Merge pull request #685 from betagouv/epic/m1-lifecycle-fondation

Epic : M1 lifecycle fondation

Author: wiwski

.env.example

@@ -7,9 +7,13 @@ AZURE_RESOURCE_PREFIX=euphrosyne-01-vm-
 AZURE_TEMPLATE_SPECS_NAME=vmSpec
 AZURE_STORAGE_ACCOUNT=
 AZURE_STORAGE_FILESHARE=
-AZURE_STORAGE_PROJECTS_LOCATION_PREFIX=
-PROJECT_STORAGE_BACKEND=azure_fileshare
 AZURE_STORAGE_DATA_CONTAINER=
+AZURE_STORAGE_FILESHARE_COOL=
+AZURE_STORAGE_DATA_CONTAINER_COOL=
+DATA_BACKEND=azure_fileshare
+DATA_BACKEND_COOL=
+DATA_PROJECTS_LOCATION_PREFIX=
+DATA_PROJECTS_LOCATION_PREFIX_COOL=
 AZURE_IMAGE_GALLERY=
 AZURE_IMAGE_DEFINITION=
 CORS_ALLOWED_ORIGIN=http://localhost:8000 http://localhost:8001

EPIC.md

@@ -0,0 +1,54 @@
+## Context
+PRD: Hot → Cool Project Data Management (Immutable Cool)
+
+This epic implements the **project-level** data lifecycle described in the PRD.
+The lifecycle applies to the **entire project data folder**, including runs,
+documents, and any other project-scoped files.
+
+---
+
+## Goal
+Implement **project-level** lifecycle state machine, automation, immutability
+enforcement, and UI visibility.
+
+The lifecycle controls when a project’s data is stored in:
+- Azure Files (HOT workspace), or
+- Azure Blob Storage (COOL, immutable).
+
+---
+
+## Success criteria
+
+- Projects automatically become eligible for cooling based on activity:
+  - Initial eligibility: `project.created + 6 months`
+  - Updated eligibility each time a new run is planned:
+    `run.end_date + 6 months`
+- Entire project data (runs + documents) is cooled as a single unit.
+- Restore works on demand and returns the project to HOT.
+- Writes are blocked when the project is in `COOL` or `COOLING`:
+  - document uploads/edits/deletes
+  - run outputs
+  - any write under the project folder
+- **New runs cannot be created** when the project is `COOL` or `COOLING`.
+- Admins can see:
+  - lifecycle state
+  - cooling eligibility date
+  - last lifecycle operation and error (if any).
+
+---
+
+## Non-goals (explicit for this epic)
+
+- No cold/archive tier
+- No partial (per-run) cooling
+- No deletion of hot data after cooling
+- No detection of concurrent readers (existing VM mounts tolerated)
+
+---
+
+## Notes
+
+- Lifecycle state is tracked **at the project level**, not run level.
+- Euphrosyne is the source of truth for lifecycle state and eligibility.
+- Physical data movement is handled by euphrosyne-tools-api and is out of scope
+  for this epic.

README.md

@@ -12,7 +12,8 @@ Ce projet utilise [FastAPI](https://fastapi.tiangolo.com/).
 
