fix: fix Open Notificaties in Docker Compose setup

docker-compose.yaml

@@ -100,7 +100,7 @@ services:
     image: docker.io/openzaak/open-zaak:1.18.0@sha256:d023f76c72b0608aede93651b56422ac9863e49f69bd151d3d0e0ae676a099bd
     platform: linux/amd64
     environment: &openzaak-env
-      - ALLOWED_HOSTS=localhost,host.docker.internal,openzaak.local,opennotificaties
+      - ALLOWED_HOSTS="*"
       - DB_HOST=openzaak-database
       - DB_NAME=openzaak
       - DB_PASSWORD=openzaak
@@ -172,7 +172,7 @@ services:
     ports:
       - "8010:8000"
     environment: &objects-env
-      - ALLOWED_HOSTS=localhost,host.docker.internal,objecten-api.local
+      - ALLOWED_HOSTS="*"
       - CORS_ALLOW_ALL_ORIGINS=true
       - DB_HOST=objecten-api-database
       - DEBUG=true
@@ -275,7 +275,7 @@ services:
     image: docker.io/maykinmedia/open-klant:2.3.0@sha256:deeccf6c1e0c76538169443ffe960895da98188540fec69e127d9e78fdce23da
     platform: linux/amd64
     environment:
-      - ALLOWED_HOSTS=localhost,host.docker.internal,openklant.local
+      - ALLOWED_HOSTS="*"
       - DB_HOST=openklant-database
       - DB_USER=openklant
       - DB_PASSWORD=openklant
@@ -448,9 +448,11 @@ services:
       retries: 10
       start_period: 30s
     environment:
+      - POSTGRES_HOST_AUTH_METHOD=trust
       - POSTGRES_USER=opennotificaties
       - POSTGRES_PASSWORD=opennotificaties
       - POSTGRES_DB=opennotificaties
+    command: postgres -c max_connections=300 -c log_min_messages=LOG
     volumes:
       - ./scripts/docker-compose/imports/opennotificaties-database:/docker-entrypoint-initdb.d
       - ./scripts/docker-compose/volume-data/opennotificaties-database-data:/var/lib/postgresql/data
@@ -460,25 +462,27 @@ services:
     image: docker.io/openzaak/open-notificaties:1.8.0@sha256:2ad8eaf1121ad6071d4171b83f5eb3b5925804db549c8196b0384bb551e2979b
     platform: linux/amd64
     environment: &opennotificaties-env
-      - ALLOWED_HOSTS=localhost,host.docker.internal,openzaak.local,zac
-      - CACHE_DEFAULT=redis:6379/0
-      - CACHE_AXES=redis:6379/0
-      - CELERY_BROKER_URL=amqp://guest:guest@rabbitmq:5672//
-      - CELERY_RESULT_BACKEND=redis://redis:6379/1
-      - CELERY_LOGLEVEL=DEBUG
-      - DB_HOST=opennotificaties-database
-      - DB_NAME=opennotificaties
-      - DB_PASSWORD=opennotificaties
-      - DB_USER=opennotificaties
-      - DEBUG=true
-      - DISABLE_2FA=true
-      - DJANGO_SETTINGS_MODULE=nrc.conf.docker
-      - DJANGO_SUPERUSER_PASSWORD=admin
-      - LOG_LEVEL=DEBUG
-      - LOG_NOTIFICATIONS_IN_DB=true
-      - PUBLISH_BROKER_URL=amqp://guest:guest@rabbitmq:5672/%2F
-      - RABBITMQ_HOST=rabbitmq
-      - SECRET_KEY=opennotificatiesApiSecretKey
+      ALLOWED_HOSTS: "*"
+      CACHE_DEFAULT: redis:6379/0
+      CACHE_AXES: redis:6379/0
+      CELERY_BROKER_URL: amqp://guest:guest@rabbitmq:5672//
+      CELERY_RESULT_BACKEND: redis://redis:6379/1
+      CELERY_LOGLEVEL: DEBUG
+      DB_HOST: opennotificaties-database
+      DB_NAME: opennotificaties
+      DB_PASSWORD: opennotificaties
+      DB_USER: opennotificaties
+      DEBUG: true
+      DISABLE_2FA: true
+      DJANGO_SETTINGS_MODULE: nrc.conf.docker
+      DJANGO_SUPERUSER_PASSWORD: admin
+      LOG_LEVEL: DEBUG
+      LOG_NOTIFICATIONS_IN_DB: true
+      OPENNOTIFICATIES_SUPERUSER_USERNAME: admin
+      OPENNOTIFICATIES_SUPERUSER_EMAIL: [email protected]
+      PUBLISH_BROKER_URL: amqp://guest:guest@rabbitmq:5672/%2F
+      RABBITMQ_HOST: rabbitmq
+      SECRET_KEY: opennotificatiesApiSecretKey
     healthcheck:
       test: [ "CMD", "python", "-c", "import requests; exit(requests.head('http://localhost:8000/admin/').status_code not in [200, 302])" ]
       interval: 30s
@@ -490,13 +494,29 @@ services:
       start_period: 30s
     ports:
       - "8003:8000"
+    volumes: &opennotificaties-volumes
+      - ./scripts/docker-compose/imports/opennotificaties/setup-configuration:/app/setup_configuration
+    depends_on:
+      opennotificaties-init:
+          condition: service_completed_successfully
+    profiles: [ "opennotificaties" ]
+
+  opennotificaties-init:
+    image: docker.io/openzaak/open-notificaties:1.8.0@sha256:2ad8eaf1121ad6071d4171b83f5eb3b5925804db549c8196b0384bb551e2979b
+    platform: linux/amd64
+    environment:
+      <<: *opennotificaties-env
+      # Run Django setup configuration
+      RUN_SETUP_CONFIG: ${RUN_SETUP_CONFIG:-true}
+    command: /setup_configuration.sh
     depends_on:
       opennotificaties-database:
         condition: service_healthy
-      redis:
-        condition: service_started
       rabbitmq:
+        condition: service_healthy
+      redis:
         condition: service_started
+    volumes: *opennotificaties-volumes
     profiles: [ "opennotificaties" ]
 
