stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Fix router frontdoor readiness and route contracts

Browse Source
This commit is contained in:
master
2026-03-10 10:19:49 +02:00
parent eae2dfc9d4
commit 7acf0ae8f2
37 changed files with 1408 additions and 1914 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
devops/compose/README.md
View File

@@ -126,20 +126,19 @@ curl -fsS http://127.1.1.3:8080/status
docker compose -f docker-compose.stella-ops.yml logs -f scanner-web
```
### Router Mode Switching
### Router Frontdoor Configuration
`router-gateway` now supports a compose-driven route table switch via `ROUTER_GATEWAY_CONFIG`.
`router-gateway` uses the microservice-first route table in `router-gateway-local.json`.
First-party Stella APIs are expected to flow through router transport; reverse proxy remains only for
external/bootstrap surfaces that cannot participate in router registration yet (for example OIDC browser
flows, Rekor, and static/platform bootstrap assets).
```bash
# Default mode: microservice routing over Valkey messaging
# Default frontdoor route table
ROUTER_GATEWAY_CONFIG=./router-gateway-local.json \
docker compose -f docker-compose.stella-ops.yml up -d
# Reverse-proxy fallback mode (no route-table edits required)
ROUTER_GATEWAY_CONFIG=./router-gateway-local.reverseproxy.json \
docker compose -f docker-compose.stella-ops.yml up -d
# Optional: mode switch helper with health recovery + header-search smoke checks
# Optional: scratch redeploy helper with health recovery + header-search smoke checks
pwsh ./scripts/router-mode-redeploy.ps1 -Mode microservice
```

2
devops/compose/docker-compose.stella-ops.yml
View File

@@ -373,7 +373,7 @@ services:
- router.stella-ops.local
- stella-ops.local
healthcheck:
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/localhost/8080'"]
test: ["CMD-SHELL", "bash -lc 'exec 3<>/dev/tcp/127.0.0.1/8080 && printf \"GET /health/ready HTTP/1.1\\r\\nHost: localhost\\r\\nConnection: close\\r\\n\\r\\n\" >&3 && head -n 1 <&3 | grep -q \"200\"'"]
<<: *healthcheck-tcp
labels: *release-labels

7
devops/compose/env/stellaops.env.example vendored
View File

@@ -27,14 +27,13 @@ VALKEY_PORT=6379
RUSTFS_HTTP_PORT=8333
# =============================================================================
# ROUTER GATEWAY MODE
# ROUTER GATEWAY
# =============================================================================
# Router route table file mounted to /app/appsettings.local.json
# Microservice + Valkey mode (default):
# Microservice-first frontdoor config (default).
# Reverse proxy is intentionally limited to external/bootstrap surfaces inside this file.
ROUTER_GATEWAY_CONFIG=./router-gateway-local.json
# Reverse-proxy fallback mode:
# ROUTER_GATEWAY_CONFIG=./router-gateway-local.reverseproxy.json
# Authority claims override endpoint base URL consumed by router-gateway.
ROUTER_AUTHORITY_CLAIMS_OVERRIDES_URL=http://authority.stella-ops.local

922
devops/compose/router-gateway-local.json
View File

@@ -1,23 +1,23 @@
{
"Gateway": {
{
"Gateway": {
"Auth": {
"DpopEnabled": false,
"AllowAnonymous": true,
"EnableLegacyHeaders": true,
"AllowScopeHeader": false,
"ApprovedAuthPassthroughPrefixes": [
"/connect",
"/console",
"/authority",
"/doctor",
"/api",
"/policy/shadow",
"/policy/simulations"
],
"Authority": {
"Issuer": "https://authority.stella-ops.local/",
"RequireHttpsMetadata": false,
"MetadataAddress": "https://authority.stella-ops.local/.well-known/openid-configuration",
"AllowScopeHeader": false,
"ApprovedAuthPassthroughPrefixes": [
"/connect",
"/console",
"/authority",
"/doctor",
"/api",
"/policy/shadow",
"/policy/simulations"
],
"Authority": {
"Issuer": "https://authority.stella-ops.local/",
"RequireHttpsMetadata": false,
"MetadataAddress": "https://authority.stella-ops.local/.well-known/openid-configuration",
"Audiences": [
]
@@ -30,800 +30,128 @@
"RequiredMicroservices": [
"platform",
"policy",
"policy-engine",
"notify",
"notifier",
"scanner",
"findings",
"findings-ledger",
"integrations",
"reachgraph",
"attestor",
"evidence",
"sbom",
"evidencelocker",
"sbomservice",
"jobengine",
"authority",
"vex",
"vexhub",
"concelier"
]
},
"Routes": [
{
"Type": "ReverseProxy",
"Path": "/api/v1/setup",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/setup",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/release-orchestrator",
"TranslatesTo": "http://jobengine.stella-ops.local/api/v1/release-orchestrator",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/approvals",
"TranslatesTo": "http://jobengine.stella-ops.local/api/v1/approvals",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/vex",
"TranslatesTo": "https://vexhub.stella-ops.local/api/v1/vex",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/vexlens",
"TranslatesTo": "http://vexlens.stella-ops.local/api/v1/vexlens",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/notify",
"TranslatesTo": "http://notify.stella-ops.local/api/v1/notify",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/notifier",
"TranslatesTo": "http://notifier.stella-ops.local/api/v1/notifier",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/concelier",
"TranslatesTo": "http://concelier.stella-ops.local/api/v1/concelier",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/platform",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/platform",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/scanner",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/scanner",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/findings",
"TranslatesTo": "http://findings-ledger.stella-ops.local/api/v1/findings",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/integrations",
"TranslatesTo": "http://integrations.stella-ops.local/api/v1/integrations",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/policy",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/v1/policy",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/reachability",
"TranslatesTo": "http://reachgraph.stella-ops.local/api/v1/reachability",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/attestor",
"TranslatesTo": "http://attestor.stella-ops.local/api/v1/attestor",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/attestations",
