master
96d52884e8
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Implemented PolicyDslValidator with command-line options for strict mode and JSON output. - Created PolicySchemaExporter to generate JSON schemas for policy-related models. - Developed PolicySimulationSmoke tool to validate policy simulations against expected outcomes. - Added project files and necessary dependencies for each tool. - Ensured proper error handling and usage instructions across tools.
423 lines
20 KiB
XML
423 lines
20 KiB
XML
<?xml version="1.0"?>
|
|
<doc>
|
|
<assembly>
|
|
<name>StellaOps.Auth.Abstractions</name>
|
|
</assembly>
|
|
<members>
|
|
<member name="T:StellaOps.Auth.AuthorityTelemetry">
|
|
<summary>
|
|
Canonical telemetry metadata for the StellaOps Authority stack.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.ServiceName">
|
|
<summary>
|
|
service.name resource attribute recorded by Authority components.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.ServiceNamespace">
|
|
<summary>
|
|
service.namespace resource attribute aligning Authority with other StellaOps services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.ActivitySourceName">
|
|
<summary>
|
|
Activity source identifier used by Authority instrumentation.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.AuthorityTelemetry.MeterName">
|
|
<summary>
|
|
Meter name used by Authority instrumentation.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.AuthorityTelemetry.BuildDefaultResourceAttributes(System.Reflection.Assembly)">
|
|
<summary>
|
|
Builds the default set of resource attributes (service name/namespace/version).
|
|
</summary>
|
|
<param name="assembly">Optional assembly used to resolve the service version.</param>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.AuthorityTelemetry.ResolveServiceVersion(System.Reflection.Assembly)">
|
|
<summary>
|
|
Resolves the service version string from the provided assembly (defaults to the Authority telemetry assembly).
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.NetworkMask">
|
|
<summary>
|
|
Represents an IP network expressed in CIDR notation.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.#ctor(System.Net.IPAddress,System.Int32)">
|
|
<summary>
|
|
Initialises a new <see cref="T:StellaOps.Auth.Abstractions.NetworkMask"/>.
|
|
</summary>
|
|
<param name="network">Canonical network address with host bits zeroed.</param>
|
|
<param name="prefixLength">Prefix length (0-32 for IPv4, 0-128 for IPv6).</param>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMask.Network">
|
|
<summary>
|
|
Canonical network address with host bits zeroed.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMask.PrefixLength">
|
|
<summary>
|
|
Prefix length.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.Parse(System.String)">
|
|
<summary>
|
|
Attempts to parse the supplied value as CIDR notation or a single IP address.
|
|
</summary>
|
|
<exception cref="T:System.FormatException">Thrown when the input is not recognised.</exception>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.TryParse(System.String,StellaOps.Auth.Abstractions.NetworkMask@)">
|
|
<summary>
|
|
Attempts to parse the supplied value as CIDR notation or a single IP address.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.Contains(System.Net.IPAddress)">
|
|
<summary>
|
|
Determines whether the provided address belongs to this network.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMask.ToString">
|
|
<inheritdoc />
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.NetworkMaskMatcher">
|
|
<summary>
|
|
Evaluates remote addresses against configured network masks.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.#ctor(System.Collections.Generic.IEnumerable{System.String})">
|
|
<summary>
|
|
Creates a matcher from raw CIDR strings.
|
|
</summary>
|
|
<param name="values">Sequence of CIDR entries or IP addresses.</param>
|
|
<exception cref="T:System.FormatException">Thrown when a value cannot be parsed.</exception>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.#ctor(System.Collections.Generic.IEnumerable{StellaOps.Auth.Abstractions.NetworkMask})">
|
|
<summary>
|
|
Creates a matcher from already parsed masks.
|
|
</summary>
|
|
<param name="masks">Sequence of network masks.</param>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.AllowAll">
|
|
<summary>
|
|
Gets a matcher that allows every address.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.DenyAll">
|
|
<summary>
|
|
Gets a matcher that denies every address (no masks configured).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.IsEmpty">
|
|
<summary>
|
|
Indicates whether this matcher has no masks configured and does not allow all.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.NetworkMaskMatcher.Masks">
|
|
<summary>
|
|
Returns the configured masks.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.NetworkMaskMatcher.IsAllowed(System.Net.IPAddress)">
|
|
<summary>
|
|
Checks whether the provided address matches any of the configured masks.