   opennotificaties-celery:

scripts/docker-compose/docker-compose.linux.override.yml

@@ -178,6 +178,13 @@ services:
     extra_hosts:
       - "host.docker.internal:host-gateway"
 
+  opennotificaties-init:
+    user: "${UID}:${GID}"
+    # Linux workaround for host.docker.internal support
+    # see: https://stackoverflow.com/a/67158212
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
   opennotificaties-celery:
     user: "${UID}:${GID}"
     # Linux workaround for host.docker.internal support

scripts/docker-compose/imports/opennotificaties-database/database/1-setup-applicatie.sql

@@ -1,22 +1,7 @@
--- create superuser to be able to log in to the UI with username admin and password admin
-INSERT INTO accounts_user (id, password, last_login, is_superuser, username, first_name, last_name, email, is_staff, is_active, date_joined) VALUES (1, 'pbkdf2_sha256$260000$gtIe19cI1vW9RzIsRDpriC$o8G6cItI5vXqbGFcXuu0pbullajpvMDc6Hze70mf+jE=', null, true, 'admin', '', '', '[email protected]', true, true, '2023-08-08 15:14:56.735552 +00:00');
-
--- Set up the Autorisatiecomponentconfiguratie
--- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why.
--- Please see our 'testing.md' document on how to set this up.
-INSERT INTO authorizations_authorizationsconfig (api_root, component) VALUES('http://host.docker.internal:8001/autorisaties/api/v1/', 'ac');
-
--- Set up the Notificatiescomponentconfiguratie
--- We assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup)
-UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE label = 'notificaties-self'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1;
-
--- Set up the External API credentials
--- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Zaak. Not sure why.
--- Please see our 'testing.md' document on how to set this up.
-INSERT INTO vng_api_common_apicredential (api_root, client_id, secret, label, user_id, user_representation) VALUES('http://host.docker.internal:8001/autorisaties/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey', 'Open Zaak - Autorisaties', 'open-zaak-autorisaties', 'Open Zaak - Autorisaties');
-
--- Set up the Autorisatiegegevens
-INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES('open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey');
+-- Script to initialize kanalen and abonnement data only in Open Notificaties database
+-- Temporary workaround until Open Notificaties setup configuration files support setting the 'client_id' for abonnementen.
+-- Once that is supported in Open Notificaties, we can remove this script and use extend (../../opennotificaties/setup-configuration/data.yaml) to set up the kanalen and abonnement.
+-- We need to set up the kanalen here as well because the abonnement references the kanalen.
 