"TranslatesTo": "http://attestor.stella-ops.local/api/v1/attestations",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/sbom",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/sbom",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/signals",
"TranslatesTo": "http://signals.stella-ops.local/api/v1/signals",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/jobengine",
"TranslatesTo": "http://jobengine.stella-ops.local/api/v1/jobengine",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/authority/quotas",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/authority/quotas",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/authority",
"TranslatesTo": "https://authority.stella-ops.local/api/v1/authority",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/trust",
"TranslatesTo": "https://authority.stella-ops.local/api/v1/trust",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/evidence",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/evidence",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/proofs",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/proofs",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/timeline",
"TranslatesTo": "http://timelineindexer.stella-ops.local/api/v1/timeline",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/audit",
"TranslatesTo": "http://timeline.stella-ops.local/api/v1/audit",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/advisory-sources",
"TranslatesTo": "http://concelier.stella-ops.local/api/v1/advisory-sources",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/notifier/delivery",
"TranslatesTo": "http://notifier.stella-ops.local/api/v2/notify/deliveries",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/release-control",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/release-control",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/context",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/context",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/releases",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/releases",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/security",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/security",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/topology",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/topology",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/integrations",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/integrations",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/authority/console",
"TranslatesTo": "https://authority.stella-ops.local/console",
"PreserveAuthHeaders": true
},
{ "Type": "Microservice", "Path": "^/api/v1/vulnerabilities(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/v1/vulnerabilities$1" },
{ "Type": "Microservice", "Path": "^/api/v1/watchlist(.*)", "IsRegex": true, "TranslatesTo": "http://attestor.stella-ops.local/api/v1/watchlist$1" },
{ "Type": "Microservice", "Path": "^/api/v1/triage(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/v1/triage$1" },
{ "Type": "Microservice", "Path": "^/api/v1/secrets(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/v1/secrets$1" },
{ "Type": "Microservice", "Path": "^/api/v1/sources(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/v1/sources$1" },
{ "Type": "Microservice", "Path": "^/api/v1/witnesses(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/v1/witnesses$1" },
{ "Type": "Microservice", "Path": "^/api/v1/trust(.*)", "IsRegex": true, "TranslatesTo": "https://authority.stella-ops.local/api/v1/trust$1" },
{ "Type": "Microservice", "Path": "^/api/v1/evidence(.*)", "IsRegex": true, "TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/evidence$1" },
{ "Type": "Microservice", "Path": "^/api/v1/proofs(.*)", "IsRegex": true, "TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/proofs$1" },
{ "Type": "Microservice", "Path": "^/api/v1/verdicts(.*)", "IsRegex": true, "TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/verdicts$1" },
{ "Type": "Microservice", "Path": "^/api/v1/release-orchestrator(.*)", "IsRegex": true, "TranslatesTo": "http://jobengine.stella-ops.local/api/v1/release-orchestrator$1" },
{ "Type": "Microservice", "Path": "^/api/v1/approvals(.*)", "IsRegex": true, "TranslatesTo": "http://jobengine.stella-ops.local/api/v1/approvals$1" },
{ "Type": "Microservice", "Path": "^/api/v1/attestations(.*)", "IsRegex": true, "TranslatesTo": "http://attestor.stella-ops.local/api/v1/attestations$1" },
{ "Type": "Microservice", "Path": "^/api/v1/sbom(.*)", "IsRegex": true, "TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/sbom$1" },
{ "Type": "Microservice", "Path": "^/api/v1/lineage(.*)", "IsRegex": true, "TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/lineage$1" },
{ "Type": "Microservice", "Path": "^/api/v1/resolve(.*)", "IsRegex": true, "TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/resolve$1" },
{ "Type": "Microservice", "Path": "^/api/v1/ops/binaryindex(.*)", "IsRegex": true, "TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/ops/binaryindex$1" },
{ "Type": "Microservice", "Path": "^/api/v1/policy(.*)", "IsRegex": true, "TranslatesTo": "http://policy-gateway.stella-ops.local/api/v1/policy$1" },
{ "Type": "Microservice", "Path": "^/api/v1/governance(.*)", "IsRegex": true, "TranslatesTo": "http://policy-gateway.stella-ops.local/api/v1/governance$1" },
{ "Type": "Microservice", "Path": "^/api/v1/determinization(.*)", "IsRegex": true, "TranslatesTo": "http://policy-engine.stella-ops.local/api/v1/determinization$1" },
{ "Type": "Microservice", "Path": "^/api/v1/workflows(.*)", "IsRegex": true, "TranslatesTo": "http://orchestrator.stella-ops.local/api/v1/workflows$1" },
{ "Type": "Microservice", "Path": "^/api/v1/authority/quotas(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v1/authority/quotas$1" },
{ "Type": "Microservice", "Path": "^/api/v1/release-control(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v1/release-control$1" },
{ "Type": "Microservice", "Path": "^/api/v1/gateway/rate-limits(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v1/gateway/rate-limits$1" },
{ "Type": "Microservice", "Path": "^/api/v1/reachability(.*)", "IsRegex": true, "TranslatesTo": "http://reachgraph.stella-ops.local/api/v1/reachability$1" },
