generated from coulomb/repo-seed
Establish Railiance Fabric graph model
This commit is contained in:
20
fabric/README.md
Normal file
20
fabric/README.md
Normal file
@@ -0,0 +1,20 @@
|
||||
# Seed Declarations
|
||||
|
||||
These declarations are the first repo-local seed graph for Railiance Fabric.
|
||||
|
||||
They model current and planned Railiance ecosystem providers:
|
||||
|
||||
- OpenBao runtime secrets
|
||||
- NetKingdom IAM Profile contract
|
||||
- key-cape IAM Profile implementation
|
||||
- flex-auth authorization decisions
|
||||
- Topaz delegated PDP runtime
|
||||
- CloudNativePG PostgreSQL
|
||||
- Valkey Redis-compatible cache
|
||||
- artifact-store object storage and credential vending
|
||||
- State Hub coordination read model
|
||||
- repo-scoping scope generation
|
||||
|
||||
The files are intentionally small. They are seed data for graph loading,
|
||||
validation, and State Hub export work, not a claim that every upstream repo has
|
||||
already adopted Fabric declarations as source of truth.
|
||||
16
fabric/bindings/artifact-store-runtime-secrets-openbao.yaml
Normal file
16
fabric/bindings/artifact-store-runtime-secrets-openbao.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: BindingAssertion
|
||||
metadata:
|
||||
id: artifact-store.object-storage.runtime-secrets-to-openbao
|
||||
name: artifact-store runtime secrets binding
|
||||
owner: artifact-store
|
||||
repo: artifact-store
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: planned
|
||||
environments: [dev, staging, prod]
|
||||
dependency_id: artifact-store.object-storage.needs-runtime-secrets
|
||||
provider_capability_id: railiance-platform.openbao.runtime-secrets
|
||||
provider_interface_id: railiance-platform.openbao.kv-v2
|
||||
status: compatible
|
||||
rationale: Planned object-storage credential vending should use OpenBao for protected runtime secrets.
|
||||
16
fabric/bindings/flex-auth-iam-profile-key-cape.yaml
Normal file
16
fabric/bindings/flex-auth-iam-profile-key-cape.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: BindingAssertion
|
||||
metadata:
|
||||
id: flex-auth.api.iam-profile-to-key-cape
|
||||
name: flex-auth IAM Profile binding
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
dependency_id: flex-auth.api.needs-iam-profile
|
||||
provider_capability_id: key-cape.iam-profile.issuer
|
||||
provider_interface_id: key-cape.iam-profile.oidc-discovery
|
||||
status: compatible
|
||||
rationale: key-cape is the lightweight IAM Profile implementation for Railiance workloads.
|
||||
16
fabric/bindings/flex-auth-runtime-secrets-openbao.yaml
Normal file
16
fabric/bindings/flex-auth-runtime-secrets-openbao.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: BindingAssertion
|
||||
metadata:
|
||||
id: flex-auth.api.runtime-secrets-to-openbao
|
||||
name: flex-auth runtime secrets binding
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
dependency_id: flex-auth.api.needs-runtime-secrets
|
||||
provider_capability_id: railiance-platform.openbao.runtime-secrets
|
||||
provider_interface_id: railiance-platform.openbao.kv-v2
|
||||
status: exact
|
||||
rationale: flex-auth uses OpenBao KV v2 as the runtime secrets provider.
|
||||
16
fabric/bindings/flex-auth-topaz-runtime.yaml
Normal file
16
fabric/bindings/flex-auth-topaz-runtime.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: BindingAssertion
|
||||
metadata:
|
||||
id: flex-auth.api.topaz-runtime-binding
|
||||
name: flex-auth Topaz runtime binding
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
dependency_id: flex-auth.api.needs-topaz-runtime
|
||||
provider_capability_id: flex-auth.topaz.authorization-runtime
|
||||
provider_interface_id: flex-auth.topaz.http-api
|
||||
status: exact
|
||||
rationale: flex-auth delegates PDP execution to its Topaz runtime.
