From 2b95238d8545e7aff9e5de93996c80f12333edcb Mon Sep 17 00:00:00 2001 From: Edgar Vonk Date: Thu, 20 Feb 2025 09:11:34 +0100 Subject: [PATCH 1/8] fix: fixing broken OpenNotificaties in Docker Compose. work in progress --- .../database/1-setup-applicatie.sql | 7 ++++--- .../database/fill-data-on-startup.sh | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql index 873c3c2322..d35d90288c 100644 --- a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql +++ b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql @@ -4,16 +4,17 @@ INSERT INTO accounts_user (id, password, last_login, is_superuser, username, fir -- Set up the Autorisatiecomponentconfiguratie -- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why. -- Please see our 'testing.md' document on how to set this up. -INSERT INTO authorizations_authorizationsconfig (api_root, component) VALUES('http://host.docker.internal:8001/autorisaties/api/v1/', 'ac'); +INSERT INTO authorizations_authorizationsconfig (component, authorizations_api_service_id) VALUES('ac', (SELECT id FROM zgw_consumers_service WHERE label = 'Authorization API service')); -- Set up the Notificatiescomponentconfiguratie -- We assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup) -UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE label = 'notificaties-self'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; +UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE label = 'Authorization API service'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; -- Set up the External API credentials -- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why. -- Please see our 'testing.md' document on how to set this up. -INSERT INTO vng_api_common_apicredential (api_root, client_id, secret, label, user_id, user_representation) VALUES('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey', 'Open Zaak - Autorisaties', 'open-zaak-autorisaties', 'Open Zaak - Autorisaties'); +-- TODO: table no longer exists +-- INSERT INTO vng_api_common_apicredential (api_root, client_id, secret, label, user_id, user_representation) VALUES('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey', 'Open Zaak - Autorisaties', 'open-zaak-autorisaties', 'Open Zaak - Autorisaties'); -- Set up the Autorisatiegegevens INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES('open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey'); diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh b/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh index 38529c353d..900b534091 100755 --- a/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh +++ b/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh @@ -3,7 +3,7 @@ # The number of expected records in the django_migrations table after Open Notificaties has finished with the database # migration scripts. # Note that this is expected to change in future versions of Open Notificaties, so this value should be updated accordingly. -DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT=160 +DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT=167 echo ">>>> Waiting until Open Notificaties has initialized the database <<<<" useradd opennotificaties From ac7ea43588b92a0343bef18be201f38911698f1d Mon Sep 17 00:00:00 2001 From: Edgar Vonk Date: Thu, 20 Feb 2025 16:24:34 +0100 Subject: [PATCH 2/8] chore: testing to get OpenNotificaties - OpenZaak authorisation to work; no luck so far --- .../database/1-setup-applicatie.sql | 9 +++------ .../database/4-setup-zac-config-after.sql | 1 + 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql index d35d90288c..807e7f0e66 100644 --- a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql +++ b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql @@ -2,19 +2,16 @@ INSERT INTO accounts_user (id, password, last_login, is_superuser, username, first_name, last_name, email, is_staff, is_active, date_joined) VALUES (1, 'pbkdf2_sha256$260000$gtIe19cI1vW9RzIsRDpriC$o8G6cItI5vXqbGFcXuu0pbullajpvMDc6Hze70mf+jE=', null, true, 'admin', '', '', 'admin@example.com', true, true, '2023-08-08 15:14:56.735552 +00:00'); -- Set up the Autorisatiecomponentconfiguratie --- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why. --- Please see our 'testing.md' document on how to set this up. -INSERT INTO authorizations_authorizationsconfig (component, authorizations_api_service_id) VALUES('ac', (SELECT id FROM zgw_consumers_service WHERE label = 'Authorization API service')); +INSERT INTO authorizations_authorizationsconfig (component, authorizations_api_service_id) VALUES('ac', (SELECT id FROM zgw_consumers_service WHERE slug = 'authorization-api-service')); -- Set up the Notificatiescomponentconfiguratie -- We assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup) -UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE label = 'Authorization API service'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; +UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE slug = 'authorization-api-service'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; -- Set up the External API credentials -- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why. -- Please see our 'testing.md' document on how to set this up. --- TODO: table no longer exists --- INSERT INTO vng_api_common_apicredential (api_root, client_id, secret, label, user_id, user_representation) VALUES('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey', 'Open Zaak - Autorisaties', 'open-zaak-autorisaties', 