f98cea3bcf
- Introduced AuthorityAdvisoryAiOptions and related classes for managing advisory AI configurations, including remote inference options and tenant-specific settings. - Added AuthorityApiLifecycleOptions to control API lifecycle settings, including legacy OAuth endpoint configurations. - Implemented validation and normalization methods for both advisory AI and API lifecycle options to ensure proper configuration. - Created AuthorityNotificationsOptions and its related classes for managing notification settings, including ack tokens, webhooks, and escalation options. - Developed IssuerDirectoryClient and related models for interacting with the issuer directory service, including caching mechanisms and HTTP client configurations. - Added support for dependency injection through ServiceCollectionExtensions for the Issuer Directory Client. - Updated project file to include necessary package references for the new Issuer Directory Client library.
768 lines
35 KiB
XML
768 lines
35 KiB
XML
<?xml version="1.0"?>
|
|
<doc>
|
|
<assembly>
|
|
<name>StellaOps.Auth.Abstractions</name>
|
|
</assembly>
|
|
<members>
|
|
<member name="T:StellaOps.Auth.AuthorityTelemetry">
|
|
<summary>
|
|
Canonical telemetry metadata for the StellaOps Authority stack.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.ServiceName">
|
|
<summary>
|
|
service.name resource attribute recorded by Authority components.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.ServiceNamespace">
|
|
<summary>
|
|
service.namespace resource attribute aligning Authority with other StellaOps services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.ActivitySourceName">
|
|
<summary>
|
|
Activity source identifier used by Authority instrumentation.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.MeterName">
|
|
<summary>
|
|
Meter name used by Authority instrumentation.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.AuthorityTelemetry.BuildDefaultResourceAttributes(System.Reflection.Assembly)">
|
|
<summary>
|
|
Builds the default set of resource attributes (service name/namespace/version).
|
|
</summary>
|
|
<param name="assembly">Optional assembly used to resolve the service version.</param>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.AuthorityTelemetry.ResolveServiceVersion(System.Reflection.Assembly)">
|
|
<summary>
|
|
Resolves the service version string from the provided assembly (defaults to the Authority telemetry assembly).
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.NetworkMask">
|
|
<summary>
|
|
Represents an IP network expressed in CIDR notation.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.#ctor(System.Net.IPAddress,System.Int32)">
|
|
<summary>
|
|
Initialises a new <see cref="T:StellaOps.Auth.Abstractions.NetworkMask"/>.
|
|
</summary>
|
|
<param name="network">Canonical network address with host bits zeroed.</param>
|
|
<param name="prefixLength">Prefix length (0-32 for IPv4, 0-128 for IPv6).</param>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMask.Network">
|
|
<summary>
|
|
Canonical network address with host bits zeroed.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMask.PrefixLength">
|
|
<summary>
|
|
Prefix length.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.Parse(System.String)">
|
|
<summary>
|
|
Attempts to parse the supplied value as CIDR notation or a single IP address.
|
|
</summary>
|
|
<exception cref="T:System.FormatException">Thrown when the input is not recognised.</exception>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.TryParse(System.String,StellaOps.Auth.Abstractions.NetworkMask@)">
|
|
<summary>
|
|
Attempts to parse the supplied value as CIDR notation or a single IP address.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.Contains(System.Net.IPAddress)">
|
|
<summary>
|
|
Determines whether the provided address belongs to this network.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.ToString">
|
|
<inheritdoc />
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.NetworkMaskMatcher">
|
|
<summary>
|
|
Evaluates remote addresses against configured network masks.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.#ctor(System.Collections.Generic.IEnumerable{System.String})">
|
|
<summary>
|
|
Creates a matcher from raw CIDR strings.
|
|
</summary>
|
|
<param name="values">Sequence of CIDR entries or IP addresses.</param>
|
|
<exception cref="T:System.FormatException">Thrown when a value cannot be parsed.</exception>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.#ctor(System.Collections.Generic.IEnumerable{StellaOps.Auth.Abstractions.NetworkMask})">
|
|
<summary>
|
|
Creates a matcher from already parsed masks.