{ "Type": "Microservice", "Path": "^/api/v1/timeline(.*)", "IsRegex": true, "TranslatesTo": "http://timelineindexer.stella-ops.local/api/v1/timeline$1" },
{ "Type": "Microservice", "Path": "^/api/v1/audit(.*)", "IsRegex": true, "TranslatesTo": "http://timeline.stella-ops.local/api/v1/audit$1" },
{ "Type": "Microservice", "Path": "^/api/v1/export(.*)", "IsRegex": true, "TranslatesTo": "https://exportcenter.stella-ops.local/api/v1/export$1" },
{ "Type": "Microservice", "Path": "^/api/v1/advisory-sources(.*)", "IsRegex": true, "TranslatesTo": "http://concelier.stella-ops.local/api/v1/advisory-sources$1" },
{ "Type": "Microservice", "Path": "^/api/v1/notifier/delivery(.*)", "IsRegex": true, "TranslatesTo": "http://notifier.stella-ops.local/api/v2/notify/deliveries$1" },
{ "Type": "Microservice", "Path": "^/api/v1/search(.*)", "IsRegex": true, "TranslatesTo": "http://advisoryai.stella-ops.local/v1/search$1" },
{ "Type": "Microservice", "Path": "^/api/v1/advisory-ai(.*)", "IsRegex": true, "TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai$1" },
{ "Type": "Microservice", "Path": "^/api/v1/advisory(.*)", "IsRegex": true, "TranslatesTo": "http://advisoryai.stella-ops.local/api/v1/advisory$1" },
{ "Type": "Microservice", "Path": "^/api/v1/vex(.*)", "IsRegex": true, "TranslatesTo": "https://vexhub.stella-ops.local/api/v1/vex$1" },
{ "Type": "Microservice", "Path": "^/api/v1/doctor/scheduler(.*)", "IsRegex": true, "TranslatesTo": "http://doctor-scheduler.stella-ops.local/api/v1/doctor/scheduler$1" },
{ "Type": "Microservice", "Path": "^/api/v2/context(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v2/context$1" },
{ "Type": "Microservice", "Path": "^/api/v2/releases(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v2/releases$1" },
{ "Type": "Microservice", "Path": "^/api/v2/security(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v2/security$1" },
{ "Type": "Microservice", "Path": "^/api/v2/topology(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v2/topology$1" },
{ "Type": "Microservice", "Path": "^/api/v2/integrations(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/v2/integrations$1" },
{ "Type": "Microservice", "Path": "^/api/v1/([^/]+)(.*)", "IsRegex": true, "TranslatesTo": "http://$1.stella-ops.local/api/v1/$1$2" },
{ "Type": "Microservice", "Path": "^/api/v2/([^/]+)(.*)", "IsRegex": true, "TranslatesTo": "http://$1.stella-ops.local/api/v2/$1$2" },
{ "Type": "Microservice", "Path": "^/api/(cvss|gate|exceptions|policy)(.*)", "IsRegex": true, "TranslatesTo": "http://policy-gateway.stella-ops.local/api/$1$2" },
{ "Type": "Microservice", "Path": "^/api/(risk|risk-budget)(.*)", "IsRegex": true, "TranslatesTo": "http://policy-engine.stella-ops.local/api/$1$2" },
{ "Type": "Microservice", "Path": "^/api/(release-orchestrator|releases|approvals)(.*)", "IsRegex": true, "TranslatesTo": "http://jobengine.stella-ops.local/api/$1$2" },
{ "Type": "Microservice", "Path": "^/api/(compare|change-traces|sbomservice)(.*)", "IsRegex": true, "TranslatesTo": "http://sbomservice.stella-ops.local/api/$1$2" },
{ "Type": "Microservice", "Path": "^/api/fix-verification(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/fix-verification$1" },
{ "Type": "Microservice", "Path": "^/api/verdicts(.*)", "IsRegex": true, "TranslatesTo": "https://evidencelocker.stella-ops.local/api/verdicts$1" },
{ "Type": "Microservice", "Path": "^/api/vuln-explorer(.*)", "IsRegex": true, "TranslatesTo": "http://vulnexplorer.stella-ops.local/api/vuln-explorer$1" },
{ "Type": "Microservice", "Path": "^/api/vex(.*)", "IsRegex": true, "TranslatesTo": "https://vexhub.stella-ops.local/api/vex$1" },
{ "Type": "Microservice", "Path": "^/api/admin/plans(.*)", "IsRegex": true, "TranslatesTo": "http://registry-token.stella-ops.local/api/admin/plans$1" },
{ "Type": "Microservice", "Path": "^/api/admin(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/admin$1" },
{ "Type": "Microservice", "Path": "^/api/analytics(.*)", "IsRegex": true, "TranslatesTo": "http://platform.stella-ops.local/api/analytics$1" },
{ "Type": "Microservice", "Path": "^/api/orchestrator(.*)", "IsRegex": true, "TranslatesTo": "http://orchestrator.stella-ops.local/api/orchestrator$1" },
{ "Type": "Microservice", "Path": "^/api/jobengine(.*)", "IsRegex": true, "TranslatesTo": "http://orchestrator.stella-ops.local/api/jobengine$1" },
{ "Type": "Microservice", "Path": "^/api/scheduler(.*)", "IsRegex": true, "TranslatesTo": "http://scheduler.stella-ops.local/api/scheduler$1" },
{ "Type": "Microservice", "Path": "^/api/doctor(.*)", "IsRegex": true, "TranslatesTo": "http://doctor.stella-ops.local/api/doctor$1" },
{ "Type": "Microservice", "Path": "^/policy(.*)", "IsRegex": true, "TranslatesTo": "http://policy-gateway.stella-ops.local/policy$1" },
{ "Type": "Microservice", "Path": "^/v1/evidence-packs(.*)", "IsRegex": true, "TranslatesTo": "http://advisoryai.stella-ops.local/v1/evidence-packs$1" },
{ "Type": "Microservice", "Path": "^/v1/runs(.*)", "IsRegex": true, "TranslatesTo": "http://jobengine.stella-ops.local/v1/runs$1" },
{ "Type": "Microservice", "Path": "^/v1/advisory-ai(.*)", "IsRegex": true, "TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai$1" },
{ "Type": "Microservice", "Path": "^/v1/audit-bundles(.*)", "IsRegex": true, "TranslatesTo": "https://exportcenter.stella-ops.local/v1/audit-bundles$1" },
{ "Type": "ReverseProxy", "Path": "/connect", "TranslatesTo": "http://authority.stella-ops.local/connect" },
{ "Type": "ReverseProxy", "Path": "/.well-known", "TranslatesTo": "http://authority.stella-ops.local/.well-known" },
{ "Type": "ReverseProxy", "Path": "/jwks", "TranslatesTo": "http://authority.stella-ops.local/jwks" },
{ "Type": "ReverseProxy", "Path": "/authority/console", "TranslatesTo": "https://authority.stella-ops.local/console" },
{ "Type": "ReverseProxy", "Path": "/authority", "TranslatesTo": "https://authority.stella-ops.local/authority" },
{ "Type": "ReverseProxy", "Path": "/console", "TranslatesTo": "https://authority.stella-ops.local/console" },
{ "Type": "ReverseProxy", "Path": "/rekor", "TranslatesTo": "http://rekor.stella-ops.local:3322", "PreserveAuthHeaders": false },
{ "Type": "ReverseProxy", "Path": "/platform/envsettings.json", "TranslatesTo": "http://platform.stella-ops.local/platform/envsettings.json" },
