search and ai stabilization work, localization stablized.

2026-02-24 23:29:36 +02:00
parent 4f947a8b61
commit b07d27772e
766 changed files with 55299 additions and 3221 deletions
--- a/devops/compose/fixtures/keycloak/stellaops-realm.json
+++ b/devops/compose/fixtures/keycloak/stellaops-realm.json
@@ -0,0 +1,179 @@
+{
+  "realm": "stellaops",
+  "enabled": true,
+  "displayName": "StellaOps Test Realm",
+  "sslRequired": "none",
+  "registrationAllowed": false,
+  "loginWithEmailAllowed": true,
+  "duplicateEmailsAllowed": false,
+  "roles": {
+    "realm": [
+      { "name": "admin", "description": "StellaOps administrator role" },
+      { "name": "operator", "description": "StellaOps operator role" },
+      { "name": "viewer", "description": "StellaOps viewer role" }
+    ]
+  },
+  "users": [
+    {
+      "username": "saml-admin",
+      "email": "saml-admin@stellaops.test",
+      "firstName": "SAML",
+      "lastName": "Admin",
+      "enabled": true,
+      "emailVerified": true,
+      "credentials": [
+        { "type": "password", "value": "saml-admin-password", "temporary": false }
+      ],
+      "realmRoles": ["admin"]
+    },
+    {
+      "username": "saml-operator",
+      "email": "saml-operator@stellaops.test",
+      "firstName": "SAML",
+      "lastName": "Operator",
+      "enabled": true,
+      "emailVerified": true,
+      "credentials": [
+        { "type": "password", "value": "saml-operator-password", "temporary": false }
+      ],
+      "realmRoles": ["operator"]
+    },
+    {
+      "username": "oidc-admin",
+      "email": "oidc-admin@stellaops.test",
+      "firstName": "OIDC",
+      "lastName": "Admin",
+      "enabled": true,
+      "emailVerified": true,
+      "credentials": [
+        { "type": "password", "value": "oidc-admin-password", "temporary": false }
+      ],
+      "realmRoles": ["admin"]
+    },
+    {
+      "username": "oidc-operator",
+      "email": "oidc-operator@stellaops.test",
+      "firstName": "OIDC",
+      "lastName": "Operator",
+      "enabled": true,
+      "emailVerified": true,
+      "credentials": [
+        { "type": "password", "value": "oidc-operator-password", "temporary": false }
+      ],
+      "realmRoles": ["operator"]
+    }
+  ],
+  "clients": [
+    {
+      "clientId": "stellaops-saml-sp",
+      "name": "StellaOps SAML Service Provider",
+      "protocol": "saml",
+      "enabled": true,
+      "frontchannelLogout": true,
+      "attributes": {
+        "saml.assertion.signature": "true",
+        "saml.server.signature": "true",
+        "saml.client.signature": "false",
+        "saml.authnstatement": "true",
+        "saml.force.post.binding": "true",
+        "saml_name_id_format": "username",
+        "saml_assertion_consumer_url_post": "https://localhost:5001/saml/acs",
+        "saml_single_logout_service_url_post": "https://localhost:5001/saml/slo"
+      },
+      "redirectUris": [
+        "https://localhost:5001/*"
+      ],
+      "protocolMappers": [
+        {
+          "name": "role-mapper",
+          "protocol": "saml",
+          "protocolMapper": "saml-role-list-mapper",
+          "consentRequired": false,
+          "config": {
+            "single": "true",
+            "attribute.nameformat": "Basic",
+            "attribute.name": "Role"
+          }
+        },
+        {
+          "name": "email-mapper",
+          "protocol": "saml",
+          "protocolMapper": "saml-user-attribute-mapper",
+          "consentRequired": false,
+          "config": {
+            "attribute.nameformat": "Basic",
+            "user.attribute": "email",
+            "friendly.name": "email",
+            "attribute.name": "email"
+          }
+        }
+      ]