 | Nom de la variable                     | Description                                                                                                                                                                                        | Requis |
 | -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
-| PROJECT_STORAGE_BACKEND                | Optionnel. Backend de stockage des données projets. Valeurs : `azure_fileshare` (défaut) ou `azure_blob`.                                                                                           |
+| DATA_BACKEND                           | Requis. Backend de stockage des données projets HOT. Valeurs : `azure_fileshare` ou `azure_blob`.                                                                                                   |
+| DATA_BACKEND_COOL                      | Optionnel. Backend de stockage des données projets COOL. Valeurs : `azure_fileshare` ou `azure_blob`. Si absent, le refroidissement est désactivé.                                                  |
 | AZURE_SUBSCRIPTION_ID                  | ID de la souscription. Azure                                                                                                                                                                       |
 | AZURE_CLIENT_ID                        | ID de l'application Azure (voir section _Générer les clés pour s'authentifier auprès d'Azure_).                                                                                                    |
 | AZURE_CLIENT_SECRET                    | Secret de l'application Azure (voir section _Générer les clés pour s'authentifier auprès d'Azure_).                                                                                                |
@@ -21,9 +22,12 @@ Ce projet utilise [FastAPI](https://fastapi.tiangolo.com/).
 | AZURE_TEMPLATE_SPECS_NAME              | Nom du _Template specs_ utilisé pour déployer les machines virtuelles. Voir le projet `euphrosyne-tools-infra`.                                                                                    |
 | AZURE_RESOURCE_PREFIX                  | Optionnel. Préfixe utilisé pour éviter les collisions de nom lors de la création de ressources sur Azure. Doit être le même que dans la configuration Terraform (projet `euphrosyne-tools-infra`). |
 | AZURE_STORAGE_ACCOUNT                  | Nom du _Storage account_ Azure.                                                                                                                                                                    |
-| AZURE_STORAGE_FILESHARE                | Nom du _Fileshare_ contenant les fichiers de données sur le _Storage account_ Azure. Requis si `PROJECT_STORAGE_BACKEND=azure_fileshare` (valeur par défaut).                                        |
-| AZURE_STORAGE_PROJECTS_LOCATION_PREFIX | Optionnel. Prefixe lorsque le dossier contenant les fichiers de données sur le _Fileshare_ Azure n'est pas à la racine.                                                                            |
-| AZURE_STORAGE_DATA_CONTAINER           | Nom du container Blob utilisé pour les données projets (requis si `PROJECT_STORAGE_BACKEND=azure_blob`).                                                                                           |
+| AZURE_STORAGE_FILESHARE                | Nom du _Fileshare_ contenant les fichiers de données sur le _Storage account_ Azure. Requis si `DATA_BACKEND=azure_fileshare`.                                                                      |
+| AZURE_STORAGE_FILESHARE_COOL           | Nom du _Fileshare_ contenant les données projets COOL. Requis si `DATA_BACKEND_COOL=azure_fileshare`.                                                                                              |
+| DATA_PROJECTS_LOCATION_PREFIX          | Optionnel. Préfixe du chemin de base des projets pour HOT.                                                                                                                                        |
+| DATA_PROJECTS_LOCATION_PREFIX_COOL     | Optionnel. Préfixe du chemin de base des projets pour COOL.                                                                                                                                       |
+| AZURE_STORAGE_DATA_CONTAINER           | Nom du container Blob utilisé pour les données projets (requis si `DATA_BACKEND=azure_blob`).                                                                                                      |
+| AZURE_STORAGE_DATA_CONTAINER_COOL      | Nom du container Blob utilisé pour les données projets COOL (requis si `DATA_BACKEND_COOL=azure_blob`).                                                                                            |
 | AZURE_IMAGE_GALLERY                    | Nom de la _Azure compute gallery_ qui stock les différentes images                                                                                                                                 |
 | AZURE_IMAGE_DEFINITION                 | Nom de la _VM image definition_ qui est l'image pré-configurée pour les VM Euphrosyne                                                                                                              |
 | CORS_ALLOWED_ORIGIN                    | Origines des frontends autorisées à utiliser l'API. Séparer les origines par des espaces.                                                                                                          |
@@ -37,12 +41,14 @@ Ce projet utilise [FastAPI](https://fastapi.tiangolo.com/).
 
 ## Stockage des données projets
 
-Les données projets peuvent être stockées soit dans un Fileshare Azure, soit dans un container Blob.
+Le backend HOT est défini par `DATA_BACKEND`. Le backend COOL est défini par `DATA_BACKEND_COOL` (si absent, le refroidissement est désactivé).
 