{ "Type": "ReverseProxy", "Path": "/envsettings.json", "TranslatesTo": "http://platform.stella-ops.local/platform/envsettings.json" },
{ "Type": "ReverseProxy", "Path": "/api/v1/setup", "TranslatesTo": "http://platform.stella-ops.local/api/v1/setup" },
{ "Type": "ReverseProxy", "Path": "/platform", "TranslatesTo": "http://platform.stella-ops.local/platform" },
{ "Type": "ReverseProxy", "Path": "/api", "TranslatesTo": "http://platform.stella-ops.local/api" },
{
"Type": "ReverseProxy",
"Path": "/api/v1/advisory-ai/adapters",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai/adapters",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/search",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/search",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/advisory-ai",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/v1/evidence-packs",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/evidence-packs",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/advisory",
"TranslatesTo": "http://advisoryai.stella-ops.local/api/v1/advisory",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/vulnerabilities",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/vulnerabilities",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/watchlist",
"TranslatesTo": "http://attestor.stella-ops.local/api/v1/watchlist",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/resolve",
"TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/resolve",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/ops/binaryindex",
"TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/ops/binaryindex",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/verdicts",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/verdicts",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/lineage",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/lineage",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/export",
"TranslatesTo": "https://exportcenter.stella-ops.local/api/v1/export",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/triage",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/triage",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/governance",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/v1/governance",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/determinization",
"TranslatesTo": "http://policy-engine.stella-ops.local/api/v1/determinization",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/opsmemory",
"TranslatesTo": "http://opsmemory.stella-ops.local/api/v1/opsmemory",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/secrets",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/secrets",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/sources",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/sources",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/workflows",
"TranslatesTo": "http://orchestrator.stella-ops.local/api/v1/workflows",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/witnesses",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/witnesses",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/v1/runs",
"TranslatesTo": "http://orchestrator.stella-ops.local/v1/runs",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/v1/advisory-ai/adapters",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai/adapters",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/v1/advisory-ai",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/v1/audit-bundles",
"TranslatesTo": "https://exportcenter.stella-ops.local/v1/audit-bundles",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/cvss",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/cvss",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/policy",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/policy",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/risk",
"TranslatesTo": "http://policy-engine.stella-ops.local/api/risk",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/analytics",
"TranslatesTo": "http://platform.stella-ops.local/api/analytics",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/release-orchestrator",
"TranslatesTo": "http://jobengine.stella-ops.local/api/release-orchestrator",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/releases",
"TranslatesTo": "http://jobengine.stella-ops.local/api/releases",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/approvals",
"TranslatesTo": "http://jobengine.stella-ops.local/api/approvals",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/gate",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/gate",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/risk-budget",
"TranslatesTo": "http://policy-engine.stella-ops.local/api/risk-budget",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/fix-verification",
"TranslatesTo": "http://scanner.stella-ops.local/api/fix-verification",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/compare",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/compare",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/change-traces",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/change-traces",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/exceptions",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/exceptions",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/verdicts",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/verdicts",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/jobengine",
"TranslatesTo": "http://orchestrator.stella-ops.local/api/jobengine",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/v1/gateway/rate-limits",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/gateway/rate-limits",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/sbomservice",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/sbomservice",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/vuln-explorer",
"TranslatesTo": "http://vulnexplorer.stella-ops.local/api/vuln-explorer",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/vex",
"TranslatesTo": "https://vexhub.stella-ops.local/api/vex",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/admin/plans",
"TranslatesTo": "http://registry-token.stella-ops.local/api/admin/plans",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/admin",
