up
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Policy Simulation / policy-simulate (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
This commit is contained in:
StellaOps Bot
@@ -0,0 +1,83 @@
|
||||
using System;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using StellaOps.Messaging;
|
||||
using StellaOps.Messaging.Abstractions;
|
||||
|
||||
namespace StellaOps.Auth.Client;
|
||||
|
||||
/// <summary>
|
||||
/// Token cache backed by <see cref="IDistributedCache{TValue}"/>.
|
||||
/// Supports any transport (InMemory, Valkey, PostgreSQL) via factory injection.
|
||||
/// </summary>
|
||||
public sealed class MessagingTokenCache : IStellaOpsTokenCache
|
||||
{
|
||||
private readonly IDistributedCache<StellaOpsTokenCacheEntry> _cache;
|
||||
private readonly TimeProvider _timeProvider;
|
||||
private readonly Func<StellaOpsTokenCacheEntry, StellaOpsTokenCacheEntry> _normalizer;
|
||||
private readonly TimeSpan _expirationSkew;
|
||||
|
||||
public MessagingTokenCache(
|
||||
IDistributedCacheFactory cacheFactory,
|
||||
TimeProvider? timeProvider = null,
|
||||
TimeSpan? expirationSkew = null)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(cacheFactory);
|
||||
|
||||
_timeProvider = timeProvider ?? TimeProvider.System;
|
||||
_expirationSkew = expirationSkew ?? TimeSpan.FromSeconds(30);
|
||||
_normalizer = static entry => entry.NormalizeScopes();
|
||||
|
||||
_cache = cacheFactory.Create<StellaOpsTokenCacheEntry>(new CacheOptions
|
||||
{
|
||||
KeyPrefix = "auth:token:",
|
||||
});
|
||||
}
|
||||
|
||||
public async ValueTask<StellaOpsTokenCacheEntry?> GetAsync(string key, CancellationToken cancellationToken = default)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(key);
|
||||
|
||||
var result = await _cache.GetAsync(key, cancellationToken).ConfigureAwait(false);
|
||||
|
||||
if (!result.HasValue)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
var entry = result.Value;
|
||||
|
||||
// Check if expired with skew
|
||||
if (entry.IsExpired(_timeProvider, _expirationSkew))
|
||||
{
|
||||
await _cache.InvalidateAsync(key, cancellationToken).ConfigureAwait(false);
|
||||
return null;
|
||||
}
|
||||
|
||||
return entry;
|
||||
}
|
||||
|
||||
public async ValueTask SetAsync(string key, StellaOpsTokenCacheEntry entry, CancellationToken cancellationToken = default)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(key);
|
||||
ArgumentNullException.ThrowIfNull(entry);
|
||||
|
||||
var normalizedEntry = _normalizer(entry);
|
||||
var now = _timeProvider.GetUtcNow();
|
||||
var ttl = normalizedEntry.ExpiresAtUtc - now;
|
||||
|
||||
if (ttl <= TimeSpan.Zero)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
var entryOptions = new CacheEntryOptions { TimeToLive = ttl };
|
||||
await _cache.SetAsync(key, normalizedEntry, entryOptions, cancellationToken).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
public async ValueTask RemoveAsync(string key, CancellationToken cancellationToken = default)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(key);
|
||||
await _cache.InvalidateAsync(key, cancellationToken).ConfigureAwait(false);
|
||||
}
|
||||
}
|
||||
@@ -30,6 +30,7 @@
|
||||
<ProjectReference Include="..\StellaOps.Auth.Abstractions\StellaOps.Auth.Abstractions.csproj" />
|
||||
<ProjectReference Include="..\..\..\AirGap\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy\StellaOps.AirGap.Policy.csproj" />
|
||||
<ProjectReference Include="../../../__Libraries/StellaOps.Configuration/StellaOps.Configuration.csproj" />
|
||||
<ProjectReference Include="../../../__Libraries/StellaOps.Messaging/StellaOps.Messaging.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.Extensions.Http.Resilience" Version="10.0.0" />
|
||||
|
||||
@@ -0,0 +1,57 @@
|
||||
using StellaOps.Messaging;
|
||||
using StellaOps.Messaging.Abstractions;
|
||||
|
||||
namespace StellaOps.Authority.Plugin.Ldap.Claims;
|
||||
|
||||
/// <summary>
|
||||
/// LDAP claims cache backed by <see cref="IDistributedCache{TValue}"/>.
|
||||
/// Supports any transport (InMemory, Valkey, PostgreSQL) via factory injection.
