Add Authority Advisory AI and API Lifecycle Configuration
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings. - Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations. - Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration. - Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options. - Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations. - Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client. - Updated project file to include necessary package references for the new Issuer Directory Client library.
This commit is contained in:
master
@@ -49,14 +49,29 @@ public static class StellaOpsScopes
|
||||
public const string ExceptionsApprove = "exceptions:approve";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to raw advisory ingestion data.
|
||||
/// </summary>
|
||||
public const string AdvisoryRead = "advisory:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting write access for raw advisory ingestion.
|
||||
/// </summary>
|
||||
public const string AdvisoryIngest = "advisory:ingest";
|
||||
/// Scope granting read-only access to raw advisory ingestion data.
|
||||
/// </summary>
|
||||
public const string AdvisoryRead = "advisory:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting write access for raw advisory ingestion.
|
||||
/// </summary>
|
||||
public const string AdvisoryIngest = "advisory:ingest";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to Advisory AI artefacts (summaries, remediation exports).
|
||||
/// </summary>
|
||||
public const string AdvisoryAiView = "advisory-ai:view";
|
||||
|
||||
/// <summary>
|
||||
/// Scope permitting Advisory AI inference requests and workflow execution.
|
||||
/// </summary>
|
||||
public const string AdvisoryAiOperate = "advisory-ai:operate";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting administrative control over Advisory AI configuration and profiles.
|
||||
/// </summary>
|
||||
public const string AdvisoryAiAdmin = "advisory-ai:admin";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to raw VEX ingestion data.
|
||||
@@ -85,13 +100,28 @@ public static class StellaOpsScopes
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting administrative access to reachability signal ingestion.
|
||||
/// </summary>
|
||||
public const string SignalsAdmin = "signals:admin";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to create or edit policy drafts.
|
||||
/// </summary>
|
||||
public const string PolicyWrite = "policy:write";
|
||||
/// </summary>
|
||||
public const string SignalsAdmin = "signals:admin";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to seal or unseal an installation in air-gapped mode.
|
||||
/// </summary>
|
||||
public const string AirgapSeal = "airgap:seal";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to import offline bundles while in air-gapped mode.
|
||||
/// </summary>
|
||||
public const string AirgapImport = "airgap:import";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to air-gap status and sealing state endpoints.
|
||||
/// </summary>
|
||||
public const string AirgapStatusRead = "airgap:status:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to create or edit policy drafts.
|
||||
/// </summary>
|
||||
public const string PolicyWrite = "policy:write";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to author Policy Studio workspaces.
|
||||
@@ -163,11 +193,51 @@ public static class StellaOpsScopes
|
||||
/// </summary>
|
||||
public const string GraphRead = "graph:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to Vuln Explorer resources and permalinks.
|
||||
/// </summary>
|
||||
public const string VulnRead = "vuln:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to Vuln Explorer resources and permalinks.
|
||||
/// </summary>
|
||||
public const string VulnRead = "vuln:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to observability dashboards and overlays.
|
||||
/// </summary>
|
||||
public const string ObservabilityRead = "obs:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to incident timelines and chronology data.
|
||||
/// </summary>
|
||||
public const string TimelineRead = "timeline:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to append events to incident timelines.
|
||||
/// </summary>
|
||||
public const string TimelineWrite = "timeline:write";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to create evidence packets in the evidence locker.
|
||||
/// </summary>
|
||||
public const string EvidenceCreate = "evidence:create";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to stored evidence packets.
|
||||
/// </summary>
|
||||
public const string EvidenceRead = "evidence:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to place or release legal holds on evidence packets.
|
||||
/// </summary>
|
||||
public const string EvidenceHold = "evidence:hold";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to attestation records and observer feeds.
|
||||
/// </summary>
|
||||
public const string AttestRead = "attest:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to activate or resolve observability incident mode controls.
|
||||
/// </summary>
|
||||
public const string ObservabilityIncident = "obs:incident";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to export center runs and bundles.
|
||||
/// </summary>
|
||||
@@ -176,13 +246,68 @@ public static class StellaOpsScopes
|
||||
/// <summary>
|
||||
/// Scope granting permission to operate export center scheduling and run execution.
|
||||
/// </summary>
|
||||
public const string ExportOperator = "export.operator";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting administrative control over export center retention, encryption keys, and scheduling policies.
|
||||
/// </summary>
|
||||
public const string ExportAdmin = "export.admin";
|
||||
|
||||
public const string ExportOperator = "export.operator";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting administrative control over export center retention, encryption keys, and scheduling policies.
|
||||
/// </summary>
|
||||
public const string ExportAdmin = "export.admin";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to notifier channels, rules, and delivery history.
|
||||
/// </summary>
|
||||
public const string NotifyViewer = "notify.viewer";
|
||||
|
||||
/// <summary>
|
||||
/// Scope permitting notifier rule management, delivery actions, and channel operations.
|
||||
/// </summary>
|
||||
public const string NotifyOperator = "notify.operator";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting administrative control over notifier secrets, escalations, and platform-wide settings.
|
||||
/// </summary>
|
||||
public const string NotifyAdmin = "notify.admin";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to issuer directory catalogues.