'Open Zaak - Autorisaties'); +UPDATE zgw_consumers_service SET (api_root, client_id, secret) = ('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey') WHERE slug = 'authorization-api-service'; -- Set up the Autorisatiegegevens INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES('open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey'); diff --git a/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql b/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql index 6082862042..31752a835b 100644 --- a/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql +++ b/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql @@ -29,6 +29,7 @@ INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, -- Set up the OpenArchiefbeheer service configuration. INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, auth_type, header_key, header_value, oas, nlx, user_id, user_representation, oas_file, client_certificate_id, server_certificate_id, uuid, timeout, api_connection_check_path, slug) VALUES('Open Archiefbeheer', 'nrc', 'http://host.docker.internal:8004/api/v1/', 'open-archiefbeheer', 'openArchiefbeheerApiSecretKey', 'zgw', '', '', 'http://host.docker.internal:8004/api/v1/schema', '', 'open-archiefbeheer', 'Open Archiefbeheer', '', NULL, NULL, 'f21a5a4d-36c8-44a4-bf72-44da1cd30a26', 10, '', 'open-archiefbeheer'); +-- TODO: do we need to update the existing 'Authorization API service' record in the zgw_consumers_service table here? -- Set up the Notificatiescomponentconfiguratie -- we assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup) From 32e41cf561db9d71d0e66a89a25bc3b53de398d9 Mon Sep 17 00:00:00 2001 From: Edgar Vonk Date: Thu, 20 Feb 2025 18:09:28 +0100 Subject: [PATCH 3/8] chore: testing to get OpenNotificaties - OpenZaak authorisation to work; no luck so far.. --- .../database/1-setup-applicatie.sql | 10 ++++++---- .../openzaak-database/database/1-setup-zac-config.sql | 8 ++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql index 807e7f0e66..0618810f0b 100644 --- a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql +++ b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql @@ -2,19 +2,21 @@ INSERT INTO accounts_user (id, password, last_login, is_superuser, username, first_name, last_name, email, is_staff, is_active, date_joined) VALUES (1, 'pbkdf2_sha256$260000$gtIe19cI1vW9RzIsRDpriC$o8G6cItI5vXqbGFcXuu0pbullajpvMDc6Hze70mf+jE=', null, true, 'admin', '', '', 'admin@example.com', true, true, '2023-08-08 15:14:56.735552 +00:00'); -- Set up the Autorisatiecomponentconfiguratie -INSERT INTO authorizations_authorizationsconfig (component, authorizations_api_service_id) VALUES('ac', (SELECT id FROM zgw_consumers_service WHERE slug = 'authorization-api-service')); +-- TODO: according to https://open-zaak.readthedocs.io/en/latest/installation/config/openzaak_config.html#configure-notificaties-api +-- this should be of type `NRC`? +INSERT INTO authorizations_authorizationsconfig (component, authorizations_api_service_id) VALUES('ac', (SELECT id FROM zgw_consumers_service WHERE slug = 'open-zaak')); -- Set up the Notificatiescomponentconfiguratie -- We assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup) -UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE slug = 'authorization-api-service'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; +UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE slug = 'open-zaak'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; -- Set up the External API credentials -- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why. -- Please see our 'testing.md' document on how to set this up. -UPDATE zgw_consumers_service SET (api_root, client_id, secret) = ('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey') WHERE slug = 'authorization-api-service'; +UPDATE zgw_consumers_service SET (api_root, client_id, secret, user_id, user_representation) = ('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak', 'openZaakAutorisatiesApiSecretKey', 'open-zaak', 'Open Zaak') WHERE slug = 'authorization-api-service'; -- Set up the Autorisatiegegevens -INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES('open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey'); +INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES('open-zaak', 'openZaakAutorisatiesApiSecretKey'); -- Set up the kanalen INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('493002ad-e5d5-4747-93b2-1853e78889f5', 'zaaktypen', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#zaaktypen', '{catalogus}'); diff --git a/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql b/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql index bbd056c17a..1683f6205c 100644 --- a/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql +++ b/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql @@ -4,11 +4,11 @@ INSERT INTO catalogi_catalogus (naam, uuid, domein, rsin, contactpersoon_beheer_ ('zac', '8225508a-6840-413e-acc9-6422af120db1', 'ALG', '002564440', 'ZAC Test Catalogus', '06-12345678', 'noreply@example.com', '_etag', NULL, ''); INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{zac_client}', 'ZAC', true); -INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-zaak-autorisaties}', 'Open Zaak - Autorisaties', true); +INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-zaak}', 'Open Zaak', true); INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-archiefbeheer}', 'Open