Add Authority Advisory AI and API Lifecycle Configuration
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings. - Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations. - Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration. - Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options. - Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations. - Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client. - Updated project file to include necessary package references for the new Issuer Directory Client library.
This commit is contained in:
master
62
etc/packs-registry.yaml.sample
Normal file
62
etc/packs-registry.yaml.sample
Normal file
@@ -0,0 +1,62 @@
|
||||
# StellaOps Packs Registry configuration template.
|
||||
# Copy to ../etc/packs-registry.yaml (relative to the Packs Registry content root)
|
||||
# and adjust values as needed. Environment variables prefixed with
|
||||
# STELLAOPS_PACKSREGISTRY_ override these settings at runtime.
|
||||
|
||||
schemaVersion: 1
|
||||
|
||||
telemetry:
|
||||
enabled: true
|
||||
serviceName: "stellaops-packs-registry"
|
||||
exportConsole: true
|
||||
minimumLogLevel: "Information"
|
||||
otlpEndpoint: ""
|
||||
resourceAttributes:
|
||||
deployment.environment: "local"
|
||||
|
||||
authority:
|
||||
issuer: "https://authority.stella-ops.local"
|
||||
metadataAddress: ""
|
||||
requireHttpsMetadata: true
|
||||
audiences:
|
||||
- "api://packs-registry"
|
||||
tenant: "tenant-default"
|
||||
# Client credentials for publishing packs into the registry.
|
||||
publishClient:
|
||||
clientId: "packs-registry"
|
||||
clientSecret: ""
|
||||
clientSecretFile: "../secrets/packs-registry.secret"
|
||||
scopes:
|
||||
- "packs.write"
|
||||
- "packs.read"
|
||||
# Optional read-only client for mirrors or offline tooling.
|
||||
readerClient:
|
||||
clientId: "packs-reader"
|
||||
clientSecret: ""
|
||||
clientSecretFile: "../secrets/packs-reader.secret"
|
||||
scopes:
|
||||
- "packs.read"
|
||||
|
||||
storage:
|
||||
# Mongo database storing pack metadata and provenance.
|
||||
mongoConnectionString: "mongodb://packs-registry:registry@mongo:27017/packs-registry?authSource=admin"
|
||||
# Object storage bucket/container for pack bundles and signatures.
|
||||
bundleStore: "s3://stellaops-packs"
|
||||
|
||||
signing:
|
||||
# Trusted keys (PEM paths or Fulcio issuer URLs) used to validate inbound packs.
|
||||
trustedKeys:
|
||||
- "../certificates/packs-signing.pem"
|
||||
# Enforce DSSE attestations for published packs.
|
||||
requireDsse: true
|
||||
|
||||
mirroring:
|
||||
enabled: false
|
||||
# Remote registry or file share used to seed mirrors in offline deployments.
|
||||
source: ""
|
||||
schedule: "00:30:00"
|
||||
|
||||
offlineKit:
|
||||
enabled: true
|
||||
exportDirectory: "out/offline/packs"
|
||||
provenanceManifest: "out/offline/packs/provenance.json"
|
||||
Reference in New Issue
Block a user