stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity

feat: Enhance Authority Identity Provider Registry with Bootstrap Capability

Browse Source 
- Added support for bootstrap providers in AuthorityIdentityProviderRegistry.
- Introduced a new property for bootstrap providers and updated AggregateCapabilities.
- Updated relevant methods to handle bootstrap capabilities during provider registration.

feat: Introduce Sealed Mode Status in OpenIddict Handlers

- Added SealedModeStatusProperty to AuthorityOpenIddictConstants.
- Enhanced ValidateClientCredentialsHandler, ValidatePasswordGrantHandler, and ValidateRefreshTokenGrantHandler to validate sealed mode evidence.
- Implemented logic to handle airgap seal confirmation requirements.

feat: Update Program Configuration for Sealed Mode

- Registered IAuthoritySealedModeEvidenceValidator in Program.cs.
- Added logging for bootstrap capabilities in identity provider plugins.
- Implemented checks for bootstrap support in API endpoints.

chore: Update Tasks and Documentation

- Marked AUTH-MTLS-11-002 as DONE in TASKS.md.
- Updated documentation to reflect changes in sealed mode and bootstrap capabilities.

fix: Improve CLI Command Handlers Output

- Enhanced output formatting for command responses and prompts in CommandHandlers.cs.

feat: Extend Advisory AI Models

- Added Response property to AdvisoryPipelineOutputModel for better output handling.

fix: Adjust Concelier Web Service Authentication

- Improved JWT token handling in Concelier Web Service to ensure proper token extraction and logging.

test: Enhance Web Service Endpoints Tests

- Added detailed logging for authentication failures in WebServiceEndpointsTests.
- Enabled PII logging for better debugging of authentication issues.

feat: Introduce Air-Gap Configuration Options

- Added AuthorityAirGapOptions and AuthoritySealedModeOptions to StellaOpsAuthorityOptions.
- Implemented validation logic for air-gap configurations to ensure proper setup.
This commit is contained in:
master
2025-11-09 12:18:14 +02:00
parent d71c81e45d
commit ba4c935182
68 changed files with 2142 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
etc/authority.yaml.sample
View File

@@ -65,6 +65,17 @@ notifications:
scope: "notify.escalate"
requireAdminScope: true
airGap:
sealedMode:
enforcementEnabled: false
evidencePath: "../ops/devops/sealed-mode-ci/artifacts/sealed-mode-ci/latest/authority-sealed-ci.json"
maxEvidenceAge: "06:00:00"
cacheLifetime: "00:01:00"
requireAuthorityHealthPass: true
requireSignerHealthPass: true
requireAttestorHealthPass: true
requireEgressProbePass: true
vulnerabilityExplorer:
workflow:
antiForgery:
@@ -226,6 +237,8 @@ clients:
scopes: [ "airgap:status:read", "airgap:import", "airgap:seal" ]
tenant: "tenant-default"
senderConstraint: "dpop"
properties:
requiresAirgapSealConfirmation: true
auth:
type: "client_secret"
secretFile: "../secrets/airgap-operator.secret"