stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
4bdc298ec1fc821ee0d9dda6d2d4643dcedf6b35
git.stella-ops.org/docs/features/unchecked/authority/plugin-sdk-plugin-architecture.md

3.4 KiB
Raw Blame History

Plugin SDK / Plugin architecture (CLI, Authority, Crypto)

Module

Authority

Status

IMPLEMENTED

Description

Plugin architecture is implemented across CLI (manifest loader, module loader), Authority (identity provider plugins with OIDC/SAML/Standard), and Cryptography (HSM, SM crypto plugins). The Authority plugin SDK defines interfaces, registration context, and a standardized plugin lifecycle.

Implementation Details

  • Plugin Abstractions (Authority SDK): src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions/ -- the SDK package:
    • AuthorityPluginContracts.cs -- IAuthorityPlugin, IAuthorityPluginRegistrar interfaces defining the plugin lifecycle
    • IdentityProviderContracts.cs -- IAuthorityIdentityProviderPlugin for credential validation and claims enrichment
    • AuthorityPluginRegistrationContext.cs -- DI registration context passed to plugins at startup
    • AuthorityCredentialAuditContext.cs -- audit context for credential operations
    • AuthoritySecretHasher.cs -- pluggable password/secret hashing abstraction
    • AuthorityClientMetadataKeys.cs -- standardized metadata keys for client configuration
  • Plugin Loader: src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginLoader.cs -- assembly-based plugin discovery from plugins/authority/ directory.
  • Plugin Registration Summary: src/Authority/StellaOps.Authority/StellaOps.Authority/Plugins/AuthorityPluginRegistrationSummary.cs -- diagnostic summary of loaded plugins.
  • Concrete Plugin Implementations:
    • Standard: src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Standard/StandardPluginRegistrar.cs
    • LDAP: src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Ldap/LdapPluginRegistrar.cs
    • OIDC: src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Oidc/OidcPluginRegistrar.cs
    • SAML: src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Saml/SamlPluginRegistrar.cs
    • Unified: src/Authority/StellaOps.Authority/StellaOps.Authority.Plugin.Unified/AuthPluginAdapter.cs
  • Plugin Binary Hosting: src/Authority/StellaOps.Authority.PluginBinaries/ -- pre-compiled plugin DLLs; src/Authority/plugins/authority/ -- plugin directory structure.
  • Concelier Plugin Binaries: src/Authority/StellaOps.Concelier.PluginBinaries/StellaOps.Concelier.Connector.Common/ -- connector plugin abstractions for Concelier module.
  • Tests: src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/Plugins/AuthorityPluginLoaderTests.cs, src/Authority/StellaOps.Authority/StellaOps.Authority.Plugins.Abstractions.Tests/

E2E Test Plan

  • Build a minimal plugin implementing IAuthorityPluginRegistrar and IAuthorityIdentityProviderPlugin, place the DLL in plugins/authority/, and verify AuthorityPluginLoader discovers and loads it
  • Verify the plugin's Register method receives a valid AuthorityPluginRegistrationContext with access to DI services
  • Verify AuthorityPluginRegistrationSummary includes the custom plugin with its reported capabilities
  • Load multiple plugins simultaneously and verify they do not interfere with each other's DI registrations
  • Remove a plugin DLL and restart; verify the system starts without the removed plugin and reports it as missing in the summary
  • Verify AuthoritySecretHasher can be replaced by a plugin-provided implementation and verify password hashing uses the custom hasher