 -- Set up the kanalen
 INSERT INTO datamodel_kanaal (uuid, naam, documentatie_link, filters) VALUES('493002ad-e5d5-4747-93b2-1853e78889f5', 'zaaktypen', 'http://open-zaak-zac-dev.westeurope.cloudapp.azure.com/ref/kanalen/#zaaktypen', '{catalogus}');

scripts/docker-compose/imports/opennotificaties-database/database/fill-data-on-startup.sh

@@ -3,7 +3,7 @@
 # The number of expected records in the django_migrations table after Open Notificaties has finished with the database
 # migration scripts.
 # Note that this is expected to change in future versions of Open Notificaties, so this value should be updated accordingly.
-DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT=160
+DJANGO_MIGRATIONS_TABLE_RECORDS_COUNT=167
 
 echo ">>>> Waiting until Open Notificaties has initialized the database <<<<"
 useradd opennotificaties

scripts/docker-compose/imports/opennotificaties/setup-configuration/data.yaml

@@ -0,0 +1,62 @@
+# Open Notificaties setup configuration
+# Note that this file cannot be renamed. It needs to be named 'data.yaml'.
+
+# We do not use OIDC support in our Docker Compose setup
+oidc_db_config_enable: False
+
+zgw_consumers_config_enable: True
+zgw_consumers:
+  services:
+    - identifier: autorisaties-api
+      label: Autorisaties API
+      api_root: http://openzaak.local:8000/autorisaties/api/v1/
+      api_type: ac
+      auth_type: zgw
+      client_id: open-notificaties
+      secret: opennotificatiesAutorisatieApiSecret
+      user_id: open-notificaties
+      user_representation: Open Notificaties
+    - identifier: notificaties-api
+      label: Notificaties API
+      api_root: http://opennotificaties:8000/api/v1/
+      api_type: nrc
+      auth_type: zgw
+      client_id: open-notificaties
+      secret: opennotificatiesAutorisatieApiSecret
+      user_id: open-notificaties
+      user_representation: Open Notificaties Demodam
+
+autorisaties_api_config_enable: True
+autorisaties_api:
+  # Configure Open Notificaties to make use of Open Zaak's Autorisaties API
+  authorizations_api_service_identifier: autorisaties-api
+
+vng_api_common_credentials_config_enable: True
+vng_api_common_credentials:
+  items:
+    # Credentials for Open Zaak to be able to make requests to Open Notificaties
+    - identifier: open-zaak
+      secret: opennotificatiesOpenzaakSecret
+    # Credentials for Open Notificaties, required for autorisaties subscription
+    - identifier: open-notificaties
+      secret: opennotificatiesAutorisatieApiSecret
+
+notifications_config_enable: true
+notifications_config:
+  notifications_api_service_identifier: notificaties-api
+  notification_delivery_max_retries: 1
+  notification_delivery_retry_backoff: 2
+  notification_delivery_retry_backoff_max: 3
+
+notifications_subscriptions_config_enable: true
+notifications_subscriptions_config:
+  items:
+    - identifier: autorisaties-subscription
+      callback_url: http://opennotificaties:8000/api/v1/callbacks
+      client_id: open-notificaties
+      secret: opennotificatiesAutorisatieApiSecret
+      uuid: 0f616bfd-aacc-4d85-a140-2af17a56217b
+      channels:
+        - autorisaties
+
+

scripts/docker-compose/imports/openzaak-database/database/1-setup-zac-config.sql

@@ -4,11 +4,11 @@ INSERT INTO catalogi_catalogus (naam, uuid, domein, rsin, contactpersoon_beheer_
     ('zac', '8225508a-6840-413e-acc9-6422af120db1', 'ALG', '002564440', 'ZAC Test Catalogus', '06-12345678', '[email protected]', '_etag', NULL, '');
 
 INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{zac_client}', 'ZAC', true);
-INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-zaak-autorisaties}', 'Open Zaak - Autorisaties', true);
+INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-zaak}', 'Open Zaak', true);
 INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-archiefbeheer}', 'Open Archiefbeheer', true);
-INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{opennotificaties}', 'Open notificaties', true);
+INSERT INTO authorizations_applicatie (uuid, client_ids, label, heeft_alle_autorisaties) VALUES (uuid_generate_v4(), '{open-notificaties}', 'Open notificaties', true);
 
 INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('zac_client', 'openzaakZaakafhandelcomponentClientSecret');
-INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey');
+INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-zaak', 'opennotificatiesOpenzaakSecret');
 INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-archiefbeheer', 'openArchiefbeheerApiSecretKey');
-INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('opennotificaties', 'openNotificatiesApiSecretKey');
+INSERT INTO vng_api_common_jwtsecret (identifier, secret) VALUES ('open-notificaties', 'opennotificatiesAutorisatieApiSecret');

scripts/docker-compose/imports/openzaak-database/database/4-setup-zac-config-after.sql

@@ -25,11 +25,10 @@ INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret,
 -- Set up the OpenNotificaties service configuration.
 -- Unfortunately it seems that we need to use 'host.docker.internal' here to connect to Open Notificaties. Not sure why.
 -- Please see our 'testing.md' document on how to set this up.
-INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, auth_type, header_key, header_value, oas, nlx, user_id, user_representation, oas_file, client_certificate_id, server_certificate_id, uuid, timeout, api_connection_check_path, slug) VALUES('Open Notificaties', 'nrc', 'http://host.docker.internal:8003/api/v1/', 'open-zaak-autorisaties', 'openZaakAutorisatiesApiSecretKey', 'zgw', '', '', 'http://host.docker.internal:8003/api/v1/schema/openapi.yaml', '', 'open-zaak-notificaties', 'Open Zaak - Notificaties', '', NULL, NULL, '031fe099-095b-4091-9f99-f81ef30561be', 10,'', 'open-notificaties');
+INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, auth_type, header_key, header_value, oas, nlx, user_id, user_representation, oas_file, client_certificate_id, server_certificate_id, uuid, timeout, api_connection_check_path, slug) VALUES('Open Notificaties', 'nrc', 'http://host.docker.internal:8003/api/v1/', 'open-zaak', 'opennotificatiesOpenzaakSecret', 'zgw', '', '', 'http://host.docker.internal:8003/api/v1/schema/openapi.yaml', '', 'open-zaak-notificaties', 'Open Zaak - Notificaties', '', NULL, NULL, '031fe099-095b-4091-9f99-f81ef30561be', 10,'', 'open-notificaties');
 -- Set up the OpenArchiefbeheer service configuration.
 INSERT INTO zgw_consumers_service (label, api_type, api_root, client_id, secret, auth_type, header_key, header_value, oas, nlx, user_id, user_representation, oas_file, client_certificate_id, server_certificate_id, uuid, timeout, api_connection_check_path, slug) VALUES('Open Archiefbeheer', 'nrc', 'http://host.docker.internal:8004/api/v1/', 'open-archiefbeheer', 'openArchiefbeheerApiSecretKey', 'zgw', '', '', 'http://host.docker.internal:8004/api/v1/schema', '', 'open-archiefbeheer', 'Open Archiefbeheer', '', NULL, NULL, 'f21a5a4d-36c8-44a4-bf72-44da1cd30a26', 10, '', 'open-archiefbeheer');
 
-
 -- Set up the Notificatiescomponentconfiguratie
 -- we assume here that a record already exists with id=1 (this is provisioned by OpenNotificaties on startup)
 UPDATE notifications_api_common_notificationsconfig SET notifications_api_service_id=(SELECT id FROM zgw_consumers_service WHERE label = 'Open Notificaties'), notification_delivery_max_retries=5, notification_delivery_retry_backoff=3, notification_delivery_retry_backoff_max=48 WHERE id=1;