stela ops usage fixes roles propagation and timoeut, one account to support multi tenants, migrations consolidation, search to support documentation, doctor and open api vector db search
This commit is contained in:
master
@@ -84,10 +84,11 @@ builder.Services.AddStellaOpsCrypto(bootstrapOptions.Crypto);
|
||||
builder.Services.AddControllers();
|
||||
|
||||
// Stella Router integration - enables ASP.NET endpoints to be registered with the Router
|
||||
builder.Services.TryAddStellaRouter(
|
||||
var routerEnabled = builder.Services.AddRouterMicroservice(
|
||||
builder.Configuration,
|
||||
serviceName: "scanner",
|
||||
version: typeof(Program).Assembly.GetName().Version?.ToString() ?? "1.0.0",
|
||||
routerOptions: bootstrapOptions.Router);
|
||||
version: System.Reflection.CustomAttributeExtensions.GetCustomAttribute<System.Reflection.AssemblyInformationalVersionAttribute>(System.Reflection.Assembly.GetExecutingAssembly())?.InformationalVersion ?? "1.0.0",
|
||||
routerOptionsSection: "Router");
|
||||
|
||||
builder.Services.AddOptions<ScannerWebServiceOptions>()
|
||||
.Bind(builder.Configuration.GetSection(ScannerWebServiceOptions.SectionName))
|
||||
@@ -437,12 +438,20 @@ if (bootstrapOptions.Authority.Enabled)
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.ScansEnqueue, bootstrapOptions.Authority.RequiredScopes.ToArray());
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.ScansRead, ScannerAuthorityScopes.ScansRead);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.ScansWrite, ScannerAuthorityScopes.ScansWrite);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.ScansApprove, ScannerAuthorityScopes.ScansWrite);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.ScansApprove, ScannerAuthorityScopes.ScansApprove);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.Reports, ScannerAuthorityScopes.ReportsRead);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.RuntimeIngest, ScannerAuthorityScopes.RuntimeIngest);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.CallGraphIngest, ScannerAuthorityScopes.CallGraphIngest);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.TriageRead, ScannerAuthorityScopes.ScansRead);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.TriageWrite, ScannerAuthorityScopes.ScansWrite);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.Admin, ScannerAuthorityScopes.Admin);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.SourcesRead, ScannerAuthorityScopes.SourcesRead);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.SourcesWrite, ScannerAuthorityScopes.SourcesWrite);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.SourcesAdmin, ScannerAuthorityScopes.SourcesAdmin);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.SecretSettingsRead, ScannerAuthorityScopes.SecretSettingsRead);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.SecretSettingsWrite, ScannerAuthorityScopes.SecretSettingsWrite);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.SecretExceptionsRead, ScannerAuthorityScopes.SecretExceptionsRead);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.SecretExceptionsWrite, ScannerAuthorityScopes.SecretExceptionsWrite);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.OfflineKitImport, StellaOpsScopes.AirgapImport);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.OfflineKitStatusRead, StellaOpsScopes.AirgapStatusRead);
|
||||
options.AddStellaOpsScopePolicy(ScannerPolicies.OfflineKitManifestRead, StellaOpsScopes.AirgapStatusRead);
|
||||
@@ -469,6 +478,14 @@ else
|
||||
options.AddPolicy(ScannerPolicies.CallGraphIngest, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.TriageRead, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.TriageWrite, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.Admin, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.SourcesRead, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.SourcesWrite, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.SourcesAdmin, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.SecretSettingsRead, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.SecretSettingsWrite, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.SecretExceptionsRead, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.SecretExceptionsWrite, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.OfflineKitImport, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.OfflineKitStatusRead, policy => policy.RequireAssertion(_ => true));
|
||||
options.AddPolicy(ScannerPolicies.OfflineKitManifestRead, policy => policy.RequireAssertion(_ => true));
|
||||
@@ -594,7 +611,7 @@ app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
|
||||
// Stella Router integration - enables request dispatch from Router to ASP.NET endpoints
|
||||
app.TryUseStellaRouter(resolvedOptions.Router);
|
||||
app.TryUseStellaRouter(routerEnabled);
|
||||
|
||||
// Idempotency middleware (Sprint: SPRINT_3500_0002_0003)
|
||||
app.UseIdempotency();
|
||||
@@ -651,7 +668,7 @@ app.MapOpenApiIfAvailable();
|
||||
app.MapSliceEndpoints(); // Sprint: SPRINT_3820_0001_0001
|
||||
|
||||
// Refresh Router endpoint cache after all endpoints are registered
|
||||
app.TryRefreshStellaRouterEndpoints(resolvedOptions.Router);
|
||||
app.TryRefreshStellaRouterEndpoints(routerEnabled);
|
||||
|
||||
await app.RunAsync().ConfigureAwait(false);
|
||||
|
||||
@@ -674,3 +691,5 @@ internal sealed class SurfaceCacheOptionsConfigurator : IConfigureOptions<Surfac
|
||||
options.RootDirectory = settings.CacheRoot.FullName;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -8,9 +8,20 @@ internal static class ScannerAuthorityScopes
|
||||
public const string ScansEnqueue = "scanner.scans.enqueue";
|
||||
public const string ScansRead = "scanner.scans.read";
|
||||
public const string ScansWrite = "scanner.scans.write";
|
||||
public const string ScansApprove = "scanner.scans.approve";
|
||||
public const string ReportsRead = "scanner.reports.read";
|
||||
public const string RuntimeIngest = "scanner.runtime.ingest";
|
||||
public const string CallGraphIngest = "scanner.callgraph.ingest";
|
||||
public const string Admin = "scanner.admin";
|
||||
public const string SourcesRead = "scanner.sources.read";
|
||||
public const string SourcesWrite = "scanner.sources.write";
|
||||
public const string SourcesAdmin = "scanner.sources.admin";
|
||||
public const string SecretSettingsRead = "scanner.secrets.settings.read";
|
||||
public const string SecretSettingsWrite = "scanner.secrets.settings.write";
|
||||
public const string SecretExceptionsRead = "scanner.secrets.exceptions.read";
|
||||
public const string SecretExceptionsWrite = "scanner.secrets.exceptions.write";
|
||||
public const string OfflineKitImport = "scanner.offline-kit.import";
|
||||
public const string OfflineKitStatusRead = "scanner.offline-kit.status.read";
|
||||
public const string OfflineKitManifestRead = "scanner.offline-kit.manifest.read";
|
||||
public const string OfflineKitValidate = "scanner.offline-kit.validate";
|
||||
}
|
||||
|
||||
@@ -64,4 +64,8 @@
|
||||
<ItemGroup>
|
||||
<Compile Remove="Endpoints\\UnknownsEndpoints.cs" />
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="StellaOpsReleaseVersion">
|
||||
<Version>1.0.0-alpha1</Version>
|
||||
<InformationalVersion>1.0.0-alpha1</InformationalVersion>
|
||||
</PropertyGroup>
|
||||
</Project>
|
||||
|
||||
Reference in New Issue
Block a user