diff --git a/.gitea/scripts/release/build_release.py b/.gitea/scripts/release/build_release.py index d65245586..bfa508cc0 100644 --- a/.gitea/scripts/release/build_release.py +++ b/.gitea/scripts/release/build_release.py @@ -295,8 +295,8 @@ class ReleaseBuilder: build_args.update({ "PROJECT": component["project"], "ENTRYPOINT_DLL": component["entrypoint"], - "SDK_IMAGE": docker_cfg.get("sdkImage", "mcr.microsoft.com/dotnet/nightly/sdk:10.0"), - "RUNTIME_IMAGE": docker_cfg.get("runtimeImage", "gcr.io/distroless/dotnet/aspnet:latest"), + "SDK_IMAGE": docker_cfg.get("sdkImage", "mcr.microsoft.com/dotnet/sdk:10.0"), + "RUNTIME_IMAGE": docker_cfg.get("runtimeImage", "mcr.microsoft.com/dotnet/aspnet:10.0"), }) elif kind == "angular-ui": build_args.update({ diff --git a/devops/compose/.env b/devops/compose/.env index 7e346d758..c09091b20 100644 --- a/devops/compose/.env +++ b/devops/compose/.env @@ -54,6 +54,7 @@ STELLAOPS_CA_BUNDLE_VOLUME=./combined-ca-bundle.crt:/etc/ssl/certs/ca-certificat AUTHORITY_ISSUER=https://authority.stella-ops.local/ AUTHORITY_PORT=8440 AUTHORITY_OFFLINE_CACHE_TOLERANCE=00:30:00 +STELLAOPS_ADMIN_PASS=Admin@Stella2026! # Signer SIGNER_POE_INTROSPECT_URL=http://authority.stella-ops.local/.well-known/openid-configuration diff --git a/devops/compose/README.md b/devops/compose/README.md index d1212d6ce..2dcefda9f 100644 --- a/devops/compose/README.md +++ b/devops/compose/README.md @@ -148,6 +148,14 @@ curl -fsS http://127.1.1.3:8080/status docker compose -f docker-compose.stella-ops.yml logs -f scanner-web ``` +For the local compose setup flow, the template now includes `STELLAOPS_ADMIN_PASS=Admin@Stella2026!`. +Use `admin` / `Admin@Stella2026!` to complete the first-run setup wizard and to run the live browser helpers under `src/Web/StellaOps.Web/scripts/`. +Keep that value only for local/dev usage; override it before sharing the stack with anyone else. +The live browser helpers intentionally ignore local self-signed/dev certificates +for UI automation only. Product runtime TLS validation for advisory feeds, +mirror sync, and other service-to-service calls remains strict and is not +exempted by this local browser setting. + ### Router Frontdoor Configuration `router-gateway` uses the microservice-first route table in `router-gateway-local.json`, @@ -490,7 +498,7 @@ PLAYWRIGHT_BASE_URL=https://stella-ops.local \ | `PLAYWRIGHT_BASE_URL` | `https://stella-ops.local` | Target Stella Ops instance | | `E2E_RUN_ID` | `run1` | Unique suffix for test integration names (avoids duplicates across runs) | | `STELLAOPS_ADMIN_USER` | `admin` | Login username | -| `STELLAOPS_ADMIN_PASS` | `Admin@Stella2026!` | Login password | +| `STELLAOPS_ADMIN_PASS` | `Admin@Stella2026!` | Local compose default password for the administrator account created during setup | **Key files:** diff --git a/devops/compose/docker-compose.stella-ops.legacy.yml b/devops/compose/docker-compose.stella-ops.legacy.yml index 582de1312..2d277e33d 100644 --- a/devops/compose/docker-compose.stella-ops.legacy.yml +++ b/devops/compose/docker-compose.stella-ops.legacy.yml @@ -516,8 +516,8 @@ services: STELLAOPS_AUTHORITY_AUTHORITY__PLUGINS__DESCRIPTORS__standard__Type: "standard" STELLAOPS_AUTHORITY_AUTHORITY__PLUGINS__DESCRIPTORS__standard__AssemblyName: "StellaOps.Authority.Plugin.Standard" STELLAOPS_AUTHORITY_AUTHORITY__PLUGINS__DESCRIPTORS__standard__Enabled: "true" - STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__ID: "demo-prod" - STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__DISPLAYNAME: "Demo Production" + STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__ID: "default" + STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__DISPLAYNAME: "Default Tenant" STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__STATUS: "active" <<: [*router-microservice-defaults, *gc-heavy] Router__Enabled: "${AUTHORITY_ROUTER_ENABLED:-true}" @@ -849,6 +849,7 @@ services: CONCELIER_AUTHORITY__BASEURL: "https://authority.stella-ops.local" CONCELIER_AUTHORITY__RESILIENCE__ALLOWOFFLINECACHEFALLBACK: "true" CONCELIER_AUTHORITY__RESILIENCE__OFFLINECACHETOLERANCE: "${AUTHORITY_OFFLINE_CACHE_TOLERANCE:-00:30:00}" + STELLAOPS_BOOTSTRAP_KEY: "${AUTHORITY_BOOTSTRAP_APIKEY:-stellaops-dev-bootstrap-key}" Router__Enabled: "${CONCELIER_ROUTER_ENABLED:-true}" Router__Messaging__ConsumerGroup: "concelier" CONCELIER_IMPORT__STAGINGROOT: "/var/lib/concelier/import" diff --git a/devops/compose/docker-compose.stella-services.yml b/devops/compose/docker-compose.stella-services.yml index 42b675e7b..e2fab8afb 100644 --- a/devops/compose/docker-compose.stella-services.yml +++ b/devops/compose/docker-compose.stella-services.yml @@ -347,8 +347,8 @@ services: STELLAOPS_AUTHORITY_AUTHORITY__PLUGINS__DESCRIPTORS__standard__Type: "standard" STELLAOPS_AUTHORITY_AUTHORITY__PLUGINS__DESCRIPTORS__standard__AssemblyName: "StellaOps.Authority.Plugin.Standard" STELLAOPS_AUTHORITY_AUTHORITY__PLUGINS__DESCRIPTORS__standard__Enabled: "true" - STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__ID: "demo-prod" - STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__DISPLAYNAME: "Demo Production" + STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__ID: "default" + STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__DISPLAYNAME: "Default Tenant" STELLAOPS_AUTHORITY_AUTHORITY__TENANTS__0__STATUS: "active" <<: [*router-microservice-defaults, *gc-heavy] Router__Enabled: "${AUTHORITY_ROUTER_ENABLED:-true}" @@ -659,6 +659,7 @@ services: CONCELIER_AUTHORITY__BASEURL: "https://authority.stella-ops.local" CONCELIER_AUTHORITY__RESILIENCE__ALLOWOFFLINECACHEFALLBACK: "true" CONCELIER_AUTHORITY__RESILIENCE__OFFLINECACHETOLERANCE: "${AUTHORITY_OFFLINE_CACHE_TOLERANCE:-00:30:00}" + STELLAOPS_BOOTSTRAP_KEY: "${AUTHORITY_BOOTSTRAP_APIKEY:-stellaops-dev-bootstrap-key}" Router__Enabled: "${CONCELIER_ROUTER_ENABLED:-true}" Router__Messaging__ConsumerGroup: "concelier" CONCELIER_IMPORT__STAGINGROOT: "/var/lib/concelier/import" diff --git a/devops/compose/env/stellaops.env.example b/devops/compose/env/stellaops.env.example index 13905b8bd..69d1466b9 100644 --- a/devops/compose/env/stellaops.env.example +++ b/devops/compose/env/stellaops.env.example @@ -45,6 +45,11 @@ ROUTER_AUTHORITY_CLAIMS_OVERRIDES_URL=http://authority.stella-ops.local AUTHORITY_ISSUER=https://authority.stella-ops.local/ AUTHORITY_PORT=8440 AUTHORITY_OFFLINE_CACHE_TOLERANCE=00:30:00 +AUTHORITY_BOOTSTRAP_APIKEY=stellaops-dev-bootstrap-key + +# Local first-run bootstrap admin used by the setup wizard and live browser helpers. +# Keep this value only for local/dev compose usage and rotate it for any shared environment. +STELLAOPS_ADMIN_PASS=Admin@Stella2026! # Signer SIGNER_POE_INTROSPECT_URL=http://authority.stella-ops.local/.well-known/openid-configuration @@ -170,8 +175,8 @@ SM_REMOTE_HSM_TIMEOUT=30000 # DEMO DATA SEEDING # ============================================================================= -# Enable demo data seeding API endpoint (disabled in production) -STELLAOPS_ENABLE_DEMO_SEED=true +# Optional manual demo data seeding API endpoint. Keep disabled for truthful default installs. +STELLAOPS_ENABLE_DEMO_SEED=false # ============================================================================= # NETWORKING diff --git a/devops/compose/postgres-init/04-authority-schema.sql b/devops/compose/postgres-init/04-authority-schema.sql index a6a322000..b34280d5c 