|
||||
16
fabric/bindings/state-hub-postgresql-cnpg.yaml
Normal file
16
fabric/bindings/state-hub-postgresql-cnpg.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: BindingAssertion
|
||||
metadata:
|
||||
id: the-custodian.state-hub.postgresql-to-cnpg
|
||||
name: State Hub PostgreSQL binding
|
||||
owner: the-custodian
|
||||
repo: the-custodian
|
||||
domain: custodian
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
dependency_id: the-custodian.state-hub.needs-postgresql
|
||||
provider_capability_id: railiance-platform.cnpg.postgresql
|
||||
provider_interface_id: railiance-platform.cnpg.database-connection
|
||||
status: compatible
|
||||
rationale: State Hub persists coordination data in PostgreSQL, with CNPG as the Railiance database provider.
|
||||
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: artifact-store.object-storage.credentials
|
||||
name: Object-storage credential vending
|
||||
owner: artifact-store
|
||||
repo: artifact-store
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: planned
|
||||
environments: [dev, staging, prod]
|
||||
description: Planned scoped credential vending for object-storage access.
|
||||
capability_type: object-storage-credential-vending
|
||||
service_id: artifact-store.storage-service
|
||||
interface_ids:
|
||||
- artifact-store.object-storage.sts
|
||||
criticality: high
|
||||
data_classification: secret
|
||||
18
fabric/capabilities/artifact-store-object-storage.yaml
Normal file
18
fabric/capabilities/artifact-store-object-storage.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: artifact-store.object-storage
|
||||
name: Object storage
|
||||
owner: artifact-store
|
||||
repo: artifact-store
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: planned
|
||||
environments: [dev, staging, prod]
|
||||
description: Planned object storage for artifacts and workload data.
|
||||
capability_type: object-storage
|
||||
service_id: artifact-store.storage-service
|
||||
interface_ids:
|
||||
- artifact-store.object-storage.bucket
|
||||
criticality: high
|
||||
data_classification: confidential
|
||||
@@ -0,0 +1,19 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: flex-auth.api.authorization-decisions
|
||||
name: flex-auth authorization decisions
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Evaluates Railiance authorization requests and returns decision envelopes.
|
||||
capability_type: authorization-decision-service
|
||||
service_id: flex-auth.api
|
||||
interface_ids:
|
||||
- flex-auth.api.http-api
|
||||
- flex-auth.api.policy-package
|
||||
criticality: critical
|
||||
data_classification: restricted
|
||||
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: flex-auth.topaz.authorization-runtime
|
||||
name: Topaz authorization runtime
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Delegated PDP runtime used for authorization policy evaluation.
|
||||
capability_type: authorization-decision-service
|
||||
service_id: flex-auth.topaz
|
||||
interface_ids:
|
||||
- flex-auth.topaz.http-api
|
||||
criticality: critical
|
||||
data_classification: restricted
|
||||
19
fabric/capabilities/key-cape-iam-profile-issuer.yaml
Normal file
19
fabric/capabilities/key-cape-iam-profile-issuer.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: key-cape.iam-profile.issuer
|
||||
name: key-cape IAM Profile issuer
|
||||
owner: key-cape
|
||||
repo: key-cape
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Implements IAM Profile claim serving for Railiance workloads.
|
||||
capability_type: iam-profile-issuer
|
||||
service_id: key-cape.iam-profile
|
||||
interface_ids:
|
||||
- key-cape.iam-profile.http-api
|
||||
- key-cape.iam-profile.oidc-discovery
|
||||
criticality: critical
|
||||
data_classification: restricted
|
||||
18
fabric/capabilities/net-kingdom-iam-profile-issuer.yaml
Normal file
18
fabric/capabilities/net-kingdom-iam-profile-issuer.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: net-kingdom.iam-profile.issuer
|
||||
name: NetKingdom IAM Profile issuer
|
||||
owner: net-kingdom
|
||||
repo: net-kingdom
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: Defines the IAM Profile identity claims contract for Railiance.
|
||||
capability_type: iam-profile-issuer
|
||||
service_id: net-kingdom.iam-profile
|
||||
interface_ids:
|
||||
- net-kingdom.iam-profile.oidc-discovery
|
||||
criticality: critical
|
||||
data_classification: restricted
|
||||
18
fabric/capabilities/railiance-platform-cnpg-postgresql.yaml
Normal file
18
fabric/capabilities/railiance-platform-cnpg-postgresql.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.cnpg.postgresql
|
||||
name: CloudNativePG PostgreSQL
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Provides PostgreSQL databases and connection endpoints.