"TranslatesTo": "http://platform.stella-ops.local/api/admin",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/api/scheduler",
"TranslatesTo": "http://scheduler.stella-ops.local/api/scheduler",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/doctor/scheduler",
"TranslatesTo": "http://doctor-scheduler.stella-ops.local/api/v1/doctor/scheduler",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/doctor",
"TranslatesTo": "http://doctor.stella-ops.local/api/doctor",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api",
"TranslatesTo": "http://platform.stella-ops.local/api",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/platform/envsettings.json",
"TranslatesTo": "http://platform.stella-ops.local/platform/envsettings.json",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/platform",
"TranslatesTo": "http://platform.stella-ops.local/platform",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/connect",
"TranslatesTo": "http://authority.stella-ops.local/connect",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/.well-known",
"TranslatesTo": "http://authority.stella-ops.local/.well-known",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/jwks",
"TranslatesTo": "http://authority.stella-ops.local/jwks",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/authority",
"TranslatesTo": "https://authority.stella-ops.local/authority",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/console",
"TranslatesTo": "https://authority.stella-ops.local/console",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/rekor",
"TranslatesTo": "http://rekor.stella-ops.local:3322"
},
{
"Type": "ReverseProxy",
"Path": "/envsettings.json",
"TranslatesTo": "http://platform.stella-ops.local/platform/envsettings.json",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/scanner",
"TranslatesTo": "http://scanner.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/policyGateway",
"TranslatesTo": "http://policy-gateway.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/policyEngine",
"TranslatesTo": "http://policy-engine.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/concelier",
"TranslatesTo": "http://concelier.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/attestor",
"TranslatesTo": "http://attestor.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/notify",
"TranslatesTo": "http://notify.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/notifier",
"TranslatesTo": "http://notifier.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/scheduler",
"TranslatesTo": "http://scheduler.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/signals",
"TranslatesTo": "http://signals.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/excititor",
"TranslatesTo": "http://excititor.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/findingsLedger",
"TranslatesTo": "http://findings-ledger.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/vexhub",
"TranslatesTo": "https://vexhub.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/vexlens",
"TranslatesTo": "http://vexlens.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/jobengine",
"TranslatesTo": "http://orchestrator.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/taskrunner",
"TranslatesTo": "http://taskrunner.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/cartographer",
"TranslatesTo": "http://cartographer.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/reachgraph",
"TranslatesTo": "http://reachgraph.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/doctor",
"TranslatesTo": "http://doctor.stella-ops.local",
"PreserveAuthHeaders": true
},
{
"Type": "Microservice",
"Path": "/integrations",
"TranslatesTo": "http://integrations.stella-ops.local"
"Type": "StaticFiles",
"Path": "/",
"TranslatesTo": "/app/wwwroot",
"Headers": {
"x-spa-fallback": "true"
}
},
{
"Type": "Microservice",
"Path": "/policy",
"TranslatesTo": "http://policy-gateway.stella-ops.local/policy",
"PreserveAuthHeaders": true
"Type": "NotFoundPage",
"Path": "/_error/404",
"TranslatesTo": "/app/wwwroot/index.html"
},
{
"Type": "Microservice",
"Path": "/replay",
"TranslatesTo": "http://replay.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/exportcenter",
"TranslatesTo": "https://exportcenter.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/evidencelocker",
"TranslatesTo": "https://evidencelocker.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/signer",
"TranslatesTo": "http://signer.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/binaryindex",
"TranslatesTo": "http://binaryindex.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/riskengine",
"TranslatesTo": "http://riskengine.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/vulnexplorer",
"TranslatesTo": "http://vulnexplorer.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/sbomservice",
"TranslatesTo": "http://sbomservice.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/advisoryai",
"TranslatesTo": "http://advisoryai.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/unknowns",
"TranslatesTo": "http://unknowns.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/timelineindexer",
"TranslatesTo": "http://timelineindexer.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/opsmemory",
"TranslatesTo": "http://opsmemory.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/issuerdirectory",
"TranslatesTo": "http://issuerdirectory.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/symbols",
"TranslatesTo": "http://symbols.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/packsregistry",
"TranslatesTo": "http://packsregistry.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/registryTokenservice",
"TranslatesTo": "http://registry-token.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/airgapController",
"TranslatesTo": "http://airgap-controller.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/airgapTime",
"TranslatesTo": "http://airgap-time.stella-ops.local"
},
{
"Type": "Microservice",
"Path": "/smremote",
"TranslatesTo": "http://smremote.stella-ops.local"
},
{
"Type": "StaticFiles",
"Path": "/",
"TranslatesTo": "/app/wwwroot",
"Headers": {
"x-spa-fallback": "true"
}
},
{
"Type": "NotFoundPage",
"Path": "/_error/404",
"TranslatesTo": "/app/wwwroot/index.html"
},
{
"Type": "ServerErrorPage",
"Path": "/_error/500",
"TranslatesTo": "/app/wwwroot/index.html"
}
]