100644 --- a/devops/compose/postgres-init/04-authority-schema.sql +++ b/devops/compose/postgres-init/04-authority-schema.sql @@ -466,11 +466,11 @@ CREATE INDEX IF NOT EXISTS idx_verdict_digest COMMENT ON TABLE authority.verdict_manifests IS 'VEX verdict manifests for deterministic replay verification'; -- ============================================================================ --- SECTION 4b: Seed Default Tenant +-- SECTION 4b: Bootstrap Default Tenant -- ============================================================================ INSERT INTO authority.tenants (tenant_id, name, display_name, status) -VALUES ('demo-prod', 'Production', 'Demo Production', 'active') +VALUES ('default', 'Default', 'Default Tenant', 'active') ON CONFLICT (tenant_id) DO NOTHING; -- ============================================================================ @@ -618,51 +618,8 @@ END $$; -- ============================================================================ --- SECTION 8: Demo Seed Data +-- SECTION 8: Bootstrap Notes -- ============================================================================ --- Roles for demo-prod tenant -INSERT INTO authority.roles (id, tenant_id, name, display_name, description, is_system) -VALUES - ('a0000002-0000-0000-0000-000000000001', 'demo-prod', 'admin', 'Administrator', 'Full platform access', true), - ('a0000002-0000-0000-0000-000000000002', 'demo-prod', 'operator', 'Operator', 'Release and deployment operations', true), - ('a0000002-0000-0000-0000-000000000003', 'demo-prod', 'viewer', 'Viewer', 'Read-only access', true) -ON CONFLICT (tenant_id, name) DO NOTHING; - --- OAuth Clients -INSERT INTO authority.clients (id, client_id, display_name, description, enabled, redirect_uris, post_logout_redirect_uris, allowed_scopes, allowed_grant_types, require_client_secret, require_pkce, properties) -VALUES - ('demo-client-ui', 'stella-ops-ui', 'Stella Ops Console', 'Web UI application', true, - ARRAY['https://stella-ops.local/auth/callback', 'https://stella-ops.local/auth/silent-refresh', 'https://127.1.0.1/auth/callback', 'https://127.1.0.1/auth/silent-refresh'], - ARRAY['https://stella-ops.local/', 'https://127.1.0.1/'], - ARRAY['openid', 'profile', 'email', 'offline_access', - 'ui.read', 'ui.admin', 'ui.preferences.read', 'ui.preferences.write', - 'authority:tenants.read', 'authority:tenants.write', - 'authority:users.read', 'authority:users.write', - 'authority:roles.read', 'authority:roles.write', - 'authority:clients.read', 'authority:clients.write', - 'authority:tokens.read', 'authority:tokens.revoke', - 'authority:branding.read', 'authority:branding.write', - 'authority.audit.read', - 'graph:read', 'sbom:read', 'scanner:read', - 'policy:read', 'policy:simulate', 'policy:author', 'policy:review', 'policy:approve', - 'policy:run', 'policy:activate', 'policy:audit', 'policy:edit', 'policy:operate', 'policy:publish', - 'airgap:seal', 'airgap:status:read', - 'orch:read', 'analytics.read', 'advisory:read', 'advisory-ai:view', 'advisory-ai:operate', - 'vex:read', 'vexhub:read', - 'exceptions:read', 'exceptions:approve', 'aoc:verify', 'findings:read', - 'release:read', 'release:write', 'release:publish', 'scheduler:read', 'scheduler:operate', - 'notify.viewer', 'notify.operator', 'notify.admin', 'notify.escalate', - 'evidence:read', - 'export.viewer', 'export.operator', 'export.admin', - 'vuln:view', 'vuln:investigate', 'vuln:operate', 'vuln:audit', - 'platform.context.read', 'platform.context.write', - 'platform.idp.read', 'platform.idp.admin', - 'doctor:run', 'doctor:admin', 'ops.health', - 'integration:read', 'integration:write', 'integration:operate', 'registry.admin', - 'timeline:read', 'timeline:write', - 