|
|
</summary>
|
|
<param name="masks">Sequence of network masks.</param>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.AllowAll">
|
|
<summary>
|
|
Gets a matcher that allows every address.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.DenyAll">
|
|
<summary>
|
|
Gets a matcher that denies every address (no masks configured).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.IsEmpty">
|
|
<summary>
|
|
Indicates whether this matcher has no masks configured and does not allow all.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.Masks">
|
|
<summary>
|
|
Returns the configured masks.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.IsAllowed(System.Net.IPAddress)">
|
|
<summary>
|
|
Checks whether the provided address matches any of the configured masks.
|
|
</summary>
|
|
<param name="address">Remote address to test.</param>
|
|
<returns><c>true</c> when the address is allowed.</returns>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults">
|
|
<summary>
|
|
Default authentication constants used by StellaOps resource servers and clients.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.AuthenticationScheme">
|
|
<summary>
|
|
Default authentication scheme for StellaOps bearer tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.AuthenticationType">
|
|
<summary>
|
|
Logical authentication type attached to <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.PolicyPrefix">
|
|
<summary>
|
|
Policy prefix applied to named authorization policies.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsClaimTypes">
|
|
<summary>
|
|
Canonical claim type identifiers used across StellaOps services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Subject">
|
|
<summary>
|
|
Subject identifier claim (maps to <c>sub</c> in JWTs).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Tenant">
|
|
<summary>
|
|
StellaOps tenant identifier claim (multi-tenant deployments).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Project">
|
|
<summary>
|
|
StellaOps project identifier claim (optional project scoping within a tenant).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.ClientId">
|
|
<summary>
|
|
OAuth2/OIDC client identifier claim (maps to <c>client_id</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.TokenId">
|
|
<summary>
|
|
Unique token identifier claim (maps to <c>jti</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.AuthenticationMethod">
|
|
<summary>
|
|
Authentication method reference claim (<c>amr</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Scope">
|
|
<summary>
|
|
Space separated scope list (<c>scope</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.ScopeItem">
|
|
<summary>
|
|
Individual scope items (<c>scp</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Audience">
|
|
<summary>
|
|
OAuth2 resource audiences (<c>aud</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.IdentityProvider">
|
|
<summary>
|
|
Identity provider hint for downstream services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.OperatorReason">
|
|
<summary>
|
|
Operator reason supplied when issuing orchestrator control tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.OperatorTicket">
|
|
<summary>
|
|
Operator ticket supplied when issuing orchestrator control tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.QuotaReason">
|
|
<summary>
|
|
Quota change reason supplied when issuing Orchestrator quota tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.QuotaTicket">
|
|
<summary>
|
|
Quota change ticket/incident reference supplied when issuing Orchestrator quota tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.IncidentReason">
|
|
<summary>
|
|
Incident activation reason recorded when issuing observability incident tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.SessionId">
|
|
<summary>
|
|
Session identifier claim (<c>sid</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder">
|
|
<summary>
|
|
Fluent helper used to construct <see cref="T:System.Security.Claims.ClaimsPrincipal"/> instances that follow StellaOps conventions.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithSubject(System.String)">
|
|
<summary>
|
|
Adds or replaces the canonical subject identifier.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithClientId(System.String)">
|
|
<summary>
|
|
Adds or replaces the canonical client identifier.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithTenant(System.String)">
|
|
<summary>
|
|
Adds or replaces the tenant identifier claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithName(System.String)">
|
|
<summary>
|
|
Adds or replaces the user display name claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithIdentityProvider(System.String)">
|
|
<summary>
|
|
Adds or replaces the identity provider claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithSessionId(System.String)">
|
|
<summary>
|
|
Adds or replaces the session identifier claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithTokenId(System.String)">
|
|
<summary>
|
|
Adds or replaces the token identifier claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAuthenticationMethod(System.String)">
|
|
<summary>
|
|
