stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
e2e404e705578c36a9d19a806405bd3051bc52ce
git.stella-ops.org/docs/airgap/bundle-repositories.md
master 79b8e53441
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add new features and tests for AirGap and Time modules 
- Introduced `SbomService` tasks documentation.
- Updated `StellaOps.sln` to include new projects: `StellaOps.AirGap.Time` and `StellaOps.AirGap.Importer`.
- Added unit tests for `BundleImportPlanner`, `DsseVerifier`, `ImportValidator`, and other components in the `StellaOps.AirGap.Importer.Tests` namespace.
- Implemented `InMemoryBundleRepositories` for testing bundle catalog and item repositories.
- Created `MerkleRootCalculator`, `RootRotationPolicy`, and `TufMetadataValidator` tests.
- Developed `StalenessCalculator` and `TimeAnchorLoader` tests in the `StellaOps.AirGap.Time.Tests` namespace.
- Added `fetch-sbomservice-deps.sh` script for offline dependency fetching.
2025-11-20 23:29:54 +02:00

1.8 KiB
Raw Blame History

Bundle Catalog & Items Repositories (prep for AIRGAP-IMP-57-001)

Scope

  • Deterministic storage for offline bundle metadata with tenant isolation (RLS) and stable ordering.
  • Ready for Mongo-backed implementation while providing in-memory deterministic reference behavior.

Schema (logical)

  • bundle_catalog:
    • tenant_id (string, PK part, RLS partition)
    • bundle_id (string, PK part)
    • digest (hex string)
    • imported_at_utc (datetime)
    • content_paths (array of strings, sorted ordinal)
  • bundle_items:
    • tenant_id (string, PK part, RLS partition)
    • bundle_id (string, PK part)
    • path (string, PK part)
    • digest (hex string)
    • size_bytes (long)

Implementation delivered (2025-11-20)

  • In-memory repositories enforcing tenant isolation and deterministic ordering:
    • InMemoryBundleCatalogRepository (upsert + list ordered by bundle_id).
    • InMemoryBundleItemRepository (bulk upsert + list ordered by path).
  • Models: BundleCatalogEntry, BundleItem.
  • Tests cover upsert overwrite semantics, tenant isolation, and deterministic ordering (tests/AirGap/StellaOps.AirGap.Importer.Tests/InMemoryBundleRepositoriesTests.cs).

Migration notes (for Mongo/SQL backends)

  • Create compound unique indexes on (tenant_id, bundle_id) for catalog; (tenant_id, bundle_id, path) for items.
  • Enforce RLS by always scoping queries to tenant_id and validating it at repository boundary (as done in in-memory reference impl).
  • Keep paths lowercased or use ordinal comparisons to avoid locale drift; sort before persistence to preserve determinism.

Next steps

  • Implement Mongo-backed repositories mirroring the deterministic behavior and indexes above.
  • Wire repositories into importer service/CLI once storage provider is selected.

Owners

  • AirGap Importer Guild.