stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

e2e observation fixes

Browse Source
This commit is contained in:
master
2026-02-18 22:47:34 +02:00
parent 1bcab39a2c
commit cb3e361fcf
35 changed files with 1127 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
devops/compose/docker-compose.stella-ops.yml
View File

@@ -410,6 +410,7 @@ services:
volumes:
- *cert-volume
- *ca-bundle
- *ca-bundle
ports:
- "127.1.0.5:80:80"
networks:
@@ -436,6 +437,7 @@ services:
ConnectionStrings__Default: *postgres-connection
volumes:
- *cert-volume
- *ca-bundle
ports:
- "127.1.0.6:80:80"
networks:
@@ -495,6 +497,15 @@ services:
EvidenceLocker__Quotas__MaxMaterialCount: "128"
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
EvidenceLocker__Authority__BaseUrl: "https://authority.stella-ops.local"
Authority__ResourceServer__Authority: "https://authority.stella-ops.local/"
Authority__ResourceServer__MetadataAddress: "https://authority.stella-ops.local/.well-known/openid-configuration"
Authority__ResourceServer__RequireHttpsMetadata: "false"
Authority__ResourceServer__Audiences__0: ""
Authority__ResourceServer__BypassNetworks__0: "172.19.0.0/16"
Authority__ResourceServer__BypassNetworks__1: "127.0.0.1/32"
Authority__ResourceServer__BypassNetworks__2: "::1/128"
Authority__ResourceServer__BypassNetworks__3: "0.0.0.0/0"
Authority__ResourceServer__BypassNetworks__4: "::/0"
volumes:
- *cert-volume
- *ca-bundle
@@ -1775,8 +1786,18 @@ services:
ConnectionStrings__Default: *postgres-connection
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
Export__AllowInMemoryRepositories: "true"
Authority__ResourceServer__Authority: "https://authority.stella-ops.local/"
Authority__ResourceServer__MetadataAddress: "https://authority.stella-ops.local/.well-known/openid-configuration"
Authority__ResourceServer__RequireHttpsMetadata: "false"
Authority__ResourceServer__Audiences__0: ""
Authority__ResourceServer__BypassNetworks__0: "172.19.0.0/16"
Authority__ResourceServer__BypassNetworks__1: "127.0.0.1/32"
Authority__ResourceServer__BypassNetworks__2: "::1/128"
Authority__ResourceServer__BypassNetworks__3: "0.0.0.0/0"
Authority__ResourceServer__BypassNetworks__4: "::/0"
volumes:
- *cert-volume
- *ca-bundle
ports:
- "127.1.0.40:80:80"
networks:
@@ -1799,8 +1820,14 @@ services:
ConnectionStrings__Default: *postgres-connection
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
Export__AllowInMemoryRepositories: "true"
Authority__ResourceServer__Authority: "https://authority.stella-ops.local/"
Authority__ResourceServer__MetadataAddress: "https://authority.stella-ops.local/.well-known/openid-configuration"
Authority__ResourceServer__RequireHttpsMetadata: "false"
Authority__ResourceServer__Audiences__0: ""
Authority__ResourceServer__BypassNetworks__0: "172.19.0.0/16"
volumes:
- *cert-volume
- *ca-bundle
networks:
stellaops:
aliases:

122
devops/compose/envsettings-override.json
View File

@@ -1,63 +1,63 @@
{
"authority": {
"issuer": "https://authority.stella-ops.local/",
"clientId": "stella-ops-ui",
"authorizeEndpoint": "https://authority.stella-ops.local/connect/authorize",
"tokenEndpoint": "https://authority.stella-ops.local/connect/token",
"redirectUri": "https://stella-ops.local/auth/callback",
"postLogoutRedirectUri": "https://stella-ops.local/",
"scope": "openid profile email offline_access ui.read ui.admin authority:tenants.read authority:users.read authority:roles.read authority:clients.read authority:tokens.read authority:branding.read authority.audit.read graph:read sbom:read scanner:read policy:read policy:simulate policy:author policy:review policy:approve orch:read analytics.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read release:read scheduler:read scheduler:operate notify.viewer notify.operator notify.admin notify.escalate export.viewer export.operator export.admin vuln:view vuln:investigate vuln:operate vuln:audit",
