wip - advisories and ui extensions

src/Scanner/__Libraries/StellaOps.Scanner.Sources/Services/ICredentialResolver.cs

@@ -0,0 +1,51 @@
+namespace StellaOps.Scanner.Sources.Services;
+
+/// <summary>
+/// Credential types supported by the resolver.
+/// </summary>
+public enum CredentialType
+{
+    None,
+    BearerToken,
+    BasicAuth,
+    SshKey,
+    AwsCredentials,
+    GcpServiceAccount,
+    AzureServicePrincipal,
+    GitHubApp
+}
+
+/// <summary>
+/// Resolved credential from the credential store.
+/// </summary>
+public sealed record ResolvedCredential
+{
+    public required CredentialType Type { get; init; }
+    public string? Token { get; init; }
+    public string? Username { get; init; }
+    public string? Password { get; init; }
+    public string? PrivateKey { get; init; }
+    public string? Passphrase { get; init; }
+    public IReadOnlyDictionary<string, string>? Properties { get; init; }
+    public DateTimeOffset? ExpiresAt { get; init; }
+}
+
+/// <summary>
+/// Interface for resolving credentials from the credential store.
+/// Credentials are stored externally and referenced by AuthRef.
+/// </summary>
+public interface ICredentialResolver
+{
+    /// <summary>
+    /// Resolves credentials by AuthRef.
+    /// </summary>
+    /// <param name="authRef">Reference to the credential in the store (e.g., "vault://secrets/registry-auth")</param>
+    /// <param name="ct">Cancellation token</param>
+    /// <returns>Resolved credential or null if not found</returns>
+    Task<ResolvedCredential?> ResolveAsync(string authRef, CancellationToken ct = default);
+
+    /// <summary>
+    /// Checks if a credential reference is valid (exists and is accessible).
+    /// </summary>
+    Task<bool> ValidateRefAsync(string authRef, CancellationToken ct = default);
+}