|
|
</summary>
|
|
<param name="address">Remote address to test.</param>
|
|
<returns><c>true</c> when the address is allowed.</returns>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults">
|
|
<summary>
|
|
Default authentication constants used by StellaOps resource servers and clients.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.AuthenticationScheme">
|
|
<summary>
|
|
Default authentication scheme for StellaOps bearer tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.AuthenticationType">
|
|
<summary>
|
|
Logical authentication type attached to <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsAuthenticationDefaults.PolicyPrefix">
|
|
<summary>
|
|
Policy prefix applied to named authorization policies.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsClaimTypes">
|
|
<summary>
|
|
Canonical claim type identifiers used across StellaOps services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Subject">
|
|
<summary>
|
|
Subject identifier claim (maps to <c>sub</c> in JWTs).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Tenant">
|
|
<summary>
|
|
StellaOps tenant identifier claim (multi-tenant deployments).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.ClientId">
|
|
<summary>
|
|
OAuth2/OIDC client identifier claim (maps to <c>client_id</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.TokenId">
|
|
<summary>
|
|
Unique token identifier claim (maps to <c>jti</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.AuthenticationMethod">
|
|
<summary>
|
|
Authentication method reference claim (<c>amr</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Scope">
|
|
<summary>
|
|
Space separated scope list (<c>scope</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.ScopeItem">
|
|
<summary>
|
|
Individual scope items (<c>scp</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.Audience">
|
|
<summary>
|
|
OAuth2 resource audiences (<c>aud</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.IdentityProvider">
|
|
<summary>
|
|
Identity provider hint for downstream services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsClaimTypes.SessionId">
|
|
<summary>
|
|
Session identifier claim (<c>sid</c>).
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder">
|
|
<summary>
|
|
Fluent helper used to construct <see cref="T:System.Security.Claims.ClaimsPrincipal"/> instances that follow StellaOps conventions.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithSubject(System.String)">
|
|
<summary>
|
|
Adds or replaces the canonical subject identifier.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithClientId(System.String)">
|
|
<summary>
|
|
Adds or replaces the canonical client identifier.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithTenant(System.String)">
|
|
<summary>
|
|
Adds or replaces the tenant identifier claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithName(System.String)">
|
|
<summary>
|
|
Adds or replaces the user display name claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithIdentityProvider(System.String)">
|
|
<summary>
|
|
Adds or replaces the identity provider claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithSessionId(System.String)">
|
|
<summary>
|
|
Adds or replaces the session identifier claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithTokenId(System.String)">
|
|
<summary>
|
|
Adds or replaces the token identifier claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAuthenticationMethod(System.String)">
|
|
<summary>
|
|
Adds or replaces the authentication method reference claim.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithNameClaimType(System.String)">
|
|
<summary>
|
|
Sets the name claim type appended when building the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithRoleClaimType(System.String)">
|
|
<summary>
|
|
Sets the role claim type appended when building the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAuthenticationType(System.String)">
|
|
<summary>
|
|
Sets the authentication type stamped on the <see cref="T:System.Security.Claims.ClaimsIdentity"/>.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithScopes(System.Collections.Generic.IEnumerable{System.String})">
|
|
<summary>
|
|
Registers the supplied scopes (normalised to lower-case, deduplicated, sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAudiences(System.Collections.Generic.IEnumerable{System.String})">
|
|
<summary>
|
|
Registers the supplied audiences (trimmed, deduplicated, sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithAudience(System.String)">
|
|
<summary>
|
|
Adds a single audience.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.AddClaim(System.String,System.String,System.String)">
|
|
<summary>
|
|
Adds an arbitrary claim (no deduplication is performed).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.AddClaims(System.Collections.Generic.IEnumerable{System.Security.Claims.Claim})">
|
|
<summary>
|
|
Adds multiple claims (incoming claims are cloned to enforce value trimming).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithIssuedAt(System.DateTimeOffset)">
|
|
<summary>
|
|
Adds an <c>iat</c> (issued at) claim using Unix time seconds.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithNotBefore(System.DateTimeOffset)">
|
|
<summary>
|
|
Adds an <c>nbf</c> (not before) claim using Unix time seconds.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.WithExpires(System.DateTimeOffset)">
|
|
<summary>
|
|
Adds an <c>exp</c> (expires) claim using Unix time seconds.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.NormalizedScopes">
|
|
<summary>
|
|
Returns the normalised scope list (deduplicated + sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.Audiences">
|
|
<summary>
|
|
Returns the normalised audience list (deduplicated + sorted).
