stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

compose and authority fixes. finish sprints.

Browse Source
This commit is contained in:
master
2026-02-17 21:59:47 +02:00
parent fb46a927ad
commit 49cdebe2f1
187 changed files with 23189 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/Findings/StellaOps.Findings.Ledger.WebService/Program.cs
View File

@@ -119,19 +119,26 @@ builder.Services.AddStellaOpsResourceServerAuthentication(
resourceOptions.BackchannelTimeout = bootstrapOptions.Authority.BackchannelTimeout;
resourceOptions.TokenClockSkew = bootstrapOptions.Authority.TokenClockSkew;
// Read collections directly from IConfiguration to work around
// .NET Configuration.Bind() not populating IList<string> in nested init objects.
var authoritySection = builder.Configuration.GetSection("findings:ledger:Authority");
var audiences = authoritySection.GetSection("Audiences").Get<string[]>() ?? [];
resourceOptions.Audiences.Clear();
foreach (var audience in bootstrapOptions.Authority.Audiences)
foreach (var audience in audiences)
{
resourceOptions.Audiences.Add(audience);
}
var requiredScopes = authoritySection.GetSection("RequiredScopes").Get<string[]>() ?? [];
resourceOptions.RequiredScopes.Clear();
foreach (var scope in bootstrapOptions.Authority.RequiredScopes)
foreach (var scope in requiredScopes)
{
resourceOptions.RequiredScopes.Add(scope);
}
foreach (var network in bootstrapOptions.Authority.BypassNetworks)
var bypassNetworks = authoritySection.GetSection("BypassNetworks").Get<string[]>() ?? [];
foreach (var network in bypassNetworks)
{
resourceOptions.BypassNetworks.Add(network);
}
@@ -139,8 +146,11 @@ builder.Services.AddStellaOpsResourceServerAuthentication(
builder.Services.AddAuthorization(options =>
{
var scopes = bootstrapOptions.Authority.RequiredScopes.Count > 0
? bootstrapOptions.Authority.RequiredScopes.ToArray()
var configuredScopes = builder.Configuration
.GetSection("findings:ledger:Authority:RequiredScopes")
.Get<string[]>() ?? [];
var scopes = configuredScopes.Length > 0
? configuredScopes
: new[] { StellaOpsScopes.VulnOperate };
// Default policy uses StellaOpsScopeRequirement so bypass evaluator can grant
@@ -186,6 +196,7 @@ builder.Services.AddAuthorization(options =>
policy.AddAuthenticationSchemes(StellaOpsAuthenticationDefaults.AuthenticationScheme);
});
});
builder.Services.AddStellaOpsScopeHandler();
builder.Services.AddSingleton<ILedgerIncidentNotifier, LoggingLedgerIncidentNotifier>();
builder.Services.AddSingleton<LedgerIncidentCoordinator>();

6
src/Findings/StellaOps.Findings.Ledger/Options/LedgerServiceOptions.cs
View File

@@ -73,11 +73,11 @@ public sealed class LedgerServiceOptions
public string? MetadataAddress { get; set; }
public IList<string> Audiences { get; } = new List<string>();
public IList<string> Audiences { get; set; } = new List<string>();
public IList<string> RequiredScopes { get; } = new List<string>();
public IList<string> RequiredScopes { get; set; } = new List<string>();
public IList<string> BypassNetworks { get; } = new List<string>();
public IList<string> BypassNetworks { get; set; } = new List<string>();
public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(10);