},
"Logging": {
"LogLevel": {
"Microsoft.AspNetCore.Authentication": "Information",
"Microsoft.IdentityModel": "Information",
"StellaOps": "Information"
}
}
}
"Type": "ServerErrorPage",
"Path": "/_error/500",
"TranslatesTo": "/app/wwwroot/index.html"
}
]
},
"Logging": {
"LogLevel": {
"Microsoft.AspNetCore.Authentication": "Information",
"Microsoft.IdentityModel": "Information",
"StellaOps": "Information"
}
}
}

812
devops/compose/router-gateway-local.reverseproxy.json
View File

@@ -1,812 +0,0 @@
{
"_deprecated": "Legacy fallback config. The canonical default is router-gateway-local.json (Microservice routing via Valkey). Use ROUTER_GATEWAY_CONFIG=./router-gateway-local.reverseproxy.json only when debugging transport issues. Will be removed in a future release.",
"Gateway": {
"Auth": {
"DpopEnabled": false,
"AllowAnonymous": true,
"EnableLegacyHeaders": true,
"AllowScopeHeader": false,
"ApprovedAuthPassthroughPrefixes": [
"/connect",
"/console",
"/authority",
"/doctor",
"/api",
"/policy/shadow",
"/policy/simulations"
],
"Authority": {
"Issuer": "https://authority.stella-ops.local/",
"RequireHttpsMetadata": false,
"MetadataAddress": "https://authority.stella-ops.local/.well-known/openid-configuration",
"Audiences": [
]
}
},
"Routes": [
{
"Type": "ReverseProxy",
"Path": "/api/v1/release-orchestrator",
"TranslatesTo": "http://jobengine.stella-ops.local/api/v1/release-orchestrator",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/approvals",
"TranslatesTo": "http://jobengine.stella-ops.local/api/v1/approvals",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/vex",
"TranslatesTo": "https://vexhub.stella-ops.local/api/v1/vex",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/vexlens",
"TranslatesTo": "http://vexlens.stella-ops.local/api/v1/vexlens",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/notify",
"TranslatesTo": "http://notify.stella-ops.local/api/v1/notify",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/notifier/delivery",
"TranslatesTo": "http://notifier.stella-ops.local/api/v2/notify/deliveries",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/notifier",
"TranslatesTo": "http://notifier.stella-ops.local/api/v2/notify",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/concelier",
"TranslatesTo": "http://concelier.stella-ops.local/api/v1/concelier",
"PreserveAuthHeaders": false
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/advisory-sources",
"TranslatesTo": "http://concelier.stella-ops.local/api/v1/advisory-sources",
"PreserveAuthHeaders": false
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/release-control",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/release-control",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/platform",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/platform",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/scanner",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/scanner",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/findings",
"TranslatesTo": "http://findings.stella-ops.local/api/v1/findings",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/integrations",
"TranslatesTo": "http://integrations.stella-ops.local/api/v1/integrations",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/policy",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/v1/policy",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/reachability",
"TranslatesTo": "http://reachgraph.stella-ops.local/api/v1/reachability",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/attestor",
"TranslatesTo": "http://attestor.stella-ops.local/api/v1/attestor",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/attestations",
"TranslatesTo": "http://attestor.stella-ops.local/api/v1/attestations",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/sbom",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/sbom",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/signals",
"TranslatesTo": "http://signals.stella-ops.local/signals",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/jobengine",
"TranslatesTo": "http://jobengine.stella-ops.local/api/v1/jobengine",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/authority/quotas",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/authority/quotas",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/authority",
"TranslatesTo": "https://authority.stella-ops.local/api/v1/authority",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/trust",
"TranslatesTo": "https://authority.stella-ops.local/api/v1/trust",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/evidence",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/evidence",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/proofs",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/proofs",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/timeline",
"TranslatesTo": "http://timelineindexer.stella-ops.local/api/v1/timeline",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/audit",
"TranslatesTo": "http://timeline.stella-ops.local/api/v1/audit",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/advisory-ai/adapters",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai/adapters",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/search",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/search",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/advisory-ai",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/advisory",
"TranslatesTo": "http://advisoryai.stella-ops.local/api/v1/advisory",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/vulnerabilities",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/vulnerabilities",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/watchlist",
"TranslatesTo": "http://attestor.stella-ops.local/api/v1/watchlist",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/resolve",
"TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/resolve",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/ops/binaryindex",
"TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/ops/binaryindex",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/verdicts",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/verdicts",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/lineage",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/lineage",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/export",