-- **Fileshare (par défaut)** : `PROJECT_STORAGE_BACKEND=azure_fileshare` et `AZURE_STORAGE_FILESHARE` doit être renseigné.
-- **Blob** : définir `PROJECT_STORAGE_BACKEND=azure_blob` et renseigner `AZURE_STORAGE_DATA_CONTAINER`.
+- **HOT Fileshare** : `DATA_BACKEND=azure_fileshare` et `AZURE_STORAGE_FILESHARE` doit être renseigné.
+- **HOT Blob** : `DATA_BACKEND=azure_blob` et `AZURE_STORAGE_DATA_CONTAINER` doit être renseigné.
+- **COOL Fileshare** : `DATA_BACKEND_COOL=azure_fileshare` et `AZURE_STORAGE_FILESHARE_COOL` doit être renseigné.
+- **COOL Blob** : `DATA_BACKEND_COOL=azure_blob` et `AZURE_STORAGE_DATA_CONTAINER_COOL` doit être renseigné.
 
-Le préfixe `AZURE_STORAGE_PROJECTS_LOCATION_PREFIX` continue de s'appliquer (chemin de base des projets) pour les deux backends.
+Les préfixes `DATA_PROJECTS_LOCATION_PREFIX` (HOT) et `DATA_PROJECTS_LOCATION_PREFIX_COOL` (COOL) s'appliquent au chemin de base des projets.
 
