Fix critical journey blockers: audit endpoints, registry mock, topology auth

Fix #20 — Audit log empty: Wire app.MapAuditEndpoints() in JobEngine Program.cs. The endpoint file existed but was never registered, so /api/v1/jobengine/audit returned 404 and the Timeline unified aggregation service got 0 events. Fix #22 — Registry search returns mock data: Replace the catchError() synthetic mock fallback in searchImages() with an empty array return. The release wizard will now show "no results" instead of fabricating fake "payment-service" with "sha256:payment..." digests. getImageDigests() returns an empty-tags placeholder on failure. Fix #13 — Topology wizard 401 (identity envelope passthrough): Add TryAuthenticateFromIdentityEnvelope() to Concelier's JwtBearer OnMessageReceived handler. When no JWT bearer token is present (stripped by gateway's IdentityHeaderPolicyMiddleware on ReverseProxy routes), the handler reads X-StellaOps-Identity-Envelope + signature headers, verifies the HMAC-SHA256 signature using the shared signing key, and populates ClaimsPrincipal with subject/tenant/scopes/roles from the envelope. This enables ReverseProxy routes to Concelier topology endpoints to authenticate the same way Microservice/Valkey routes do. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-16 09:24:04 +02:00
parent 4e07f7bd72
commit ed6cd76c62
3 changed files with 100 additions and 14 deletions
--- a/src/Web/StellaOps.Web/src/app/core/api/release-management.client.ts
+++ b/src/Web/StellaOps.Web/src/app/core/api/release-management.client.ts
@@ -379,17 +379,7 @@ export class ReleaseManagementHttpClient implements ReleaseManagementApi {
    }

    return this.http.get<RegistryImage[]>('/api/registry/images/search', { params: { q: query } }).pipe(
-      catchError(() =>
-        of([
-          {
-            name: `${query}-service`,
-            repository: `registry.internal/${query}-service`,
-            tags: ['latest'],
-            digests: [{ tag: 'latest', digest: `sha256:${query}1234567890abcdef`, pushedAt: new Date().toISOString() }],
-            lastPushed: new Date().toISOString(),
-          },
-        ]),
-      ),
+      catchError(() => of([])),
    );
  }

@@ -399,9 +389,9 @@ export class ReleaseManagementHttpClient implements ReleaseManagementApi {
        of({
          name: repository.split('/').at(-1) ?? repository,
          repository,
-          tags: ['latest'],
-          digests: [{ tag: 'latest', digest: 'sha256:mockdigest', pushedAt: new Date().toISOString() }],
-          lastPushed: new Date().toISOString(),
+          tags: [],
+          digests: [],
+          lastPushed: '',
        }),
      ),
    );