52 lines
1.6 KiB
C#
52 lines
1.6 KiB
C#
namespace StellaOps.Scanner.Sources.Services;
|
|
|
|
/// <summary>
|
|
/// Credential types supported by the resolver.
|
|
/// </summary>
|
|
public enum CredentialType
|
|
{
|
|
None,
|
|
BearerToken,
|
|
BasicAuth,
|
|
SshKey,
|
|
AwsCredentials,
|
|
GcpServiceAccount,
|
|
AzureServicePrincipal,
|
|
GitHubApp
|
|
}
|
|
|
|
/// <summary>
|
|
/// Resolved credential from the credential store.
|
|
/// </summary>
|
|
public sealed record ResolvedCredential
|
|
{
|
|
public required CredentialType Type { get; init; }
|
|
public string? Token { get; init; }
|
|
public string? Username { get; init; }
|
|
public string? Password { get; init; }
|
|
public string? PrivateKey { get; init; }
|
|
public string? Passphrase { get; init; }
|
|
public IReadOnlyDictionary<string, string>? Properties { get; init; }
|
|
public DateTimeOffset? ExpiresAt { get; init; }
|
|
}
|
|
|
|
/// <summary>
|
|
/// Interface for resolving credentials from the credential store.
|
|
/// Credentials are stored externally and referenced by AuthRef.
|
|
/// </summary>
|
|
public interface ICredentialResolver
|
|
{
|
|
/// <summary>
|
|
/// Resolves credentials by AuthRef.
|
|
/// </summary>
|
|
/// <param name="authRef">Reference to the credential in the store (e.g., "vault://secrets/registry-auth")</param>
|
|
/// <param name="ct">Cancellation token</param>
|
|
/// <returns>Resolved credential or null if not found</returns>
|
|
Task<ResolvedCredential?> ResolveAsync(string authRef, CancellationToken ct = default);
|
|
|
|
/// <summary>
|
|
/// Checks if a credential reference is valid (exists and is accessible).
|
|
/// </summary>
|
|
Task<bool> ValidateRefAsync(string authRef, CancellationToken ct = default);
|
|
}
|