Adds or replaces the authentication method reference claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithNameClaimType(System.String)">
|
|
<summary>
|
|
Sets the name claim type appended when building the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithRoleClaimType(System.String)">
|
|
<summary>
|
|
Sets the role claim type appended when building the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAuthenticationType(System.String)">
|
|
<summary>
|
|
Sets the authentication type stamped on the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithScopes(System.Collections.Generic.IEnumerable{System.String})">
|
|
<summary>
|
|
Registers the supplied scopes (normalised to lower-case, deduplicated, sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAudiences(System.Collections.Generic.IEnumerable{System.String})">
|
|
<summary>
|
|
Registers the supplied audiences (trimmed, deduplicated, sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAudience(System.String)">
|
|
<summary>
|
|
Adds a single audience.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.AddClaim(System.String,System.String,System.String)">
|
|
<summary>
|
|
Adds an arbitrary claim (no deduplication is performed).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.AddClaims(System.Collections.Generic.IEnumerable{System.Security.Claims.Claim})">
|
|
<summary>
|
|
Adds multiple claims (incoming claims are cloned to enforce value trimming).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithIssuedAt(System.DateTimeOffset)">
|
|
<summary>
|
|
Adds an <c>iat</c> (issued at) claim using Unix time seconds.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithNotBefore(System.DateTimeOffset)">
|
|
<summary>
|
|
Adds an <c>nbf</c> (not before) claim using Unix time seconds.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithExpires(System.DateTimeOffset)">
|
|
<summary>
|
|
Adds an <c>exp</c> (expires) claim using Unix time seconds.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.NormalizedScopes">
|
|
<summary>
|
|
Returns the normalised scope list (deduplicated + sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.Audiences">
|
|
<summary>
|
|
Returns the normalised audience list (deduplicated + sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.Build">
|
|
<summary>
|
|
Builds the immutable <see cref="T:System.Security.Claims.ClaimsPrincipal"/> instance based on the registered data.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory">
|
|
<summary>
|
|
Factory helpers for returning RFC 7807 problem responses using StellaOps conventions.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.AuthenticationRequired(System.String,System.String)">
|
|
<summary>
|
|
Produces a 401 problem response indicating authentication is required.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.InvalidToken(System.String,System.String)">
|
|
<summary>
|
|
Produces a 401 problem response for invalid, expired, or revoked tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.Forbidden(System.String,System.String)">
|
|
<summary>
|
|
Produces a 403 problem response when access is denied.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.InsufficientScope(System.Collections.Generic.IReadOnlyCollection{System.String},System.Collections.Generic.IReadOnlyCollection{System.String},System.String)">
|
|
<summary>
|
|
Produces a 403 problem response for insufficient scopes.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsScopes">
|
|
<summary>
|
|
Canonical scope names supported by StellaOps services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ConcelierJobsTrigger">
|
|
<summary>
|
|
Scope required to trigger Concelier jobs.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ConcelierMerge">
|
|
<summary>
|
|
Scope required to manage Concelier merge operations.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityUsersManage">
|
|
<summary>
|
|
Scope granting administrative access to Authority user management.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityClientsManage">
|
|
<summary>
|
|
Scope granting administrative access to Authority client registrations.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityAuditRead">
|
|
<summary>
|
|
Scope granting read-only access to Authority audit logs.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.Bypass">
|
|
<summary>
|
|
Synthetic scope representing trusted network bypass.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.UiRead">
|
|
<summary>
|
|
Scope granting read-only access to console UX features.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExceptionsApprove">
|
|
<summary>
|
|
Scope granting permission to approve exceptions.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryRead">
|
|
<summary>
|
|
Scope granting read-only access to raw advisory ingestion data.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryIngest">
|
|
<summary>
|
|
Scope granting write access for raw advisory ingestion.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryAiView">
|
|
<summary>
|
|
Scope granting read-only access to Advisory AI artefacts (summaries, remediation exports).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryAiOperate">