|
||||
capability_type: postgresql-database-service
|
||||
service_id: railiance-platform.cnpg
|
||||
interface_ids:
|
||||
- railiance-platform.cnpg.database-connection
|
||||
criticality: high
|
||||
data_classification: confidential
|
||||
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.openbao.runtime-secrets
|
||||
name: Runtime secrets
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Stores and serves workload runtime secrets through OpenBao.
|
||||
capability_type: runtime-secrets
|
||||
service_id: railiance-platform.openbao
|
||||
interface_ids:
|
||||
- railiance-platform.openbao.kv-v2
|
||||
criticality: critical
|
||||
data_classification: secret
|
||||
18
fabric/capabilities/railiance-platform-valkey-cache.yaml
Normal file
18
fabric/capabilities/railiance-platform-valkey-cache.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.valkey.cache
|
||||
name: Valkey cache
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Provides Redis-compatible cache storage.
|
||||
capability_type: redis-compatible-cache
|
||||
service_id: railiance-platform.valkey
|
||||
interface_ids:
|
||||
- railiance-platform.valkey.database-connection
|
||||
criticality: medium
|
||||
data_classification: internal
|
||||
18
fabric/capabilities/repo-scoping-scope-generation.yaml
Normal file
18
fabric/capabilities/repo-scoping-scope-generation.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: repo-scoping.scope-generation
|
||||
name: Repo scope generation
|
||||
owner: repo-scoping
|
||||
repo: repo-scoping
|
||||
domain: custodian
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: Generates repo scope, boundary, and usefulness descriptions.
|
||||
capability_type: scope-generation
|
||||
service_id: repo-scoping.scope-generator
|
||||
interface_ids:
|
||||
- repo-scoping.scope-generator.cli
|
||||
criticality: medium
|
||||
data_classification: internal
|
||||
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: CapabilityDeclaration
|
||||
metadata:
|
||||
id: the-custodian.state-hub.coordination
|
||||
name: State Hub coordination read model
|
||||
owner: the-custodian
|
||||
repo: the-custodian
|
||||
domain: custodian
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: Exposes repo, workstream, task, decision, and progress state for coordination.
|
||||
capability_type: coordination-read-model
|
||||
service_id: the-custodian.state-hub
|
||||
interface_ids:
|
||||
- the-custodian.state-hub.http-api
|
||||
criticality: high
|
||||
data_classification: internal
|
||||
@@ -0,0 +1,24 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: DependencyDeclaration
|
||||
metadata:
|
||||
id: artifact-store.object-storage.needs-runtime-secrets
|
||||
name: artifact-store runtime secrets dependency
|
||||
owner: artifact-store
|
||||
repo: artifact-store
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: planned
|
||||
environments: [dev, staging, prod]
|
||||
consumer_service_id: artifact-store.storage-service
|
||||
requires:
|
||||
capability_type: runtime-secrets
|
||||
interface:
|
||||
type: openbao-kv-v2-mount
|
||||
version_constraint: ">=v1 <v2"
|
||||
auth:
|
||||
method: kubernetes_service_account
|
||||
criticality: high
|
||||
data_classification: secret
|
||||
fallback:
|
||||
mode: none
|
||||
description: Credential vending needs a protected source for signing and backend secrets.
|
||||
27
fabric/dependencies/flex-auth-api-iam-profile.yaml
Normal file
27
fabric/dependencies/flex-auth-api-iam-profile.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: DependencyDeclaration
|
||||
metadata:
|
||||
id: flex-auth.api.needs-iam-profile
|
||||
name: flex-auth IAM Profile dependency
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
source_links:
|
||||
- label: Seed dependency declaration
|
||||
path: fabric/README.md
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
consumer_service_id: flex-auth.api
|
||||
requires:
|
||||
capability_type: iam-profile-issuer
|
||||
interface:
|
||||
type: oidc-discovery
|
||||
version_constraint: ">=v1 <v2"
|
||||
auth:
|
||||
method: none
|
||||
criticality: critical
|
||||
data_classification: restricted
|
||||
fallback:
|
||||
mode: none
|
||||
description: Authorization decisions require trusted IAM Profile claims.