'signer:read', 'signer:sign', 'signer:rotate', 'signer:admin', - 'trust:read', 'trust:write', 'trust:admin'], - ARRAY['authorization_code', 'refresh_token'], - false, true, '{"tenant": "demo-prod"}'::jsonb) -ON CONFLICT (client_id) DO NOTHING; +-- First-party clients are seeded by the Authority standard plugin at runtime. +-- The first administrator is created through the setup wizard, not compose SQL. diff --git a/devops/compose/postgres-init/04b-authority-dedicated-schema.sql b/devops/compose/postgres-init/04b-authority-dedicated-schema.sql index 7225469f3..806d0edfb 100644 --- a/devops/compose/postgres-init/04b-authority-dedicated-schema.sql +++ b/devops/compose/postgres-init/04b-authority-dedicated-schema.sql @@ -349,11 +349,11 @@ CREATE UNIQUE INDEX IF NOT EXISTS idx_verdict_replay ON authority.verdict_manife CREATE INDEX IF NOT EXISTS idx_verdict_digest ON authority.verdict_manifests(manifest_digest); -- ============================================================================ --- SECTION 5: Seed Data +-- SECTION 5: Bootstrap Default Tenant -- ============================================================================ INSERT INTO authority.tenants (tenant_id, name, display_name, status) -VALUES ('demo-prod', 'Production', 'Demo Production', 'active') +VALUES ('default', 'Default', 'Default Tenant', 'active') ON CONFLICT (tenant_id) DO NOTHING; -- ============================================================================ @@ -448,49 +448,8 @@ DO $$ BEGIN END $$; -- ============================================================================ --- SECTION 9: Demo Seed Data +-- SECTION 9: Bootstrap Notes -- ============================================================================ -INSERT INTO authority.roles (id, tenant_id, name, display_name, description, is_system) -VALUES - ('a0000002-0000-0000-0000-000000000001', 'demo-prod', 'admin', 'Administrator', 'Full platform access', true), - ('a0000002-0000-0000-0000-000000000002', 'demo-prod', 'operator', 'Operator', 'Release and deployment operations', true), - ('a0000002-0000-0000-0000-000000000003', 'demo-prod', 'viewer', 'Viewer', 'Read-only access', true) -ON CONFLICT (tenant_id, name) DO NOTHING; - -INSERT INTO authority.clients (id, client_id, display_name, description, enabled, redirect_uris, post_logout_redirect_uris, allowed_scopes, allowed_grant_types, require_client_secret, require_pkce, properties) -VALUES - ('demo-client-ui', 'stella-ops-ui', 'Stella Ops Console', 'Web UI application', true, - ARRAY['https://stella-ops.local/auth/callback', 'https://stella-ops.local/auth/silent-refresh', 'https://127.1.0.1/auth/callback', 'https://127.1.0.1/auth/silent-refresh'], - ARRAY['https://stella-ops.local/', 'https://127.1.0.1/'], - ARRAY['openid', 'profile', 'email', 'offline_access', - 'ui.read', 'ui.admin', 'ui.preferences.read', 'ui.preferences.write', - 'authority:tenants.read', 'authority:tenants.write', - 'authority:users.read', 'authority:users.write', - 'authority:roles.read', 'authority:roles.write', - 'authority:clients.read', 'authority:clients.write', - 'authority:tokens.read', 'authority:tokens.revoke', - 'authority:branding.read', 'authority:branding.write', - 'authority.audit.read', - 'graph:read', 'sbom:read', 'scanner:read', - 'policy:read', 'policy:simulate', 'policy:author', 'policy:review', 'policy:approve', - 'policy:run', 'policy:activate', 'policy:audit', 'policy:edit', 'policy:operate', 'policy:publish', - 'airgap:seal', 'airgap:status:read', - 'orch:read', 'analytics.read', 'advisory:read', 'advisory-ai:view', 'advisory-ai:operate', - 'vex:read', 'vexhub:read', - 'exceptions:read', 'exceptions:approve', 'aoc:verify', 'findings:read', - 'release:read', 