save progress

2026-01-02 21:06:27 +02:00
parent f46bde5575
commit 3f197814c5
441 changed files with 21545 additions and 4306 deletions
--- a/src/Authority/StellaOps.Authority/StellaOps.Auth.Abstractions/StellaOpsScopes.cs
+++ b/src/Authority/StellaOps.Authority/StellaOps.Auth.Abstractions/StellaOpsScopes.cs
@@ -1,5 +1,8 @@
 using System;
 using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.Linq;
+using System.Reflection;

 namespace StellaOps.Auth.Abstractions;

@@ -574,124 +577,8 @@ public static class StellaOpsScopes
    /// </summary>
    public const string GraphAdmin = "graph:admin";

-    private static readonly HashSet<string> KnownScopes = new(StringComparer.OrdinalIgnoreCase)
-    {
-        ConcelierJobsTrigger,
-        ConcelierMerge,
-        AuthorityUsersManage,
-        AuthorityClientsManage,
-        AuthorityAuditRead,
-        Bypass,
-        UiRead,
-        ExceptionsApprove,
-        AdvisoryRead,
-        AdvisoryIngest,
-        AdvisoryAiView,
-        AdvisoryAiOperate,
-        AdvisoryAiAdmin,
-        VexRead,
-        VexIngest,
-        AocVerify,
-        SignalsRead,
-        SignalsWrite,
-        SignalsAdmin,
-        AirgapSeal,
-        AirgapImport,
-        AirgapStatusRead,
-        PolicyWrite,
-        PolicyAuthor,
-        PolicyEdit,
-        PolicyRead,
-        PolicyReview,
-        PolicySubmit,
-        PolicyApprove,
-        PolicyOperate,
-        PolicyPublish,
-        PolicyPromote,
-        PolicyAudit,
-        PolicyRun,
-        PolicyActivate,
-        PolicySimulate,
-        FindingsRead,
-        EffectiveWrite,
-        GraphRead,
-        VulnView,
-        VulnInvestigate,
-        VulnOperate,
-        VulnAudit,
-#pragma warning disable CS0618 // track removal once legacy scope dropped
-        VulnRead,
-#pragma warning restore CS0618
-        ObservabilityRead,
-        TimelineRead,
-        TimelineWrite,
-        EvidenceCreate,
-        EvidenceRead,
-        EvidenceHold,
-        AttestRead,
-        ObservabilityIncident,
-        ExportViewer,
-        ExportOperator,
-        ExportAdmin,
-        NotifyViewer,
-        NotifyOperator,
-        NotifyAdmin,
-        IssuerDirectoryRead,
-        IssuerDirectoryWrite,
-        IssuerDirectoryAdmin,
-        NotifyEscalate,
-        PacksRead,
-        PacksWrite,
-        PacksRun,
-        PacksApprove,
-        GraphWrite,
-        GraphExport,
-        GraphSimulate,
-        OrchRead,
-        OrchOperate,
-        OrchBackfill,
-        OrchQuota,
-        AuthorityTenantsRead,
-        AuthorityTenantsWrite,
-        AuthorityUsersRead,
-        AuthorityUsersWrite,
-        AuthorityRolesRead,
-        AuthorityRolesWrite,
-        AuthorityClientsRead,
-        AuthorityClientsWrite,
-        AuthorityTokensRead,
-        AuthorityTokensRevoke,
-        AuthorityBrandingRead,
-        AuthorityBrandingWrite,
-        UiAdmin,
-        ScannerRead,
-        ScannerScan,
-        ScannerExport,
-        ScannerWrite,
-        SchedulerRead,
-        SchedulerOperate,
-        SchedulerAdmin,
-        AttestCreate,
-        AttestAdmin,
-        SignerRead,
-        SignerSign,
-        SignerRotate,
-        SignerAdmin,
-        SbomRead,
-        SbomWrite,
-        SbomAttest,
-        ReleaseRead,
-        ReleaseWrite,
-        ReleasePublish,
-        ReleaseBypass,
-        ZastavaRead,
-        ZastavaTrigger,
-        ZastavaAdmin,
-        ExceptionsRead,
-        ExceptionsWrite,
-        ExceptionsRequest,
-        GraphAdmin
-    };
+    private static readonly IReadOnlyList<string> AllScopes = BuildAllScopes();
+    private static readonly HashSet<string> KnownScopes = new(AllScopes, StringComparer.OrdinalIgnoreCase);

    /// <summary>
    /// Normalises a scope string (trim/convert to lower case).
@@ -720,5 +607,19 @@ public static class StellaOpsScopes
    /// <summary>
    /// Returns the full set of built-in scopes.
    /// </summary>
-    public static IReadOnlyCollection<string> All => KnownScopes;
+    public static IReadOnlyCollection<string> All => AllScopes;
+
+    private static IReadOnlyList<string> BuildAllScopes()
+    {
+        var values = typeof(StellaOpsScopes)
+            .GetFields(BindingFlags.Public | BindingFlags.Static)
+            .Where(static field => field is { IsLiteral: true, IsInitOnly: false } && field.FieldType == typeof(string))
+            .Select(static field => (string)field.GetRawConstantValue()!)
+            .Where(static value => !string.IsNullOrWhiteSpace(value))
+            .Distinct(StringComparer.Ordinal)
+            .OrderBy(static value => value, StringComparer.Ordinal)
+            .ToArray();
+
+        return new ReadOnlyCollection<string>(values);
+    }
 }