|
||||
28
fabric/dependencies/flex-auth-api-runtime-secrets.yaml
Normal file
28
fabric/dependencies/flex-auth-api-runtime-secrets.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: DependencyDeclaration
|
||||
metadata:
|
||||
id: flex-auth.api.needs-runtime-secrets
|
||||
name: flex-auth runtime secrets dependency
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
source_links:
|
||||
- label: Seed dependency declaration
|
||||
path: fabric/README.md
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
consumer_service_id: flex-auth.api
|
||||
requires:
|
||||
capability_type: runtime-secrets
|
||||
interface:
|
||||
type: openbao-kv-v2-mount
|
||||
version_constraint: ">=v1 <v2"
|
||||
auth:
|
||||
method: kubernetes_service_account
|
||||
audience: openbao
|
||||
criticality: critical
|
||||
data_classification: secret
|
||||
fallback:
|
||||
mode: none
|
||||
description: flex-auth cannot start without runtime secrets.
|
||||
28
fabric/dependencies/flex-auth-api-topaz-runtime.yaml
Normal file
28
fabric/dependencies/flex-auth-api-topaz-runtime.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: DependencyDeclaration
|
||||
metadata:
|
||||
id: flex-auth.api.needs-topaz-runtime
|
||||
name: flex-auth Topaz runtime dependency
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
source_links:
|
||||
- label: Seed dependency declaration
|
||||
path: fabric/README.md
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
consumer_service_id: flex-auth.api
|
||||
requires:
|
||||
capability_type: authorization-decision-service
|
||||
capability_id: flex-auth.topaz.authorization-runtime
|
||||
interface:
|
||||
type: http-api
|
||||
version_constraint: ">=v1 <v2"
|
||||
auth:
|
||||
method: oidc
|
||||
criticality: high
|
||||
data_classification: restricted
|
||||
fallback:
|
||||
mode: degraded
|
||||
description: flex-auth can fall back to limited local policy checks only for non-critical paths.
|
||||
28
fabric/dependencies/the-custodian-state-hub-postgresql.yaml
Normal file
28
fabric/dependencies/the-custodian-state-hub-postgresql.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: DependencyDeclaration
|
||||
metadata:
|
||||
id: the-custodian.state-hub.needs-postgresql
|
||||
name: State Hub PostgreSQL dependency
|
||||
owner: the-custodian
|
||||
repo: the-custodian
|
||||
domain: custodian
|
||||
source_links:
|
||||
- label: Seed dependency declaration
|
||||
path: fabric/README.md
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
consumer_service_id: the-custodian.state-hub
|
||||
requires:
|
||||
capability_type: postgresql-database-service
|
||||
capability_id: railiance-platform.cnpg.postgresql
|
||||
interface:
|
||||
type: database-connection
|
||||
version_constraint: ">=16 <17"
|
||||
auth:
|
||||
method: database_role
|
||||
criticality: critical
|
||||
data_classification: confidential
|
||||
fallback:
|
||||
mode: none
|
||||
description: State Hub cannot persist coordination state without PostgreSQL.
|
||||
20
fabric/interfaces/artifact-store-object-storage-bucket.yaml
Normal file
20
fabric/interfaces/artifact-store-object-storage-bucket.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: artifact-store.object-storage.bucket
|
||||
name: artifact-store object bucket
|
||||
owner: artifact-store
|
||||
repo: artifact-store
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: planned
|
||||
environments: [dev, staging, prod]
|
||||
description: Bucket and object layout contract for artifact storage.
|
||||
interface_type: object-storage-bucket
|
||||
version: v1
|
||||
service_id: artifact-store.storage-service
|
||||
capability_ids:
|
||||
- artifact-store.object-storage
|
||||
auth:
|
||||
method: sts_token
|
||||
data_classification: confidential
|
||||
20
fabric/interfaces/artifact-store-object-storage-sts.yaml
Normal file
20
fabric/interfaces/artifact-store-object-storage-sts.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: artifact-store.object-storage.sts
|
||||
name: artifact-store STS credential endpoint
|
||||
owner: artifact-store
|
||||
repo: artifact-store
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: planned
|
||||
environments: [dev, staging, prod]
|
||||
description: Temporary scoped credential vending interface for object storage.
|
||||
interface_type: sts-token
|
||||
version: v1
|
||||
service_id: artifact-store.storage-service
|
||||
capability_ids:
|
||||
- artifact-store.object-storage.credentials
|
||||
auth:
|
||||
method: oidc
|
||||
data_classification: secret
|
||||
20
fabric/interfaces/flex-auth-api-http-api.yaml
Normal file
20
fabric/interfaces/flex-auth-api-http-api.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: flex-auth.api.http-api
|
||||
name: flex-auth decision HTTP API
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: HTTP API for authorization decision requests.
