tenant fixes

2026-02-23 23:44:50 +02:00
parent bdb1438654
commit 4f947a8b61
159 changed files with 1064 additions and 556 deletions
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/AdministrationTrustSigningMutationEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/AdministrationTrustSigningMutationEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -20,7 +21,8 @@ public static class AdministrationTrustSigningMutationEndpoints
    {
        var group = app.MapGroup("/api/v1/administration/trust-signing")
            .WithTags("Administration")
-            .RequireAuthorization(PlatformPolicies.TrustRead);
+            .RequireAuthorization(PlatformPolicies.TrustRead)
+            .RequireTenant();

        group.MapGet("/keys", async Task<IResult>(
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/AnalyticsEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/AnalyticsEndpoints.cs
@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -18,7 +19,8 @@ public static class AnalyticsEndpoints
    {
        var analytics = app.MapGroup("/api/analytics")
            .WithTags("Analytics")
-            .RequireAuthorization(PlatformPolicies.AnalyticsRead);
+            .RequireAuthorization(PlatformPolicies.AnalyticsRead)
+            .RequireTenant();

        analytics.MapGet("/suppliers", async Task<IResult> (
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/ContextEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/ContextEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -16,7 +17,8 @@ public static class ContextEndpoints
    {
        var context = app.MapGroup("/api/v2/context")
            .WithTags("Platform Context")
-            .RequireAuthorization(PlatformPolicies.ContextRead);
+            .RequireAuthorization(PlatformPolicies.ContextRead)
+            .RequireTenant();

        context.MapGet("/regions", async Task<IResult>(
            HttpContext httpContext,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/EnvironmentSettingsAdminEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/EnvironmentSettingsAdminEndpoints.cs
@@ -4,6 +4,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Services;

@@ -19,7 +20,8 @@ public static class EnvironmentSettingsAdminEndpoints
    {
        var group = app.MapGroup("/platform/envsettings/db")
            .WithTags("Environment Settings Admin")
-            .RequireAuthorization(PlatformPolicies.SetupRead);
+            .RequireAuthorization(PlatformPolicies.SetupRead)
+            .RequireTenant();

        group.MapGet("/", async (IEnvironmentSettingsStore store, CancellationToken ct) =>
        {
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/EnvironmentSettingsEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/EnvironmentSettingsEndpoints.cs
@@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.Extensions.Options;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Options;
 using StellaOps.Platform.WebService.Services;
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/EvidenceThreadEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/EvidenceThreadEndpoints.cs
@@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Services;
 using StellaOps.ReleaseOrchestrator.EvidenceThread.Export;
@@ -33,7 +34,8 @@ public static class EvidenceThreadEndpoints
    {
        var evidence = app.MapGroup("/api/v1/evidence")
            .WithTags("Evidence Thread")
-            .RequireAuthorization(PlatformPolicies.ContextRead);
+            .RequireAuthorization(PlatformPolicies.ContextRead)
+            .RequireTenant();

        // GET /api/v1/evidence/{artifactDigest} - Get evidence thread for artifact
        evidence.MapGet("/{artifactDigest}", GetEvidenceThread)
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/FederationTelemetryEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/FederationTelemetryEndpoints.cs
@@ -1,6 +1,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -21,7 +22,8 @@ public static class FederationTelemetryEndpoints
    {
        var group = app.MapGroup("/api/v1/telemetry/federation")
            .WithTags("Federated Telemetry")
-            .RequireAuthorization(PlatformPolicies.FederationRead);
+            .RequireAuthorization(PlatformPolicies.FederationRead)
+            .RequireTenant();

        // GET /consent — get consent state
        group.MapGet("/consent", async Task<IResult>(
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/FunctionMapEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/FunctionMapEndpoints.cs
@@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -25,7 +26,8 @@ public static class FunctionMapEndpoints
    {
        var maps = app.MapGroup("/api/v1/function-maps")
            .WithTags("Function Maps")
-            .RequireAuthorization(PlatformPolicies.FunctionMapRead);
+            .RequireAuthorization(PlatformPolicies.FunctionMapRead)
+            .RequireTenant();

        MapCrudEndpoints(maps);
        MapVerifyEndpoints(maps);
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/IntegrationReadModelEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/IntegrationReadModelEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -16,7 +17,8 @@ public static class IntegrationReadModelEndpoints
    {
        var integrations = app.MapGroup("/api/v2/integrations")
            .WithTags("Integrations V2")
-            .RequireAuthorization(PlatformPolicies.IntegrationsRead);
+            .RequireAuthorization(PlatformPolicies.IntegrationsRead)
+            .RequireTenant();

        integrations.MapGet("/feeds", async Task<IResult>(
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/LegacyAliasEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/LegacyAliasEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -17,7 +18,8 @@ public static class LegacyAliasEndpoints
    {
        var legacy = app.MapGroup("/api/v1")
            .WithTags("Pack22 Legacy Aliases")
-            .RequireAuthorization(PlatformPolicies.ContextRead);
+            .RequireAuthorization(PlatformPolicies.ContextRead)
+            .RequireTenant();

        legacy.MapGet("/context/regions", async Task<IResult>(
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/PackAdapterEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/PackAdapterEndpoints.cs
@@ -1,6 +1,7 @@
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -44,7 +45,8 @@ public static class PackAdapterEndpoints

        var platform = app.MapGroup("/api/v1/platform")
            .WithTags("Platform Ops")
-            .RequireAuthorization(PlatformPolicies.HealthRead);
+            .RequireAuthorization(PlatformPolicies.HealthRead)
+            .RequireTenant();

        platform.MapGet("/data-integrity/summary", (
            HttpContext context,
@@ -158,7 +160,8 @@ public static class PackAdapterEndpoints
        .RequireAuthorization(PlatformPolicies.HealthRead);

        var administration = app.MapGroup("/api/v1/administration")
-            .WithTags("Administration");
+            .WithTags("Administration")
+            .RequireTenant();

        administration.MapGet("/summary", (
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/PlatformEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/PlatformEndpoints.cs
@@ -8,6 +8,7 @@ using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
 using System;
 using System.Linq;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using System.Threading;
 using System.Threading.Tasks;

