Provision a JWT client declaratively via OpenZaak setup_configuration (infra/openzaak/setup_configuration/data.yaml: JWTSecret + Applicatie with all authorizations), and seed the BIG catalogus + a lean BIG-REGISTRATIE zaaktype (concept) + a bsn eigenschap via the ZTC API with an idempotent stdlib seed (infra/openzaak/seed_catalogus.py, `make openzaak-seed`). Disable outbound notifications until NRC lands (S-01-c) so ZTC writes don't 500. Bind-mount the config with :z (SELinux) for rootless Podman. Record the design in ADR-0002; document seeding + the dev JWT client in the OpenZaak runbook. Verified clean-slate: down --volumes -> up -> `make openzaak-seed` creates the catalogus/zaaktype/eigenschap and the JWT client lists BIG-REGISTRATIE; re-runs are all-skip (idempotent). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
23 lines
808 B
YAML
23 lines
808 B
YAML
# OpenZaak setup_configuration (idempotent, declarative).
|
|
# Provisions the JWT client the seed + ACL use to call OpenZaak's APIs.
|
|
# Dev-only credentials — not for production.
|
|
#
|
|
# Steps come from vng_api_common.contrib.setup_configuration (see ADR-0002).
|
|
|
|
vng_api_common_credentials_config_enable: true
|
|
vng_api_common_credentials:
|
|
items:
|
|
- identifier: big-reference-seed
|
|
secret: insecure-dev-secret-change-me
|
|
|
|
vng_api_common_applicaties_config_enable: true
|
|
vng_api_common_applicaties:
|
|
items:
|
|
# uuid must be given explicitly as a string (the step's auto-default is a
|
|
# UUID object that fails its own validation).
|
|
- uuid: "11111111-1111-4111-8111-111111111111"
|
|
client_ids:
|
|
- big-reference-seed
|
|
label: BIG reference seed client
|
|
heeft_alle_autorisaties: true
|