|
||||
interface_type: http-api
|
||||
version: v1
|
||||
service_id: flex-auth.api
|
||||
capability_ids:
|
||||
- flex-auth.api.authorization-decisions
|
||||
auth:
|
||||
method: oidc
|
||||
data_classification: restricted
|
||||
20
fabric/interfaces/flex-auth-api-policy-package.yaml
Normal file
20
fabric/interfaces/flex-auth-api-policy-package.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: flex-auth.api.policy-package
|
||||
name: flex-auth policy package
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Versioned authorization policy package consumed by PDP runtimes.
|
||||
interface_type: policy-package
|
||||
version: v1
|
||||
service_id: flex-auth.api
|
||||
capability_ids:
|
||||
- flex-auth.api.authorization-decisions
|
||||
auth:
|
||||
method: oidc
|
||||
data_classification: restricted
|
||||
20
fabric/interfaces/flex-auth-topaz-http-api.yaml
Normal file
20
fabric/interfaces/flex-auth-topaz-http-api.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: flex-auth.topaz.http-api
|
||||
name: Topaz decision HTTP API
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: HTTP interface for delegated Topaz authorization decisions.
|
||||
interface_type: http-api
|
||||
version: v1
|
||||
service_id: flex-auth.topaz
|
||||
capability_ids:
|
||||
- flex-auth.topaz.authorization-runtime
|
||||
auth:
|
||||
method: oidc
|
||||
data_classification: restricted
|
||||
20
fabric/interfaces/key-cape-iam-profile-http-api.yaml
Normal file
20
fabric/interfaces/key-cape-iam-profile-http-api.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: key-cape.iam-profile.http-api
|
||||
name: key-cape IAM Profile HTTP API
|
||||
owner: key-cape
|
||||
repo: key-cape
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: HTTP API for IAM Profile lookup and claim serving.
|
||||
interface_type: http-api
|
||||
version: v1
|
||||
service_id: key-cape.iam-profile
|
||||
capability_ids:
|
||||
- key-cape.iam-profile.issuer
|
||||
auth:
|
||||
method: oidc
|
||||
data_classification: restricted
|
||||
20
fabric/interfaces/key-cape-iam-profile-oidc-discovery.yaml
Normal file
20
fabric/interfaces/key-cape-iam-profile-oidc-discovery.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: key-cape.iam-profile.oidc-discovery
|
||||
name: key-cape OIDC discovery
|
||||
owner: key-cape
|
||||
repo: key-cape
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: OIDC discovery metadata for IAM Profile claims.
|
||||
interface_type: oidc-discovery
|
||||
version: v1
|
||||
service_id: key-cape.iam-profile
|
||||
capability_ids:
|
||||
- key-cape.iam-profile.issuer
|
||||
auth:
|
||||
method: none
|
||||
data_classification: public
|
||||
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: net-kingdom.iam-profile.oidc-discovery
|
||||
name: NetKingdom IAM Profile discovery
|
||||
owner: net-kingdom
|
||||
repo: net-kingdom
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: OIDC discovery contract for IAM Profile identity architecture.
|
||||
interface_type: oidc-discovery
|
||||
version: v1
|
||||
service_id: net-kingdom.iam-profile
|
||||
capability_ids:
|
||||
- net-kingdom.iam-profile.issuer
|
||||
auth:
|
||||
method: none
|
||||
data_classification: public
|
||||
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.cnpg.database-connection
|
||||
name: CloudNativePG database connection
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: PostgreSQL network endpoint and credential contract.
|
||||
interface_type: database-connection
|
||||
version: "16"
|
||||
service_id: railiance-platform.cnpg
|
||||
capability_ids:
|
||||
- railiance-platform.cnpg.postgresql
|
||||
auth:
|
||||
method: database_role
|
||||
data_classification: confidential
|
||||
@@ -0,0 +1,21 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.openbao.database-roles
|
||||
name: OpenBao database dynamic credential roles
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Dynamic credential role interface for database access.