+    },
+    {
+      "clientId": "stellaops-oidc-client",
+      "name": "StellaOps OIDC Client",
+      "protocol": "openid-connect",
+      "enabled": true,
+      "publicClient": false,
+      "secret": "stellaops-oidc-test-secret",
+      "directAccessGrantsEnabled": true,
+      "standardFlowEnabled": true,
+      "serviceAccountsEnabled": true,
+      "redirectUris": [
+        "https://localhost:5001/*",
+        "http://localhost:4200/*"
+      ],
+      "webOrigins": [
+        "https://localhost:5001",
+        "http://localhost:4200"
+      ],
+      "defaultClientScopes": [
+        "openid",
+        "profile",
+        "email",
+        "roles"
+      ],
+      "protocolMappers": [
+        {
+          "name": "realm-role-mapper",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-realm-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "multivalued": "true",
+            "claim.name": "roles",
+            "jsonType.label": "String",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "userinfo.token.claim": "true"
+          }
+        }
+      ]
+    }
+  ],
+  "clientScopes": [
+    {
+      "name": "roles",
+      "protocol": "openid-connect",
+      "attributes": {
+        "include.in.token.scope": "true"
+      },
+      "protocolMappers": [
+        {
+          "name": "realm-roles",
+          "protocol": "openid-connect",
+          "protocolMapper": "oidc-usermodel-realm-role-mapper",
+          "consentRequired": false,
+          "config": {
+            "multivalued": "true",
+            "claim.name": "realm_roles",
+            "jsonType.label": "String",
+            "id.token.claim": "true",
+            "access.token.claim": "true",
+            "userinfo.token.claim": "true"
+          }
+        }
+      ]
+    }
+  ]
+}
--- a/devops/compose/fixtures/ldap/bootstrap.ldif
+++ b/devops/compose/fixtures/ldap/bootstrap.ldif
@@ -0,0 +1,76 @@
+## StellaOps LDAP Test Bootstrap Data
+## Loaded by osixia/openldap via --copy-service
+
+# Organizational Units
+dn: ou=users,dc=stellaops,dc=test
+objectClass: organizationalUnit
+ou: users
+
+dn: ou=groups,dc=stellaops,dc=test
+objectClass: organizationalUnit
+ou: groups
+
+# Users
+dn: uid=test-admin,ou=users,dc=stellaops,dc=test
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: test-admin
+cn: Test Admin
+sn: Admin
+givenName: Test
+mail: test-admin@stellaops.test
+userPassword: admin-password
+uidNumber: 1001
+gidNumber: 1001
+homeDirectory: /home/test-admin
+loginShell: /bin/bash
+
+dn: uid=test-operator,ou=users,dc=stellaops,dc=test
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: test-operator
+cn: Test Operator
+sn: Operator
+givenName: Test
+mail: test-operator@stellaops.test
+userPassword: operator-password
+uidNumber: 1002
+gidNumber: 1002
+homeDirectory: /home/test-operator
+loginShell: /bin/bash
+
+dn: uid=test-viewer,ou=users,dc=stellaops,dc=test
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+uid: test-viewer
+cn: Test Viewer
+sn: Viewer
+givenName: Test
+mail: test-viewer@stellaops.test
+userPassword: viewer-password
+uidNumber: 1003
+gidNumber: 1003
+homeDirectory: /home/test-viewer
+loginShell: /bin/bash
+
+# Groups
+dn: cn=admins,ou=groups,dc=stellaops,dc=test
+objectClass: groupOfNames
+cn: admins
+description: StellaOps Administrators
+member: uid=test-admin,ou=users,dc=stellaops,dc=test
+
+dn: cn=operators,ou=groups,dc=stellaops,dc=test
+objectClass: groupOfNames
+cn: operators
+description: StellaOps Operators
+member: uid=test-operator,ou=users,dc=stellaops,dc=test
+
+dn: cn=viewers,ou=groups,dc=stellaops,dc=test
+objectClass: groupOfNames
+cn: viewers
+description: StellaOps Viewers
+member: uid=test-viewer,ou=users,dc=stellaops,dc=test