stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Align release publisher scopes and preserve promotion submit context

Browse Source
This commit is contained in:
master
2026-03-10 19:01:16 +02:00
parent f401a7182c
commit d93006a8fa
11 changed files with 365 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
docs/implplan/SPRINT_20260310_032_Authority_release_scope_alignment_for_promotions.md Normal file
View File

@@ -0,0 +1,48 @@
# Sprint 20260310_032 - Release Scope Alignment For Promotions
## Topic & Scope
- Repair the live promotion submit path by aligning the scratch-setup UI client scope contract with the release backend authorization model.
- Ensure wiped local installs converge on the same scope set through compose bootstrap configuration and Authority demo seed data.
- Working directory: `src/Authority/`.
- Cross-module edits explicitly allowed: `src/Web/StellaOps.Web/src/config`, `src/Web/StellaOps.Web/scripts`, and `devops/compose`.
- Expected evidence: focused Authority bootstrap coverage, rebuilt/redeployed local stack, live Playwright promotion submit sweep, refreshed authenticated route coverage.
## Dependencies & Concurrency
- Depends on the local Docker stack being available for rebuild/redeploy on `https://stella-ops.local`.
- Safe parallelism: limited to Authority bootstrap scope provisioning, local setup config, and release-promotion Playwright harnesses.
## Documentation Prerequisites
- `docs/qa/feature-checks/FLOW.md`
- `docs/modules/ui/v2-rewire/authority-matrix.md`
- `docs/technical/architecture/console-admin-rbac.md`
## Delivery Tracker
### TASK-01 - Align release publisher scopes across scratch setup sources
Status: DONE
Dependency: none
Owners: QA, 3rd line support, Product Manager, Architect, Developer
Task description:
- Live Playwright proved that `/releases/promotions/create` can preview and enumerate targets but fails the final submit with `403` from `POST /api/v1/release-orchestrator/releases/:id/promote`.
- Root cause must be fixed at the product contract layer: the release backend correctly requires `release:publish`, while the local UI client and scratch Authority bootstrap sources still only provision `release:read`.
Completion criteria:
- [x] The shipped web config and local environment override request `release:read`, `release:write`, and `release:publish`.
- [x] The compose bootstrap client and first-run Authority seed data provision the same release scopes on wiped installs.
- [x] Focused regression coverage proves bootstrap client provisioning retains the release publisher scopes.
- [x] A live Playwright promotion-submit sweep passes without `403` and lands on the canonical promotion detail route.
## Execution Log
| Date (UTC) | Update | Owner |
| --- | --- | --- |
| 2026-03-10 | Sprint created after live Playwright confirmed promotion preview works but submit fails with `403` because the release backend requires `release:publish` while the local UI client only requests/allows `release:read`. | QA |
| 2026-03-10 | Patched the release publisher scope set across the shipped web config, compose bootstrap client, runtime env override, and Authority scratch/demo seeds. Added focused Authority bootstrap coverage and a dedicated live Playwright promotion submit harness. | QA / Developer |
| 2026-03-10 | Rebuilt all 59 Docker images from the local matrix, tore the stack down with volumes, redeployed from scratch, resynced the rebuilt web dist, and reauthenticated against the fresh install. Live Playwright now confirms promotion submit returns `200`, lands on `/releases/promotions/:id`, preserves tenant/region/environment/time-window scope, and the canonical route sweep passes `111/111` on the rebuilt stack. | QA / Developer |
## Decisions & Risks
- Decision: keep the backend `release:publish` gate intact and repair the client/bootstrap scope contract instead of weakening release approval authorization.
- Decision: patch both compose runtime bootstrap and persisted Authority demo seed data so scratch rebuilds and fresh database installs converge on the same allowed scope set.
- Decision: preserve current scope query parameters on successful promotion submit so the user remains in the same tenant/region/environment context after the wizard transitions to the promotion detail route.
## Next Checkpoints
- Continue the next deep action sweep from the rebuilt local stack.