jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/docs/book/platform/control-center.html
Jesús Pérez 6a59d34bb1
chore: update provisioning configuration and documentation 
Update configuration files, templates, and internal documentation
for the provisioning repository system.

Configuration Updates:
- KMS configuration modernization
- Plugin system settings
- Service port mappings
- Test cluster topologies
- Installation configuration examples
- VM configuration defaults
- Cedar authorization policies

Documentation Updates:
- Library module documentation
- Extension API guides
- AI system documentation
- Service management guides
- Test environment setup
- Plugin usage guides
- Validator configuration documentation

All changes are backward compatible.
2025-12-11 21:50:42 +00:00

495 lines
22 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Control Center - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/platform/control-center.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="control-center---cedar-policy-engine"><a class="header" href="#control-center---cedar-policy-engine">Control Center - Cedar Policy Engine</a></h1>
<p>A comprehensive Cedar policy engine implementation with advanced security features, compliance checking, and anomaly detection.</p>
<blockquote>
<p><strong>Source</strong>: <code>provisioning/platform/control-center/</code></p>
</blockquote>
<h2 id="key-features"><a class="header" href="#key-features">Key Features</a></h2>
<h3 id="cedar-policy-engine"><a class="header" href="#cedar-policy-engine">Cedar Policy Engine</a></h3>
<ul>
<li><strong>Policy Evaluation</strong>: High-performance policy evaluation with context injection</li>
<li><strong>Versioning</strong>: Complete policy versioning with rollback capabilities</li>
<li><strong>Templates</strong>: Configuration-driven policy templates with variable substitution</li>
<li><strong>Validation</strong>: Comprehensive policy validation with syntax and semantic checking</li>
</ul>
<h3 id="security--authentication"><a class="header" href="#security--authentication">Security &amp; Authentication</a></h3>
<ul>
<li><strong>JWT Authentication</strong>: Secure token-based authentication</li>
<li><strong>Multi-Factor Authentication</strong>: MFA support for sensitive operations</li>
<li><strong>Role-Based Access Control</strong>: Flexible RBAC with policy integration</li>
<li><strong>Session Management</strong>: Secure session handling with timeouts</li>
</ul>
<h3 id="compliance-framework"><a class="header" href="#compliance-framework">Compliance Framework</a></h3>
<ul>
<li><strong>SOC2 Type II</strong>: Complete SOC2 compliance validation</li>
<li><strong>HIPAA</strong>: Healthcare data protection compliance</li>
<li><strong>Audit Trail</strong>: Comprehensive audit logging and reporting</li>
<li><strong>Impact Analysis</strong>: Policy change impact assessment</li>
</ul>
<h3 id="anomaly-detection"><a class="header" href="#anomaly-detection">Anomaly Detection</a></h3>
<ul>
<li><strong>Statistical Analysis</strong>: Multiple statistical methods (Z-Score, IQR, Isolation Forest)</li>
<li><strong>Real-time Detection</strong>: Continuous monitoring of policy evaluations</li>
<li><strong>Alert Management</strong>: Configurable alerting through multiple channels</li>
<li><strong>Baseline Learning</strong>: Adaptive baseline calculation for improved accuracy</li>
</ul>
<h3 id="storage--persistence"><a class="header" href="#storage--persistence">Storage &amp; Persistence</a></h3>
<ul>
<li><strong>SurrealDB Integration</strong>: High-performance graph database backend</li>
<li><strong>Policy Storage</strong>: Versioned policy storage with metadata</li>
<li><strong>Metrics Storage</strong>: Policy evaluation metrics and analytics</li>
<li><strong>Compliance Records</strong>: Complete compliance audit trails</li>
</ul>
<h2 id="quick-start"><a class="header" href="#quick-start">Quick Start</a></h2>
<h3 id="installation"><a class="header" href="#installation">Installation</a></h3>
