First steps in adding the Validator Service to Docker Compose.

Dennis Labordus · Dennis Labordus · commit c5a924491a98 · 2022-03-21T10:43:51.000+01:00
Signed-off-by: Dennis Labordus &lt;dennis.labordus@alliander.com&gt;
diff --git a/compas/docker-compose-basex.yml b/compas/docker-compose-basex.yml
@@ -108,6 +108,30 @@ services:
     depends_on:
       - keycloak
 
+  scl-validator:
+    labels:
+      compas: true
+    image: "lfenergy/compas-scl-validator:local-SNAPSHOT"
+    ports:
+      - "9093:8080"
+    environment:
+      - JWT_VERIFY_KEY=http://keycloak:8080/auth/realms/compas/protocol/openid-connect/certs
+      - JWT_VERIFY_ISSUER=http://${COMPAS_HOSTNAME}/auth/realms/compas
+      - JWT_VERIFY_CLIENT_ID=scl-validator
+      - JWT_GROUPS_PATH=resource_access/scl-validator/roles
+      - USERINFO_WHO_CLAIMNAME=name
+    deploy:
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/compas-scl-validator/q/health/ready"]
+      interval: 15s
+      timeout: 10s
+      retries: 5
+    depends_on:
+      - keycloak
+
   open-scd:
     labels:
       compas: true
diff --git a/compas/docker-compose-postgresql.yml b/compas/docker-compose-postgresql.yml
@@ -115,6 +115,30 @@ services:
     depends_on:
       - keycloak
 
+  scl-validator:
+    labels:
+      compas: true
+    image: "lfenergy/compas-scl-validator:local-SNAPSHOT"
+    ports:
+      - "9093:8080"
+    environment:
+      - JWT_VERIFY_KEY=http://keycloak:8080/auth/realms/compas/protocol/openid-connect/certs
+      - JWT_VERIFY_ISSUER=http://${COMPAS_HOSTNAME}/auth/realms/compas
+      - JWT_VERIFY_CLIENT_ID=scl-validator
+      - JWT_GROUPS_PATH=resource_access/scl-validator/roles
+      - USERINFO_WHO_CLAIMNAME=name
+    deploy:
+      restart_policy:
+        condition: on-failure
+        max_attempts: 3
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8080/compas-scl-validator/q/health/ready"]
+      interval: 15s
+      timeout: 10s
+      retries: 5
+    depends_on:
+      - keycloak
+
   open-scd:
     labels:
       compas: true
@@ -127,6 +151,8 @@ services:
     depends_on:
       - scl-data-service
       - cim-mapping
+      - scl-auto-alignment
+      - scl-validator
 
   reverse-proxy:
     labels:
@@ -146,6 +172,8 @@ services:
       - keycloak
       - scl-data-service
       - cim-mapping
+      - scl-auto-alignment
+      - scl-validator
       - open-scd
 
 volumes:
diff --git a/compas/reverse-proxy/nginx.conf b/compas/reverse-proxy/nginx.conf
@@ -126,6 +126,26 @@ http {
        proxy_redirect off;
      }
 
+     # Forwarding to the SCL Auto Alignment Service container.
+     location /compas-scl-validator/ {
+       include /etc/nginx/include/authenticate.include;
+
+       proxy_set_header X-Real-IP         $remote_addr;
+       proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+       proxy_set_header X-Forwarded-Proto $scheme;
+       proxy_set_header X-Forwarded-Port  $server_port;
+       proxy_set_header Authorization     "Bearer ${access_token}";
+
+       # Added Header back to browser to get JWT Content for Debugging, should not do this in production.
+       add_header X-Debug-Bearer "Bearer ${access_token}" always;
+
+       proxy_pass http://scl-validator:8080/compas-scl-validator/;
+
+       proxy_set_header Host $http_host;
+       proxy_cache_bypass $http_upgrade;
+       proxy_redirect off;
+     }
+
      # redirect server error pages to the static page /40x.html
      error_page 404 /404.html;
        location = /40x.html {
