stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

feat: Add RustFS artifact object store and migration tool

Browse Source 
- Implemented RustFsArtifactObjectStore for managing artifacts in RustFS.
- Added unit tests for RustFsArtifactObjectStore functionality.
- Created a RustFS migrator tool to transfer objects from S3 to RustFS.
- Introduced policy preview and report models for API integration.
- Added fixtures and tests for policy preview and report functionality.
- Included necessary metadata and scripts for cache_pkg package.
This commit is contained in:
master
2025-10-23 18:53:18 +03:00
parent 5cb3144e5e
commit 70d7fb529e
117 changed files with 4849 additions and 725 deletions
Download Patch File Download Diff File Expand all files Collapse all files

314
docs/schemas/policy-preview-sample@1.json Normal file
View File

@@ -0,0 +1,314 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://schemas.stella-ops.org/policy/policy-preview-sample@1.json",
"title": "Policy Preview Sample",
"type": "object",
"additionalProperties": false,
"required": [
"previewRequest",
"previewResponse"
],
"properties": {
"previewRequest": {
"type": "object",
"additionalProperties": false,
"required": [
"imageDigest",
"findings"
],
"properties": {
"imageDigest": {
"type": "string",
"pattern": "^sha256:[0-9a-f]{64}$"
},
"findings": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/finding"
}
},
"baseline": {
"type": "array",
"items": {
"$ref": "#/$defs/baselineVerdict"
}
}
}
},
"previewResponse": {
"type": "object",
"additionalProperties": false,
"required": [
"success",
"policyDigest",
"revisionId",
"changed",
"diffs",
"issues"
],
"properties": {
"success": {
"type": "boolean"
},
"policyDigest": {
"type": "string",
"pattern": "^[0-9a-f]{64}$"
},
"revisionId": {
"type": "string"
},
"changed": {
"type": "integer",
"minimum": 0
},
"diffs": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"findingId",
"baseline",
"projected",
"changed"
],
"properties": {
"findingId": {
"type": "string"
},
"baseline": {
"$ref": "#/$defs/baselineVerdict"
},
"projected": {
"$ref": "#/$defs/projectedVerdict"
},
"changed": {
"type": "boolean"
}
}
}
},
"issues": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"code",
"message",
"severity",
"path"
],
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
},
"severity": {
"type": "string"
},
"path": {
"type": "string"
}
}
}
}
}
}
},
"$defs": {
"finding": {
"type": "object",
"required": [
"id",
"severity",
"source"
],
"properties": {
"id": {
"type": "string"
},
"severity": {
"type": "string"
},
"source": {
"type": "string"
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": true
},
"inputs": {
"type": "object",
"minProperties": 1,
"propertyNames": {
"type": "string",
"maxLength": 64
},
"additionalProperties": {
"type": "number"
}
},
"baselineVerdict": {
"type": "object",
"additionalProperties": false,
"required": [
"findingId",
"status",
"configVersion",
"score"
],
"properties": {
"findingId": {
"type": "string"
},
"status": {
"type": "string",
"enum": [
"Pass",
"Blocked",
"Warned",
"Ignored",
"Deferred",
"Escalated",
"RequiresVex"
]
},
"ruleName": {
"type": [
"string",
"null"
]
},
"ruleAction": {
"type": [
"string",
"null"
]
},
"notes": {
"type": [
"string",
"null"
]
},
"score": {
"type": "number"
},
"configVersion": {
"type": "string"
},
"inputs": {
"$ref": "#/$defs/inputs"
},
"quietedBy": {
"type": [
"string",
"null"
]
},
"quiet": {
"type": "boolean"
},
"unknownConfidence": {
"type": "number",
"minimum": 0
},
"confidenceBand": {
"type": "string",
"enum": [
"low",
"medium",
"high",
"unspecified"
]
},
"unknownAgeDays": {
"type": "number",
"minimum": 0
},
"sourceTrust": {
"type": "string"
},
"reachability": {
"type": "string",
"enum": [
"unknown",
"runtime",
"entrypoint",
"direct",
"indirect",
"unreachable"
]
}
}
},
"projectedVerdict": {
"allOf": [
{
"$ref": "#/$defs/baselineVerdict"
},
{
"type": "object",
"required": [
"ruleName",
"ruleAction",
"unknownConfidence",
"confidenceBand",
"unknownAgeDays",
"sourceTrust",
"reachability"
],
"properties": {
"ruleName": {
"type": "string"
},
"ruleAction": {
"type": "string"
},
"unknownConfidence": {
"type": "number",
"minimum": 0
},
"confidenceBand": {
"type": "string",
"enum": [
"low",
"medium",
"high",
"unspecified"
]
},
"unknownAgeDays": {
"type": "number",
"minimum": 0
},
"sourceTrust": {
"type": "string"
},
"reachability": {
"type": "string",
"enum": [
"unknown",
"runtime",
"entrypoint",
"direct",
"indirect",
"unreachable"
]
}
}
}
]
}
}
}

