up
This commit is contained in:
StellaOps Bot
@@ -1,4 +1,24 @@
|
||||
// Index 1: core lookup – subject + kind + Rekor presence
|
||||
/**
|
||||
* MongoDB indexes for DSSE provenance queries on the events collection.
|
||||
* Run with: mongosh stellaops_db < events_provenance_indices.js
|
||||
*
|
||||
* These indexes support:
|
||||
* - Proven VEX/SBOM/SCAN lookup by subject digest
|
||||
* - Compliance gap queries (unverified events)
|
||||
* - Rekor log index lookups
|
||||
* - Backfill service queries
|
||||
*
|
||||
* Created: 2025-11-27 (PROV-INDEX-401-030)
|
||||
* C# equivalent: src/StellaOps.Events.Mongo/MongoIndexes.cs
|
||||
*/
|
||||
|
||||
// Switch to the target database (override via --eval "var dbName='custom'" if needed)
|
||||
const targetDb = typeof dbName !== 'undefined' ? dbName : 'stellaops';
|
||||
db = db.getSiblingDB(targetDb);
|
||||
|
||||
print(`Creating provenance indexes on ${targetDb}.events...`);
|
||||
|
||||
// Index 1: Lookup proven events by subject digest + kind
|
||||
db.events.createIndex(
|
||||
{
|
||||
"subject.digest.sha256": 1,
|
||||
@@ -6,11 +26,13 @@ db.events.createIndex(
|
||||
"provenance.dsse.rekor.logIndex": 1
|
||||
},
|
||||
{
|
||||
name: "events_by_subject_kind_provenance"
|
||||
name: "events_by_subject_kind_provenance",
|
||||
background: true
|
||||
}
|
||||
);
|
||||
print(" - events_by_subject_kind_provenance");
|
||||
|
||||
// Index 2: compliance gap – by kind + verified + Rekor presence
|
||||
// Index 2: Find unproven evidence by kind (compliance gap queries)
|
||||
db.events.createIndex(
|
||||
{
|
||||
"kind": 1,
|
||||
@@ -18,16 +40,50 @@ db.events.createIndex(
|
||||
"provenance.dsse.rekor.logIndex": 1
|
||||
},
|
||||
{
|
||||
name: "events_unproven_by_kind"
|
||||
name: "events_unproven_by_kind",
|
||||
background: true
|
||||
}
|
||||
);
|
||||
print(" - events_unproven_by_kind");
|
||||
|
||||
// Index 3: generic Rekor index scan – for debugging / bulk audit
|
||||
// Index 3: Direct Rekor log index lookup
|
||||
db.events.createIndex(
|
||||
{
|
||||
"provenance.dsse.rekor.logIndex": 1
|
||||
},
|
||||
{
|
||||
name: "events_by_rekor_logindex"
|
||||
name: "events_by_rekor_logindex",
|
||||
background: true
|
||||
}
|
||||
);
|
||||
print(" - events_by_rekor_logindex");
|
||||
|
||||
// Index 4: Envelope digest lookup (for backfill deduplication)
|
||||
db.events.createIndex(
|
||||
{
|
||||
"provenance.dsse.envelopeDigest": 1
|
||||
},
|
||||
{
|
||||
name: "events_by_envelope_digest",
|
||||
background: true,
|
||||
sparse: true
|
||||
}
|
||||
);
|
||||
print(" - events_by_envelope_digest");
|
||||
|
||||
// Index 5: Timestamp + kind for compliance reporting time ranges
|
||||
db.events.createIndex(
|
||||
{
|
||||
"ts": -1,
|
||||
"kind": 1,
|
||||
"trust.verified": 1
|
||||
},
|
||||
{
|
||||
name: "events_by_ts_kind_verified",
|
||||
background: true
|
||||
}
|
||||
);
|
||||
print(" - events_by_ts_kind_verified");
|
||||
|
||||
print("\nProvenance indexes created successfully.");
|
||||
print("Run 'db.events.getIndexes()' to verify.");
|
||||
|
||||
Reference in New Issue
Block a user