feat(infra): seed BIG catalogus + JWT client for OpenZaak (refs #2)
Provision a JWT client declaratively via OpenZaak setup_configuration (infra/openzaak/setup_configuration/data.yaml: JWTSecret + Applicatie with all authorizations), and seed the BIG catalogus + a lean BIG-REGISTRATIE zaaktype (concept) + a bsn eigenschap via the ZTC API with an idempotent stdlib seed (infra/openzaak/seed_catalogus.py, `make openzaak-seed`). Disable outbound notifications until NRC lands (S-01-c) so ZTC writes don't 500. Bind-mount the config with :z (SELinux) for rootless Podman. Record the design in ADR-0002; document seeding + the dev JWT client in the OpenZaak runbook. Verified clean-slate: down --volumes -> up -> `make openzaak-seed` creates the catalogus/zaaktype/eigenschap and the JWT client lists BIG-REGISTRATIE; re-runs are all-skip (idempotent). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
22
infra/openzaak/setup_configuration/data.yaml
Normal file
22
infra/openzaak/setup_configuration/data.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
# OpenZaak setup_configuration (idempotent, declarative).
|
||||
# Provisions the JWT client the seed + ACL use to call OpenZaak's APIs.
|
||||
# Dev-only credentials — not for production.
|
||||
#
|
||||
# Steps come from vng_api_common.contrib.setup_configuration (see ADR-0002).
|
||||
|
||||
vng_api_common_credentials_config_enable: true
|
||||
vng_api_common_credentials:
|
||||
items:
|
||||
- identifier: big-reference-seed
|
||||
secret: insecure-dev-secret-change-me
|
||||
|
||||
vng_api_common_applicaties_config_enable: true
|
||||
vng_api_common_applicaties:
|
||||
items:
|
||||
# uuid must be given explicitly as a string (the step's auto-default is a
|
||||
# UUID object that fails its own validation).
|
||||
- uuid: "11111111-1111-4111-8111-111111111111"
|
||||
client_ids:
|
||||
- big-reference-seed
|
||||
label: BIG reference seed client
|
||||
heeft_alle_autorisaties: true
|
||||
Reference in New Issue
Block a user