<pre><code class="language-bash">cd provisioning/platform/control-center
cargo build --release
</code></pre>
<h3 id="configuration"><a class="header" href="#configuration">Configuration</a></h3>
<p>Copy and edit the configuration:</p>
<pre><code class="language-bash">cp config.toml.example config.toml
</code></pre>
<p>Configuration example:</p>
<pre><code class="language-toml">[database]
url = "surreal://localhost:8000"
username = "root"
password = "your-password"
[auth]
jwt_secret = "your-super-secret-key"
require_mfa = true
[compliance.soc2]
enabled = true
[anomaly]
enabled = true
detection_threshold = 2.5
</code></pre>
<h3 id="start-server"><a class="header" href="#start-server">Start Server</a></h3>
<pre><code class="language-bash">./target/release/control-center server --port 8080
</code></pre>
<h3 id="test-policy-evaluation"><a class="header" href="#test-policy-evaluation">Test Policy Evaluation</a></h3>
<pre><code class="language-bash">curl -X POST http://localhost:8080/policies/evaluate \
-H "Content-Type: application/json" \
-d '{
"principal": {"id": "user123", "roles": ["Developer"]},
"action": {"id": "access"},
"resource": {"id": "sensitive-db", "classification": "confidential"},
"context": {"mfa_enabled": true, "location": "US"}
}'
</code></pre>
<h2 id="policy-examples"><a class="header" href="#policy-examples">Policy Examples</a></h2>
<h3 id="multi-factor-authentication-policy"><a class="header" href="#multi-factor-authentication-policy">Multi-Factor Authentication Policy</a></h3>
<pre><code class="language-cedar">permit(
principal,
action == Action::"access",
resource
) when {
resource has classification &amp;&amp;
resource.classification in ["sensitive", "confidential"] &amp;&amp;
principal has mfa_enabled &amp;&amp;
principal.mfa_enabled == true
};
</code></pre>
<h3 id="production-approval-policy"><a class="header" href="#production-approval-policy">Production Approval Policy</a></h3>
<pre><code class="language-cedar">permit(
principal,
action in [Action::"deploy", Action::"modify", Action::"delete"],
resource
) when {
resource has environment &amp;&amp;
resource.environment == "production" &amp;&amp;
principal has approval &amp;&amp;
principal.approval.approved_by in ["ProductionAdmin", "SRE"]
};
</code></pre>
<h3 id="geographic-restrictions"><a class="header" href="#geographic-restrictions">Geographic Restrictions</a></h3>
<pre><code class="language-cedar">permit(
principal,
action,
resource
) when {
context has geo &amp;&amp;
context.geo has country &amp;&amp;
context.geo.country in ["US", "CA", "GB", "DE"]
};
</code></pre>
<h2 id="cli-commands"><a class="header" href="#cli-commands">CLI Commands</a></h2>
<h3 id="policy-management"><a class="header" href="#policy-management">Policy Management</a></h3>
<pre><code class="language-bash"># Validate policies
control-center policy validate policies/
# Test policy with test data
control-center policy test policies/mfa.cedar tests/data/mfa_test.json
# Analyze policy impact
control-center policy impact policies/new_policy.cedar
</code></pre>
<h3 id="compliance-checking"><a class="header" href="#compliance-checking">Compliance Checking</a></h3>
<pre><code class="language-bash"># Check SOC2 compliance
control-center compliance soc2
# Check HIPAA compliance
control-center compliance hipaa
# Generate compliance report
control-center compliance report --format html
</code></pre>
<h2 id="api-endpoints"><a class="header" href="#api-endpoints">API Endpoints</a></h2>
<h3 id="policy-evaluation"><a class="header" href="#policy-evaluation">Policy Evaluation</a></h3>
<ul>
<li><code>POST /policies/evaluate</code> - Evaluate policy decision</li>
<li><code>GET /policies</code> - List all policies</li>
<li><code>POST /policies</code> - Create new policy</li>
<li><code>PUT /policies/{id}</code> - Update policy</li>
<li><code>DELETE /policies/{id}</code> - Delete policy</li>
</ul>
<h3 id="policy-versions"><a class="header" href="#policy-versions">Policy Versions</a></h3>
<ul>