'release:write', 'release:publish', 'scheduler:read', 'scheduler:operate', - 'notify.viewer', 'notify.operator', 'notify.admin', 'notify.escalate', - 'evidence:read', - 'export.viewer', 'export.operator', 'export.admin', - 'vuln:view', 'vuln:investigate', 'vuln:operate', 'vuln:audit', - 'platform.context.read', 'platform.context.write', - 'platform.idp.read', 'platform.idp.admin', - 'doctor:run', 'doctor:admin', 'ops.health', - 'integration:read', 'integration:write', 'integration:operate', 'registry.admin', - 'timeline:read', 'timeline:write', - 'signer:read', 'signer:sign', 'signer:rotate', 'signer:admin', - 'trust:read', 'trust:write', 'trust:admin'], - ARRAY['authorization_code', 'refresh_token'], - false, true, '{"tenant": "demo-prod"}'::jsonb) -ON CONFLICT (client_id) DO NOTHING; +-- First-party clients are seeded by the Authority standard plugin at runtime. +-- The first administrator is created through the setup wizard, not compose SQL. diff --git a/devops/compose/postgres-init/15-platform-context-and-releases.sql b/devops/compose/postgres-init/15-platform-context-and-releases.sql index c922002a8..671709764 100644 --- a/devops/compose/postgres-init/15-platform-context-and-releases.sql +++ b/devops/compose/postgres-init/15-platform-context-and-releases.sql @@ -70,19 +70,5 @@ CREATE INDEX IF NOT EXISTS idx_control_bundles_tenant_name CREATE INDEX IF NOT EXISTS idx_control_bundles_tenant_updated ON release.control_bundles (tenant_id, updated_at DESC, id); --- Seed demo context data for local development -INSERT INTO platform.context_regions (region_id, display_name, sort_order, enabled) -VALUES - ('us-east', 'US East', 1, true), - ('us-west', 'US West', 2, true), - ('eu-west', 'EU West', 3, true) -ON CONFLICT (region_id) DO NOTHING; - -INSERT INTO platform.context_environments (environment_id, region_id, environment_type, display_name, sort_order, enabled) -VALUES - ('dev', 'us-east', 'development', 'Development', 1, true), - ('stage', 'us-east', 'staging', 'Staging', 2, true), - ('prod-us-east', 'us-east', 'production', 'Production US East', 3, true), - ('prod-us-west', 'us-west', 'production', 'Production US West', 4, true), - ('prod-eu-west', 'eu-west', 'production', 'Production EU West', 5, true) -ON CONFLICT (environment_id) DO NOTHING; +-- Context regions/environments are intentionally left empty on fresh installs. +-- The setup and admin surfaces create truthful operator-owned state as needed. diff --git a/devops/compose/postgres-init/16-release-full-schema.sql b/devops/compose/postgres-init/16-release-full-schema.sql index 7ad9d9542..ca40daad5 100644 --- a/devops/compose/postgres-init/16-release-full-schema.sql +++ b/devops/compose/postgres-init/16-release-full-schema.sql @@ -22,10 +22,14 @@ CREATE UNIQUE INDEX IF NOT EXISTS uq_shared_tenants_single_default ON shared.tenants (is_default) WHERE is_default; --- Seed shared tenant for local dev -INSERT INTO shared.tenants (tenant_id, name, display_name, status) -VALUES ('demo-prod', 'Production', 'Demo Production', 'active') -ON CONFLICT (tenant_id) DO NOTHING; +-- Seed the generic default tenant required by release/shared foreign keys. +INSERT INTO shared.tenants (tenant_id, name, display_name, is_default, status) +VALUES ('default', 'Default', 'Default Tenant', true, 'active') +ON CONFLICT (tenant_id) DO UPDATE +SET name = EXCLUDED.name, + display_name = EXCLUDED.display_name, + is_default = EXCLUDED.is_default, + status = EXCLUDED.status; -- Release schemas CREATE SCHEMA IF NOT EXISTS release; diff --git a/devops/compose/setup.bootstrap.local.yaml b/devops/compose/setup.bootstrap.local.yaml index b7b418b16..187fe18ce 100644 --- a/devops/compose/setup.bootstrap.local.yaml +++ b/devops/compose/setup.bootstrap.local.yaml @@ -1,3 +1,5 @@ +# Manual CLI bootstrap example only. +# Fresh local installs should use the UI setup wizard instead of this file. version: "1" database: @@ -15,7 +17,7 @@ cache: custom: users.superuser.username: admin users.superuser.email: admin@stella-ops.local - users.superuser.password: Admin@Stella2026! + users.superuser.password: CHANGE-ME-BEFORE-MANUAL-CLI-USE users.superuser.displayName: Stella Admin authority.provider: standard crypto.provider: default diff --git a/devops/docker/Dockerfile.platform b/devops/docker/Dockerfile.platform index 87232fef5..3c62e660c 100644 --- a/devops/docker/Dockerfile.platform +++ b/devops/docker/Dockerfile.platform @@ -5,7 +5,7 @@ # ============================================================================ # Stage 1: SDK Build - Build ALL Projects and Crypto Plugins # ============================================================================ -FROM mcr.microsoft.com/dotnet/sdk:10.0-preview AS build +FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build WORKDIR /src # Copy solution and project files for dependency restore @@ -98,7 +98,7 @@ COPY etc/crypto-plugins-manifest.json /app/publish/etc/ # ============================================================================ # Stage 2: Runtime Base - Contains ALL Crypto Plugins # ============================================================================ -FROM mcr.microsoft.com/dotnet/aspnet:10.0-preview AS runtime-base +FROM mcr.microsoft.com/dotnet/aspnet:10.0 AS runtime-base WORKDIR /app # Install dependencies for crypto providers diff --git a/devops/release/components.json b/devops/release/components.json index cbc5a6d40..8d562ac99 100644 --- a/devops/release/components.json +++ b/devops/release/components.json @@ -3,8 +3,8 @@ "platforms": ["linux/amd64", "linux/arm64"], "defaultChannel": "edge", "docker": { - "sdkImage": "mcr.microsoft.com/dotnet/nightly/sdk:10.0", - "runtimeImage": "mcr.microsoft.com/dotnet/nightly/aspnet:10.0", + "sdkImage": "mcr.microsoft.com/dotnet/sdk:10.0", + "runtimeImage": "mcr.microsoft.com/dotnet/aspnet:10.0", "nodeImage": "node:20.14.0-bookworm", "nginxImage": "nginx:1.27-alpine" }, diff --git a/devops/release/docker/Dockerfile.dotnet-service b/devops/release/docker/Dockerfile.dotnet-service index 30848764d..183f5b68e 100644 --- a/devops/release/docker/Dockerfile.dotnet-service +++ b/devops/release/docker/Dockerfile.dotnet-service @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1.7-labs -ARG SDK_IMAGE=mcr.microsoft.com/dotnet/nightly/sdk:10.0 -ARG RUNTIME_IMAGE=gcr.io/distroless/dotnet/aspnet:latest +ARG SDK_IMAGE=mcr.microsoft.com/dotnet/sdk:10.0 +ARG RUNTIME_IMAGE=mcr.microsoft.com/dotnet/aspnet:10.0 ARG PROJECT ARG ENTRYPOINT_DLL diff --git a/scripts/register-local-integrations.ps1 b/scripts/register-local-integrations.ps1 index 9698c2635..3e6fbc639 100644 --- a/scripts/register-local-integrations.ps1 +++ b/scripts/register-local-integrations.ps1 @@ -7,7 +7,8 @@ any missing local-capable providers, then runs test and health checks for each entry so the catalog converges to a ready local lane. .PARAMETER Tenant - Tenant identifier used for the catalog operations. Defaults to demo-prod. + Tenant identifier used for the catalog operations. Defaults to default; override + it if your setup flow created a different tenant identifier. .PARAMETER BaseUrl Base URL for the local Integrations API. Defaults to the host-mapped integrations-web endpoint. @@ -24,7 +25,7 @@ #> [CmdletBinding()] param( - [string]$Tenant = 'demo-prod', + [string]$Tenant = 'default', [string]$BaseUrl = 'http://127.1.0.42', [switch]$IncludeGitLab, [switch]$IncludeGitLabRegistry,