|
||||
interface_type: openbao-dynamic-credential-role
|
||||
version: v1
|
||||
service_id: railiance-platform.openbao
|
||||
endpoint:
|
||||
path: database/creds
|
||||
auth:
|
||||
method: kubernetes_service_account
|
||||
audience: openbao
|
||||
data_classification: secret
|
||||
23
fabric/interfaces/railiance-platform-openbao-kv-v2.yaml
Normal file
23
fabric/interfaces/railiance-platform-openbao-kv-v2.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.openbao.kv-v2
|
||||
name: OpenBao KV v2 mount
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: KV v2 secret mount for approved Railiance workload secrets.
|
||||
interface_type: openbao-kv-v2-mount
|
||||
version: v1
|
||||
service_id: railiance-platform.openbao
|
||||
capability_ids:
|
||||
- railiance-platform.openbao.runtime-secrets
|
||||
endpoint:
|
||||
path: secret/data/railiance
|
||||
auth:
|
||||
method: kubernetes_service_account
|
||||
audience: openbao
|
||||
data_classification: secret
|
||||
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.valkey.database-connection
|
||||
name: Valkey Redis-compatible connection
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Redis protocol compatible cache endpoint and credential contract.
|
||||
interface_type: database-connection
|
||||
version: v1
|
||||
service_id: railiance-platform.valkey
|
||||
capability_ids:
|
||||
- railiance-platform.valkey.cache
|
||||
auth:
|
||||
method: static_secret
|
||||
data_classification: internal
|
||||
20
fabric/interfaces/repo-scoping-scope-generator-cli.yaml
Normal file
20
fabric/interfaces/repo-scoping-scope-generator-cli.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: repo-scoping.scope-generator.cli
|
||||
name: repo-scoping CLI
|
||||
owner: repo-scoping
|
||||
repo: repo-scoping
|
||||
domain: custodian
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: CLI interface for producing scope descriptions.
|
||||
interface_type: cli
|
||||
version: v1
|
||||
service_id: repo-scoping.scope-generator
|
||||
capability_ids:
|
||||
- repo-scoping.scope-generation
|
||||
auth:
|
||||
method: none
|
||||
data_classification: internal
|
||||
20
fabric/interfaces/the-custodian-state-hub-http-api.yaml
Normal file
20
fabric/interfaces/the-custodian-state-hub-http-api.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: InterfaceDeclaration
|
||||
metadata:
|
||||
id: the-custodian.state-hub.http-api
|
||||
name: State Hub HTTP API
|
||||
owner: the-custodian
|
||||
repo: the-custodian
|
||||
domain: custodian
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: HTTP API for coordination state and progress tracking.
|
||||
interface_type: http-api
|
||||
version: v1
|
||||
service_id: the-custodian.state-hub
|
||||
capability_ids:
|
||||
- the-custodian.state-hub.coordination
|
||||
auth:
|
||||
method: none
|
||||
data_classification: internal
|
||||
19
fabric/services/artifact-store-object-storage.yaml
Normal file
19
fabric/services/artifact-store-object-storage.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: artifact-store.storage-service
|
||||
name: artifact-store object storage
|
||||
owner: artifact-store
|
||||
repo: artifact-store
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: planned
|
||||
environments: [dev, staging, prod]
|
||||
description: Planned object storage and scoped credential vending service.
|
||||
service_type: storage-service
|
||||
provides_capabilities:
|
||||
- artifact-store.object-storage
|
||||
- artifact-store.object-storage.credentials
|
||||
exposes_interfaces:
|
||||
- artifact-store.object-storage.bucket
|
||||
- artifact-store.object-storage.sts
|
||||
18
fabric/services/flex-auth-api.yaml
Normal file
18
fabric/services/flex-auth-api.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: flex-auth.api
|
||||
name: flex-auth API
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Authorization policy and decision control plane.
|
||||
service_type: authorization-service
|
||||
provides_capabilities:
|
||||
- flex-auth.api.authorization-decisions
|
||||
exposes_interfaces:
|
||||
- flex-auth.api.http-api
|
||||
- flex-auth.api.policy-package
|
||||
17
fabric/services/flex-auth-topaz.yaml
Normal file
17
fabric/services/flex-auth-topaz.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: flex-auth.topaz
|
||||
name: Topaz delegated PDP
|
||||
owner: flex-auth
|
||||
repo: flex-auth
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Delegated policy decision runtime used by flex-auth.