<li><code>GET /policies/{id}/versions</code> - List policy versions</li>
<li><code>GET /policies/{id}/versions/{version}</code> - Get specific version</li>
<li><code>POST /policies/{id}/rollback/{version}</code> - Rollback to version</li>
</ul>
<h3 id="compliance"><a class="header" href="#compliance">Compliance</a></h3>
<ul>
<li><code>GET /compliance/soc2</code> - SOC2 compliance check</li>
<li><code>GET /compliance/hipaa</code> - HIPAA compliance check</li>
<li><code>GET /compliance/report</code> - Generate compliance report</li>
</ul>
<h3 id="anomaly-detection-1"><a class="header" href="#anomaly-detection-1">Anomaly Detection</a></h3>
<ul>
<li><code>GET /anomalies</code> - List detected anomalies</li>
<li><code>GET /anomalies/{id}</code> - Get anomaly details</li>
<li><code>POST /anomalies/detect</code> - Trigger anomaly detection</li>
</ul>
<h2 id="architecture"><a class="header" href="#architecture">Architecture</a></h2>
<h3 id="core-components"><a class="header" href="#core-components">Core Components</a></h3>
<ol>
<li>
<p><strong>Policy Engine</strong> (<code>src/policies/engine.rs</code>)</p>
<ul>
<li>Cedar policy evaluation</li>
<li>Context injection</li>
<li>Caching and optimization</li>
</ul>
</li>
<li>
<p><strong>Storage Layer</strong> (<code>src/storage/</code>)</p>
<ul>
<li>SurrealDB integration</li>
<li>Policy versioning</li>
<li>Metrics storage</li>
</ul>
</li>
<li>
<p><strong>Compliance Framework</strong> (<code>src/compliance/</code>)</p>
<ul>
<li>SOC2 checker</li>
<li>HIPAA validator</li>
<li>Report generation</li>
</ul>
</li>
<li>
<p><strong>Anomaly Detection</strong> (<code>src/anomaly/</code>)</p>
<ul>
<li>Statistical analysis</li>
<li>Real-time monitoring</li>
<li>Alert management</li>
</ul>
</li>
<li>
<p><strong>Authentication</strong> (<code>src/auth.rs</code>)</p>
<ul>
<li>JWT token management</li>
<li>Password hashing</li>
<li>Session handling</li>
</ul>
</li>
</ol>
<h3 id="configuration-driven-design"><a class="header" href="#configuration-driven-design">Configuration-Driven Design</a></h3>
<p>The system follows PAP (Project Architecture Principles) with:</p>
<ul>
<li><strong>No hardcoded values</strong>: All behavior controlled via configuration</li>
<li><strong>Dynamic loading</strong>: Policies and rules loaded from configuration</li>
<li><strong>Template-based</strong>: Policy generation through templates</li>
<li><strong>Environment-aware</strong>: Different configs for dev/test/prod</li>
</ul>
<h2 id="deployment"><a class="header" href="#deployment">Deployment</a></h2>
<h3 id="docker"><a class="header" href="#docker">Docker</a></h3>
<pre><code class="language-dockerfile">FROM rust:1.75 as builder
WORKDIR /app
COPY . .
RUN cargo build --release
FROM debian:bookworm-slim
RUN apt-get update &amp;&amp; apt-get install -y ca-certificates
COPY --from=builder /app/target/release/control-center /usr/local/bin/
EXPOSE 8080
CMD ["control-center", "server"]
</code></pre>
<h3 id="kubernetes"><a class="header" href="#kubernetes">Kubernetes</a></h3>
<pre><code class="language-yaml">apiVersion: apps/v1
kind: Deployment
metadata:
name: control-center
spec:
replicas: 3
template:
spec:
containers:
- name: control-center
image: control-center:latest
ports:
- containerPort: 8080
env:
- name: DATABASE_URL
value: "surreal://surrealdb:8000"
</code></pre>
<h2 id="related-documentation"><a class="header" href="#related-documentation">Related Documentation</a></h2>
<ul>
<li><strong>Architecture</strong>: <a href="../architecture/CEDAR_AUTHORIZATION_IMPLEMENTATION.html">Cedar Authorization</a></li>
<li><strong>User Guide</strong>: <a href="../user/AUTHENTICATION_LAYER_GUIDE.html">Authentication Layer</a></li>
</ul>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../platform/orchestrator.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../platform/mcp-server.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../platform/orchestrator.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../platform/mcp-server.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink