OPC # 0002: Improvements to Client provisioning workflows

2026-04-25 21:33:28 -04:00
parent 98049f3c50
commit 35fe82d225
7 changed files with 621 additions and 1 deletions
@@ -0,0 +1,56 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.Hosting.Lifetime": "Information"
+    }
+  },
+
+  // ── Keycloak ──────────────────────────────────────────────────────────────────
+  // Worker runs on the host machine → use localhost URLs for admin API calls.
+  // These are the shared platform Keycloak credentials from infra/docker-compose.yml.
+  // Aspire no longer injects these — they live here.
+  "Keycloak": {
+    "AuthServerUrl": "http://localhost:8080",
+    "AdminUser": "admin",
+    "AdminPassword": "Admin1234!",
+    "Realm": "master",
+    "Resource": "admin-cli"
+  },
+
+  // ── Vault ─────────────────────────────────────────────────────────────────────
+  // Worker uses localhost:8200 for admin calls.
+  // Vault__KeysFile is machine-specific → still injected by Aspire AppHost.
+  "Vault": {
+    "Address": "http://localhost:8200",
+    "ContainerAddress": "http://vault:8200"
+  },
+
+  // ── ClarityInfraOptions (Clarity section) ─────────────────────────────────────
+  // These values describe what gets injected INTO tenant containers at docker run time.
+  // Containers live on clarity-net → use Docker DNS names (keycloak, vault, postgres).
+  // Nginx/dnsmasq surface these at public DNS names for the browser.
+  "Clarity": {
+    "Domain": "clarity.test",
+    "Network": "clarity-net",
+    "KeycloakPublicUrl": "https://keycloak.clarity.test",
+    "KeycloakInternalUrl": "http://keycloak:8080",
+    "VaultInternalUrl": "http://vault:8200",
+    "NginxCertPath": "/etc/nginx/certs/clarity.test.crt",
+    "NginxCertKeyPath": "/etc/nginx/certs/clarity.test.key"
+  },
+
+  // ── Docker ───────────────────────────────────────────────────────────────────
+  "Docker": {
+    "Socket": "npipe://./pipe/docker_engine",
+    "ClarityServerImage": "clarity-server:latest"
+  },
+
+  // ── Connection strings ────────────────────────────────────────────────────────
+  // platformdb: the shared infra postgres from infra/docker-compose.yml.
+  //   Worker connects on localhost:5432 for tenant DB provisioning (MigrationStep).
+  //   Aspire-managed opcdb (port 5433) is injected separately by AppHost via .WithReference.
+  "ConnectionStrings": {
+    "platformdb": "Host=localhost;Port=5432;Username=postgres;Password=postgres"
+  }
+}