396
docs/schemas/policy-report-sample@1.json Normal file
View File

@@ -0,0 +1,396 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://schemas.stella-ops.org/policy/policy-report-sample@1.json",
"title": "Policy Report Sample",
"type": "object",
"additionalProperties": false,
"required": [
"reportRequest",
"reportResponse"
],
"properties": {
"reportRequest": {
"type": "object",
"additionalProperties": false,
"required": [
"imageDigest",
"findings"
],
"properties": {
"imageDigest": {
"type": "string",
"pattern": "^sha256:[0-9a-f]{64}$"
},
"findings": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/finding"
}
},
"baseline": {
"type": "array",
"items": {
"$ref": "#/$defs/baselineVerdict"
}
}
}
},
"reportResponse": {
"type": "object",
"additionalProperties": false,
"required": [
"report",
"dsse"
],
"properties": {
"report": {
"type": "object",
"additionalProperties": false,
"required": [
"reportId",
"imageDigest",
"generatedAt",
"verdict",
"policy",
"summary",
"verdicts",
"issues"
],
"properties": {
"reportId": {
"type": "string"
},
"imageDigest": {
"type": "string",
"pattern": "^sha256:[0-9a-f]{64}$"
},
"generatedAt": {
"type": "string",
"format": "date-time"
},
"verdict": {
"type": "string"
},
"policy": {
"type": "object",
"additionalProperties": false,
"required": [
"revisionId",
"digest"
],
"properties": {
"revisionId": {
"type": "string"
},
"digest": {
"type": "string",
"pattern": "^[0-9a-f]{64}$"
}
}
},
"summary": {
"type": "object",
"additionalProperties": false,
"required": [
"total",
"blocked",
"warned",
"ignored",
"quieted"
],
"properties": {
"total": {
"type": "integer",
"minimum": 0
},
"blocked": {
"type": "integer",
"minimum": 0
},
"warned": {
"type": "integer",
"minimum": 0
},
"ignored": {
"type": "integer",
"minimum": 0
},
"quieted": {
"type": "integer",
"minimum": 0
}
}
},
"verdicts": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/projectedVerdict"
}
},
"issues": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"code",
"message",
"severity",
"path"
],
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
},
"severity": {
"type": "string"
},
"path": {
"type": "string"
}
}
}
}
}
},
"dsse": {
"type": "object",
"additionalProperties": false,
"required": [
"payloadType",
"payload",
"signatures"
],
"properties": {
"payloadType": {
"type": "string"
},
"payload": {
"type": "string"
},
"signatures": {
"type": "array",
"minItems": 1,
"items": {
"type": "object",
"additionalProperties": false,
"required": [
"keyId",
"algorithm",
"signature"
],
"properties": {
"keyId": {
"type": "string"
},
"algorithm": {
"type": "string"
},
"signature": {
"type": "string"
}
}
}
}
}
}
}
}
},
"$defs": {
"finding": {
"type": "object",
"required": [
"id",
"severity",
"source"
],
"properties": {
"id": {
"type": "string"
},
"severity": {
"type": "string"
},
"source": {
"type": "string"
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
}
},
"additionalProperties": true
},
"inputs": {
"type": "object",
"minProperties": 1,
"propertyNames": {
"type": "string",
"maxLength": 64
},
"additionalProperties": {
"type": "number"
}
},
"baselineVerdict": {
"type": "object",
"additionalProperties": false,
"required": [
"findingId",
"status",
"configVersion",
"score"
],
"properties": {
"findingId": {
"type": "string"
},
"status": {
"type": "string",
"enum": [
"Pass",
"Blocked",
"Warned",
"Ignored",
"Deferred",
"Escalated",
"RequiresVex"
]
},
"ruleName": {
"type": [
"string",
"null"
]
},
"ruleAction": {
"type": [
"string",
"null"
]
},
"notes": {
"type": [
"string",
"null"
]
},
"score": {
"type": "number"
},
"configVersion": {
"type": "string"
},
"inputs": {
"$ref": "#/$defs/inputs"
},
"quietedBy": {
"type": [
"string",
"null"
]
},
"quiet": {
"type": "boolean"
},
"unknownConfidence": {
"type": "number",
"minimum": 0
},
"confidenceBand": {
"type": "string",
"enum": [
"low",
"medium",
"high",
"unspecified"
]
},
"unknownAgeDays": {
"type": "number",
"minimum": 0
},
"sourceTrust": {
"type": "string"
},
"reachability": {
"type": "string",
"enum": [
"unknown",
"runtime",
"entrypoint",
"direct",
"indirect",
"unreachable"
]
}
}
},
"projectedVerdict": {
"allOf": [
{
"$ref": "#/$defs/baselineVerdict"
},
{
"type": "object",
"required": [
"ruleName",
"ruleAction",
"unknownConfidence",
"confidenceBand",
"unknownAgeDays",
"sourceTrust",
"reachability"
],
"properties": {
"ruleName": {
"type": "string"
},
"ruleAction": {
"type": "string"
},
"unknownConfidence": {
"type": "number",
"minimum": 0
},
"confidenceBand": {
"type": "string",
"enum": [
"low",
"medium",
"high",
"unspecified"
]
},
"unknownAgeDays": {
"type": "number",
"minimum": 0
},
"sourceTrust": {
"type": "string"
},
"reachability": {
"type": "string",
"enum": [
"unknown",
"runtime",
"entrypoint",
"direct",
"indirect",
"unreachable"
]
}
}
}
]
}
}
}