Add authority bootstrap flows and Concelier ops runbooks

2025-10-15 10:03:56 +03:00
parent 0ddc014864
commit bab75fb00d
276 changed files with 21674 additions and 934 deletions
--- a/src/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardPluginRegistrar.cs
+++ b/src/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardPluginRegistrar.cs
@@ -51,6 +51,25 @@ internal sealed class StandardPluginRegistrar : IAuthorityPluginRegistrar
            var cryptoProvider = sp.GetRequiredService<ICryptoProvider>();
            var passwordHasher = new CryptoPasswordHasher(pluginOptions, cryptoProvider);
            var loggerFactory = sp.GetRequiredService<ILoggerFactory>();
+            var registrarLogger = loggerFactory.CreateLogger<StandardPluginRegistrar>();
+
+            var baselinePolicy = new PasswordPolicyOptions();
+            if (pluginOptions.PasswordPolicy.IsWeakerThan(baselinePolicy))
+            {
+                registrarLogger.LogWarning(
+                    "Standard plugin '{Plugin}' configured a weaker password policy (minLength={Length}, requireUpper={Upper}, requireLower={Lower}, requireDigit={Digit}, requireSymbol={Symbol}) than the baseline (minLength={BaseLength}, requireUpper={BaseUpper}, requireLower={BaseLower}, requireDigit={BaseDigit}, requireSymbol={BaseSymbol}).",
+                    pluginName,
+                    pluginOptions.PasswordPolicy.MinimumLength,
+                    pluginOptions.PasswordPolicy.RequireUppercase,
+                    pluginOptions.PasswordPolicy.RequireLowercase,
+                    pluginOptions.PasswordPolicy.RequireDigit,
+                    pluginOptions.PasswordPolicy.RequireSymbol,
+                    baselinePolicy.MinimumLength,
+                    baselinePolicy.RequireUppercase,
+                    baselinePolicy.RequireLowercase,
+                    baselinePolicy.RequireDigit,
+                    baselinePolicy.RequireSymbol);
+            }

            return new StandardUserCredentialStore(
                pluginName,