e923880694
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
- Introduced DigestUpsertRequest for handling digest upsert requests with properties like ChannelId, Recipient, DigestKey, Events, and CollectUntil. - Created LockEntity to represent a lightweight distributed lock entry with properties such as Id, TenantId, Resource, Owner, ExpiresAt, and CreatedAt. feat: Implement ILockRepository interface and LockRepository class - Defined ILockRepository interface with methods for acquiring and releasing locks. - Implemented LockRepository class with methods to try acquiring a lock and releasing it, using SQL for upsert operations. feat: Add SurfaceManifestPointer record for manifest pointers - Introduced SurfaceManifestPointer to represent a minimal pointer to a Surface.FS manifest associated with an image digest. feat: Create PolicySimulationInputLock and related validation logic - Added PolicySimulationInputLock record to describe policy simulation inputs and expected digests. - Implemented validation logic for policy simulation inputs, including checks for digest drift and shadow mode requirements. test: Add unit tests for ReplayVerificationService and ReplayVerifier - Created ReplayVerificationServiceTests to validate the behavior of the ReplayVerificationService under various scenarios. - Developed ReplayVerifierTests to ensure the correctness of the ReplayVerifier logic. test: Implement PolicySimulationInputLockValidatorTests - Added tests for PolicySimulationInputLockValidator to verify the validation logic against expected inputs and conditions. chore: Add cosign key example and signing scripts - Included a placeholder cosign key example for development purposes. - Added a script for signing Signals artifacts using cosign with support for both v2 and v3. chore: Create script for uploading evidence to the evidence locker - Developed a script to upload evidence to the evidence locker, ensuring required environment variables are set.
64 lines
1.7 KiB
Plaintext
64 lines
1.7 KiB
Plaintext
# Notify WebService sample configuration
|
|
|
|
storage:
|
|
# Notify now runs on PostgreSQL only.
|
|
driver: postgres
|
|
|
|
postgres:
|
|
notify:
|
|
connectionString: "Host=postgres;Port=5432;Database=stellaops_notify;Username=stellaops;Password=stellaops;Pooling=true;Maximum Pool Size=50;Minimum Pool Size=1"
|
|
commandTimeoutSeconds: 30
|
|
schemaName: notify
|
|
|
|
authority:
|
|
enabled: true
|
|
issuer: "https://authority.stella-ops.local"
|
|
metadataAddress: "https://authority.stella-ops.local/.well-known/openid-configuration"
|
|
requireHttpsMetadata: true
|
|
allowAnonymousFallback: false
|
|
backchannelTimeoutSeconds: 30
|
|
tokenClockSkewSeconds: 60
|
|
audiences:
|
|
- notify
|
|
viewerScope: notify.viewer
|
|
operatorScope: notify.operator
|
|
adminScope: notify.admin
|
|
|
|
api:
|
|
basePath: "/api/v1/notify"
|
|
internalBasePath: "/internal/notify"
|
|
tenantHeader: "X-StellaOps-Tenant"
|
|
rateLimits:
|
|
deliveryHistory:
|
|
enabled: true
|
|
tokenLimit: 60
|
|
tokensPerPeriod: 30
|
|
replenishmentPeriodSeconds: 60
|
|
queueLimit: 20
|
|
testSend:
|
|
enabled: true
|
|
tokenLimit: 5
|
|
tokensPerPeriod: 5
|
|
replenishmentPeriodSeconds: 60
|
|
queueLimit: 2
|
|
|
|
plugins:
|
|
baseDirectory: "../"
|
|
directory: "plugins/notify"
|
|
searchPatterns:
|
|
- "StellaOps.Notify.Connectors.*.dll"
|
|
orderedPlugins:
|
|
- StellaOps.Notify.Connectors.Slack
|
|
- StellaOps.Notify.Connectors.Teams
|
|
- StellaOps.Notify.Connectors.Email
|
|
- StellaOps.Notify.Connectors.Webhook
|
|
|
|
telemetry:
|
|
enableRequestLogging: true
|
|
minimumLogLevel: Information
|
|
|
|
# When running in development without Authority, set the following instead:
|
|
# authority:
|
|
# enabled: false
|
|
# developmentSigningKey: "change-me-32-bytes-minimum-signing-key"
|