"TranslatesTo": "https://exportcenter.stella-ops.local/api/v1/export",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/triage",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/triage",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/governance",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/v1/governance",
"PreserveAuthHeaders": false
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/determinization",
"TranslatesTo": "http://policy-engine.stella-ops.local/api/v1/determinization",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/opsmemory",
"TranslatesTo": "http://opsmemory.stella-ops.local/api/v1/opsmemory",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/secrets",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/secrets",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/sources",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/sources",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/workflows",
"TranslatesTo": "http://jobengine.stella-ops.local/api/v1/workflows",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/witnesses",
"TranslatesTo": "http://scanner.stella-ops.local/api/v1/witnesses",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/v1/evidence-packs",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/evidence-packs",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/v1/runs",
"TranslatesTo": "http://jobengine.stella-ops.local/v1/runs",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/v1/advisory-ai/adapters",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai/adapters",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/v1/advisory-ai",
"TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/v1/audit-bundles",
"TranslatesTo": "https://exportcenter.stella-ops.local/v1/audit-bundles",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/policy",
"TranslatesTo": "http://policy-gateway.stella-ops.local",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/cvss",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/cvss",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/policy/simulations",
"TranslatesTo": "http://policy-gateway.stella-ops.local/policy/simulations",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/policy/shadow",
"TranslatesTo": "http://policy-gateway.stella-ops.local/policy/shadow",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/policy",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/policy",
"PreserveAuthHeaders": false
},
{
"Type": "ReverseProxy",
"Path": "/api/risk",
"TranslatesTo": "http://policy-engine.stella-ops.local/api/risk",
"PreserveAuthHeaders": false
},
{
"Type": "ReverseProxy",
"Path": "/api/analytics",
"TranslatesTo": "http://platform.stella-ops.local/api/analytics",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/release-orchestrator",
"TranslatesTo": "http://jobengine.stella-ops.local/api/release-orchestrator",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/releases",
"TranslatesTo": "http://jobengine.stella-ops.local/api/releases",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/approvals",
"TranslatesTo": "http://jobengine.stella-ops.local/api/approvals",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/gate",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/gate",
"PreserveAuthHeaders": false
},
{
"Type": "ReverseProxy",
"Path": "/api/risk-budget",
"TranslatesTo": "http://policy-engine.stella-ops.local/api/risk-budget",
"PreserveAuthHeaders": false
},
{
"Type": "ReverseProxy",
"Path": "/api/fix-verification",
"TranslatesTo": "http://scanner.stella-ops.local/api/fix-verification",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/compare",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/compare",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/change-traces",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/change-traces",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/exceptions",
"TranslatesTo": "http://policy-gateway.stella-ops.local/api/exceptions",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/verdicts",
"TranslatesTo": "https://evidencelocker.stella-ops.local/api/verdicts",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/jobengine",
"TranslatesTo": "http://jobengine.stella-ops.local/api/jobengine",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/gateway/rate-limits",
"TranslatesTo": "http://platform.stella-ops.local/api/v1/gateway/rate-limits",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/sbomservice",
"TranslatesTo": "http://sbomservice.stella-ops.local/api/sbomservice",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/vuln-explorer",
"TranslatesTo": "http://vulnexplorer.stella-ops.local/api/vuln-explorer",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/vex",
"TranslatesTo": "https://vexhub.stella-ops.local/api/vex",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/admin/plans",
"TranslatesTo": "http://registry-token.stella-ops.local/api/admin/plans",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/admin",
"TranslatesTo": "http://platform.stella-ops.local/api/admin",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/scheduler",
"TranslatesTo": "http://scheduler.stella-ops.local/api/scheduler",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v1/doctor/scheduler",
"TranslatesTo": "http://doctor-scheduler.stella-ops.local/api/v1/doctor/scheduler",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/doctor",
"TranslatesTo": "http://doctor.stella-ops.local/api/doctor",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/context",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/context",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/releases",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/releases",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/security",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/security",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/topology",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/topology",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api/v2/integrations",
"TranslatesTo": "http://platform.stella-ops.local/api/v2/integrations",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/api",
