1.5 KiB
1.5 KiB
Policy Version Binding to Reachability Slices (strict/forward/any)
Module
Scanner
Status
IMPLEMENTED
Description
Binds reachability slices to specific policy versions with three validation modes: strict (invalidate on any policy change), forward (valid with newer versions), and any (valid with any version). Production defaults to strict mode.
Implementation Details
- Policy Binding:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/PolicyBinding.cs-PolicyBindingbinds reachability slices to specific policy versions with three validation modes: strict (invalidate on any policy change), forward (valid with newer versions), and any (valid with any version)
- Slice Schema:
src/Scanner/__Libraries/StellaOps.Scanner.Reachability/Slices/SliceSchema.cs-SliceSchemaincludes policy version binding metadata in slice definitions
E2E Test Plan
- Create a reachability slice with strict policy binding and verify it is invalidated when the policy version changes
- Create a reachability slice with forward binding and verify it remains valid when the policy version is incremented
- Create a reachability slice with forward binding and verify it is invalidated when the policy version is rolled back
- Create a reachability slice with "any" binding and verify it remains valid regardless of policy version changes
- Verify production defaults to strict mode when no binding mode is explicitly specified
- Verify invalidated slices trigger re-computation of reachability analysis