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsPrincipalBuilder.Build">
|
|
<summary>
|
|
Builds the immutable <see cref="T:System.Security.Claims.ClaimsPrincipal"/> instance based on the registered data.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory">
|
|
<summary>
|
|
Factory helpers for returning RFC 7807 problem responses using StellaOps conventions.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.AuthenticationRequired(System.String,System.String)">
|
|
<summary>
|
|
Produces a 401 problem response indicating authentication is required.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.InvalidToken(System.String,System.String)">
|
|
<summary>
|
|
Produces a 401 problem response for invalid, expired, or revoked tokens.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.Forbidden(System.String,System.String)">
|
|
<summary>
|
|
Produces a 403 problem response when access is denied.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsProblemResultFactory.InsufficientScope(System.Collections.Generic.IReadOnlyCollection{System.String},System.Collections.Generic.IReadOnlyCollection{System.String},System.String)">
|
|
<summary>
|
|
Produces a 403 problem response for insufficient scopes.
|
|
</summary>
|
|
</member>
|
|
<member name="T:StellaOps.Auth.Abstractions.StellaOpsScopes">
|
|
<summary>
|
|
Canonical scope names supported by StellaOps services.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ConcelierJobsTrigger">
|
|
<summary>
|
|
Scope required to trigger Concelier jobs.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.ConcelierMerge">
|
|
<summary>
|
|
Scope required to manage Concelier merge operations.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityUsersManage">
|
|
<summary>
|
|
Scope granting administrative access to Authority user management.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityClientsManage">
|
|
<summary>
|
|
Scope granting administrative access to Authority client registrations.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AuthorityAuditRead">
|
|
<summary>
|
|
Scope granting read-only access to Authority audit logs.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.Bypass">
|
|
<summary>
|
|
Synthetic scope representing trusted network bypass.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryRead">
|
|
<summary>
|
|
Scope granting read-only access to raw advisory ingestion data.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AdvisoryIngest">
|
|
<summary>
|
|
Scope granting write access for raw advisory ingestion.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VexRead">
|
|
<summary>
|
|
Scope granting read-only access to raw VEX ingestion data.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.VexIngest">
|
|
<summary>
|
|
Scope granting write access for raw VEX ingestion.
|
|
</summary>
|
|
</member>
|
|
<member name="F:StellaOps.Auth.Abstractions.StellaOpsScopes.AocVerify">
|
|
<summary>
|
|
Scope granting permission to execute aggregation-only contract verification.
|
|
</summary>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsScopes.Normalize(System.String)">
|
|
<summary>
|
|
Normalises a scope string (trim/convert to lower case).
|
|
</summary>
|
|
<param name="scope">Scope raw value.</param>
|
|
<returns>Normalised scope or <c>null</c> when the input is blank.</returns>
|
|
</member>
|
|
<member name="M:StellaOps.Auth.Abstractions.StellaOpsScopes.IsKnown(System.String)">
|
|
<summary>
|
|
Checks whether the provided scope is registered as a built-in StellaOps scope.
|
|
</summary>
|
|
</member>
|
|
<member name="P:StellaOps.Auth.Abstractions.StellaOpsScopes.All">
|
|
<summary>
|
|
Returns the full set of built-in scopes.
|
|
</summary>
|
|
</member>
|
|
</members>
|
|
</doc>
|