Add Authority Advisory AI and API Lifecycle Configuration

- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings. - Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations. - Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration. - Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options. - Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations. - Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client. - Updated project file to include necessary package references for the new Issuer Directory Client library.
2025-11-02 13:40:38 +02:00
parent 66cb6c4b8a
commit f98cea3bcf
516 changed files with 68157 additions and 24754 deletions
--- a/src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets/Providers/FileSurfaceSecretProvider.cs
+++ b/src/Scanner/__Libraries/StellaOps.Scanner.Surface.Secrets/Providers/FileSurfaceSecretProvider.cs
@@ -0,0 +1,65 @@
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Text.Json;
+
+namespace StellaOps.Scanner.Surface.Secrets.Providers;
+
+internal sealed class FileSurfaceSecretProvider : ISurfaceSecretProvider
+{
+    private readonly string _root;
+
+    public FileSurfaceSecretProvider(string root)
+    {
+        if (string.IsNullOrWhiteSpace(root))
+        {
+            throw new ArgumentException("File secret provider root cannot be null or whitespace.", nameof(root));
+        }
+
+        _root = root;
+    }
+
+    public async ValueTask<SurfaceSecretHandle> GetAsync(
+        SurfaceSecretRequest request,
+        CancellationToken cancellationToken = default)
+    {
+        if (request is null)
+        {
+            throw new ArgumentNullException(nameof(request));
+        }
+
+        var path = ResolvePath(request);
+        if (!File.Exists(path))
+        {
+            throw new SurfaceSecretNotFoundException(request);
+        }
+
+        await using var stream = File.OpenRead(path);
+        var descriptor = await JsonSerializer.DeserializeAsync<FileSecretDescriptor>(stream, cancellationToken: cancellationToken).ConfigureAwait(false);
+        if (descriptor is null)
+        {
+            throw new SurfaceSecretNotFoundException(request);
+        }
+
+        if (string.IsNullOrWhiteSpace(descriptor.Payload))
+        {
+            return SurfaceSecretHandle.Empty;
+        }
+
+        var bytes = Convert.FromBase64String(descriptor.Payload);
+        return SurfaceSecretHandle.FromBytes(bytes, descriptor.Metadata);
+    }
+
+    private string ResolvePath(SurfaceSecretRequest request)
+    {
+        var name = request.Name ?? "default";
+        return Path.Combine(_root, request.Tenant, request.Component, request.SecretType, name + ".json");
+    }
+
+    private sealed class FileSecretDescriptor
+    {
+        public string? Payload { get; init; }
+        public Dictionary<string, string>? Metadata { get; init; }
+    }
+}