|
||||
service_type: authorization-runtime
|
||||
provides_capabilities:
|
||||
- flex-auth.topaz.authorization-runtime
|
||||
exposes_interfaces:
|
||||
- flex-auth.topaz.http-api
|
||||
18
fabric/services/key-cape-iam-profile.yaml
Normal file
18
fabric/services/key-cape-iam-profile.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: key-cape.iam-profile
|
||||
name: key-cape IAM Profile API
|
||||
owner: key-cape
|
||||
repo: key-cape
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Lightweight IAM Profile implementation for Railiance workloads.
|
||||
service_type: identity-service
|
||||
provides_capabilities:
|
||||
- key-cape.iam-profile.issuer
|
||||
exposes_interfaces:
|
||||
- key-cape.iam-profile.http-api
|
||||
- key-cape.iam-profile.oidc-discovery
|
||||
17
fabric/services/net-kingdom-iam-profile.yaml
Normal file
17
fabric/services/net-kingdom-iam-profile.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: net-kingdom.iam-profile
|
||||
name: NetKingdom IAM Profile
|
||||
owner: net-kingdom
|
||||
repo: net-kingdom
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: Identity and security architecture contract for IAM Profile claims.
|
||||
service_type: identity-contract
|
||||
provides_capabilities:
|
||||
- net-kingdom.iam-profile.issuer
|
||||
exposes_interfaces:
|
||||
- net-kingdom.iam-profile.oidc-discovery
|
||||
17
fabric/services/railiance-platform-cnpg.yaml
Normal file
17
fabric/services/railiance-platform-cnpg.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.cnpg
|
||||
name: CloudNativePG
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: PostgreSQL database service for Railiance platform and app workloads.
|
||||
service_type: database-service
|
||||
provides_capabilities:
|
||||
- railiance-platform.cnpg.postgresql
|
||||
exposes_interfaces:
|
||||
- railiance-platform.cnpg.database-connection
|
||||
18
fabric/services/railiance-platform-openbao.yaml
Normal file
18
fabric/services/railiance-platform-openbao.yaml
Normal file
@@ -0,0 +1,18 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.openbao
|
||||
name: OpenBao
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: OpenBao service used by Railiance workloads for runtime secrets.
|
||||
service_type: platform-service
|
||||
provides_capabilities:
|
||||
- railiance-platform.openbao.runtime-secrets
|
||||
exposes_interfaces:
|
||||
- railiance-platform.openbao.kv-v2
|
||||
- railiance-platform.openbao.database-roles
|
||||
17
fabric/services/railiance-platform-valkey.yaml
Normal file
17
fabric/services/railiance-platform-valkey.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: railiance-platform.valkey
|
||||
name: Valkey
|
||||
owner: railiance-platform
|
||||
repo: railiance-platform
|
||||
domain: railiance
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [dev, staging, prod]
|
||||
description: Redis-compatible cache for Railiance workloads.
|
||||
service_type: cache-service
|
||||
provides_capabilities:
|
||||
- railiance-platform.valkey.cache
|
||||
exposes_interfaces:
|
||||
- railiance-platform.valkey.database-connection
|
||||
17
fabric/services/repo-scoping-scope-generator.yaml
Normal file
17
fabric/services/repo-scoping-scope-generator.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: repo-scoping.scope-generator
|
||||
name: repo-scoping scope generator
|
||||
owner: repo-scoping
|
||||
repo: repo-scoping
|
||||
domain: custodian
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: Generates repo scope and usefulness descriptions for humans and agents.
|
||||
service_type: planning-tool
|
||||
provides_capabilities:
|
||||
- repo-scoping.scope-generation
|
||||
exposes_interfaces:
|
||||
- repo-scoping.scope-generator.cli
|
||||
17
fabric/services/the-custodian-state-hub.yaml
Normal file
17
fabric/services/the-custodian-state-hub.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
apiVersion: railiance.fabric/v1alpha1
|
||||
kind: ServiceDeclaration
|
||||
metadata:
|
||||
id: the-custodian.state-hub
|
||||
name: State Hub
|
||||
owner: the-custodian
|
||||
repo: the-custodian
|
||||
domain: custodian
|
||||
spec:
|
||||
lifecycle: active
|
||||
environments: [all]
|
||||
description: Coordination read model for repos, workstreams, tasks, decisions, and progress.
|
||||
service_type: coordination-service
|
||||
provides_capabilities:
|
||||
- the-custodian.state-hub.coordination
|
||||
exposes_interfaces:
|
||||
- the-custodian.state-hub.http-api
|
||||
Reference in New Issue
Block a user