"audience": "stella-ops-api",
"dpopAlgorithms": [
"ES256"
],
"refreshLeewaySeconds": 60
},
"apiBaseUrls": {
"vulnexplorer": "http://vulnexplorer.stella-ops.local",
"replay": "http://replay.stella-ops.local",
"notify": "http://notify.stella-ops.local",
"notifier": "http://notifier.stella-ops.local",
"airgapController": "http://airgap-controller.stella-ops.local",
"gateway": "http://gateway.stella-ops.local",
"doctor": "http://doctor.stella-ops.local",
"taskrunner": "http://taskrunner.stella-ops.local",
"timelineindexer": "http://timelineindexer.stella-ops.local",
"timeline": "http://timeline.stella-ops.local",
"packsregistry": "http://packsregistry.stella-ops.local",
"findingsLedger": "http://findings.stella-ops.local",
"policyGateway": "http://policy-gateway.stella-ops.local",
"registryTokenservice": "http://registry-token.stella-ops.local",
"graph": "http://graph.stella-ops.local",
"issuerdirectory": "http://issuerdirectory.stella-ops.local",
"router": "http://router.stella-ops.local",
"integrations": "http://integrations.stella-ops.local",
"platform": "http://platform.stella-ops.local",
"smremote": "http://smremote.stella-ops.local",
"signals": "http://signals.stella-ops.local",
"vexlens": "http://vexlens.stella-ops.local",
"scheduler": "http://scheduler.stella-ops.local",
"concelier": "http://concelier.stella-ops.local",
"opsmemory": "http://opsmemory.stella-ops.local",
"binaryindex": "http://binaryindex.stella-ops.local",
"signer": "http://signer.stella-ops.local",
"reachgraph": "http://reachgraph.stella-ops.local",
"authority": "http://authority.stella-ops.local",
"unknowns": "http://unknowns.stella-ops.local",
"scanner": "http://scanner.stella-ops.local",
"sbomservice": "http://sbomservice.stella-ops.local",
"symbols": "http://symbols.stella-ops.local",
"orchestrator": "http://orchestrator.stella-ops.local",
"policyEngine": "http://policy-engine.stella-ops.local",
"attestor": "http://attestor.stella-ops.local",
"vexhub": "http://vexhub.stella-ops.local",
"riskengine": "http://riskengine.stella-ops.local",
"airgapTime": "http://airgap-time.stella-ops.local",
"advisoryai": "http://advisoryai.stella-ops.local",
"excititor": "http://excititor.stella-ops.local",
"cartographer": "http://cartographer.stella-ops.local",
"evidencelocker": "http://evidencelocker.stella-ops.local",
"exportcenter": "http://exportcenter.stella-ops.local"
},
"setup": "complete"
"authority": {
"issuer": "https://authority.stella-ops.local/",
"clientId": "stella-ops-ui",
"authorizeEndpoint": "https://authority.stella-ops.local/connect/authorize",
"tokenEndpoint": "https://authority.stella-ops.local/connect/token",
"redirectUri": "https://stella-ops.local/auth/callback",
"postLogoutRedirectUri": "https://stella-ops.local/",
"scope": "openid profile email offline_access ui.read ui.admin authority:tenants.read authority:users.read authority:roles.read authority:clients.read authority:tokens.read authority:branding.read authority.audit.read graph:read sbom:read scanner:read policy:read policy:simulate policy:author policy:review policy:approve orch:read analytics.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read release:read scheduler:read scheduler:operate notify.viewer notify.operator notify.admin notify.escalate evidence:read export.viewer export.operator export.admin vuln:view vuln:investigate vuln:operate vuln:audit",
