1d962ee6fc
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit introduces the OpenSslLegacyShim class, which sets the LD_LIBRARY_PATH environment variable to include the directory containing OpenSSL 1.1 native libraries. This is necessary for Mongo2Go to function correctly on Linux platforms that do not ship these libraries by default. The shim checks if the current operating system is Linux and whether the required directory exists before modifying the environment variable.
1.5 KiB
1.5 KiB
2025-11-02 · Pack scope catalogue & CLI profiles
What changed
- Authority configuration samples (
etc/authority.yaml.sample) now seed Pack roles (pack-viewer,pack-operator,pack-publisher,pack-approver,pack-admin) with deterministic scope bundles. - Added
AddPacksResourcePolicieshelper inStellaOps.Auth.ServerIntegrationso Packs Registry/Task Runner services can register consistent authorization policies; accompanying unit tests validate the policy catalogue. - Documented Task Pack CLI profiles (
docs/modules/cli/guides/packs-profiles.md) and added quick-reference guidance in the CLI manual for settingStellaOps:Authority:Scopevia profiles or environment variables. - Updated Authority scope docs and samples to reflect the new roles, keeping offline/air-gap defaults aligned.
Why
Task Pack rollout requires explicit RBAC and short-lived tokens per workflow (publish, run, approve). Providing ready-to-use roles, policies, and CLI profiles removes guesswork for operators and ensures tokens carry the correct scopes by default.
Actions
- Refresh Authority configuration in each environment from the updated sample (or add the roles manually) so Pack clients can request tokens.
- Roll out the CLI profiles or equivalent configuration in automation (
STELLA_PROFILE=packs-operator, etc.) before enabling pack workflows. - Update Task Runner/Packs Registry services to call
AddPacksResourcePolicies()when wiring authorization.