|
||||
/// </summary>
|
||||
public const string IssuerDirectoryRead = "issuer-directory:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope permitting creation and modification of issuer directory entries.
|
||||
/// </summary>
|
||||
public const string IssuerDirectoryWrite = "issuer-directory:write";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting administrative control over issuer directory resources (delete, audit bypass).
|
||||
/// </summary>
|
||||
public const string IssuerDirectoryAdmin = "issuer-directory:admin";
|
||||
|
||||
/// <summary>
|
||||
/// Scope required to issue or honour escalation actions for notifications.
|
||||
/// </summary>
|
||||
public const string NotifyEscalate = "notify.escalate";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to Task Packs catalogues and manifests.
|
||||
/// </summary>
|
||||
public const string PacksRead = "packs.read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope permitting publication or updates to Task Packs in the registry.
|
||||
/// </summary>
|
||||
public const string PacksWrite = "packs.write";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to execute Task Packs via CLI or Task Runner.
|
||||
/// </summary>
|
||||
public const string PacksRun = "packs.run";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to fulfil Task Pack approval gates.
|
||||
/// </summary>
|
||||
public const string PacksApprove = "packs.approve";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to enqueue or mutate graph build jobs.
|
||||
/// </summary>
|
||||
@@ -204,10 +329,20 @@ public static class StellaOpsScopes
|
||||
public const string OrchRead = "orch:read";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to execute Orchestrator control actions.
|
||||
/// </summary>
|
||||
public const string OrchOperate = "orch:operate";
|
||||
|
||||
/// Scope granting permission to execute Orchestrator control actions.
|
||||
/// </summary>
|
||||
public const string OrchOperate = "orch:operate";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to manage Orchestrator quotas and elevated backfill tooling.
|
||||
/// </summary>
|
||||
public const string OrchQuota = "orch:quota";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting permission to initiate orchestrator-controlled backfill runs.
|
||||
/// </summary>
|
||||
public const string OrchBackfill = "orch:backfill";
|
||||
|
||||
/// <summary>
|
||||
/// Scope granting read-only access to Authority tenant catalog APIs.
|
||||
/// </summary>
|
||||
@@ -223,17 +358,23 @@ public static class StellaOpsScopes
|
||||
Bypass,
|
||||
UiRead,
|
||||
ExceptionsApprove,
|
||||
AdvisoryRead,
|
||||
AdvisoryIngest,
|
||||
VexRead,
|
||||
VexIngest,
|
||||
AocVerify,
|
||||
SignalsRead,
|
||||
SignalsWrite,
|
||||
SignalsAdmin,
|
||||
PolicyWrite,
|
||||
PolicyAuthor,
|
||||
PolicyEdit,
|
||||
AdvisoryRead,
|
||||
AdvisoryIngest,
|
||||
AdvisoryAiView,
|
||||
AdvisoryAiOperate,
|
||||
AdvisoryAiAdmin,
|
||||
VexRead,
|
||||
VexIngest,
|
||||
AocVerify,
|
||||
SignalsRead,
|
||||
SignalsWrite,
|
||||
SignalsAdmin,
|
||||
AirgapSeal,
|
||||
AirgapImport,
|
||||
AirgapStatusRead,
|
||||
PolicyWrite,
|
||||
PolicyAuthor,
|
||||
PolicyEdit,
|
||||
PolicyRead,
|
||||
PolicyReview,
|
||||
PolicySubmit,
|
||||
@@ -245,18 +386,39 @@ public static class StellaOpsScopes
|
||||
PolicySimulate,
|
||||
FindingsRead,
|
||||
EffectiveWrite,
|
||||
GraphRead,
|
||||
VulnRead,
|
||||
ExportViewer,
|
||||
ExportOperator,
|
||||
ExportAdmin,
|
||||
GraphWrite,
|
||||
GraphExport,
|
||||
GraphSimulate,
|
||||
OrchRead,
|
||||
OrchOperate,
|
||||
AuthorityTenantsRead
|
||||
};
|
||||
GraphRead,
|
||||
VulnRead,
|
||||
ObservabilityRead,
|
||||
TimelineRead,
|
||||
TimelineWrite,
|
||||
EvidenceCreate,
|
||||
EvidenceRead,
|
||||
EvidenceHold,
|
||||
AttestRead,
|
||||
ObservabilityIncident,
|
||||
ExportViewer,
|
||||
ExportOperator,
|
||||
ExportAdmin,
|
||||
NotifyViewer,
|
||||
NotifyOperator,
|
||||
NotifyAdmin,
|
||||
IssuerDirectoryRead,
|
||||
IssuerDirectoryWrite,
|
||||
IssuerDirectoryAdmin,
|
||||
NotifyEscalate,
|
||||
PacksRead,
|
||||
PacksWrite,
|
||||
PacksRun,
|
||||
PacksApprove,
|
||||
GraphWrite,
|
||||
GraphExport,
|
||||
GraphSimulate,
|
||||
OrchRead,
|
||||
OrchOperate,
|
||||
OrchBackfill,
|
||||
OrchQuota,
|
||||
AuthorityTenantsRead
|
||||
};
|
||||
|
||||
/// <summary>
|
||||
/// Normalises a scope string (trim/convert to lower case).
|
||||
|
||||
Reference in New Issue
Block a user