feat: local developer setup (#62)

Author: tomwwinter

README.md

@@ -16,3 +16,6 @@ The individual modules like "Reporting" require some setup and environment varia
 
 - **[Reporting](./docs/modules/reporting.md)**: Calculate aggregated reports and run queries on all data, accessible for external services for API integrations of systems
 - **[Export](./docs/modules/export.md)**: Template based file export API. Uses [carbone.io](https://carbone.io) as templating engine.
+
+## Development
+The developer README provides detailed instructions how to set up a local testing environment: [docs/developer/README.md](docs/developer/README.md)

application/aam-backend-service/.gitignore

@@ -38,3 +38,4 @@ out/
 
 ### Kotlin ###
 .kotlin
+/src/main/resources/reverse-proxy.crt

application/aam-backend-service/src/main/kotlin/com/aamdigital/aambackendservice/security/LocalDevelopmentConfiguration.kt

@@ -0,0 +1,32 @@
+package com.aamdigital.aambackendservice.security
+
+import org.springframework.boot.ssl.SslBundles
+import org.springframework.boot.web.client.RestTemplateBuilder
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.context.annotation.Profile
+import org.springframework.security.oauth2.jwt.JwtDecoder
+import org.springframework.security.oauth2.jwt.NimbusJwtDecoder
+import org.springframework.web.client.RestTemplate
+
+@Configuration
+class LocalDevelopmentConfiguration {
+    @Bean
+    @Profile("local-development")
+    fun restTemplate(restTemplateBuilder: RestTemplateBuilder, sslBundles: SslBundles): RestTemplate {
+        return restTemplateBuilder.setSslBundle(sslBundles.getBundle("local-development")).build()
+    }
+
+    @Bean
+    @Profile("local-development")
+    fun sslCheckDisabledJwtDecoder(
+        restTemplate: RestTemplate
+    ): JwtDecoder {
+        return NimbusJwtDecoder
+            .withIssuerLocation(
+                "https://aam.localhost/auth/realms/dummy-realm"
+            )
+            .restOperations(restTemplate)
+            .build()
+    }
+}

application/aam-backend-service/src/main/resources/application.yaml

@@ -75,7 +75,13 @@ spring:
     oauth2:
       resourceserver:
         jwt:
-          issuer-uri: http://localhost:8080/realms/dummy-realm
+          issuer-uri: https://aam.localhost/auth/realms/dummy-realm
+  ssl:
+    bundle:
+      pem:
+        local-development:
+          truststore:
+            certificate: "classpath:reverse-proxy.crt" # this is the certificate of the local running caddy proxy
   rabbitmq:
     virtual-host: local
     listener:
@@ -93,6 +99,8 @@ spring:
     password: docker
 
 server:
+  servlet:
+    context-path: /
   error:
     include-message: always
     include-binding-errors: always
@@ -116,26 +124,26 @@ aam-render-api-client-configuration:
 #   scope: <needs-environment-configuration>
 
 couch-db-client-configuration:
-  base-path: http://localhost:5984
+  base-path: https://aam.localhost/db/couchdb
   basic-auth-username: admin
   basic-auth-password: docker
 
 sqs-client-configuration:
-  base-path: http://localhost:4984
+  base-path: https://aam.localhost/sqs
   basic-auth-username: admin
   basic-auth-password: docker
 
 skilllab-api-client-configuration:
   api-key: skilllab-api-key
   project-id: dummy-project
-  base-path: http://localhost:9005/skilllab
+  base-path: https://aam.localhost/skilllab
   response-timeout-in-seconds: 15
 
 features:
   export-api:
     enabled: false
   skill-api:
-    mode: skilllab
+    mode: disabled
 
 crypto-configuration:
   secret: super-duper-secret
@@ -156,7 +164,7 @@ sentry:
 application:
   version: local-dev-build
 
-management:
-  otlp:
-    tracing:
-      endpoint: http://localhost:4318/v1/traces
+#management:
+#  otlp:
+#    tracing:
+#      endpoint: http://localhost:4318/v1/traces

docs/assets/certificate-import_linux-chromium.png

@@ -0,0 +1,5 @@
+APP_VERSION=latest
+AAM_BACKEND_SERVICE_VERSION=latest
+REPLICATION_BACKEND_PUBLIC_KEY=<the-content-of-"public_key"-from-here-https://localhost/auth/realms/dummy-realm>
+# (macos only)
+JAVA_TOOL_OPTIONS="-XX:UseSVE=0"

docs/assets/keychain-access-1.png

@@ -0,0 +1,3 @@
+container-data/
+.env
+secrets.env

docs/assets/keychain-access-2.png

@@ -0,0 +1,63 @@
+{
+  local_certs
+  auto_https disable_redirects
+}
+
+aam.localhost:80, aam.localhost:443 {
+    handle_path /auth* {
+        reverse_proxy keycloak:8080 {
+            header_up Host {host}
+        }
+    }
+
+    handle_path /db/couchdb* {
+        reverse_proxy db-couch:5984
+    }
+
+    handle_path /db* {
+        reverse_proxy replication-backend:5984
+    }
+
+    handle_path /accounts-backend* {
+        # activate this line instead of the existing if your account-backend is running locally
+        # reverse_proxy http://host.docker.internal:3000
+
+        # activate this line when account-backend is running as docker container (default)
+        reverse_proxy accounts-backend:3000
+    }
+
+    handle_path /replication-backend* {
+        reverse_proxy replication-backend:5984
+    }
+
+    handle_path /api* {
+      # reverse_proxy http://host.docker.internal:9000 # local running app
+        reverse_proxy aam-backend-service:8080 # docker container
+    }
+
+    handle_path /sqs* {
+        reverse_proxy sqs:4984
+    }
+
+    handle_path /rabbitmq/* {
+        reverse_proxy rabbitmq:15672
+    }
+
+    handle_path /nominatim/* {
+        reverse_proxy https://nominatim.openstreetmap.org
+    }
+
+    handle_path /maildev/* {
+        reverse_proxy maildev:1080
+    }
+
+    handle_path /hello {
+        respond "Hello. This is aam-digital-reverse-proxy." 200
+    }
+
+    # redirect all other traffic to the locally running angular app (on host machine)
+    # on linux this may need some additional configuration. See README.md
+    handle_path /* {
+        reverse_proxy http://host.docker.internal:4200
+    }
+}