up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
devportal-offline / build-offline (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -446,10 +446,10 @@ internal static class Program
|
||||
SecretType: "attestation");
|
||||
|
||||
using var handle = secretProvider.GetAsync(request).AsTask().GetAwaiter().GetResult();
|
||||
var secret = AttestationSecret.Parse(handle);
|
||||
var secret = SurfaceSecretParser.ParseAttestationSecret(handle);
|
||||
|
||||
// Return the API key or token for attestor authentication
|
||||
return secret.RekorApiKey;
|
||||
return secret.RekorApiToken;
|
||||
}
|
||||
catch
|
||||
{
|
||||
@@ -458,6 +458,56 @@ internal static class Program
|
||||
}
|
||||
}
|
||||
|
||||
private static CasAccessSecret? TryResolveCasCredentials()
|
||||
{
|
||||
try
|
||||
{
|
||||
var configuration = new ConfigurationBuilder()
|
||||
.AddEnvironmentVariables()
|
||||
.Build();
|
||||
|
||||
var services = new ServiceCollection();
|
||||
services.AddSingleton<IConfiguration>(configuration);
|
||||
services.AddLogging();
|
||||
services.AddSurfaceEnvironment(options =>
|
||||
{
|
||||
options.ComponentName = "Scanner.BuildXPlugin";
|
||||
options.AddPrefix("SCANNER");
|
||||
options.AddPrefix("SURFACE");
|
||||
options.RequireSurfaceEndpoint = false;
|
||||
});
|
||||
services.AddSurfaceSecrets(options =>
|
||||
{
|
||||
options.ComponentName = "Scanner.BuildXPlugin";
|
||||
options.EnableCaching = true;
|
||||
options.EnableAuditLogging = false; // No need for audit in CLI tool
|
||||
});
|
||||
|
||||
using var provider = services.BuildServiceProvider();
|
||||
var secretProvider = provider.GetService<ISurfaceSecretProvider>();
|
||||
var env = provider.GetService<ISurfaceEnvironment>();
|
||||
|
||||
if (secretProvider is null || env is null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
var tenant = env.Settings.Secrets.Tenant;
|
||||
var request = new SurfaceSecretRequest(
|
||||
Tenant: tenant,
|
||||
Component: "Scanner.BuildXPlugin",
|
||||
SecretType: "cas-access");
|
||||
|
||||
using var handle = secretProvider.GetAsync(request).AsTask().GetAwaiter().GetResult();
|
||||
return SurfaceSecretParser.ParseCasAccessSecret(handle);
|
||||
}
|
||||
catch
|
||||
{
|
||||
// Silent fallback - CAS secrets not available via Surface.Secrets
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private static string? GetOption(string[] args, string optionName)
|
||||
{
|
||||
for (var i = 0; i < args.Length; i++)
|
||||
|
||||
Reference in New Issue
Block a user