stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

Add LDAP Distinguished Name Helper and Credential Audit Context
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details

Browse Source 
- Implemented LdapDistinguishedNameHelper for escaping RDN and filter values.
- Created AuthorityCredentialAuditContext and IAuthorityCredentialAuditContextAccessor for managing credential audit context.
- Developed StandardCredentialAuditLogger with tests for success, failure, and lockout events.
- Introduced AuthorityAuditSink for persisting audit records with structured logging.
- Added CryptoPro related classes for certificate resolution and signing operations.
This commit is contained in:
master
2025-11-09 12:21:38 +02:00
parent ba4c935182
commit 75c2bcafce
385 changed files with 7354 additions and 7344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
src/Orchestrator/StellaOps.Orchestrator/TASKS.md
View File

@@ -1,76 +0,0 @@
# Orchestrator Service Task Board — Epic 9: Source & Job Orchestrator Dashboard
## Sprint 32 Foundations (Read-Only)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-32-001 | TODO | Orchestrator Service Guild | DEVOPS-ORCH-32-001 | Bootstrap service project, configuration, and Postgres schema/migrations for `sources`, `runs`, `jobs`, `dag_edges`, `artifacts`, `quotas`, `schedules`. | Service builds/tests; migrations generated with repeatable scripts; baseline integration test seeds schema; compliance checklist recorded. |
| ORCH-SVC-32-002 | TODO | Orchestrator Service Guild | ORCH-SVC-32-001 | Implement scheduler DAG planner + dependency resolver, job state machine, and critical-path metadata without yet issuing control actions. | DAG builder passes unit/property tests; job states transition per spec; deterministic hashes recorded; docs updated in code comments. |
| ORCH-SVC-32-003 | TODO | Orchestrator Service Guild | ORCH-SVC-32-001 | Expose read-only REST APIs (sources, runs, jobs, DAG) with OpenAPI, validation, pagination, and tenant scoping. | Endpoints return deterministic responses; OpenAPI published; contract tests cover filters/pagination; lint passes. |
> Tenant-scoped tokens must require `orch:read` scope issued by Authority (`AUTH-ORCH-32-001`); reject legacy console bundles missing the new role and document requirement in OpenAPI security section.
| ORCH-SVC-32-004 | TODO | Orchestrator Service Guild | ORCH-SVC-32-002, ORCH-SVC-32-003 | Implement WebSocket/SSE stream for job/run updates, emit structured metrics counters/histograms, and add health probes. | SSE stream proven with integration test; metrics registered in Prometheus exporter; health endpoints wired; docstrings reference event schema. |
| ORCH-SVC-32-005 | TODO | Orchestrator Service Guild | ORCH-SVC-32-001, WORKER-GO-32-001, WORKER-PY-32-001 | Deliver worker claim/heartbeat/progress endpoints capturing artifact metadata/checksums and enforcing idempotency keys. | Claim/heartbeat/progress endpoints pass integration tests with Go/Python sample workers; artifact metadata persisted; idempotency violations rejected with `ERR_ORCH_4xx`; docs note imposed rule. |
## Sprint 33 Controls & Recovery
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-33-001 | TODO | Orchestrator Service Guild | ORCH-SVC-32-003, AUTH-ORCH-33-001 | Enable `sources test|pause|resume|sync-now` and `jobs retry|cancel|prioritize` actions with audit logging, RBAC enforcement, and optimistic concurrency. | Actions mutate state deterministically; audit entries include operator, reason, ticket; integration tests cover happy/error paths; CLI/Console smoke pass. |
| ORCH-SVC-33-002 | TODO | Orchestrator Service Guild | ORCH-SVC-32-002, DEVOPS-ORCH-33-001 | Implement per-source/tenant adaptive token-bucket rate limiter, concurrency caps, and backpressure signals reacting to upstream 429/503. | Rate limiter configurable via API; metrics expose tokens available; simulated 429 storm reduces issuance ≥80%; tests exercise cooldown logic. |
| ORCH-SVC-33-003 | TODO | Orchestrator Service Guild | ORCH-SVC-32-002, WORKER-GO-33-001, WORKER-PY-33-001 | Add watermark/backfill manager with event-time windows, duplicate suppression, dry-run preview endpoint, and safety validations. | Backfill preview API returns window coverage; executed backfills avoid duplicate artifacts (hash equality); tests cover skew/overlap; docs updated. |
| ORCH-SVC-33-004 | TODO | Orchestrator Service Guild | ORCH-SVC-32-004 | Deliver dead-letter store, replay endpoints, and error classification surfaces with remediation hints + notification hooks. | Dead-letter entries persisted with error class + payload refs; replay moves jobs to queues; metrics/logs emitted; documentation references remediation guide. |
