention advisory only runs on production deployments" }
  end

  days = StandardAudit.config.retention_days
  return { status: :ok, retention_days: days } if days

  {
    status: :warn,
    message: "audit_logs retention is unbounded on production. Set " \
             "STANDARD_AUDIT_RETENTION_DAYS (or config.retention_days) and schedule " \
             "StandardAudit::CleanupJob, or treat indefinite retention as a deliberate " \
             "compliance decision."
  }
end