stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

Browse Source
This commit is contained in:
master
2026-02-23 15:30:50 +02:00
parent bd8fee6ed8
commit e746577380
1424 changed files with 81225 additions and 25251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/SbomService/StellaOps.SbomService/Auth/SbomPolicies.cs Normal file
View File

@@ -0,0 +1,21 @@
// Copyright (c) StellaOps. Licensed under the BUSL-1.1.
namespace StellaOps.SbomService.Auth;
/// <summary>
/// Named authorization policy constants for the SBOM service.
/// SbomService uses the internal HeaderAuthenticationHandler (x-tenant-id header) which
/// does not issue scope claims. Policies require an authenticated tenant context.
/// Scope enforcement is applied at the infrastructure level via the header auth scheme.
/// </summary>
internal static class SbomPolicies
{
/// <summary>Policy for querying SBOM data (paths, versions, ledger, lineage). Requires authenticated tenant context.</summary>
public const string Read = "Sbom.Read";
/// <summary>Policy for mutating SBOM data (upload, entrypoints, orchestrator). Requires authenticated tenant context.</summary>
public const string Write = "Sbom.Write";
/// <summary>Policy for internal/operational endpoints (events, backfill, retention). Requires authenticated tenant context.</summary>
public const string Internal = "Sbom.Internal";
}