Add OpenSslLegacyShim to ensure OpenSSL 1.1 libraries are accessible on Linux
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit introduces the OpenSslLegacyShim class, which sets the LD_LIBRARY_PATH environment variable to include the directory containing OpenSSL 1.1 native libraries. This is necessary for Mongo2Go to function correctly on Linux platforms that do not ship these libraries by default. The shim checks if the current operating system is Linux and whether the required directory exists before modifying the environment variable.
This commit is contained in:
master
@@ -289,6 +289,7 @@ Additional notes:
|
||||
- [Architecture overview](../../platform/architecture-overview.md)
|
||||
- [Console AOC dashboard](../../../ui/console.md)
|
||||
- [Authority scopes](../../authority/architecture.md)
|
||||
- [Task Pack CLI profiles](./packs-profiles.md)
|
||||
|
||||
---
|
||||
|
||||
@@ -303,7 +304,7 @@ Additional notes:
|
||||
|
||||
---
|
||||
|
||||
*Last updated: 2025-10-29 (Sprint 24).*
|
||||
*Last updated: 2025-11-02 (Sprint 100).*
|
||||
|
||||
## 13. Authority configuration quick reference
|
||||
|
||||
@@ -313,6 +314,9 @@ Additional notes:
|
||||
| `StellaOps:Authority:OperatorTicket` | Change/incident ticket reference paired with orchestrator control actions. | CLI flag `--Authority:OperatorTicket=...` or env `STELLAOPS_ORCH_TICKET`. |
|
||||
| `StellaOps:Authority:QuotaReason` | Required justification recorded with `orch:quota` tokens. | CLI flag `--Authority:QuotaReason=...` or env `STELLAOPS_ORCH_QUOTA_REASON`. |
|
||||
| `StellaOps:Authority:QuotaTicket` | Optional change ticket/reference accompanying quota adjustments. | CLI flag `--Authority:QuotaTicket=...` or env `STELLAOPS_ORCH_QUOTA_TICKET`. |
|
||||
| `StellaOps:Authority:BackfillReason` | Required justification recorded with `orch:backfill` tokens. | CLI flag `--Authority:BackfillReason=...` or env `STELLAOPS_ORCH_BACKFILL_REASON`. |
|
||||
| `StellaOps:Authority:BackfillTicket` | Required ticket/reference accompanying historical backfill runs. | CLI flag `--Authority:BackfillTicket=...` or env `STELLAOPS_ORCH_BACKFILL_TICKET`. |
|
||||
| `StellaOps:Authority:Scope` | Default scope string requested during `stella auth login`. | CLI flag `--Authority:Scope=\"packs.read packs.run\"` or env `STELLAOPS_AUTHORITY_SCOPE`; see `docs/modules/cli/guides/packs-profiles.md` for common Task Pack profiles. |
|
||||
|
||||
> Tokens requesting `orch:operate` fail with `invalid_request` unless both operator values are present. `orch:quota` tokens require `quota_reason` (≤256 chars) and accept an optional `quota_ticket` (≤128 chars). Avoid embedding secrets in either field.
|
||||
> Tokens requesting `orch:operate` fail with `invalid_request` unless both operator values are present. `orch:quota` tokens require `quota_reason` (≤256 chars) and accept an optional `quota_ticket` (≤128 chars). `orch:backfill` tokens require both `backfill_reason` (≤256 chars) and `backfill_ticket` (≤128 chars). Avoid embedding secrets in any value.
|
||||
|
||||
|
||||
54
docs/modules/cli/guides/packs-profiles.md
Normal file
54
docs/modules/cli/guides/packs-profiles.md
Normal file
@@ -0,0 +1,54 @@
|
||||
# CLI Task Pack SSO Profiles
|
||||
|
||||
Task Pack workflows rely on purpose-scoped Authority clients. To streamline local logins and CI/CD automation, define StellaOps CLI profiles under `~/.stellaops/profiles` so `stella auth login` automatically requests the correct scopes.
|
||||
|
||||
Profiles are simple YAML files that map onto the CLI configuration schema. Set `STELLA_PROFILE=<name>` (or pass `--profile <name>` once the CLI exposes the switch) before invoking `stella` to load the profile.
|
||||
|
||||
## Example profiles
|
||||
|
||||
### Packs operator (`~/.stellaops/profiles/packs-operator.yaml`)
|
||||
|
||||
```yaml
|
||||
StellaOps:
|
||||
Authority:
|
||||
Url: https://authority.example.com
|
||||
ClientId: pack-operator
|
||||
ClientSecretFile: ~/.stellaops/secrets/pack-operator.secret
|
||||
Scope: "packs.read packs.run"
|
||||
TokenCacheDirectory: ~/.stellaops/tokens
|
||||
BackendUrl: https://task-runner.example.com
|
||||
```
|
||||
|
||||
### Packs publisher (`~/.stellaops/profiles/packs-publisher.yaml`)
|
||||
|
||||
```yaml
|
||||
StellaOps:
|
||||
Authority:
|
||||
Url: https://authority.example.com
|
||||
ClientId: packs-registry
|
||||
ClientSecretFile: ~/.stellaops/secrets/packs-registry.secret
|
||||
Scope: "packs.read packs.write"
|
||||
TokenCacheDirectory: ~/.stellaops/tokens
|
||||
BackendUrl: https://packs-registry.example.com
|
||||
```
|
||||
|
||||
### Packs approver (`~/.stellaops/profiles/packs-approver.yaml`)
|
||||
|
||||
```yaml
|
||||
StellaOps:
|
||||
Authority:
|
||||
Url: https://authority.example.com
|
||||
ClientId: pack-approver
|
||||
ClientSecretFile: ~/.stellaops/secrets/pack-approver.secret
|
||||
Scope: "packs.read packs.approve"
|
||||
TokenCacheDirectory: ~/.stellaops/tokens
|
||||
BackendUrl: https://task-runner.example.com
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
1. Create the profile file under `~/.stellaops/profiles/<name>.yaml`.
|
||||
2. Store the matching client secret in the referenced path (or set `ClientSecret` for development).
|
||||
3. Export `STELLA_PROFILE=<name>` before running `stella auth login` or individual pack commands.
|
||||
|
||||
The CLI reads the profile, applies the Authority configuration, and requests the listed scopes so the resulting tokens satisfy Task Runner and Packs Registry expectations.
|
||||
Reference in New Issue
Block a user