"audience": "stella-ops-api",
"dpopAlgorithms": [
"ES256"
],
"refreshLeewaySeconds": 60
},
"apiBaseUrls": {
"vulnexplorer": "https://stella-ops.local",
"replay": "https://stella-ops.local",
"notify": "https://stella-ops.local",
"notifier": "https://stella-ops.local",
"airgapController": "https://stella-ops.local",
"gateway": "https://stella-ops.local",
"doctor": "https://stella-ops.local",
"taskrunner": "https://stella-ops.local",
"timelineindexer": "https://stella-ops.local",
"timeline": "https://stella-ops.local",
"packsregistry": "https://stella-ops.local",
"findingsLedger": "https://stella-ops.local",
"policyGateway": "https://stella-ops.local",
"registryTokenservice": "https://stella-ops.local",
"graph": "https://stella-ops.local",
"issuerdirectory": "https://stella-ops.local",
"router": "https://stella-ops.local",
"integrations": "https://stella-ops.local",
"platform": "https://stella-ops.local",
"smremote": "https://stella-ops.local",
"signals": "https://stella-ops.local",
"vexlens": "https://stella-ops.local",
"scheduler": "https://stella-ops.local",
"concelier": "https://stella-ops.local",
"opsmemory": "https://stella-ops.local",
"binaryindex": "https://stella-ops.local",
"signer": "https://stella-ops.local",
"reachgraph": "https://stella-ops.local",
"authority": "https://stella-ops.local",
"unknowns": "https://stella-ops.local",
"scanner": "https://stella-ops.local",
"sbomservice": "https://stella-ops.local",
"symbols": "https://stella-ops.local",
"orchestrator": "https://stella-ops.local",
"policyEngine": "https://stella-ops.local",
"attestor": "https://stella-ops.local",
"vexhub": "https://stella-ops.local",
"riskengine": "https://stella-ops.local",
"airgapTime": "https://stella-ops.local",
"advisoryai": "https://stella-ops.local",
"excititor": "https://stella-ops.local",
"cartographer": "https://stella-ops.local",
"evidencelocker": "https://stella-ops.local",
"exportcenter": "https://stella-ops.local"
},
"setup": "complete"
}

24
devops/compose/router-gateway-local.json
View File

@@ -14,7 +14,7 @@
},
"Routes": [
{ "Type": "ReverseProxy", "Path": "/api/v1/release-orchestrator", "TranslatesTo": "http://orchestrator.stella-ops.local/api/v1/release-orchestrator" },
{ "Type": "ReverseProxy", "Path": "/api/v1/vex", "TranslatesTo": "http://vexhub.stella-ops.local/api/v1/vex" },
{ "Type": "ReverseProxy", "Path": "/api/v1/vex", "TranslatesTo": "https://vexhub.stella-ops.local/api/v1/vex" },
{ "Type": "ReverseProxy", "Path": "/api/v1/vexlens", "TranslatesTo": "http://vexlens.stella-ops.local/api/v1/vexlens" },
{ "Type": "ReverseProxy", "Path": "/api/v1/notify", "TranslatesTo": "http://notify.stella-ops.local/api/v1/notify" },
{ "Type": "ReverseProxy", "Path": "/api/v1/notifier", "TranslatesTo": "http://notifier.stella-ops.local/api/v1/notifier" },
@@ -33,8 +33,8 @@
{ "Type": "ReverseProxy", "Path": "/api/v1/authority/quotas", "TranslatesTo": "http://platform.stella-ops.local/api/v1/authority/quotas", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "/api/v1/authority", "TranslatesTo": "https://authority.stella-ops.local/api/v1/authority", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "/api/v1/trust", "TranslatesTo": "https://authority.stella-ops.local/api/v1/trust", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "/api/v1/evidence", "TranslatesTo": "http://evidencelocker.stella-ops.local/api/v1/evidence" },
{ "Type": "ReverseProxy", "Path": "/api/v1/proofs", "TranslatesTo": "http://evidencelocker.stella-ops.local/api/v1/proofs" },
