ClarityStack/OPC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13ff5eb926ba61632cf0d968c3b9745587475719
OPC/ControlPlane.Api/Data/seed_opc.sql
T
amadzarak 42383bdc03 OPC # 0001: Extract OPC into standalone repo
2026-04-25 18:05:57 -04:00

109 lines
5.3 KiB
SQL
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
-- =============================================================================
-- OPC Seed Script seeded from TODO.md backlog
-- Run against the ControlPlane database.
-- OPC # 0001 is already live; this starts at 0002.
-- =============================================================================
INSERT INTO opc (id, number, title, description, type, status, priority, assignee, created_at, updated_at)
VALUES
-- ── Keycloak / Auth ───────────────────────────────────────────────────────────
(
gen_random_uuid(),
'OPC # 0002',
'Fix KeycloakStep 401 on realm provisioning',
'KeycloakStep is the current blocker in the provisioning saga. The step returns 401 when attempting to create the tenant realm. Investigate the admin-client credentials, token scope, and the endpoint URL used inside the Docker network.',
'Bug',
'In Progress',
'High',
'amadzarak',
NOW(), NOW()
),
(
gen_random_uuid(),
'OPC # 0003',
'KeycloakStep: full realm + user provisioning flow',
'After the 401 is resolved, implement the full flow: create realm {subdomain}.clarity.io, create the admin role, create the day-zero admin user from AdminEmail, assign the admin role, and trigger execute-actions-email (verify email + set password).',
'Feature',
'New',
'High',
'amadzarak',
NOW(), NOW()
),
(
gen_random_uuid(),
'OPC # 0004',
'Keycloak JWT backchannel issuer cleanup',
'Keycloak advertises its issuer based on the incoming request URL. When the backchannel hits http://keycloak:8080 directly it returns http://keycloak.clarity.test:8080 as the issuer, forcing layered workarounds in ValidIssuers and the rewrite handler. Clean fix: boot Keycloak with KC_HOSTNAME_URL=https://keycloak.clarity.test, verify via /.well-known/openid-configuration, then simplify ValidIssuers back to two entries. Deferred until next planned maintenance window (requires nuke to apply env var).',
'Tech Debt',
'New',
'Medium',
'amadzarak',
NOW(), NOW()
),
-- ── VaultStep ─────────────────────────────────────────────────────────────────
(
gen_random_uuid(),
'OPC # 0005',
'VaultStep: read root token and write initial secrets',
'Read the root token from /vault/file/init.json, enable KV-v2 secrets engine at {subdomain}/, then write the initial secrets: DB connection string and Keycloak client secret.',
'Feature',
'New',
'High',
'amadzarak',
NOW(), NOW()
),
-- ── MigrationStep ─────────────────────────────────────────────────────────────
(
gen_random_uuid(),
'OPC # 0006',
'MigrationStep: run EF Core migrations per provisioning mode',
'Wire up EF Core migrations inside MigrationStep for all three provisioning modes. Shared: run against the shared DB scoped to the tenant schema. Isolated: run against the dedicated Postgres container registered in SagaContext. Dedicated: run against the full dedicated Postgres instance.',
'Feature',
'New',
'Medium',
'amadzarak',
NOW(), NOW()
),
-- ── HandoffStep ───────────────────────────────────────────────────────────────
(
gen_random_uuid(),
'OPC # 0007',
'HandoffStep: send magic-link email and mark saga complete',
'Send a magic-link / welcome email to AdminEmail via SMTP or SendGrid, then mark CompletedSteps.HandoffSent on the provisioning job. Blocked until SMTP is wired (currently SendRequiredActionsEmailAsync is commented out in KeycloakStep.cs).',
'Feature',
'New',
'Medium',
'amadzarak',
NOW(), NOW()
),
-- ── Observability ─────────────────────────────────────────────────────────────
(
gen_random_uuid(),
'OPC # 0008',
'Stream tenant container logs into Aspire dashboard',
'Use the Docker SDK to tail fdev-app-clarity-* container logs and forward them to Aspire''s structured log stream. Currently these logs are only visible via docker logs on the host.',
'Feature',
'New',
'Low',
'amadzarak',
NOW(), NOW()
),
-- ── Kubernetes (backburner) ───────────────────────────────────────────────────
(
gen_random_uuid(),
'OPC # 0009',
'Kubernetes migration path evaluation',
'Currently managing containers directly via Docker.DotNet. Evaluate k8s when: scheduling across multiple nodes is needed, rolling deploys are required, or client count exceeds single-host capacity. Options: k3s (self-hosted), AKS/EKS (cloud), or keep Docker Compose per host for mid-scale. ClarityContainerService abstraction is intentional swap Docker.DotNet for a k8s client without changing the saga.',
'General',
'New',
'Low',
'amadzarak',
NOW(), NOW()
);
Reference in New Issue View Git Blame Copy Permalink