|
||||
/// </summary>
|
||||
internal sealed class MessagingLdapClaimsCache : ILdapClaimsCache
|
||||
{
|
||||
private readonly IDistributedCache<LdapCachedClaims> _cache;
|
||||
private readonly string _pluginName;
|
||||
private readonly TimeSpan _ttl;
|
||||
|
||||
public MessagingLdapClaimsCache(
|
||||
IDistributedCacheFactory cacheFactory,
|
||||
string pluginName,
|
||||
LdapClaimsCacheOptions options)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(cacheFactory);
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(pluginName);
|
||||
ArgumentNullException.ThrowIfNull(options);
|
||||
|
||||
_pluginName = pluginName;
|
||||
_ttl = TimeSpan.FromSeconds(options.TtlSeconds);
|
||||
|
||||
_cache = cacheFactory.Create<LdapCachedClaims>(new CacheOptions
|
||||
{
|
||||
KeyPrefix = $"ldap:claims:{pluginName}:",
|
||||
DefaultTtl = _ttl,
|
||||
});
|
||||
}
|
||||
|
||||
public async ValueTask<LdapCachedClaims?> GetAsync(string subjectId, CancellationToken cancellationToken)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(subjectId);
|
||||
|
||||
var key = BuildKey(subjectId);
|
||||
var result = await _cache.GetAsync(key, cancellationToken).ConfigureAwait(false);
|
||||
|
||||
return result.HasValue ? result.Value : null;
|
||||
}
|
||||
|
||||
public async ValueTask SetAsync(string subjectId, LdapCachedClaims claims, CancellationToken cancellationToken)
|
||||
{
|
||||
ArgumentException.ThrowIfNullOrWhiteSpace(subjectId);
|
||||
ArgumentNullException.ThrowIfNull(claims);
|
||||
|
||||
var key = BuildKey(subjectId);
|
||||
var entryOptions = new CacheEntryOptions { TimeToLive = _ttl };
|
||||
|
||||
await _cache.SetAsync(key, claims, entryOptions, cancellationToken).ConfigureAwait(false);
|
||||
}
|
||||
|
||||
private string BuildKey(string subjectId) => subjectId.ToLowerInvariant();
|
||||
}
|
||||
@@ -13,7 +13,7 @@
|
||||
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.0" />
|
||||
<PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="10.0.0" />
|
||||
<PackageReference Include="System.DirectoryServices.Protocols" Version="8.0.0" />
|
||||
<!-- MongoDB.Driver removed - using Mongo compatibility shim -->
|
||||
<!-- Storage now uses PostgreSQL -->
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\\StellaOps.Authority.Plugins.Abstractions\\StellaOps.Authority.Plugins.Abstractions.csproj" />
|
||||
@@ -21,5 +21,6 @@
|
||||
<ProjectReference Include="..\\StellaOps.Authority.Storage.InMemory\\StellaOps.Authority.Storage.InMemory.csproj" />
|
||||
<ProjectReference Include="..\\..\\..\\__Libraries\\StellaOps.Plugin\\StellaOps.Plugin.csproj" />
|
||||
<ProjectReference Include="..\\..\\__Libraries\\StellaOps.Authority.Storage.Postgres\\StellaOps.Authority.Storage.Postgres.csproj" />
|
||||
<ProjectReference Include="..\\..\\..\\__Libraries\\StellaOps.Messaging\\StellaOps.Messaging.csproj" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
@@ -9,7 +9,5 @@
|
||||
<ProjectReference Include="..\StellaOps.Authority.Plugin.Standard\StellaOps.Authority.Plugin.Standard.csproj" />
|
||||
<ProjectReference Include="..\StellaOps.Authority.Plugins.Abstractions\StellaOps.Authority.Plugins.Abstractions.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<!-- MongoDB.Driver removed - using Mongo compatibility shim via Plugin.Standard project reference -->
|
||||
</ItemGroup>
|
||||
<!-- Storage now uses PostgreSQL via Plugin.Standard project reference -->
|
||||
</Project>
|
||||
|
||||
@@ -11,9 +11,7 @@
|
||||
<ProjectReference Include="..\StellaOps.Authority.Plugins.Abstractions\StellaOps.Authority.Plugins.Abstractions.csproj" />
|
||||
<ProjectReference Include="../../../__Libraries/StellaOps.Auth.Security/StellaOps.Auth.Security.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<!-- MongoDB.Driver removed - using Mongo compatibility shim via Authority project reference -->
|
||||
</ItemGroup>
|
||||
<!-- Storage now uses PostgreSQL via Authority project reference -->
|
||||
<ItemGroup>
|
||||
<Compile Include="../../../../tests/shared/OpenSslLegacyShim.cs" Link="Infrastructure/OpenSslLegacyShim.cs" />
|
||||
<None Include="../../../../tests/native/openssl-1.1/linux-x64/*" Link="native/linux-x64/%(Filename)%(Extension)" CopyToOutputDirectory="PreserveNewest" />
|
||||
|
||||
Reference in New Issue
Block a user