feat(infra): OpenZaak + Postgres + Redis up in compose (refs #10) #40

Merged
eho merged 2 commits from feat/10-openzaak-compose into main 2026-06-03 13:16:31 +00:00
Owner

First stage of S-01 (#10): the OpenZaak stack comes up in compose.

infra/openzaak/docker-compose.yml — PostGIS + redis + migrate-init + OpenZaak API + celery worker (lean adaptation of upstream; images qualified for rootless Podman).

Verified locally: migrations run; GET /admin/ → 302, GET /zaken/api/v1/ → 200, unauth GET /zaken/api/v1/zaken403 PermissionDenied (proper ZGW fout — auth enforced).

⚠️ Finding: the issue says "401", but OpenZaak returns 403 for missing JWT. Intent (auth enforced) is met; #10 text should be corrected to 403.

Remaining for S-01 (so this refs, not closes, #10): BIG catalogus + lean BIG-registratie zaaktype + bsn eigenschap seed + JWT client to list zaaktypen; and Open Notificaties. Recommend splitting #10 into sub-slices.

🤖 Generated with Claude Code

First stage of **S-01** (#10): the OpenZaak stack comes up in compose. `infra/openzaak/docker-compose.yml` — PostGIS + redis + migrate-init + OpenZaak API + celery worker (lean adaptation of upstream; images qualified for rootless Podman). **Verified locally:** migrations run; `GET /admin/` → 302, `GET /zaken/api/v1/` → 200, unauth `GET /zaken/api/v1/zaken` → **403 PermissionDenied** (proper ZGW fout — auth enforced). ⚠️ **Finding:** the issue says "401", but OpenZaak returns **403** for missing JWT. Intent (auth enforced) is met; #10 text should be corrected to 403. **Remaining for S-01** (so this `refs`, not closes, #10): BIG catalogus + lean `BIG-registratie` zaaktype + `bsn` eigenschap seed + JWT client to list zaaktypen; and Open Notificaties. Recommend splitting #10 into sub-slices. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
eho added 1 commit 2026-06-03 12:28:22 +00:00
feat(infra): OpenZaak + Postgres + Redis up in compose (refs #10)
Some checks failed
CI / lint (pull_request) Has been cancelled
CI / build (pull_request) Has been cancelled
CI / unit (pull_request) Has been cancelled
CI / compose-smoke (pull_request) Has been cancelled
ae2169b6ee
Add infra/openzaak/docker-compose.yml — a lean adaptation of the upstream
open-zaak dev stack: PostGIS db, redis, a one-shot init that runs database
migrations, the OpenZaak API, and a celery worker. (Dropped nginx, beat,
flower, OTEL for leanness.) Images fully qualified (docker.io/...) for
rootless Podman.

Verified locally: stack comes up; migrations run; GET /admin/ -> 302,
GET /zaken/api/v1/ -> 200, and an unauthenticated GET /zaken/api/v1/zaken
-> 403 PermissionDenied (a proper ZGW fout) — i.e. auth is enforced.

Note: the S-01 acceptance says "401", but OpenZaak's ZGW APIs return 403
for missing/invalid JWT. Auth-enforced intent is met; the issue text
should be corrected to 403. Remaining S-01 work: BIG catalogus + zaaktype
seed + JWT client (then list zaaktypen), and Open Notificaties — so this
refs (not closes) #10.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
eho added 1 commit 2026-06-03 13:08:03 +00:00
chore(infra): make openzaak-* targets + runbook (refs #10)
Some checks failed
CI / lint (pull_request) Has been cancelled
CI / build (pull_request) Has been cancelled
CI / unit (pull_request) Has been cancelled
CI / compose-smoke (pull_request) Has been cancelled
e1883c2d0e
Add `make openzaak-up`, `make openzaak-smoke`, and `make openzaak-down` so
the OpenZaak stack is testable in one command, matching the `make ci`
pattern. openzaak-smoke polls until the API responds, then asserts auth is
enforced (403) and the admin/schema endpoints are reachable (302/200).
Document it in docs/runbooks/openzaak.md (kept out of `make ci` — it's a
heavier, separate check).

Verified: `make openzaak-smoke` is green end-to-end.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
eho merged commit 8c5bbe05a9 into main 2026-06-03 13:16:31 +00:00
Sign in to join this conversation.