stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
docs/implplan/SPRINT_164_exportcenter_iii.md
View File

@@ -7,18 +7,18 @@ Depends on: Sprint 160.B - ExportCenter.II
Summary: Export & Evidence focus on ExportCenter (phase III).
Task ID | State | Task description | Owners (Source)
--- | --- | --- | ---
EXPORT-SVC-35-006 | TODO | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-36-001 | TODO | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-36-002 | TODO | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-36-003 | TODO | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-36-004 | TODO | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-37-001 | TODO | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-37-002 | TODO | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-37-003 | TODO | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-37-004 | TODO | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-SVC-43-001 | TODO | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
EXPORT-TEN-48-001 | TODO | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter/TASKS.md)
RISK-BUNDLE-69-001 | TODO | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, and DSSE signatures. | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md)
RISK-BUNDLE-69-002 | TODO | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md)
RISK-BUNDLE-70-001 | TODO | Provide CLI `stella risk bundle verify` command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md)
RISK-BUNDLE-70-002 | TODO | Publish `/docs/airgap/risk-bundles.md` detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles/TASKS.md)
EXPORT-SVC-35-006 | TODO | Expose Export API (profiles, runs, download, SSE updates) with audit logging, concurrency controls, and viewer/operator RBAC integration. Dependencies: EXPORT-SVC-35-005. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-36-001 | TODO | Implement Trivy DB adapter (core) with schema mappings, version flag gating, and validation harness. Dependencies: EXPORT-SVC-35-006. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-36-002 | TODO | Add Trivy Java DB variant with shared manifest entries and adapter regression tests. Dependencies: EXPORT-SVC-36-001. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-36-003 | TODO | Build OCI distribution engine (manifests, descriptors, annotations) with registry auth support and retries. Dependencies: EXPORT-SVC-36-002. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-36-004 | TODO | Extend planner/run lifecycle for distribution targets (OCI/object storage) with idempotent metadata updates and retention timestamps. Dependencies: EXPORT-SVC-36-003. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-37-001 | TODO | Implement mirror delta adapter with base manifest comparison, change set generation, and content-addressed reuse. Dependencies: EXPORT-SVC-36-004. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-37-002 | TODO | Add bundle encryption (age/AES-GCM), key wrapping via KMS, and verification tooling for encrypted outputs. Dependencies: EXPORT-SVC-37-001. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-37-003 | TODO | Implement export scheduling (cron/event), retention pruning, retry idempotency, and failure classification. Dependencies: EXPORT-SVC-37-002. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-37-004 | TODO | Provide verification API to stream manifests/hashes, compute hash+signature checks, and return attest status for CLI/UI. Dependencies: EXPORT-SVC-37-003. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-SVC-43-001 | TODO | Integrate pack run manifests/artifacts into export bundles and CLI verification flows; expose provenance links. Dependencies: EXPORT-SVC-37-004. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
EXPORT-TEN-48-001 | TODO | Prefix artifacts/manifests with tenant/project, enforce scope checks, and prevent cross-tenant exports unless explicitly whitelisted; update provenance. | Exporter Service Guild (src/ExportCenter/StellaOps.ExportCenter)
RISK-BUNDLE-69-001 | TODO | Implement `stella export risk-bundle` job producing tarball with provider datasets, manifests, and DSSE signatures. | Risk Bundle Export Guild, Risk Engine Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles)
RISK-BUNDLE-69-002 | TODO | Integrate bundle job into CI/offline kit pipelines with checksum publication. Dependencies: RISK-BUNDLE-69-001. | Risk Bundle Export Guild, DevOps Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles)
RISK-BUNDLE-70-001 | TODO | Provide CLI `stella risk bundle verify` command to validate bundles before import. Dependencies: RISK-BUNDLE-69-002. | Risk Bundle Export Guild, CLI Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles)
RISK-BUNDLE-70-002 | TODO | Publish `/docs/airgap/risk-bundles.md` detailing build/import/verification workflows. Dependencies: RISK-BUNDLE-70-001. | Risk Bundle Export Guild, Docs Guild (src/ExportCenter/StellaOps.ExportCenter.RiskBundles)