stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
1d962ee6fc98ad8c53715bbff6d513246f5b1361
git.stella-ops.org/docs/updates/2025-11-02-pack-scope-profiles.md
master 1d962ee6fc
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add OpenSslLegacyShim to ensure OpenSSL 1.1 libraries are accessible on Linux 
This commit introduces the OpenSslLegacyShim class, which sets the LD_LIBRARY_PATH environment variable to include the directory containing OpenSSL 1.1 native libraries. This is necessary for Mongo2Go to function correctly on Linux platforms that do not ship these libraries by default. The shim checks if the current operating system is Linux and whether the required directory exists before modifying the environment variable.
2025-11-02 21:41:03 +02:00

19 lines
1.5 KiB
Markdown
Raw Blame History

# 2025-11-02 · Pack scope catalogue & CLI profiles
**What changed**
- Authority configuration samples (`etc/authority.yaml.sample`) now seed Pack roles (`pack-viewer`, `pack-operator`, `pack-publisher`, `pack-approver`, `pack-admin`) with deterministic scope bundles.
- Added `AddPacksResourcePolicies` helper in `StellaOps.Auth.ServerIntegration` so Packs Registry/Task Runner services can register consistent authorization policies; accompanying unit tests validate the policy catalogue.
- Documented Task Pack CLI profiles (`docs/modules/cli/guides/packs-profiles.md`) and added quick-reference guidance in the CLI manual for setting `StellaOps:Authority:Scope` via profiles or environment variables.
- Updated Authority scope docs and samples to reflect the new roles, keeping offline/air-gap defaults aligned.
**Why**
Task Pack rollout requires explicit RBAC and short-lived tokens per workflow (publish, run, approve). Providing ready-to-use roles, policies, and CLI profiles removes guesswork for operators and ensures tokens carry the correct scopes by default.
**Actions**
1. Refresh Authority configuration in each environment from the updated sample (or add the roles manually) so Pack clients can request tokens.
2. Roll out the CLI profiles or equivalent configuration in automation (`STELLA_PROFILE=packs-operator`, etc.) before enabling pack workflows.
3. Update Task Runner/Packs Registry services to call `AddPacksResourcePolicies()` when wiring authorization.
Reference in New Issue View Git Blame Copy Permalink