305 lines
16 KiB
XML
305 lines
16 KiB
XML
<?xml version="1.0"?>
|
|
<doc>
|
|
<assembly>
|
|
<name>StellaOps.Auth.ServerIntegration</name>
|
|
</assembly>
|
|
<members>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.ServiceCollectionExtensions">
|
|
<summary>
|
|
Dependency injection helpers for configuring StellaOps resource server authentication.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.ServiceCollectionExtensions.AddStellaOpsResourceServerAuthentication(Microsoft.Extensions.DependencyInjection.IServiceCollection,Microsoft.Extensions.Configuration.IConfiguration,System.String,System.Action{StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions})">
|
|
<summary>
|
|
Registers JWT bearer authentication and related authorisation helpers using the provided configuration section.
|
|
</summary>
|
|
<param name="services">The service collection.</param>
|
|
<param name="configuration">Application configuration.</param>
|
|
<param name="configurationSection">
|
|
Optional configuration section path. Defaults to <c>Authority:ResourceServer</c>. Provide <c>null</c> to skip binding.
|
|
</param>
|
|
<param name="configure">Optional callback allowing additional mutation of <see cref="T:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions"/>.</param>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsAuthorityConfigurationManager">
|
|
<summary>
|
|
Cached configuration manager for StellaOps Authority metadata and JWKS.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsAuthorizationPolicyBuilderExtensions">
|
|
<summary>
|
|
Extension methods for configuring StellaOps authorisation policies.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsAuthorizationPolicyBuilderExtensions.RequireStellaOpsScopes(Microsoft.AspNetCore.Authorization.AuthorizationPolicyBuilder,System.String[])">
|
|
<summary>
|
|
Requires the specified scopes using the StellaOps scope requirement.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsAuthorizationPolicyBuilderExtensions.AddStellaOpsScopePolicy(Microsoft.AspNetCore.Authorization.AuthorizationOptions,System.String,System.String[])">
|
|
<summary>
|
|
Registers a named policy that enforces the provided scopes.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsAuthorizationPolicyBuilderExtensions.AddStellaOpsScopeHandler(Microsoft.Extensions.DependencyInjection.IServiceCollection)">
|
|
<summary>
|
|
Adds the scope handler to the DI container.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsBypassEvaluator">
|
|
<summary>
|
|
Evaluates whether a request qualifies for network-based bypass.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions">
|
|
<summary>
|
|
Provides two extension methods for the <c>.stella-ops.local</c> hostname convention:
|
|
<list type="bullet">
|
|
<item>
|
|
<see cref="M:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.TryAddStellaOpsLocalBinding(Microsoft.AspNetCore.Builder.WebApplicationBuilder,System.String)"/> — called on <see cref="T:Microsoft.AspNetCore.Builder.WebApplicationBuilder"/>
|
|
before <c>Build()</c>; binds both <c>https://{serviceName}.stella-ops.local</c> (port 443)
|
|
and <c>http://{serviceName}.stella-ops.local</c> (port 80).
|
|
</item>
|
|
<item>
|
|
<see cref="M:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.LogStellaOpsLocalHostname(Microsoft.AspNetCore.Builder.WebApplication,System.String)"/> — called on <see cref="T:Microsoft.AspNetCore.Builder.WebApplication"/>
|
|
after <c>Build()</c>; checks DNS for the friendly hostname and logs the result.
|
|
</item>
|
|
</list>
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.LocalBindingBoundKey">
|
|
<summary>
|
|
Configuration key used to communicate local-binding status
|
|
from the builder phase to the app phase.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.LocalBindingServiceKey">
|
|
<summary>
|
|
Configuration key storing the service name for use in the app phase.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.TryAddStellaOpsLocalBinding(Microsoft.AspNetCore.Builder.WebApplicationBuilder,System.String)">
|
|
<summary>
|
|
Resolves <c>{serviceName}.stella-ops.local</c> to its dedicated loopback IP
|
|
(from the hosts file), then binds <c>https://{hostname}</c> (port 443) and
|
|
<c>http://{hostname}</c> (port 80) on that IP. Each service uses a unique
|
|
loopback address (e.g. 127.1.0.2) so ports never collide.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.TryAddStellaOpsSharedPort(Microsoft.AspNetCore.Builder.WebApplicationBuilder)">
|
|
<summary>
|
|
Backwards-compatible overload — reads the service name from configuration
|
|
set by <see cref="M:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.TryAddStellaOpsLocalBinding(Microsoft.AspNetCore.Builder.WebApplicationBuilder,System.String)"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsLocalHostnameExtensions.LogStellaOpsLocalHostname(Microsoft.AspNetCore.Builder.WebApplication,System.String)">
|
|
<summary>
|
|
Registers a startup callback that checks DNS for
|
|
<c>{serviceName}.stella-ops.local</c> and logs the result.