|
|
<summary>
|
|
Scope permitting Advisory AI inference requests and workflow execution.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryAiAdmin">
|
|
<summary>
|
|
Scope granting administrative control over Advisory AI configuration and profiles.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VexRead">
|
|
<summary>
|
|
Scope granting read-only access to raw VEX ingestion data.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VexIngest">
|
|
<summary>
|
|
Scope granting write access for raw VEX ingestion.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AocVerify">
|
|
<summary>
|
|
Scope granting permission to execute aggregation-only contract verification.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.SignalsRead">
|
|
<summary>
|
|
Scope granting read-only access to reachability signals.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.SignalsWrite">
|
|
<summary>
|
|
Scope granting permission to write reachability signals.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.SignalsAdmin">
|
|
<summary>
|
|
Scope granting administrative access to reachability signal ingestion.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AirgapSeal">
|
|
<summary>
|
|
Scope granting permission to seal or unseal an installation in air-gapped mode.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AirgapImport">
|
|
<summary>
|
|
Scope granting permission to import offline bundles while in air-gapped mode.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AirgapStatusRead">
|
|
<summary>
|
|
Scope granting read-only access to air-gap status and sealing state endpoints.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyWrite">
|
|
<summary>
|
|
Scope granting permission to create or edit policy drafts.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyAuthor">
|
|
<summary>
|
|
Scope granting permission to author Policy Studio workspaces.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyEdit">
|
|
<summary>
|
|
Scope granting permission to edit policy configurations.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyRead">
|
|
<summary>
|
|
Scope granting read-only access to policy metadata.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyReview">
|
|
<summary>
|
|
Scope granting permission to review Policy Studio drafts.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicySubmit">
|
|
<summary>
|
|
Scope granting permission to submit drafts for review.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyApprove">
|
|
<summary>
|
|
Scope granting permission to approve or reject policies.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyOperate">
|
|
<summary>
|
|
Scope granting permission to operate Policy Studio promotions and runs.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyAudit">
|
|
<summary>
|
|
Scope granting permission to audit Policy Studio activity.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyRun">
|
|
<summary>
|
|
Scope granting permission to trigger policy runs and activation workflows.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicyActivate">
|
|
<summary>
|
|
Scope granting permission to activate policies.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.FindingsRead">
|
|
<summary>
|
|
Scope granting read-only access to effective findings materialised by Policy Engine.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PolicySimulate">
|
|
<summary>
|
|
Scope granting permission to run Policy Studio simulations.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EffectiveWrite">
|
|
<summary>
|
|
Scope granted to Policy Engine service identity for writing effective findings.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphRead">
|
|
<summary>
|
|
Scope granting read-only access to graph queries and overlays.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VulnRead">
|
|
<summary>
|
|
Scope granting read-only access to Vuln Explorer resources and permalinks.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ObservabilityRead">
|
|
<summary>
|
|
Scope granting read-only access to observability dashboards and overlays.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.TimelineRead">
|
|
<summary>
|
|
Scope granting read-only access to incident timelines and chronology data.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.TimelineWrite">
|
|
<summary>
|
|
Scope granting permission to append events to incident timelines.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EvidenceCreate">
|
|
<summary>
|
|
Scope granting permission to create evidence packets in the evidence locker.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EvidenceRead">
|
|
<summary>
|
|
Scope granting read-only access to stored evidence packets.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.EvidenceHold">
|
|
<summary>
|
|
Scope granting permission to place or release legal holds on evidence packets.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AttestRead">
|
|
<summary>
|
|
Scope granting read-only access to attestation records and observer feeds.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ObservabilityIncident">
|
|
<summary>
|
|
