stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
4bdc298ec1fc821ee0d9dda6d2d4643dcedf6b35
git.stella-ops.org/docs/features/unchecked/cli/token-minting-and-delegation-cli.md

1.1 KiB
Raw Blame History

Token Minting and Delegation CLI

Module

Cli

Status

IMPLEMENTED

Description

Service account token minting with scope/expiry/tenant control, and token delegation to other principals with scope restriction and audit reasons.

Implementation Details

  • Command Group: src/Cli/StellaOps.Cli/Commands/AuthCommandGroup.cs -- auth token commands
  • Authority Console Client: src/Cli/StellaOps.Cli/Services/AuthorityConsoleClient.cs / IAuthorityConsoleClient.cs
  • Commands:
    • stella auth token mint --scope <scopes> --expiry <duration> --tenant <id> -- mint service account token
    • stella auth token delegate --to <principal> --scope <scopes> --reason <text> -- delegate token with scope restriction

E2E Test Plan

  • Run stella auth token mint --scope "read:policy" --expiry 24h and verify token minted
  • Run with --tenant <id> and verify tenant-scoped token
  • Run stella auth token delegate --to service-a --scope "read:evidence" --reason "CI pipeline" and verify delegation
  • Verify delegated token has restricted scopes
  • Verify audit reason recorded for delegation