Archiefbeheer', true); -INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{opennotificaties}', 'Open notificaties', true); +INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-notificaties}', 'Open notificaties', true); INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('zac_client', 'openzaakZaakafhandelcomponentClientSecret'); -INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey'); +INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-zaak', 'openZaakAutorisatiesApiSecretKey'); INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-archiefbeheer', 'openArchiefbeheerApiSecretKey'); -INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('opennotificaties', 'openNotificatiesApiSecretKey'); +INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-notificaties', 'openNotificatiesApiSecretKey'); From 384845f15e64a15c2bcdab48e42b9850d9a81bca Mon Sep 17 00:00:00 2001 From: edgarvonk Date: Fri, 21 Feb 2025 17:09:11 +0100 Subject: [PATCH 4/8] chore: rename opennotificaties client --- .../database/1-setup-applicatie.sql | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql index 0618810f0b..9c24c2b158 100644 --- a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql +++ b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql @@ -28,9 +28,9 @@ INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('c4 -- Set up the abonnement to ZAC -- This assumes ZAC is running and available on 'host.docker.internal' and port 8080. -- Please see our 'testing.md' document on how to set this up. -INSERT INTO datamodel_abonnement (uuid, callback_url, auth, client_id) VALUES('fb4e3474-18c8-474b-94ae-980850ea4a7f', 'http://host.docker.internal:8080/rest/notificaties', 'openNotificatiesApiSecretKey', 'opennotificaties'); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaaktypen')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaken')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'documenten')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluittypen')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluiten')); +INSERT INTO datamodel_abonnement (uuid, callback_url, auth, client_id) VALUES('fb4e3474-18c8-474b-94ae-980850ea4a7f', 'http://host.docker.internal:8080/rest/notificaties', 'openNotificatiesApiSecretKey', 'open-notificaties'); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaaktypen')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaken')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'documenten')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluittypen')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluiten')); From 956ebd44d8e537be7defa1e047672f5213cd9e32 Mon Sep 17 00:00:00 2001 From: edgarvonk Date: Mon, 24 Feb 2025 22:15:00 +0100 Subject: [PATCH 5/8] chore: set up OpenNotificaties using YAML configuration file and Docker init container --- docker-compose.yaml | 69 +++++---- .../database/1-setup-applicatie.sql | 36 ----- .../database/fill-data-on-startup.sh | 30 ---- .../imports/opennotificaties-database/init.sh | 5 - .../setup-configuration/data.yaml | 133 ++++++++++++++++++ .../database/1-setup-zac-config.sql | 4 +- .../database/4-setup-zac-config-after.sql | 4 +- 7 files changed, 180 insertions(+), 101 deletions(-) delete mode 100644 scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql delete mode 100755 scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh delete mode 100755 scripts/docker-compose/imports/opennotificaties-database/init.sh create mode 100644 scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml diff --git a/docker-compose.yaml b/docker-compose.yaml index f5fa7fdb30..297652c518 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -100,7 +100,7 @@ services: image: docker.io/openzaak/open-zaak:1.18.0@sha256:d023f76c72b0608aede93651b56422ac9863e49f69bd151d3d0e0ae676a099bd platform: linux/amd64 environment: &openzaak-env - - ALLOWED_HOSTS=localhost,host.docker.internal,openzaak.local,opennotificaties + - ALLOWED_HOSTS="*" - DB_HOST=openzaak-database - DB_NAME=openzaak - DB_PASSWORD=openzaak @@ -172,7 +172,7 @@ services: ports: - "8010:8000" environment: &objects-env - - ALLOWED_HOSTS=localhost,host.docker.internal,objecten-api.local + - ALLOWED_HOSTS="*" - CORS_ALLOW_ALL_ORIGINS=true - DB_HOST=objecten-api-database - DEBUG=true @@ -275,7 +275,7 @@ services: image: docker.io/maykinmedia/open-klant:2.3.0@sha256:deeccf6c1e0c76538169443ffe960895da98188540fec69e127d9e78fdce23da platform: linux/amd64 environment: - - ALLOWED_HOSTS=localhost,host.docker.internal,openklant.local + - ALLOWED_HOSTS="*" - DB_HOST=openklant-database - DB_USER=openklant - DB_PASSWORD=openklant @@ -448,11 +448,12 @@ services: retries: 10 start_period: 30s environment: + - POSTGRES_HOST_AUTH_METHOD=trust - POSTGRES_USER=opennotificaties - POSTGRES_PASSWORD=opennotificaties - POSTGRES_DB=opennotificaties + command: postgres -c max_connections=300 -c log_min_messages=LOG volumes: - - ./scripts/docker-compose/imports/opennotificaties-database:/docker-entrypoint-initdb.d - ./scripts/docker-compose/volume-data/opennotificaties-database-data:/var/lib/postgresql/data profiles: [ "opennotificaties" ] @@ -460,25 +461,27 @@ services: image: docker.io/openzaak/open-notificaties:1.8.0@sha256:2ad8eaf1121ad6071d4171b83f5eb3b5925804db549c8196b0384bb551e2979b platform: linux/amd64 environment: &opennotificaties-env - - ALLOWED_HOSTS=localhost,host.docker.internal,openzaak.local,zac - - CACHE_DEFAULT=redis:6379/0 - - CACHE_AXES=redis:6379/0 - - CELERY_BROKER_URL=amqp://guest:guest@rabbitmq:5672// - - CELERY_RESULT_BACKEND=redis://redis:6379/1 - - CELERY_LOGLEVEL=DEBUG - - DB_HOST=opennotificaties-database - - DB_NAME=opennotificaties - - DB_PASSWORD=opennotificaties - - DB_USER=opennotificaties - - DEBUG=true - - DISABLE_2FA=true - - DJANGO_SETTINGS_MODULE=nrc.conf.docker - - DJANGO_SUPERUSER_PASSWORD=admin - - LOG_LEVEL=DEBUG - - LOG_NOTIFICATIONS_IN_DB=true - - PUBLISH_BROKER_URL=amqp://guest:guest@rabbitmq:5672/%2F - - RABBITMQ_HOST=rabbitmq - - SECRET_KEY=opennotificatiesApiSecretKey + ALLOWED_HOSTS: "*" + CACHE_DEFAULT: redis:6379/0 + CACHE_AXES: redis:6379/0 + CELERY_BROKER_URL: amqp://guest:guest@rabbitmq:5672// + CELERY_RESULT_BACKEND: redis://redis:6379/1 + CELERY_LOGLEVEL: DEBUG + DB_HOST: opennotificaties-database + DB_NAME: opennotificaties + DB_PASSWORD: opennotificaties + DB_USER: opennotificaties + DEBUG: true + DISABLE_2FA: true + DJANGO_SETTINGS_MODULE: nrc.conf.docker + DJANGO_SUPERUSER_PASSWORD: admin + LOG_LEVEL: DEBUG + LOG_NOTIFICATIONS_IN_DB: true + OPENNOTIFICATIES_SUPERUSER_USERNAME: admin + OPENNOTIFICATIES_SUPERUSER_EMAIL: admin@example.com + PUBLISH_BROKER_URL: amqp://guest:guest@rabbitmq:5672/%2F + RABBITMQ_HOST: rabbitmq + SECRET_KEY: opennotificatiesApiSecretKey healthcheck: test: [ "CMD", "python", "-c", "import requests; exit(requests.head('http://localhost:8000/admin/').status_code not in [200, 302])" ] interval: 30s @@ -490,13 +493,29 @@ services: start_period: 30s ports: - "8003:8000" + volumes: &opennotificaties-volumes + - ./scripts/docker-compose/imports/opennotificaties/setup-configuration:/app/setup_configuration + depends_on: + opennotificaties-init: + condition: service_completed_successfully + profiles: [ "opennotificaties" ] + + opennotificaties-init: + image: docker.io/openzaak/open-notificaties:1.8.0@sha256:2ad8eaf1121ad6071d4171b83f5eb3b5925804db549c8196b0384bb551e2979b + platform: linux/amd64 + environment: + <<: *opennotificaties-env + # Run Django setup configuration + RUN_SETUP_CONFIG: ${RUN_SETUP_CONFIG:-true} + command: /setup_configuration.sh depends_on: opennotificaties-database: condition: service_healthy - redis: - condition: service_started rabbitmq: + condition: service_healthy + redis: condition: service_started + volumes: *opennotificaties-volumes profiles: [ "opennotificaties" ] opennotificaties-celery: diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql deleted file mode 100644 index 9c24c2b158..0000000000 --- a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql +++ /dev/null @@ -1,36 +0,0 @@ --- create superuser to be able to log in to the UI with username admin and password admin -INSERT INTO accounts_user (id, password, last_login, is_superuser, username, first_name, last_name, email, is_staff, is_active, date_joined) VALUES (1, 'pbkdf2_sha256$260000$gtIe19cI1vW9RzIsRDpriC$o8G6cItI5vXqbGFcXuu0pbullajpvMDc6Hze70mf+jE=', null, true, 'admin', '', '', 'admin@example.com', true, true, '2023-08-08 15:14:56.735552 +00:00'); - --- Set up the Autorisatiecomponentconfiguratie --- TODO: according to https://open-zaak.readthedocs.io/en/latest/installation/config/openzaak_config.html#configure-notificaties-api --- this should be of type `NRC`? -INSERT INTO authorizations_authorizationsconfig (component, authorizations_api_service_id) VALUES('ac', (SELECT id FROM zgw_consumers_service WHERE slug = 'open-zaak')); - --- Set up the Notificatiescomponentconfiguratie --- We assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup) -UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE slug = 'open-zaak'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; - --- Set up the External API credentials --- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why. --- Please see our 'testing.md' document on how to set this up. -UPDATE zgw_consumers_service SET (api_root, client_id, secret, user_id, user_representation) = ('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak', 'openZaakAutorisatiesApiSecretKey', 'open-zaak', 'Open Zaak') WHERE slug = 'authorization-api-service'; - --- Set up the Autorisatiegegevens -INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES('open-zaak', 'openZaakAutorisatiesApiSecretKey'); - --- Set up the kanalen -INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('493002ad-e5d5-4747-93b2-1853e78889f5', 'zaaktypen', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#zaaktypen', '{catalogus}'); -INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('3ad6676c-98cc-4664-babb-02bda0c886d8', 'zaken', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#zaken', '{bronorganisatie,zaaktype,vertrouwelijkheidaanduiding}'); -INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('97d7d649-0979-422a-8880-a0aee37cc6ea', 'documenten', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#documenten', '{bronorganisatie,informatieobjecttype,vertrouwelijkheidaanduiding}'); -INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('93179f23-965e-4720-964f-d09be3bc2790', 'besluittypen', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#besluittypen', '{catalogus}'); -INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('c4f52cb5-07e7-44cb-b4b7-2539bce684f9', 'besluiten', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#besluiten', '{verantwoordelijke_organisatie,besluittype}'); - --- Set up the abonnement to ZAC --- This assumes ZAC is running and available on 'host.docker.internal' and port 8080. --- Please see our 'testing.md' document