## Sprint 34 Backfills, Quotas & GA
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-34-001 | TODO | Orchestrator Service Guild | ORCH-SVC-33-001, ORCH-SVC-33-002 | Implement quota management APIs, per-tenant SLO burn-rate computation, and alert budget tracking surfaced via metrics. | Quotas CRUD endpoints live with RBAC; burn-rate metrics published; alerts hooked (DEVOPS-ORCH-34-001); unit/integration tests cover overage scenarios. |
| ORCH-SVC-34-002 | TODO | Orchestrator Service Guild | ORCH-SVC-33-004, LEDGER-34-101 | Build audit log + immutable run ledger export with signed manifest support, including provenance chain to artifacts. | Ledger export produces signed manifest; hash chain verified; integration test links to Findings Ledger; docs cross-link to run-ledger doc. |
| ORCH-SVC-34-003 | TODO | Orchestrator Service Guild | ORCH-SVC-32-004, ORCH-SVC-33-002 | Execute perf/scale validation (≥10k pending jobs, dispatch P95 <150ms) and add autoscaling hooks with health probes. | Load test report committed; autoscale recommendations documented; health probes wired; perf regression guard added to CI. |
| ORCH-SVC-34-004 | TODO | Orchestrator Service Guild | ORCH-SVC-34-001..003, DEPLOY-ORCH-34-001 | Package orchestrator container, Helm overlays, offline bundle seeds, provenance attestations, and compliance checklist for GA. | Container built with SBOM/attestation; Helm/Compose overlays committed; offline bundle instructions validated; launch readiness checklist signed. |
## Export Center Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-35-101 | TODO | Orchestrator Service Guild | EXPORT-SVC-35-001 | Register `export` job type with quotas/rate policies, expose telemetry, and ensure exporter workers heartbeat via orchestrator contracts. | Job type available; metrics emitted; integration test with exporter worker passes. |
| ORCH-SVC-36-101 | TODO | Orchestrator Service Guild | ORCH-SVC-35-101, EXPORT-SVC-36-003 | Capture distribution metadata and retention timestamps for export jobs, updating dashboards and SSE payloads. | Distribution state persisted; SSE includes distribution progress; dashboards updated. |
| ORCH-SVC-37-101 | TODO | Orchestrator Service Guild | ORCH-SVC-36-101, EXPORT-SVC-37-003 | Enable scheduled export runs, retention pruning hooks, and failure alerting tied to export job class. | Schedules trigger exports; retention API operational; alerts configured; tests cover failure alerting. |
## Notifications Studio Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-38-101 | TODO | Orchestrator Service Guild | | Standardize event envelope (policy/export/job lifecycle) with idempotency keys, ensure export/job failure events published to notifier bus with provenance metadata. | Event schema documented; idempotency keys enforced; notifier integration tests consume events; metrics updated. |
## CLI Parity & Task Packs Integration
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-SVC-41-101 | TODO | Orchestrator Service Guild | AUTH-PACKS-41-001 | Register `pack-run` job type, persist run metadata, integrate logs/artifacts collection, and expose API for Task Runner scheduling. | Pack job type available; logs/artifacts stored; API documented; CLI E2E test passes. |
| ORCH-SVC-42-101 | TODO | Orchestrator Service Guild | ORCH-SVC-41-101, TASKRUN-41-001 | Stream pack run logs via SSE/WS, add manifest endpoints, enforce quotas, and emit pack run events to Notifications Studio. | Log stream operational; manifests accessible; quotas enforced; events published; tests cover flows. |
## Authority-Backed Scopes & Tenancy (Epic 14)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-TEN-48-001 | TODO | Orchestrator Service Guild | WEB-TEN-47-001 | Include `tenant_id`/`project_id` in job specs, set DB session context before processing, enforce context on all queries, and reject jobs missing tenant metadata. | Jobs stamped with tenant/project; RLS respected; tests cover missing context rejection. |
## Observability & Forensics (Epic 15)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-OBS-50-001 | TODO | Orchestrator Service Guild, Observability Guild | TELEMETRY-OBS-50-001, TELEMETRY-OBS-50-002 | Wire `StellaOps.Telemetry.Core` into orchestrator host, instrument schedulers and control APIs with trace spans, structured logs, and exemplar metrics. Ensure tenant/job metadata recorded for every span/log. | Telemetry emitted on happy/error paths; integration tests assert trace propagation to worker payloads; log field contract validated. |
| ORCH-OBS-51-001 | TODO | Orchestrator Service Guild, DevOps Guild | ORCH-OBS-50-001, TELEMETRY-OBS-51-001 | Publish golden-signal metrics (dispatch latency, queue depth, failure rate), define job/tenant SLOs, and emit burn-rate alerts to collector + Notifications. Provide Grafana dashboards + alert rules. | Metrics visible in dashboards; burn-rate alerts trigger in staging; documentation updated with thresholds and runbooks. |
