stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
cf5b72974f923126944f4dcd47e85864ebb31a3b
git.stella-ops.org/docs/features/unchecked/authority/local-rbac-policy-fallback-with-break-glass-access.md

3.4 KiB
Raw Blame History

Local RBAC Policy Fallback with Break-Glass Access

Module

Authority

Status

IMPLEMENTED

Description

File-based RBAC policy store providing authorization fallback when the database is unavailable, with break-glass session management enabling emergency admin access with auditable time-limited sessions.

Implementation Details

  • File-Based Policy Store: src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/FileBasedPolicyStore.cs -- implements ILocalPolicyStore; reads RBAC policies from JSON files on disk; used as fallback when the Postgres policy store is unavailable.
  • Policy Store Interface: src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/ILocalPolicyStore.cs -- interface for local policy lookups (roles, permissions, scope bundles).
  • Policy Store Fallback: src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/PolicyStoreFallback.cs -- orchestrates fallback: attempts database-backed policy store first, falls back to FileBasedPolicyStore on failure.
  • Break-Glass Session Manager: src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/BreakGlassSessionManager.cs -- manages time-limited emergency admin sessions; creates auditable break-glass tokens with configurable TTL and scope restrictions.
  • Local Policy Models: src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/LocalPolicyModels.cs -- data models for roles, permissions, and break-glass session records.
  • Policy Store Options: src/Authority/StellaOps.Authority/StellaOps.Authority/LocalPolicy/LocalPolicyStoreOptions.cs -- configuration: policy file path, fallback enabled flag, break-glass TTL.
  • Role Repository (Postgres primary): src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Repositories/RoleRepository.cs (implements IRoleRepository) -- primary RBAC store in PostgreSQL.
  • Permission Repository: src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Repositories/PermissionRepository.cs (implements IPermissionRepository) -- permission grants in PostgreSQL.
  • Role Entity: src/Authority/__Libraries/StellaOps.Authority.Persistence/Postgres/Models/RoleEntity.cs -- database entity for roles.
  • Tests: src/Authority/StellaOps.Authority/StellaOps.Authority.Tests/LocalPolicy/FileBasedPolicyStoreTests.cs, FallbackPolicyStoreIntegrationTests.cs; src/Authority/__Tests/StellaOps.Authority.Persistence.Tests/RoleBasedAccessTests.cs, RoleRepositoryTests.cs, PermissionRepositoryTests.cs

E2E Test Plan

  • Configure FileBasedPolicyStore with a JSON policy file defining three roles (viewer, operator, admin) and verify each role's permissions are correctly loaded
  • Simulate database unavailability and verify PolicyStoreFallback switches to the file-based store and authorization continues to work
  • Restore the database and verify the fallback returns to the primary Postgres store
  • Initiate a break-glass session via BreakGlassSessionManager and verify a time-limited admin token is issued with audit metadata
  • Verify break-glass TTL: wait for the session to expire and verify the token is rejected
  • Verify break-glass audit: check that the session creation, actions during the session, and session expiry are all recorded in the audit log
  • Modify the local policy JSON file and verify the FileBasedPolicyStore reflects the changes without restart