{ "Type": "ReverseProxy", "Path": "/api/v1/evidence", "TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/evidence" },
{ "Type": "ReverseProxy", "Path": "/api/v1/proofs", "TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/proofs" },
{ "Type": "ReverseProxy", "Path": "/api/v1/timeline", "TranslatesTo": "http://timelineindexer.stella-ops.local/api/v1/timeline" },
{ "Type": "ReverseProxy", "Path": "/api/v1/advisory-ai", "TranslatesTo": "http://advisoryai.stella-ops.local/api/v1/advisory-ai" },
{ "Type": "ReverseProxy", "Path": "/api/v1/advisory", "TranslatesTo": "http://advisoryai.stella-ops.local/api/v1/advisory" },
@@ -42,9 +42,9 @@
{ "Type": "ReverseProxy", "Path": "/api/v1/watchlist", "TranslatesTo": "http://scanner.stella-ops.local/api/v1/watchlist" },
{ "Type": "ReverseProxy", "Path": "/api/v1/resolve", "TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/resolve" },
{ "Type": "ReverseProxy", "Path": "/api/v1/ops/binaryindex", "TranslatesTo": "http://binaryindex.stella-ops.local/api/v1/ops/binaryindex" },
{ "Type": "ReverseProxy", "Path": "/api/v1/verdicts", "TranslatesTo": "http://evidencelocker.stella-ops.local/api/v1/verdicts" },
{ "Type": "ReverseProxy", "Path": "/api/v1/verdicts", "TranslatesTo": "https://evidencelocker.stella-ops.local/api/v1/verdicts" },
{ "Type": "ReverseProxy", "Path": "/api/v1/lineage", "TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/lineage" },
{ "Type": "ReverseProxy", "Path": "/api/v1/export", "TranslatesTo": "http://exportcenter.stella-ops.local/api/v1/export" },
{ "Type": "ReverseProxy", "Path": "/api/v1/export", "TranslatesTo": "https://exportcenter.stella-ops.local/api/v1/export" },
{ "Type": "ReverseProxy", "Path": "/api/v1/triage", "TranslatesTo": "http://scanner.stella-ops.local/api/v1/triage" },
{ "Type": "ReverseProxy", "Path": "/api/v1/governance", "TranslatesTo": "http://policy-gateway.stella-ops.local/api/v1/governance" },
{ "Type": "ReverseProxy", "Path": "/api/v1/determinization", "TranslatesTo": "http://policy-engine.stella-ops.local/api/v1/determinization" },
@@ -53,10 +53,10 @@
{ "Type": "ReverseProxy", "Path": "/api/v1/sources", "TranslatesTo": "http://sbomservice.stella-ops.local/api/v1/sources" },
{ "Type": "ReverseProxy", "Path": "/api/v1/workflows", "TranslatesTo": "http://orchestrator.stella-ops.local/api/v1/workflows" },
{ "Type": "ReverseProxy", "Path": "/api/v1/witnesses", "TranslatesTo": "http://attestor.stella-ops.local/api/v1/witnesses" },
{ "Type": "ReverseProxy", "Path": "/v1/evidence-packs", "TranslatesTo": "http://evidencelocker.stella-ops.local/v1/evidence-packs" },
{ "Type": "ReverseProxy", "Path": "/v1/evidence-packs", "TranslatesTo": "https://evidencelocker.stella-ops.local/v1/evidence-packs" },
{ "Type": "ReverseProxy", "Path": "/v1/runs", "TranslatesTo": "http://orchestrator.stella-ops.local/v1/runs" },
{ "Type": "ReverseProxy", "Path": "/v1/advisory-ai", "TranslatesTo": "http://advisoryai.stella-ops.local/v1/advisory-ai" },
{ "Type": "ReverseProxy", "Path": "/v1/audit-bundles", "TranslatesTo": "http://evidencelocker.stella-ops.local/v1/audit-bundles" },
{ "Type": "ReverseProxy", "Path": "/v1/audit-bundles", "TranslatesTo": "https://exportcenter.stella-ops.local/v1/audit-bundles" },
{ "Type": "ReverseProxy", "Path": "/policy", "TranslatesTo": "http://policy-gateway.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/api/cvss", "TranslatesTo": "http://policy-gateway.stella-ops.local/api/cvss", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "/api/policy", "TranslatesTo": "http://policy-gateway.stella-ops.local/api/policy", "PreserveAuthHeaders": true },
@@ -71,12 +71,12 @@