 ## Configurer le CORS (Blob / Fileshare)
 

TASK.md

@@ -0,0 +1,255 @@
+## [TASK] Implement deterministic HOT/COOL storage resolver for `project_slug` (URI-based)
+
+### Context
+
+PRD – Storage path resolution
+
+`euphrosyne-tools-api` must deterministically compute **where project data lives** for two logical storage roles:
+
+* **HOT** — workspace / active project data
+* **COOL** — immutable cooled project data
+
+The resolver must be **role-based**, not “Azure Files vs Azure Blob”-based, because HOT and COOL may both live on blob containers in the future.
+
+This resolver is **foundational**: all later operations (AzCopy, listing, restore) must rely on it as the **single source of truth** for project storage locations.
+
+---
+
+## Goal
+
+Implement a deterministic resolver that returns a canonical `DataLocation` for:
+
+* HOT project data
+* COOL project data (when cooling is enabled)
+
+using only:
+
+* `project_slug`
+* environment configuration
+
+No network calls. No Azure SDK usage.
+
+---
+
+## Data model: `DataLocation`
+
+Implement (or add) a minimal immutable dataclass:
+
+```python
+@dataclass(frozen=True)
+class DataLocation:
+    role: StorageRole               # HOT | COOL
+    backend: StorageBackend         # AZURE_FILESHARE | AZURE_BLOB
+    project_slug: str
+    uri: str                        # canonical URI for project root
+```
+
+Notes:
+
+* Use `uri` (lowercase) for Python style.
+* `uri` must point to the **project root folder/prefix** (not to a file, not to a run subfolder).
+* `StorageBackend` enum values must be:
+
+  * `AZURE_FILESHARE`
+  * `AZURE_BLOB`
+
+---
+
+## Environment configuration
+
+### Backend selection (per role)
+
+* `DATA_BACKEND=azure_fileshare|azure_blob`
+
+  * Used for **HOT** data
+  * Required
+
+* `DATA_BACKEND_COOL=azure_fileshare|azure_blob`
+
+  * Used for **COOL** data
+  * **Optional**
+  * If **absent**, cooling is considered **disabled** and COOL resolution must not be allowed
+
+If `DATA_BACKEND_COOL` is set, **all required COOL-specific configuration must be present**; otherwise startup or resolution must fail with a clear configuration error.
+
+---
+
+### Backend-specific configuration
+
+#### Azure Fileshare
+
+* `AZURE_STORAGE_FILESHARE`
+
+  * Fileshare name for HOT data (existing config; keep as-is)
+
+* `AZURE_STORAGE_FILESHARE_COOL`
+
+  * Fileshare name for COOL data (required if `DATA_BACKEND_COOL=azure_fileshare`)
+
+#### Azure Blob
+
+* `AZURE_STORAGE_DATA_CONTAINER`
+
+  * Blob container for HOT data (existing config; keep as-is)
+
+* `AZURE_STORAGE_DATA_CONTAINER_COOL`
+
+  * Blob container for COOL data (required if `DATA_BACKEND_COOL=azure_blob`)
+
+---
+
+### Project prefix configuration
+
+Project prefix must be **backend-agnostic**.
+
+* `DATA_PROJECTS_LOCATION_PREFIX`
+
+  * Base prefix for HOT data
+
+* `DATA_PROJECTS_LOCATION_PREFIX_COOL`
+
+  * Base prefix for COOL data
+
+**Backward compatibility rule**:
+* No backward compatibility rule. Replace `AZURE_STORAGE_PROJECTS_LOCATION_PREFIX` with `DATA_PROJECTS_LOCATION_PREFIX`
+
+
+---
+
+## Resolver behavior
+
+### Resolver API
+
+Expose role-based resolver functions (names indicative):
+
+* `resolve_hot_location(project_slug: str) -> DataLocation`
+* `resolve_cool_location(project_slug: str) -> DataLocation`
+
+Optionally expose:
+
+* `resolve_location(role: StorageRole, project_slug: str) -> DataLocation`
+
+The resolver must:
+
+* validate `project_slug`
+* determine backend from env configuration
+* build a **canonical URI**
+* return `DataLocation(role, backend, project_slug, uri)`
+
+If `resolve_cool_location` is called while `DATA_BACKEND_COOL` is **unset**, raise a clear error indicating that cooling is disabled.
+
+---
+
+## Canonical URI formats
+
+Use **no trailing slash** policy.
+
+### Azure Fileshare
+
+```
+https://{account}.file.core.windows.net/{share}/{prefix}/{project_slug}
+```
+
+### Azure Blob
+
+```
+https://{account}.blob.core.windows.net/{container}/{prefix}/{project_slug}
+```
+
+### Prefix normalization rules
+
+* Strip leading/trailing `/` from prefixes before joining
+* Avoid double slashes in the resulting path
+* Empty prefix must be handled cleanly
+
+---
+
+## Validation requirements
+
+Reject invalid `project_slug` values:
+
+* empty string
+* leading or trailing whitespace
+* contains `/` or `\`
+* contains `..`
+* contains `//`
+
+Raise a clear, FastAPI-compatible error (HTTP 400–class).
+
+---
+
+## Determinism & stability requirements
+
+* Same inputs + same env config → **exact same `uri` string**
+* Must not depend on:
+
+  * timestamps
+  * randomness
+  * operation_id
+  * mutable metadata
+* All project storage URIs must be produced via this resolver; no ad-hoc concatenation elsewhere in the codebase.
+
+---
+
+## Unit tests
+
+Add unit tests covering:
+
+1. **Determinism**
+
+   * same slug + same config → identical `DataLocation` (including `uri`)
+
+2. **Golden snapshots**
+
+   * exact URI assertion for:
+
+     * HOT (fileshare)
+     * COOL (blob)
+
+3. **Prefix joining**
+
+   * empty prefix
+   * non-empty prefix (no double slashes)
+
+4. **Validation**
+
+   * invalid slugs rejected:
+
+     * `""`
+     * `"../x"`
+     * `"a/b"`
+     * `"a\\b"`
+     * `"a..b"`
+     * `" a "`
+
+5. **Role backend selection**
+
+   * HOT backend driven by `DATA_BACKEND`
+   * COOL backend driven by `DATA_BACKEND_COOL`
+   * COOL resolution fails when `DATA_BACKEND_COOL` is unset
+
+---
+
+## Acceptance criteria
+
+* `DataLocation` dataclass exists with:
+
+  * `role`, `backend`, `project_slug`, `uri`
+* HOT and COOL resolver functions exist and are the **single source of truth** for project storage URIs
+* HOT and COOL backends are configurable independently
+* Cooling is **disabled by default** when `DATA_BACKEND_COOL` is absent
+* URIs are canonical, stable, and validated
+* Unit tests validate mapping, validation, and backend selection
+
+---
+
+## Notes
+
+* This task is **resolution only**:
+
+  * no Azure API calls
+  * no AzCopy
+  * no authentication or SAS logic
+* Keep implementation minimal, explicit, and well-documented.
+* This resolver defines a long-lived contract; correctness and stability matter more than flexibility.
+