feat(integrations): secret authority service for UI-driven secret staging
Add SecretAuthorityService + endpoints so the setup wizard and integrations hub can stage secret bundles and bind authref URIs directly from the UI, instead of requiring out-of-band Vault seeding. Wire the new service behind IntegrationPolicies, expose SecretAuthorityDtos on the contracts library, and register an UpsertSecretBundle audit action for the emission library. Closes BOOTSTRAP-006 from SPRINT_20260413_004. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -118,6 +118,7 @@ builder.Services.AddScoped<IAuthRefResolver, VaultAuthRefResolver>();
|
||||
|
||||
// Core service
|
||||
builder.Services.AddScoped<IntegrationService>();
|
||||
builder.Services.AddScoped<SecretAuthorityService>();
|
||||
builder.Services.AddSingleton<IAiCodeGuardPipelineConfigLoader, AiCodeGuardPipelineConfigLoader>();
|
||||
builder.Services.AddScoped<IAiCodeGuardRunService, AiCodeGuardRunService>();
|
||||
|
||||
@@ -132,6 +133,8 @@ builder.Services.AddAuthorization(options =>
|
||||
options.AddStellaOpsScopePolicy(IntegrationPolicies.Read, StellaOpsScopes.IntegrationRead);
|
||||
options.AddStellaOpsScopePolicy(IntegrationPolicies.Write, StellaOpsScopes.IntegrationWrite);
|
||||
options.AddStellaOpsScopePolicy(IntegrationPolicies.Operate, StellaOpsScopes.IntegrationOperate);
|
||||
options.AddStellaOpsScopePolicy(IntegrationPolicies.SecretAuthorityRead, StellaOpsScopes.IntegrationRead);
|
||||
options.AddStellaOpsScopePolicy(IntegrationPolicies.SecretAuthorityWrite, StellaOpsScopes.IntegrationWrite);
|
||||
});
|
||||
|
||||
// Unified audit emission (posts audit events to Timeline service)
|
||||
@@ -165,6 +168,7 @@ app.TryUseStellaRouter(routerEnabled);
|
||||
|
||||
// Map endpoints
|
||||
app.MapIntegrationEndpoints();
|
||||
app.MapSecretAuthorityEndpoints();
|
||||
|
||||
// Health endpoint
|
||||
app.MapGet("/health", () => Results.Ok(new { Status = "Healthy", Timestamp = DateTimeOffset.UtcNow }))
|
||||
|
||||
Reference in New Issue
Block a user