{ "Type": "ReverseProxy", "Path": "/api/compare", "TranslatesTo": "http://sbomservice.stella-ops.local/api/compare" },
{ "Type": "ReverseProxy", "Path": "/api/change-traces", "TranslatesTo": "http://sbomservice.stella-ops.local/api/change-traces" },
{ "Type": "ReverseProxy", "Path": "/api/exceptions", "TranslatesTo": "http://policy-gateway.stella-ops.local/api/exceptions", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "/api/verdicts", "TranslatesTo": "http://evidencelocker.stella-ops.local/api/verdicts" },
{ "Type": "ReverseProxy", "Path": "/api/verdicts", "TranslatesTo": "https://evidencelocker.stella-ops.local/api/verdicts" },
{ "Type": "ReverseProxy", "Path": "/api/orchestrator", "TranslatesTo": "http://orchestrator.stella-ops.local/api/orchestrator" },
{ "Type": "ReverseProxy", "Path": "/api/v1/gateway/rate-limits", "TranslatesTo": "http://platform.stella-ops.local/api/v1/gateway/rate-limits", "PreserveAuthHeaders": true },
{ "Type": "ReverseProxy", "Path": "/api/sbomservice", "TranslatesTo": "http://sbomservice.stella-ops.local/api/sbomservice" },
{ "Type": "ReverseProxy", "Path": "/api/vuln-explorer", "TranslatesTo": "http://vulnexplorer.stella-ops.local/api/vuln-explorer" },
{ "Type": "ReverseProxy", "Path": "/api/vex", "TranslatesTo": "http://vexhub.stella-ops.local/api/vex" },
{ "Type": "ReverseProxy", "Path": "/api/vex", "TranslatesTo": "https://vexhub.stella-ops.local/api/vex" },
{ "Type": "ReverseProxy", "Path": "/api/admin", "TranslatesTo": "http://platform.stella-ops.local/api/admin" },
{ "Type": "ReverseProxy", "Path": "/api/scheduler", "TranslatesTo": "http://scheduler.stella-ops.local/api/scheduler" },
{ "Type": "ReverseProxy", "Path": "/api/doctor", "TranslatesTo": "http://doctor.stella-ops.local/api/doctor" },
@@ -101,7 +101,7 @@
{ "Type": "ReverseProxy", "Path": "/signals", "TranslatesTo": "http://signals.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/excititor", "TranslatesTo": "http://excititor.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/findingsLedger", "TranslatesTo": "http://findings.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/vexhub", "TranslatesTo": "http://vexhub.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/vexhub", "TranslatesTo": "https://vexhub.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/vexlens", "TranslatesTo": "http://vexlens.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/orchestrator", "TranslatesTo": "http://orchestrator.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/taskrunner", "TranslatesTo": "http://taskrunner.stella-ops.local" },
@@ -110,8 +110,8 @@
{ "Type": "ReverseProxy", "Path": "/doctor", "TranslatesTo": "http://doctor.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/integrations", "TranslatesTo": "http://integrations.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/replay", "TranslatesTo": "http://replay.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/exportcenter", "TranslatesTo": "http://exportcenter.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/evidencelocker", "TranslatesTo": "http://evidencelocker.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/exportcenter", "TranslatesTo": "https://exportcenter.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/evidencelocker", "TranslatesTo": "https://evidencelocker.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/signer", "TranslatesTo": "http://signer.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/binaryindex", "TranslatesTo": "http://binaryindex.stella-ops.local" },
{ "Type": "ReverseProxy", "Path": "/riskengine", "TranslatesTo": "http://riskengine.stella-ops.local" },