"TranslatesTo": "http://platform.stella-ops.local/api",
"PreserveAuthHeaders": true
},
{
"Type": "StaticFile",
"Path": "/platform/envsettings.json",
"TranslatesTo": "/app/envsettings-override.json"
},
{
"Type": "ReverseProxy",
"Path": "/platform",
"TranslatesTo": "http://platform.stella-ops.local/platform"
},
{
"Type": "ReverseProxy",
"Path": "/connect",
"TranslatesTo": "https://authority.stella-ops.local/connect",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/.well-known",
"TranslatesTo": "https://authority.stella-ops.local/well-known",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/jwks",
"TranslatesTo": "https://authority.stella-ops.local/jwks",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/authority/console",
"TranslatesTo": "https://authority.stella-ops.local/console",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/authority",
"TranslatesTo": "https://authority.stella-ops.local/authority",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/console",
"TranslatesTo": "https://authority.stella-ops.local/console",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/rekor",
"TranslatesTo": "http://rekor.stella-ops.local:3322"
},
{
"Type": "ReverseProxy",
"Path": "/envsettings.json",
"TranslatesTo": "http://platform.stella-ops.local/platform/envsettings.json"
},
{
"Type": "ReverseProxy",
"Path": "/scanner",
"TranslatesTo": "http://scanner.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/policyGateway",
"TranslatesTo": "http://policy-gateway.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/policyEngine",
"TranslatesTo": "http://policy-engine.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/concelier",
"TranslatesTo": "http://concelier.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/attestor",
"TranslatesTo": "http://attestor.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/notify",
"TranslatesTo": "http://notify.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/notifier",
"TranslatesTo": "http://notifier.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/scheduler",
"TranslatesTo": "http://scheduler.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/signals",
"TranslatesTo": "http://signals.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/excititor",
"TranslatesTo": "http://excititor.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/findingsLedger",
"TranslatesTo": "http://findings.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/vexhub",
"TranslatesTo": "https://vexhub.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/vexlens",
"TranslatesTo": "http://vexlens.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/jobengine",
"TranslatesTo": "http://jobengine.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/taskrunner",
"TranslatesTo": "http://taskrunner.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/cartographer",
"TranslatesTo": "http://cartographer.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/reachgraph",
"TranslatesTo": "http://reachgraph.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/doctor",
"TranslatesTo": "http://doctor.stella-ops.local",
"PreserveAuthHeaders": true
},
{
"Type": "ReverseProxy",
"Path": "/integrations",
"TranslatesTo": "http://integrations.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/replay",
"TranslatesTo": "http://replay.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/exportcenter",
"TranslatesTo": "https://exportcenter.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/evidencelocker",
"TranslatesTo": "https://evidencelocker.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/signer",
"TranslatesTo": "http://signer.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/binaryindex",
"TranslatesTo": "http://binaryindex.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/riskengine",
"TranslatesTo": "http://riskengine.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/vulnexplorer",
"TranslatesTo": "http://vulnexplorer.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/sbomservice",
"TranslatesTo": "http://sbomservice.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/advisoryai",
"TranslatesTo": "http://advisoryai.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/unknowns",
"TranslatesTo": "http://unknowns.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/timelineindexer",
"TranslatesTo": "http://timelineindexer.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/opsmemory",
"TranslatesTo": "http://opsmemory.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/issuerdirectory",
"TranslatesTo": "http://issuerdirectory.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/symbols",
"TranslatesTo": "http://symbols.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/packsregistry",
"TranslatesTo": "http://packsregistry.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/registryTokenservice",
"TranslatesTo": "http://registry-token.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/airgapController",
"TranslatesTo": "http://airgap-controller.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/airgapTime",
"TranslatesTo": "http://airgap-time.stella-ops.local"
},
{
"Type": "ReverseProxy",
"Path": "/smremote",
"TranslatesTo": "http://smremote.stella-ops.local"
},
{
"Type": "StaticFiles",
"Path": "/",
"TranslatesTo": "/app/wwwroot",
"Headers": {
"x-spa-fallback": "true"
}
},
{
"Type": "NotFoundPage",
"Path": "/_error/404",
"TranslatesTo": "/app/wwwroot/index.html"
},
{
"Type": "ServerErrorPage",
"Path": "/_error/500",
"TranslatesTo": "/app/wwwroot/index.html"
}
]
},
"Logging": {
"LogLevel": {
"Microsoft.AspNetCore.Authentication": "Information",
"Microsoft.IdentityModel": "Information",
"StellaOps": "Information"
}
}
}

3
devops/compose/scripts/router-mode-redeploy.ps1
View File

@@ -1,5 +1,5 @@
param(
[ValidateSet("microservice", "reverseproxy")]
[ValidateSet("microservice")]
[string]$Mode = "microservice",
[string]$ComposeFile = "docker-compose.stella-ops.yml",
[int]$WaitTimeoutSeconds = 1200,
@@ -25,7 +25,6 @@ if (-not (Test-Path -LiteralPath $resolvedComposeFile)) {
$configFileName = switch ($Mode) {
"microservice" { "router-gateway-local.json" }
"reverseproxy" { "router-gateway-local.reverseproxy.json" }
default { throw "Unsupported mode: $Mode" }
}