feat: Initialize Zastava Webhook service with TLS and Authority authentication

- Added Program.cs to set up the web application with Serilog for logging, health check endpoints, and a placeholder admission endpoint. - Configured Kestrel server to use TLS 1.3 and handle client certificates appropriately. - Created StellaOps.Zastava.Webhook.csproj with necessary dependencies including Serilog and Polly. - Documented tasks in TASKS.md for the Zastava Webhook project, outlining current work and exit criteria for each task.
2025-10-19 18:36:22 +03:00
parent 2062da7a8b
commit d099a90f9b
966 changed files with 91038 additions and 1850 deletions
--- a/src/StellaOps.Cli/Services/Models/ExcititorExportDownloadResult.cs
+++ b/src/StellaOps.Cli/Services/Models/ExcititorExportDownloadResult.cs
@@ -0,0 +1,6 @@
+namespace StellaOps.Cli.Services.Models;
+
+internal sealed record ExcititorExportDownloadResult(
+    string Path,
+    long SizeBytes,
+    bool FromCache);
--- a/src/StellaOps.Cli/Services/Models/RuntimePolicyEvaluationModels.cs
+++ b/src/StellaOps.Cli/Services/Models/RuntimePolicyEvaluationModels.cs
@@ -0,0 +1,25 @@
+using System;
+using System.Collections.Generic;
+
+namespace StellaOps.Cli.Services.Models;
+
+internal sealed record RuntimePolicyEvaluationRequest(
+    string? Namespace,
+    IReadOnlyDictionary<string, string> Labels,
+    IReadOnlyList<string> Images);
+
+internal sealed record RuntimePolicyEvaluationResult(
+    int TtlSeconds,
+    DateTimeOffset? ExpiresAtUtc,
+    string? PolicyRevision,
+    IReadOnlyDictionary<string, RuntimePolicyImageDecision> Decisions);
+
+internal sealed record RuntimePolicyImageDecision(
+    string PolicyVerdict,
+    bool? Signed,
+    bool? HasSbom,
+    IReadOnlyList<string> Reasons,
+    RuntimePolicyRekorReference? Rekor,
+    IReadOnlyDictionary<string, object?> AdditionalProperties);
+
+internal sealed record RuntimePolicyRekorReference(string? Uuid, string? Url);
--- a/src/StellaOps.Cli/Services/Models/Transport/RuntimePolicyEvaluationTransport.cs
+++ b/src/StellaOps.Cli/Services/Models/Transport/RuntimePolicyEvaluationTransport.cs
@@ -0,0 +1,65 @@
+using System;
+using System.Collections.Generic;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+namespace StellaOps.Cli.Services.Models.Transport;
+
+internal sealed class RuntimePolicyEvaluationRequestDocument
+{
+    [JsonPropertyName("namespace")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? Namespace { get; set; }
+
+    [JsonPropertyName("labels")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public Dictionary<string, string>? Labels { get; set; }
+
+    [JsonPropertyName("images")]
+    public List<string> Images { get; set; } = new();
+}
+
+internal sealed class RuntimePolicyEvaluationResponseDocument
+{
+    [JsonPropertyName("ttlSeconds")]
+    public int? TtlSeconds { get; set; }
+
+    [JsonPropertyName("expiresAtUtc")]
+    public DateTimeOffset? ExpiresAtUtc { get; set; }
+
+    [JsonPropertyName("policyRevision")]
+    public string? PolicyRevision { get; set; }
+
+    [JsonPropertyName("results")]
+    public Dictionary<string, RuntimePolicyEvaluationImageDocument>? Results { get; set; }
+}
+
+internal sealed class RuntimePolicyEvaluationImageDocument
+{
+    [JsonPropertyName("policyVerdict")]
+    public string? PolicyVerdict { get; set; }
+
+    [JsonPropertyName("signed")]
+    public bool? Signed { get; set; }
+
+    [JsonPropertyName("hasSbom")]
+    public bool? HasSbom { get; set; }
+
+    [JsonPropertyName("reasons")]
+    public List<string>? Reasons { get; set; }
+
+    [JsonPropertyName("rekor")]
+    public RuntimePolicyRekorDocument? Rekor { get; set; }
+
+    [JsonExtensionData]
+    public Dictionary<string, JsonElement>? ExtensionData { get; set; }
+}
+
+internal sealed class RuntimePolicyRekorDocument
+{
+    [JsonPropertyName("uuid")]
+    public string? Uuid { get; set; }
+
+    [JsonPropertyName("url")]
+    public string? Url { get; set; }
+}