@@ -19,7 +20,8 @@ public static class PlatformEndpoints
    {
        var platform = app.MapGroup("/api/v1/platform")
            .WithTags("Platform")
-            .RequireAuthorization(PlatformPolicies.HealthRead);
+            .RequireAuthorization(PlatformPolicies.HealthRead)
+            .RequireTenant();

        MapHealthEndpoints(platform);
        MapQuotaEndpoints(platform);
@@ -478,7 +480,8 @@ public static class PlatformEndpoints
    {
        var quotas = app.MapGroup("/api/v1/authority/quotas")
            .WithTags("Platform Quotas Compatibility")
-            .RequireAuthorization(PlatformPolicies.QuotaRead);
+            .RequireAuthorization(PlatformPolicies.QuotaRead)
+            .RequireTenant();

        quotas.MapGet(string.Empty, async Task<IResult> (
            HttpContext context,
@@ -715,7 +718,8 @@ public static class PlatformEndpoints

        var rateLimits = app.MapGroup("/api/v1/gateway/rate-limits")
            .WithTags("Platform Gateway Compatibility")
-            .RequireAuthorization(PlatformPolicies.QuotaRead);
+            .RequireAuthorization(PlatformPolicies.QuotaRead)
+            .RequireTenant();

        rateLimits.MapGet(string.Empty, (HttpContext context, PlatformRequestContextResolver resolver) =>
        {
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/PolicyInteropEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/PolicyInteropEndpoints.cs
@@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -26,7 +27,8 @@ public static class PolicyInteropEndpoints
    {
        var interop = app.MapGroup("/api/v1/policy/interop")
            .WithTags("PolicyInterop")
-            .RequireAuthorization(PlatformPolicies.PolicyRead);
+            .RequireAuthorization(PlatformPolicies.PolicyRead)
+            .RequireTenant();

        MapExportEndpoint(interop);
        MapImportEndpoint(interop);
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/ReleaseControlEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/ReleaseControlEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -20,7 +21,8 @@ public static class ReleaseControlEndpoints
    {
        var bundles = app.MapGroup("/api/v1/release-control/bundles")
            .WithTags("Release Control")
-            .RequireAuthorization(PlatformPolicies.ReleaseControlRead);
+            .RequireAuthorization(PlatformPolicies.ReleaseControlRead)
+            .RequireTenant();

        bundles.MapGet(string.Empty, async Task<IResult>(
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/ReleaseReadModelEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/ReleaseReadModelEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -17,7 +18,8 @@ public static class ReleaseReadModelEndpoints
    {
        var releases = app.MapGroup("/api/v2/releases")
            .WithTags("Releases V2")
-            .RequireAuthorization(PlatformPolicies.ReleaseControlRead);
+            .RequireAuthorization(PlatformPolicies.ReleaseControlRead)
+            .RequireTenant();

        releases.MapGet(string.Empty, async Task<IResult>(
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/ScoreEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/ScoreEndpoints.cs
@@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -26,7 +27,8 @@ public static class ScoreEndpoints
    {
        var score = app.MapGroup("/api/v1/score")
            .WithTags("Score")
-            .RequireAuthorization(PlatformPolicies.ScoreRead);
+            .RequireAuthorization(PlatformPolicies.ScoreRead)
+            .RequireTenant();

        MapEvaluateEndpoints(score);
        MapHistoryEndpoints(score);
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/SecurityReadModelEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/SecurityReadModelEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -16,7 +17,8 @@ public static class SecurityReadModelEndpoints
    {
        var security = app.MapGroup("/api/v2/security")
            .WithTags("Security V2")
-            .RequireAuthorization(PlatformPolicies.SecurityRead);
+            .RequireAuthorization(PlatformPolicies.SecurityRead)
+            .RequireTenant();

        security.MapGet("/findings", async Task<IResult>(
            HttpContext context,
--- a/src/Platform/StellaOps.Platform.WebService/Endpoints/TopologyReadModelEndpoints.cs
+++ b/src/Platform/StellaOps.Platform.WebService/Endpoints/TopologyReadModelEndpoints.cs
@@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
+using StellaOps.Auth.ServerIntegration.Tenancy;
 using StellaOps.Platform.WebService.Constants;
 using StellaOps.Platform.WebService.Contracts;
 using StellaOps.Platform.WebService.Services;
@@ -16,7 +17,8 @@ public static class TopologyReadModelEndpoints
    {
        var topology = app.MapGroup("/api/v2/topology")
            .WithTags("Topology V2")
-            .RequireAuthorization(PlatformPolicies.TopologyRead);
+            .RequireAuthorization(PlatformPolicies.TopologyRead)
+            .RequireTenant();

        topology.MapGet("/regions", async Task<IResult>(
            HttpContext context,