on how to set this up. -INSERT INTO datamodel_abonnement (uuid, callback_url, auth, client_id) VALUES('fb4e3474-18c8-474b-94ae-980850ea4a7f', 'http://host.docker.internal:8080/rest/notificaties', 'openNotificatiesApiSecretKey', 'open-notificaties'); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaaktypen')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaken')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'documenten')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluittypen')); -INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'open-notificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluiten')); diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh b/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh deleted file mode 100755 index 900b534091..0000000000 --- a/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# The number of expected records in the django_migrations table after Open Notificaties has finished with the database -# migration scripts. -# Note that this is expected to change in future versions of Open Notificaties, so this value should be updated accordingly. -DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT=167 - -echo ">>>> Waiting until Open Notificaties has initialized the database <<<<" -useradd opennotificaties -while true -do - verifier=$(psql -U opennotificaties -d opennotificaties -t -A -c "select count(*) from django_migrations") - if [ $DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT != "$verifier" ]; then - echo "Open Notificaties not running yet. Sleeping 2 seconds ..." - sleep 2s - else - echo "Open Notificaties is running!" - break - fi -done - -set -e - -echo "Running database setup scripts ..." -for file in /docker-entrypoint-initdb.d/database/*.sql; do - echo "Running $file ..." - psql -U opennotificaties opennotificaties -f "$file" -done - -echo ">>>> Open Notificaties database was initialized successfully <<<<" diff --git a/scripts/docker-compose/imports/opennotificaties-database/init.sh b/scripts/docker-compose/imports/opennotificaties-database/init.sh deleted file mode 100755 index b55e89259f..0000000000 --- a/scripts/docker-compose/imports/opennotificaties-database/init.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -echo ">>>> Starting Open Notificaties data import script <<<<" - -sh /docker-entrypoint-initdb.d/database/fill-data-on-startup.sh & diff --git a/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml new file mode 100644 index 0000000000..c79adae062 --- /dev/null +++ b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml @@ -0,0 +1,133 @@ +oidc_db_config_enable: True +oidc_db_config_admin_auth: + items: + - identifier: admin-oidc + enabled: True + oidc_rp_client_id: testid + oidc_rp_client_secret: testIdClientSecret + oidc_rp_scopes_list: + - openid + - email + - profile + oidc_rp_sign_algo: RS256 + endpoint_config: + oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth + oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token + oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo + oidc_op_jwks_endpoint: https://example.com/realms/test/protocol/openid-connect/certs + username_claim: + - sub + groups_claim: + - roles + claim_mapping: + first_name: + - given_name + sync_groups: true + sync_groups_glob_pattern: "*" + default_groups: + - Functioneel beheer + make_users_staff: true + superuser_group_names: + - superuser + oidc_use_nonce: true + oidc_nonce_size: 32 + oidc_state_size: 32 + userinfo_claims_source: id_token + +zgw_consumers_config_enable: True +zgw_consumers: + services: + - identifier: autorisaties-api + label: Autorisaties API + api_root: http://openzaak.local:8000/autorisaties/api/v1/ + api_type: ac + auth_type: zgw + client_id: open-notificaties + secret: opennotificatiesAutorisatieApiSecret + user_id: open-notificaties + user_representation: Open Notificaties + - identifier: notificaties-api + label: Notificaties API + api_root: http://opennotificaties:8000/api/v1/ + api_type: nrc + auth_type: zgw + client_id: open-notificaties + secret: opennotificatiesAutorisatieApiSecret + user_id: open-notificaties + user_representation: Open Notificaties Demodam + +autorisaties_api_config_enable: True +autorisaties_api: + # Configure Open Notificaties to make use of Open Zaak's Autorisaties API + authorizations_api_service_identifier: autorisaties-api + +vng_api_common_credentials_config_enable: True +vng_api_common_credentials: + items: + # Credentials for Open Zaak to be able to make requests to Open Notificaties + - identifier: open-zaak + secret: opennotificatiesOpenzaakSecret + # Credentials for Open Notificaties, required for autorisaties subscription + - identifier: open-notificaties + secret: opennotificatiesAutorisatieApiSecret + +notifications_kanalen_config_enable: true +notifications_kanalen_config: + items: + - naam: autorisaties + documentatie_link: http://openzaak.local:8000/ref/kanalen/#/autorisaties + filters: + - autorisaties + - naam: besluittypen + documentatie_link: http://openzaak.local:8000/ref/kanalen/#/besluittypen + filters: + - catalogus + - naam: informatieobjecttypen + documentatie_link: http://openzaak.local:8000/ref/kanalen/#/informatieobjecttypen + filters: + - catalogus + - naam: zaaktypen + documentatie_link: http://openzaak.local:8000/ref/kanalen/#/zaaktypen + filters: + - catalogus + - naam: zaken + documentatie_link: http://openzaak.local:8000/ref/kanalen/#/zaken + filters: + - bronorganisatie + - zaaktype + - vertrouwelijkheidaanduiding + - naam: documenten + documentatie_link: http://openzaak.local:8000/ref/kanalen/#/documenten + filters: + - bronorganisatie + - informatieobjecttype + - vertrouwelijkheidaanduiding + - naam: besluiten + documentatie_link: http://openzaak.local:8000/ref/kanalen/#/besluiten + filters: + - verantwoordelijke_organisatie + - besluittype + +sites_config_enable: true +sites_config: + items: + - domain: example.com + name: Open Notificaties + +notifications_config_enable: true +notifications_config: + notifications_api_service_identifier: notificaties-api + notification_delivery_max_retries: 1 + notification_delivery_retry_backoff: 2 + notification_delivery_retry_backoff_max: 3 + +notifications_subscriptions_config_enable: true +notifications_subscriptions_config: + items: + - identifier: autorisaties-subscription + callback_url: http://opennotificaties:8000/api/v1/callbacks + client_id: open-notificaties + secret: opennotificatiesAutorisatieApiSecret + uuid: 0f616bfd-aacc-4d85-a140-2af17a56217b + channels: + - autorisaties diff --git a/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql b/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql index 1683f6205c..1518c545b3 100644 --- a/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql +++ b/scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql @@ -9,6 +9,6 @@ INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autor INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-notificaties}', 'Open notificaties', true); INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('zac_client', 'openzaakZaakafhandelcomponentClientSecret'); -INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-zaak', 'openZaakAutorisatiesApiSecretKey'); +INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-zaak', 'opennotificatiesOpenzaakSecret'); INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-archiefbeheer', 'openArchiefbeheerApiSecretKey'); -INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-notificaties', 'openNotificatiesApiSecretKey'); +INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-notificaties', 'opennotificatiesAutorisatieApiSecret'); diff --git a/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql b/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql index 31752a835b..3f677dd5cc 100644 --- a/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql +++ b/scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql @@ -25,12 +25,10 @@ INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, -- Set up the OpenNotificaties service configuration. -- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Notificaties. Not sure why. -- Please see our 'testing.md' document on how to set this up. -INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, auth_type, header_key, header_value, oas, nlx, user_id, user_representation, oas_file, client_certificate_id, server_certificate_id, uuid, timeout, api_connection_check_path, slug) VALUES('Open Notificaties', 'nrc', 'http://host.docker.internal:8003/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey', 'zgw', '', '', 'http://host.docker.internal:8003/api/v1/schema/openapi.yaml', '', 'open-zaak-notificaties', 'Open Zaak - Notificaties', '', NULL, NULL, '031fe099-095b-4091-9f99-f81ef30561be', 10,'', 'open-notificaties'); +INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, auth_type, header_key, header_value, oas, nlx, user_id, user_representation, oas_file, client_certificate_id, server_certificate_id, uuid, timeout, api_connection_check_path, slug) VALUES('Open Notificaties', 'nrc', 'http://host.docker.internal:8003/api/v1/', 'open-zaak', 'opennotificatiesOpenzaakSecret', 'zgw', '', '', 'http://host.docker.internal:8003/api/v1/schema/openapi.yaml', '', 'open-zaak-notificaties', 'Open Zaak - Notificaties', '', NULL, NULL, '031fe099-095b-4091-9f99-f81ef30561be', 10,'', 'open-notificaties'); -- Set up the OpenArchiefbeheer service configuration. INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, auth_type, header_key, header_value, oas, nlx, user_id, user_representation, oas_file, client_certificate_id, server_certificate_id, uuid, timeout, api_connection_check_path, slug) VALUES('Open Archiefbeheer', 'nrc', 'http://host.docker.internal:8004/api/v1/', 'open-archiefbeheer', 'openArchiefbeheerApiSecretKey', 'zgw', '', '', 'http://host.docker.internal:8004/api/v1/schema', '', 'open-archiefbeheer', 'Open Archiefbeheer', '', NULL, NULL, 'f21a5a4d-36c8-44a4-bf72-44da1cd30a26', 10, '', 'open-archiefbeheer'); --- TODO: do we need to update the existing 'Authorization API service' record in the zgw_consumers_service table here? - -- Set up the Notificatiescomponentconfiguratie -- we assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup) UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE label = 'Open Notificaties'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1; From a0a0b75092d096aac43b7a6e07dd8643787150ac Mon Sep 17 00:00:00 2001 From: Edgar Vonk Date: Tue, 25 Feb 2025 10:33:33 +0100 Subject: [PATCH 6/8] chore: clean up code --- .../setup-configuration/data.yaml | 54 +++++++------------ 1 file changed, 19 insertions(+), 35 deletions(-) diff --git a/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml index c79adae062..fde62f4dbb 100644 --- a/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml +++ b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml @@ -1,38 +1,5 @@ -oidc_db_config_enable: True -oidc_db_config_admin_auth: - items: - - identifier: admin-oidc - enabled: True - oidc_rp_client_id: testid - oidc_rp_client_secret: testIdClientSecret - oidc_rp_scopes_list: - - openid - - email - - profile - oidc_rp_sign_algo: RS256 - endpoint_config: - oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth - oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token - oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo - oidc_op_jwks_endpoint: https://example.com/realms/test/protocol/openid-connect/certs - username_claim: - - sub - groups_claim: - - roles - claim_mapping: - first_name: - - given_name - sync_groups: true - sync_groups_glob_pattern: "*" - default_groups: - - Functioneel beheer - make_users_staff: true - superuser_group_names: - - superuser - oidc_use_nonce: true - oidc_nonce_size: 32 - oidc_state_size: 32 - userinfo_claims_source: id_token +# We do not use OIDC support in our Docker Compose setup +oidc_db_config_enable: False zgw_consumers_config_enable: True zgw_consumers: @@ -131,3 +98,20 @@ notifications_subscriptions_config: uuid: 0f616bfd-aacc-4d85-a140-2af17a56217b channels: - autorisaties + +notifications_abonnementen_config_enable: true +notifications_abonnementen_config: + items: + - uuid: fb4e3474-18c8-474b-94ae-980850ea4a7f + callback_url: http://host.docker.internal:8080/rest/notificaties + # TODO: how do we set the client id? + # client_id: opennotificaties + auth: openNotificatiesApiSecretKey + kanalen: + - naam: zaaktypen + - naam: zaken + - naam: documenten + - naam: besluittypen + - naam: besluiten + + From b6be5cb79ef1ac0db371a0148a200400875a7614 Mon Sep 17 00:00:00 2001 From: Edgar Vonk Date: Tue, 25 Feb 2025 10:39:21 +0100 Subject: [PATCH 7/8] chore: clean up code --- scripts/docker-compose/docker-compose.linux.override.yml | 7 +++++++ .../imports/opennotificaties/setup-configuration/data.yaml | 3 +++ 2 files changed, 10 insertions(+) diff --git a/scripts/docker-compose/docker-compose.linux.override.yml b/scripts/docker-compose/docker-compose.linux.override.yml index 66714f712a..5ef86f9e08 100644 --- a/scripts/docker-compose/docker-compose.linux.override.yml +++ b/scripts/docker-compose/docker-compose.linux.override.yml @@ -178,6 +178,13 @@ services: extra_hosts: - "host.docker.internal:host-gateway" + opennotificaties-init: + user: "${UID}:${GID}" + # Linux workaround for host.docker.internal support + # see: https://stackoverflow.com/a/67158212 + extra_hosts: + - "host.docker.internal:host-gateway" + opennotificaties-celery: user: "${UID}:${GID}" # Linux workaround for host.docker.internal support diff --git a/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml index fde62f4dbb..944536980e 100644 --- a/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml +++ b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml @@ -1,3 +1,6 @@ +# Open Notificaties setup configuration +# Note that this file cannot be renamed. It needs to be named 'data.yaml'. + # We do not use OIDC support in our Docker Compose setup oidc_db_config_enable: False From 86e11f8de6bf62f8bcf747ed253ceb3fca1e215f Mon Sep 17 00:00:00 2001 From: Edgar Vonk Date: Wed, 26 Feb 2025 16:32:20 +0100 Subject: [PATCH 8/8] chore: added temporary workaround in database script to set up the OpenNotificaties abonnement --- docker-compose.yaml | 1 + .../database/1-setup-applicatie.sql | 21 +++++++ .../database/fill-data-on-startup.sh | 30 ++++++++++ .../imports/opennotificaties-database/init.sh | 5 ++ .../setup-configuration/data.yaml | 58 ------------------- 5 files changed, 57 insertions(+), 58 deletions(-) create mode 100644 scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql create mode 100755 scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh create mode 100755 scripts/docker-compose/imports/opennotificaties-database/init.sh diff --git a/docker-compose.yaml b/docker-compose.yaml index 297652c518..d4f2f0ecfa 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -454,6 +454,7 @@ services: - POSTGRES_DB=opennotificaties command: postgres -c max_connections=300 -c log_min_messages=LOG volumes: + - ./scripts/docker-compose/imports/opennotificaties-database:/docker-entrypoint-initdb.d - ./scripts/docker-compose/volume-data/opennotificaties-database-data:/var/lib/postgresql/data profiles: [ "opennotificaties" ] diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql new file mode 100644 index 0000000000..5ab6b755dc --- /dev/null +++ b/scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql @@ -0,0 +1,21 @@ +-- Script to initialize kanalen and abonnement data only in Open Notificaties database +-- Temporary workaround until Open Notificaties setup configuration files support setting the 'client_id' for abonnementen. +-- Once that is supported in Open Notificaties, we can remove this script and use extend (../../opennotificaties/setup-configuration/data.yaml) to set up the kanalen and abonnement. +-- We need to set up the kanalen here as well because the abonnement references the kanalen. + +-- Set up the kanalen +INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('493002ad-e5d5-4747-93b2-1853e78889f5', 'zaaktypen', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#zaaktypen', '{catalogus}'); +INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('3ad6676c-98cc-4664-babb-02bda0c886d8', 'zaken', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#zaken', '{bronorganisatie,zaaktype,vertrouwelijkheidaanduiding}'); +INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('97d7d649-0979-422a-8880-a0aee37cc6ea', 