284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
35 lines
1.8 KiB
Markdown
35 lines
1.8 KiB
Markdown
# Storage API Access Control
|
|
|
|
> **Status:** Archived. The extension-bound storage API has been replaced by the tenant-wide Alga Storage Service.
|
|
|
|
Access control, authentication, and authorization guidance now lives in the [Alga Storage Service documentation](../../../docs/storage-system.md). Storage capabilities are no longer declared in extension manifests—tenants provision storage keys directly and share them with any runtime (extensions, workflows, or external integrations) that requires access.
|
|
|
|
If you maintain legacy code that still depends on runner-issued storage credentials, migrate to the tenant storage key flow described in the official documentation and remove any extension-level capability configuration.
|
|
- Write-heavy ops default to 60 ops/min burst 180.
|
|
- Read ops default to 200 ops/min burst 400.
|
|
- Gateway and Runner share the same limiter backend to keep counters consistent.
|
|
|
|
## Deployment & Feature Flags
|
|
|
|
- Capability checks hidden behind `storageApiEnabled` feature flag per environment.
|
|
- Initial rollout restricts to allowlist of extension ids until GA.
|
|
- Rollback path disables flag, preventing new storage calls while leaving data intact.
|
|
- Runner integration requires `STORAGE_API_BASE_URL` and `RUNNER_STORAGE_API_TOKEN` environment variables; requests must present the token via `x-runner-auth`.
|
|
|
|
## Developer Documentation Updates
|
|
|
|
- Update `ee/docs/extension-system/overview.md` to mention the storage API and capability requirements.
|
|
- Extend the SDK README with usage examples referencing capability flags.
|
|
- Provide manifest snippet:
|
|
```jsonc
|
|
{
|
|
"capabilities": {
|
|
"alga.storage": {
|
|
"namespaces": [
|
|
{ "name": "settings", "schemaReference": "./schemas/settings.json", "access": ["read", "write"] }
|
|
]
|
|
}
|
|
}
|
|
}
|
|
```
|