stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

tenant fixes

Browse Source
This commit is contained in:
master
2026-02-23 23:44:50 +02:00
parent bdb1438654
commit 4f947a8b61
159 changed files with 1064 additions and 556 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileAirGapEndpoints.cs
View File

@@ -1,6 +1,7 @@
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Policy.Engine.AirGap;
using StellaOps.Policy.Engine.Services;
using StellaOps.Policy.RiskProfile.Models;

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/AdvisorySourceEndpoints.cs
View File

@@ -1,6 +1,7 @@
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Persistence.Postgres.Repositories;
using System.Text.Json;
@@ -21,7 +22,8 @@ public static class AdvisorySourceEndpoints
public static void MapAdvisorySourcePolicyEndpoints(this WebApplication app)
{
var group = app.MapGroup("/api/v1/advisory-sources")
.WithTags("Advisory Sources");
.WithTags("Advisory Sources")
.RequireTenant();
group.MapGet("/{sourceId}/impact", GetImpactAsync)
.WithName("GetAdvisorySourceImpact")

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/DeltasEndpoints.cs
View File

@@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Caching.Memory;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Deltas;
using StellaOps.Policy.Gateway.Contracts;
@@ -25,7 +26,8 @@ public static class DeltasEndpoints
public static void MapDeltasEndpoints(this WebApplication app)
{
var deltas = app.MapGroup("/api/policy/deltas")
.WithTags("Deltas");
.WithTags("Deltas")
.RequireTenant();
// POST /api/policy/deltas/compute - Compute a security state delta
deltas.MapPost("/compute", async Task<IResult>(

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/ExceptionApprovalEndpoints.cs
View File

@@ -6,6 +6,7 @@
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Engine.Services;
using StellaOps.Policy.Persistence.Postgres.Models;
using StellaOps.Policy.Persistence.Postgres.Repositories;
@@ -24,7 +25,8 @@ public static class ExceptionApprovalEndpoints
public static void MapExceptionApprovalEndpoints(this WebApplication app)
{
var exceptions = app.MapGroup("/api/v1/policy/exception")
.WithTags("Exception Approvals");
.WithTags("Exception Approvals")
.RequireTenant();
// POST /api/v1/policy/exception/request - Create a new exception approval request
exceptions.MapPost("/request", CreateApprovalRequestAsync)

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/ExceptionEndpoints.cs
View File

@@ -7,6 +7,7 @@
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Exceptions.Models;
using StellaOps.Policy.Exceptions.Repositories;
using StellaOps.Policy.Gateway.Contracts;
@@ -26,7 +27,8 @@ public static class ExceptionEndpoints
public static void MapExceptionEndpoints(this WebApplication app)
{
var exceptions = app.MapGroup("/api/policy/exceptions")
.WithTags("Exceptions");
.WithTags("Exceptions")
.RequireTenant();
// GET /api/policy/exceptions - List exceptions with filters
exceptions.MapGet(string.Empty, async Task<IResult>(

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/GateEndpoints.cs
View File

@@ -6,6 +6,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Caching.Memory;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Audit;
using StellaOps.Policy.Deltas;
using StellaOps.Policy.Engine.Gates;
@@ -28,7 +29,8 @@ public static class GateEndpoints
public static void MapGateEndpoints(this WebApplication app)
{
var gates = app.MapGroup("/api/v1/policy/gate")
.WithTags("Gates");
.WithTags("Gates")
.RequireTenant();
// POST /api/v1/policy/gate/evaluate - Evaluate gate for image
gates.MapPost("/evaluate", async Task<IResult>(

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/GatesEndpoints.cs
View File

@@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Caching.Memory;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Gates;
using StellaOps.Policy.Persistence.Postgres.Repositories;
using System.Text.Json.Serialization;
@@ -33,7 +34,8 @@ public static class GatesEndpoints
public static IEndpointRouteBuilder MapGatesEndpoints(this IEndpointRouteBuilder endpoints)
{
var group = endpoints.MapGroup("/api/v1/gates")
.WithTags("Gates");
.WithTags("Gates")
.RequireTenant();
group.MapGet("/{bomRef}", GetGateStatus)
.RequireAuthorization(policy => policy.RequireStellaOpsScopes(StellaOpsScopes.PolicyRead))

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/GovernanceEndpoints.cs
View File

@@ -6,6 +6,7 @@
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using System.Collections.Concurrent;
using System.Globalization;
using System.Text.Json;
@@ -29,7 +30,8 @@ public static class GovernanceEndpoints
public static void MapGovernanceEndpoints(this WebApplication app)
{
var governance = app.MapGroup("/api/v1/governance")
.WithTags("Governance");
.WithTags("Governance")
.RequireTenant();
// Sealed Mode endpoints
governance.MapGet("/sealed-mode/status", GetSealedModeStatusAsync)

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/RegistryWebhookEndpoints.cs
View File

@@ -8,6 +8,7 @@
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Engine.Gates;
using System.Text.Json;
using System.Text.Json.Serialization;
@@ -23,7 +24,8 @@ internal static class RegistryWebhookEndpoints
{
var group = endpoints.MapGroup("/api/v1/webhooks/registry")
.WithTags("Registry Webhooks")
.AllowAnonymous();
.AllowAnonymous()
.RequireTenant();
group.MapPost("/docker", HandleDockerRegistryWebhook)
.WithName("DockerRegistryWebhook")

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/ScoreGateEndpoints.cs
View File

@@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.DeltaVerdict.Bundles;
using StellaOps.Policy.Gateway.Contracts;
using StellaOps.Signals.EvidenceWeightedScore;
@@ -26,7 +27,8 @@ public static class ScoreGateEndpoints
public static void MapScoreGateEndpoints(this WebApplication app)
{
var gates = app.MapGroup("/api/v1/gate")
.WithTags("Score Gates");
.WithTags("Score Gates")
.RequireTenant();
// POST /api/v1/gate/evaluate - Evaluate score-based gate for a finding
gates.MapPost("/evaluate", async Task<IResult>(

4
src/Policy/StellaOps.Policy.Gateway/Endpoints/ToolLatticeEndpoints.cs
View File

@@ -2,6 +2,7 @@
using Microsoft.AspNetCore.Mvc;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Policy.Gateway.Contracts;
using StellaOps.Policy.ToolLattice;
using System;
@@ -16,7 +17,8 @@ public static class ToolLatticeEndpoints
public static void MapToolLatticeEndpoints(this WebApplication app)
{
var tools = app.MapGroup("/api/v1/policy/assistant/tools")
.WithTags("Assistant Tools");
.WithTags("Assistant Tools")
.RequireTenant();
tools.MapPost("/evaluate", (HttpContext httpContext, ToolAccessRequest request, IToolAccessEvaluator evaluator) =>
{

3
src/Policy/StellaOps.Policy.Gateway/Program.cs
View File

@@ -12,6 +12,7 @@ using StellaOps.AirGap.Policy;
using StellaOps.Auth.Abstractions;
using StellaOps.Auth.Client;
using StellaOps.Auth.ServerIntegration;
using StellaOps.Auth.ServerIntegration.Tenancy;
using StellaOps.Configuration;
using StellaOps.Determinism;
using StellaOps.Policy.Deltas;
@@ -128,6 +129,7 @@ builder.Services.AddOptions<ToolLatticeOptions>()
builder.Services.AddSingleton(sp => sp.GetRequiredService<IOptions<PolicyGatewayOptions>>().Value);
builder.Services.AddSingleton(TimeProvider.System);
builder.Services.AddSystemGuidProvider();
builder.Services.AddStellaOpsTenantServices();
builder.Services.AddStellaOpsCors(builder.Environment, builder.Configuration);
builder.Services.AddRouting(options => options.LowercaseUrls = true);
builder.Services.AddProblemDetails();
@@ -323,6 +325,7 @@ app.UseStatusCodePages();
app.UseStellaOpsCors();
app.UseAuthentication();
app.UseAuthorization();
app.UseStellaOpsTenantMiddleware();
app.TryUseStellaRouter(routerEnabled);
app.MapHealthChecks("/healthz");