'documenten', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#documenten', '{bronorganisatie,informatieobjecttype,vertrouwelijkheidaanduiding}'); +INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('93179f23-965e-4720-964f-d09be3bc2790', 'besluittypen', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#besluittypen', '{catalogus}'); +INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('c4f52cb5-07e7-44cb-b4b7-2539bce684f9', 'besluiten', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#besluiten', '{verantwoordelijke_organisatie,besluittype}'); + +-- Set up the abonnement to ZAC +-- This assumes ZAC is running and available on 'host.docker.internal' and port 8080. +-- Please see our 'testing.md' document on how to set this up. +INSERT INTO datamodel_abonnement (uuid, callback_url, auth, client_id) VALUES('fb4e3474-18c8-474b-94ae-980850ea4a7f', 'http://host.docker.internal:8080/rest/notificaties', 'openNotificatiesApiSecretKey', 'opennotificaties'); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaaktypen')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'zaken')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'documenten')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluittypen')); +INSERT INTO datamodel_filtergroup (abonnement_id, kanaal_id) VALUES((SELECT ID FROM datamodel_abonnement where client_id = 'opennotificaties'), (SELECT ID FROM datamodel_kanaal where naam = 'besluiten')); diff --git a/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh b/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh new file mode 100755 index 0000000000..900b534091 --- /dev/null +++ b/scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# The number of expected records in the django_migrations table after Open Notificaties has finished with the database +# migration scripts. +# Note that this is expected to change in future versions of Open Notificaties, so this value should be updated accordingly. +DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT=167 + +echo ">>>> Waiting until Open Notificaties has initialized the database <<<<" +useradd opennotificaties +while true +do + verifier=$(psql -U opennotificaties -d opennotificaties -t -A -c "select count(*) from django_migrations") + if [ $DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT != "$verifier" ]; then + echo "Open Notificaties not running yet. Sleeping 2 seconds ..." + sleep 2s + else + echo "Open Notificaties is running!" + break + fi +done + +set -e + +echo "Running database setup scripts ..." +for file in /docker-entrypoint-initdb.d/database/*.sql; do + echo "Running $file ..." + psql -U opennotificaties opennotificaties -f "$file" +done + +echo ">>>> Open Notificaties database was initialized successfully <<<<" diff --git a/scripts/docker-compose/imports/opennotificaties-database/init.sh b/scripts/docker-compose/imports/opennotificaties-database/init.sh new file mode 100755 index 0000000000..b55e89259f --- /dev/null +++ b/scripts/docker-compose/imports/opennotificaties-database/init.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +echo ">>>> Starting Open Notificaties data import script <<<<" + +sh /docker-entrypoint-initdb.d/database/fill-data-on-startup.sh & diff --git a/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml index 944536980e..1edf994b39 100644 --- a/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml +++ b/scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml @@ -41,49 +41,6 @@ vng_api_common_credentials: - identifier: open-notificaties secret: opennotificatiesAutorisatieApiSecret -notifications_kanalen_config_enable: true -notifications_kanalen_config: - items: - - naam: autorisaties - documentatie_link: http://openzaak.local:8000/ref/kanalen/#/autorisaties - filters: - - autorisaties - - naam: besluittypen - documentatie_link: http://openzaak.local:8000/ref/kanalen/#/besluittypen - filters: - - catalogus - - naam: informatieobjecttypen - documentatie_link: http://openzaak.local:8000/ref/kanalen/#/informatieobjecttypen - filters: - - catalogus - - naam: zaaktypen - documentatie_link: http://openzaak.local:8000/ref/kanalen/#/zaaktypen - filters: - - catalogus - - naam: zaken - documentatie_link: http://openzaak.local:8000/ref/kanalen/#/zaken - filters: - - bronorganisatie - - zaaktype - - vertrouwelijkheidaanduiding - - naam: documenten - documentatie_link: http://openzaak.local:8000/ref/kanalen/#/documenten - filters: - - bronorganisatie - - informatieobjecttype - - vertrouwelijkheidaanduiding - - naam: besluiten - documentatie_link: http://openzaak.local:8000/ref/kanalen/#/besluiten - filters: - - verantwoordelijke_organisatie - - besluittype - -sites_config_enable: true -sites_config: - items: - - domain: example.com - name: Open Notificaties - notifications_config_enable: true notifications_config: notifications_api_service_identifier: notificaties-api @@ -102,19 +59,4 @@ notifications_subscriptions_config: channels: - autorisaties -notifications_abonnementen_config_enable: true -notifications_abonnementen_config: - items: - - uuid: fb4e3474-18c8-474b-94ae-980850ea4a7f - callback_url: http://host.docker.internal:8080/rest/notificaties - # TODO: how do we set the client id? - # client_id: opennotificaties - auth: openNotificatiesApiSecretKey - kanalen: - - naam: zaaktypen - - naam: zaken - - naam: documenten - - naam: besluittypen - - naam: besluiten -