| ORCH-OBS-52-001 | TODO | Orchestrator Service Guild | ORCH-OBS-50-001, TIMELINE-OBS-52-002 | Emit `timeline_event` objects for job lifecycle (`job.scheduled`, `job.started`, `job.completed`, `job.failed`) including trace IDs, run IDs, tenant/project, and causal metadata. Add contract tests and Kafka/NATS emitter with retries. | Timeline events verified against fixtures; duplicates suppressed; failure retries logged; docs reference schema. |
| ORCH-OBS-53-001 | TODO | Orchestrator Service Guild, Evidence Locker Guild | ORCH-OBS-52-001, EVID-OBS-53-002 | Generate job capsule inputs for evidence locker (payload digests, worker image, config hash, log manifest) and invoke locker snapshot hooks on completion/failure. Ensure redaction guard enforced. | Evidence snapshots created for sample jobs; manifests deterministic; secret redaction tests pass; documentation updated. |
| ORCH-OBS-54-001 | TODO | Orchestrator Service Guild, Provenance Guild | ORCH-OBS-53-001, PROV-OBS-53-002 | Produce DSSE attestations for orchestrator-scheduled jobs (subject = job capsule) and store references in timeline + evidence locker. Provide verification endpoint `/jobs/{id}/attestation`. | Attestations generated and verified in integration tests; timeline links added; docs updated. |
| ORCH-OBS-55-001 | TODO | Orchestrator Service Guild, DevOps Guild | ORCH-OBS-51-001, TELEMETRY-OBS-55-001, DEVOPS-OBS-55-001 | Implement incident mode hooks (sampling overrides, extended retention, additional debug spans) and automatic activation on SLO burn-rate breach. Emit activation/deactivation events to timeline + Notifier. | Incident mode triggers automatically in staging; manual override API documented; events observed in timeline and notifications. |
## Air-Gapped Mode (Epic 16)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-AIRGAP-56-001 | TODO | Orchestrator Service Guild, AirGap Policy Guild | AIRGAP-POL-56-001, TASKRUN-OBS-50-001 | Enforce job descriptors to declare network intents; reject or flag any external endpoints in sealed mode before scheduling. | Validator prevents forbidden jobs; errors return remediation guidance; tests cover allow/deny cases. |
| ORCH-AIRGAP-56-002 | TODO | Orchestrator Service Guild, AirGap Controller Guild | ORCH-AIRGAP-56-001, AIRGAP-CTL-56-002 | Surface sealing status and time staleness in job scheduling decisions; block runs when staleness budgets exceeded. | Scheduler checks status API; blocked runs emit timeline + notification; tests cover stale vs fresh. |
| ORCH-AIRGAP-57-001 | TODO | Orchestrator Service Guild, Mirror Creator Guild | ORCH-AIRGAP-56-001, MIRROR-CRT-58-002 | Add job type `mirror.bundle` to orchestrate bundle creation in connected environments with audit + provenance outputs. | Job type defined; export center integration validated; timeline events emitted. |
| ORCH-AIRGAP-58-001 | TODO | Orchestrator Service Guild, Evidence Locker Guild | ORCH-OBS-53-001, EVID-OBS-55-001 | Capture import/export operations as timeline/evidence entries, ensuring chain-of-custody for mirror + portable evidence jobs. | Evidence snapshots created; timeline references bundle/job IDs; integration tests pass. |
## SDKs & OpenAPI (Epic 17)
| ID | Status | Owner(s) | Depends on | Description | Exit Criteria |
|----|--------|----------|------------|-------------|---------------|
| ORCH-OAS-61-001 | TODO | Orchestrator Service Guild, API Contracts Guild | OAS-61-001 | Document orchestrator endpoints in per-service OAS with standardized pagination, idempotency, and error envelope examples. | Spec covers all orchestrator endpoints; lint passes; examples validated. |
| ORCH-OAS-61-002 | TODO | Orchestrator Service Guild | ORCH-OAS-61-001 | Implement `GET /.well-known/openapi` in service and ensure version metadata aligns with runtime build. | Discovery endpoint live; integration test verifies schema + headers. |
| ORCH-OAS-62-001 | TODO | Orchestrator Service Guild, SDK Generator Guild | ORCH-OAS-61-001, SDKGEN-63-001 | Ensure SDK paginators and operations support orchestrator job operations; add SDK smoke tests for schedule/retry APIs. | SDK integration tests cover orchestrator flows; CLI reuses SDK methods. |
| ORCH-OAS-63-001 | TODO | Orchestrator Service Guild, API Governance Guild | APIGOV-63-001 | Emit deprecation headers and documentation for legacy orchestrator endpoints; update notifications metadata. | Deprecated endpoints include headers + docs; Notifications triggered in staging. |