stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Add environment/target/agent CRUD endpoints to Concelier topology

Browse Source 
The topology wizard creates environments and targets via POST /api/v1/environments
and POST /api/v1/targets. These were routed to JobEngine which doesn't have
the identity envelope middleware, causing 404 on ReverseProxy routes.

Fix: Add environment CRUD, target CRUD, and agent list endpoints directly
to Concelier's TopologySetupEndpointExtensions. These use the same
Topology.Read/Manage authorization policies that work with the identity
envelope middleware.

Routes updated:
- /api/v1/environments → Concelier (was JobEngine)
- /api/v1/agents → Concelier (new)

Topology wizard now completes steps 1-4:
  1. Region: CREATE OK
  2. Environment: CREATE OK
  3. Stage Order: OK (skip)
  4. Target: CREATE OK
  5. Agent: BLOCKED (expected — no agents deployed on fresh install)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-03-16 09:49:59 +02:00
parent 3577c268a4
commit a86f0d1361
3 changed files with 121 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
devops/compose/router-gateway-local.json
View File

@@ -52,7 +52,8 @@
{ "Type": "ReverseProxy", "Path": "^/api/v1/pending-deletions(.*)", "IsRegex": true, "TranslatesTo": "http://concelier.stella-ops.local/api/v1/pending-deletions$1", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "^/api/v1/targets(.*)", "IsRegex": true, "TranslatesTo": "http://concelier.stella-ops.local/api/v1/targets$1", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "^/api/v1/environments/(.*)/readiness(.*)", "IsRegex": true, "TranslatesTo": "http://concelier.stella-ops.local/api/v1/environments/$1/readiness$2", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "^/api/v1/environments(.*)", "IsRegex": true, "TranslatesTo": "http://jobengine.stella-ops.local/api/v1/environments$1", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "^/api/v1/environments(.*)", "IsRegex": true, "TranslatesTo": "http://concelier.stella-ops.local/api/v1/environments$1", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "^/api/v1/agents(.*)", "IsRegex": true, "TranslatesTo": "http://concelier.stella-ops.local/api/v1/agents$1", "PreserveAuthHeaders": true },
{ "Type": "Microservice", "Path": "^/api/v1/vulnerabilities(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/v1/vulnerabilities$1" },
{ "Type": "Microservice", "Path": "^/api/v1/watchlist(.*)", "IsRegex": true, "TranslatesTo": "http://attestor.stella-ops.local/api/v1/watchlist$1" },
{ "Type": "Microservice", "Path": "^/api/v1/triage(.*)", "IsRegex": true, "TranslatesTo": "http://scanner.stella-ops.local/api/v1/triage$1" },