feat: Implement console session management with tenant and profile handling

- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information. - Create OperatorContextService to manage operator context for orchestrator actions. - Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata. - Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens. - Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation. - Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.
2025-10-28 09:58:55 +02:00
parent 4d932cc1ba
commit 4e3e575db5
501 changed files with 51904 additions and 6663 deletions
--- a/etc/policy-gateway.yaml.sample
+++ b/etc/policy-gateway.yaml.sample
@@ -0,0 +1,39 @@
+# StellaOps Policy Gateway configuration template.
+# Copy to ../etc/policy-gateway.yaml (relative to the gateway content root)
+# and adjust values to fit your environment. Environment variables prefixed with
+# STELLAOPS_POLICY_GATEWAY_ override these values at runtime.
+
+schemaVersion: 1
+
+telemetry:
+  minimumLogLevel: Information
+
+resourceServer:
+  authority: "https://authority.stella-ops.local"
+  metadataAddress: "https://authority.stella-ops.local/.well-known/openid-configuration"
+  audiences: [ "api://policy-gateway" ]
+  requiredScopes: [ "policy:read", "policy:author", "policy:review", "policy:approve", "policy:operate", "policy:simulate", "policy:run", "policy:activate" ]
+  requiredTenants: [ ]
+  bypassNetworks:
+    - "127.0.0.1/32"
+    - "::1/128"
+  requireHttpsMetadata: true
+  backchannelTimeoutSeconds: 30
+  tokenClockSkewSeconds: 60
+
+policyEngine:
+  baseAddress: "https://policy-engine.stella-ops.local"
+  audience: "api://policy-engine"
+  clientCredentials:
+    enabled: true
+    clientId: "policy-gateway"
+    clientSecret: "change-me"
+    scopes: [ "policy:read", "policy:author", "policy:review", "policy:approve", "policy:operate", "policy:simulate", "policy:run", "policy:activate" ]
+    backchannelTimeoutSeconds: 30
+  dpop:
+    enabled: false
+    keyPath: "../etc/policy-gateway-dpop.pem"
+    keyPassphrase: ""
+    algorithm: "ES256"
+    proofLifetime: "00:02:00"
+    clockSkew: "00:00:30"