|
|
Also warns if the local bindings were skipped.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions">
|
|
<summary>
|
|
Options controlling StellaOps resource server authentication.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.Authority">
|
|
<summary>
|
|
Gets or sets the Authority (issuer) URL that exposes OpenID discovery.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.MetadataAddress">
|
|
<summary>
|
|
Optional explicit OpenID Connect metadata address.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.Audiences">
|
|
<summary>
|
|
Audiences accepted by the resource server (validated against the <c>aud</c> claim).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.RequiredScopes">
|
|
<summary>
|
|
Scopes enforced by default authorisation policies.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.RequiredTenants">
|
|
<summary>
|
|
Tenants permitted to access the resource server (empty list disables tenant checks).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.BypassNetworks">
|
|
<summary>
|
|
Networks permitted to bypass authentication (used for trusted on-host automation).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.RequireHttpsMetadata">
|
|
<summary>
|
|
Whether HTTPS metadata is required when communicating with Authority.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.BackchannelTimeout">
|
|
<summary>
|
|
Back-channel timeout when fetching metadata/JWKS.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.TokenClockSkew">
|
|
<summary>
|
|
Clock skew tolerated when validating tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.MetadataCacheLifetime">
|
|
<summary>
|
|
Lifetime for cached discovery/JWKS metadata before forcing a refresh.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.AllowOfflineCacheFallback">
|
|
<summary>
|
|
Gets or sets a value indicating whether stale metadata/JWKS may be reused if Authority is unreachable.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.OfflineCacheTolerance">
|
|
<summary>
|
|
Additional tolerance window during which stale metadata/JWKS may be reused when offline fallback is allowed.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.AuthorityUri">
|
|
<summary>
|
|
Gets the canonical Authority URI (populated during validation).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.NormalizedScopes">
|
|
<summary>
|
|
Gets the normalised scope list (populated during validation).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.NormalizedTenants">
|
|
<summary>
|
|
Gets the normalised tenant list (populated during validation).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.BypassMatcher">
|
|
<summary>
|
|
Gets the network matcher used for bypass checks (populated during validation).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerOptions.Validate">
|
|
<summary>
|
|
Validates provided configuration and normalises collections.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies">
|
|
<summary>
|
|
Named authorization policies for StellaOps observability and evidence resource servers.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.ObservabilityRead">
|
|
<summary>
|
|
Observability dashboards/read-only access policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.ObservabilityIncident">
|
|
<summary>
|
|
Observability incident activation policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.TimelineRead">
|
|
<summary>
|
|
Timeline read policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.TimelineWrite">
|
|
<summary>
|
|
Timeline write policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.EvidenceCreate">
|
|
<summary>
|
|
Evidence create policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.EvidenceRead">
|
|
<summary>
|
|
Evidence read policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.EvidenceHold">
|
|
<summary>
|
|
Evidence hold policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.AttestRead">
|
|
<summary>
|
|
Attestation read policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.ExportViewer">
|
|
<summary>
|
|
Export viewer policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.ExportOperator">
|
|
<summary>
|
|
Export operator policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.ExportAdmin">
|
|
<summary>
|
|
Export admin policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.PacksRead">
|
|
<summary>
|
|
Pack read policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.PacksWrite">
|
|
<summary>
|
|
Pack write policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.PacksRun">
|
|
<summary>
|
|
Pack run policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.PacksApprove">
|
|
<summary>
|
|
Pack approval policy name.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.AddObservabilityResourcePolicies(Microsoft.AspNetCore.Authorization.AuthorizationOptions)">
|
|
<summary>
|
|
Registers all observability, timeline, evidence, attestation, and export authorization policies.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsResourceServerPolicies.AddPacksResourcePolicies(Microsoft.AspNetCore.Authorization.AuthorizationOptions)">
|
|
<summary>
|
|
Registers Task Pack registry, execution, and approval authorization policies.
|
|
</summary>
|
|
<param name="options">The authorization options to update.</param>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsScopeAuthorizationHandler">
|
|
<summary>
|
|
Handles <see cref="T:StellaOps.Auth.ServerIntegration.StellaOpsScopeRequirement"/> evaluation.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.ServerIntegration.StellaOpsScopeRequirement">
|
|
<summary>
|
|
Authorisation requirement enforcing StellaOps scope membership.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.ServerIntegration.StellaOpsScopeRequirement.#ctor(System.Collections.Generic.IEnumerable{System.String})">
|
|
<summary>
|
|
Initialises a new instance of the <see cref="T:StellaOps.Auth.ServerIntegration.StellaOpsScopeRequirement"/> class.
|
|
</summary>
|
|
<param name="scopes">Scopes that satisfy the requirement.</param>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.ServerIntegration.StellaOpsScopeRequirement.RequiredScopes">
|
|
<summary>
|
|
Gets the required scopes.
|
|
</summary>
|
|
</member>
|
|
</members>
|
|
</doc>
|