Scope granting permission to activate or resolve observability incident mode controls.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExportViewer">
|
|
<summary>
|
|
Scope granting read-only access to export center runs and bundles.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExportOperator">
|
|
<summary>
|
|
Scope granting permission to operate export center scheduling and run execution.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ExportAdmin">
|
|
<summary>
|
|
Scope granting administrative control over export center retention, encryption keys, and scheduling policies.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyViewer">
|
|
<summary>
|
|
Scope granting read-only access to notifier channels, rules, and delivery history.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyOperator">
|
|
<summary>
|
|
Scope permitting notifier rule management, delivery actions, and channel operations.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyAdmin">
|
|
<summary>
|
|
Scope granting administrative control over notifier secrets, escalations, and platform-wide settings.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.IssuerDirectoryRead">
|
|
<summary>
|
|
Scope granting read-only access to issuer directory catalogues.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.IssuerDirectoryWrite">
|
|
<summary>
|
|
Scope permitting creation and modification of issuer directory entries.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.IssuerDirectoryAdmin">
|
|
<summary>
|
|
Scope granting administrative control over issuer directory resources (delete, audit bypass).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.NotifyEscalate">
|
|
<summary>
|
|
Scope required to issue or honour escalation actions for notifications.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksRead">
|
|
<summary>
|
|
Scope granting read-only access to Task Packs catalogues and manifests.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksWrite">
|
|
<summary>
|
|
Scope permitting publication or updates to Task Packs in the registry.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksRun">
|
|
<summary>
|
|
Scope granting permission to execute Task Packs via CLI or Task Runner.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.PacksApprove">
|
|
<summary>
|
|
Scope granting permission to fulfil Task Pack approval gates.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphWrite">
|
|
<summary>
|
|
Scope granting permission to enqueue or mutate graph build jobs.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphExport">
|
|
<summary>
|
|
Scope granting permission to export graph artefacts (GraphML/JSONL/etc.).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.GraphSimulate">
|
|
<summary>
|
|
Scope granting permission to trigger what-if simulations on graphs.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.OrchRead">
|
|
<summary>
|
|
Scope granting read-only access to Orchestrator job state and telemetry.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.OrchOperate">
|
|
<summary>
|
|
Scope granting permission to execute Orchestrator control actions.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.OrchQuota">
|
|
<summary>
|
|
Scope granting permission to manage Orchestrator quotas and elevated backfill tooling.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityTenantsRead">
|
|
<summary>
|
|
Scope granting read-only access to Authority tenant catalog APIs.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsScopes.Normalize(System.String)">
|
|
<summary>
|
|
Normalises a scope string (trim/convert to lower case).
|
|
</summary>
|
|
<param name="scope">Scope raw value.</param>
|
|
<returns>Normalised scope or <c>null</c> when the input is blank.</returns>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsScopes.IsKnown(System.String)">
|
|
<summary>
|
|
Checks whether the provided scope is registered as a built-in StellaOps scope.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.StellaOpsScopes.All">
|
|
<summary>
|
|
Returns the full set of built-in scopes.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities">
|
|
<summary>
|
|
Canonical identifiers for StellaOps service principals.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.PolicyEngine">
|
|
<summary>
|
|
Service identity used by Policy Engine when materialising effective findings.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.Cartographer">
|
|
<summary>
|
|
Service identity used by Cartographer when constructing and maintaining graph projections.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.VulnExplorer">
|
|
<summary>
|
|
Service identity used by Vuln Explorer when issuing scoped permalink requests.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsServiceIdentities.Signals">
|
|
<summary>
|
|
Service identity used by Signals components when managing reachability facts.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsTenancyDefaults">
|
|
<summary>
|
|
Shared tenancy default values used across StellaOps services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsTenancyDefaults.AnyProject">
|
|
<summary>
|
|
Sentinel value indicating the token is not scoped to a specific project.
|
|
</summary>
|
|
</member>
|
|
</members>
|
|
</doc>
|