CD/CD consolidation

2025-12-26 17:32:23 +02:00
parent a866eb6277
commit c786faae84
638 changed files with 3821 additions and 181 deletions
--- a/devops/database/mongo/indices/events_provenance_indices.js
+++ b/devops/database/mongo/indices/events_provenance_indices.js
@@ -0,0 +1,89 @@
+/**
+ * MongoDB indexes for DSSE provenance queries on the events collection.
+ * Run with: mongosh stellaops_db < events_provenance_indices.js
+ *
+ * These indexes support:
+ * - Proven VEX/SBOM/SCAN lookup by subject digest
+ * - Compliance gap queries (unverified events)
+ * - Rekor log index lookups
+ * - Backfill service queries
+ *
+ * Created: 2025-11-27 (PROV-INDEX-401-030)
+ * C# equivalent: src/StellaOps.Events.Mongo/MongoIndexes.cs
+ */
+
+// Switch to the target database (override via --eval "var dbName='custom'" if needed)
+const targetDb = typeof dbName !== 'undefined' ? dbName : 'stellaops';
+db = db.getSiblingDB(targetDb);
+
+print(`Creating provenance indexes on ${targetDb}.events...`);
+
+// Index 1: Lookup proven events by subject digest + kind
+db.events.createIndex(
+  {
+    "subject.digest.sha256": 1,
+    "kind": 1,
+    "provenance.dsse.rekor.logIndex": 1
+  },
+  {
+    name: "events_by_subject_kind_provenance",
+    background: true
+  }
+);
+print("  - events_by_subject_kind_provenance");
+
+// Index 2: Find unproven evidence by kind (compliance gap queries)
+db.events.createIndex(
+  {
+    "kind": 1,
+    "trust.verified": 1,
+    "provenance.dsse.rekor.logIndex": 1
+  },
+  {
+    name: "events_unproven_by_kind",
+    background: true
+  }
+);
+print("  - events_unproven_by_kind");
+
+// Index 3: Direct Rekor log index lookup
+db.events.createIndex(
+  {
+    "provenance.dsse.rekor.logIndex": 1
+  },
+  {
+    name: "events_by_rekor_logindex",
+    background: true
+  }
+);
+print("  - events_by_rekor_logindex");
+
+// Index 4: Envelope digest lookup (for backfill deduplication)
+db.events.createIndex(
+  {
+    "provenance.dsse.envelopeDigest": 1
+  },
+  {
+    name: "events_by_envelope_digest",
+    background: true,
+    sparse: true
+  }
+);
+print("  - events_by_envelope_digest");
+
+// Index 5: Timestamp + kind for compliance reporting time ranges
+db.events.createIndex(
+  {
+    "ts": -1,
+    "kind": 1,
+    "trust.verified": 1
+  },
+  {
+    name: "events_by_ts_kind_verified",
+    background: true
+  }
+);
+print("  - events_by_ts_kind_verified");
+
+print("\nProvenance indexes created successfully.");
+print("Run 'db.events.getIndexes()' to verify.");