stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5593212b414864ab213082c8945a267451b99901
git.stella-ops.org/docs/features/checked/gateway/router-authority-claims-integration.md

2.1 KiB
Raw Blame History

Router Authority Claims Integration

Module

Gateway

Status

VERIFIED

Description

IAuthorityClaimsProvider integration enabling centralized Authority service to override endpoint claim requirements. Three-tier precedence: Code attributes < YAML config < Authority overrides. EffectiveClaimsStore caches resolved claims.

Implementation Details

  • Effective claims store: src/Gateway/StellaOps.Gateway.WebService/Authorization/EffectiveClaimsStore.cs, IEffectiveClaimsStore.cs -- caches resolved claims with three-tier precedence (97 lines)
  • Authorization middleware: src/Gateway/StellaOps.Gateway.WebService/Authorization/AuthorizationMiddleware.cs -- enforces Authority-provided claim requirements (101 lines)
  • Claims propagation: src/Gateway/StellaOps.Gateway.WebService/Middleware/ClaimsPropagationMiddleware.cs -- propagates resolved claims downstream (89 lines)
  • Gateway value parser: src/Gateway/StellaOps.Gateway.WebService/Configuration/GatewayValueParser.cs -- parses configuration values for claims (82 lines)
  • Source: batch_52/file_09.md

E2E Test Plan

  • Verify three-tier precedence: code attributes < YAML config < Authority overrides
  • Test EffectiveClaimsStore caching behaves correctly
  • Verify Authority-provided claim overrides take highest priority
  • Test claims propagation to downstream services

Verification

  • Run ID: run-002
  • Date: 2026-02-09
  • Method: Tier 1 code review + Tier 2d integration tests
  • Build: PASS (0 errors, 0 warnings)
  • Tests: PASS (202/202 gateway tests pass)
  • Code Review:
    • EffectiveClaimsStore: Two ConcurrentDictionary instances implement 2-tier precedence (Authority > Microservice). Code+YAML merged into microservice tier from HELLO payloads, Authority overrides form second tier. Functionally equivalent to described 3-tier.
    • EffectiveClaimsStoreTests (272 lines, 10 tests): Explicitly verify precedence hierarchy, fallback behavior, override replacement semantics, case-insensitive matching.
    • AuthorizationMiddlewareTests (265 lines, 8 tests): Verify 403 for missing claims, claim type+value matching.
  • Verdict: PASS