🚧 [maykinmedia/django-setup-configuration#16] Setup config fixes

ensure that notificaties API can access itself, to complete the configuration

docs/installation/configuration/opennotifs_config_cli.rst

@@ -46,6 +46,7 @@ Open Notificaties uses Open Zaak Authorisaties API to check authorizations
 of its consumers, therefore Open Notificaties should be able to request Open Zaak.
 Make sure that the correct permissions are configured in Open Zaak Autorisaties API.
 
+* ``OPENNOTIFICATIES_DOMAIN``:  a ``[host]:[port]`` or ``[host]`` value. Required.
 * ``AUTHORIZATION_CONFIG_ENABLE``: enable Authorization configuration. Defaults
   to ``False``.
 * ``AUTORISATIES_API_ROOT``: full URL to the Authorisaties API root, for example

src/nrc/config/authorization.py

@@ -6,9 +6,13 @@
 import requests
 from django_setup_configuration.configuration import BaseConfigurationStep
 from django_setup_configuration.exceptions import SelfTestFailed
+from furl import furl
+from notifications_api_common.models import NotificationsConfig
 from vng_api_common.authorizations.models import AuthorizationsConfig, ComponentTypes
 from vng_api_common.models import APICredential, JWTSecret
 from zds_client import ClientAuth
+from zgw_consumers.constants import APITypes, AuthTypes
+from zgw_consumers.models import Service
 
 from nrc.utils import build_absolute_url
 
@@ -19,13 +23,16 @@ class AuthorizationStep(BaseConfigurationStep):
 
     1. Set up authorization to point to the API
     2. Add credentials for Open Notifications to request Open Zaak
+    3. Configure Open Notificaties such that it can access itself (required because
+       Open Notificaties must be subscribed to changes in the `autorisaties` channel)
 
     Normal mode doesn't change the credentials after its initial creation.
     If the client_id or secret is changed, run this command with 'overwrite' flag
     """
 
     verbose_name = "Authorization Configuration"
     required_settings = [
+        "OPENNOTIFICATIES_DOMAIN",
         "AUTORISATIES_API_ROOT",
         "NOTIF_OPENZAAK_CLIENT_ID",
         "NOTIF_OPENZAAK_SECRET",
@@ -65,6 +72,35 @@ def configure(self) -> None:
             },
         )
 
+        # TODO remove hardcoded version?
+        # Step 3 (step 8/9 in Open Zaak configuration documentation)
+        api_version = settings.API_VERSION.split(".")[0]
+        notifs_api_root = (
+            furl(settings.OPENNOTIFICATIES_DOMAIN)
+            / reverse("api-root", kwargs={"version": api_version})
+        ).url
+        notifs_oas_url = (
+            furl(settings.OPENNOTIFICATIES_DOMAIN)
+            / reverse("schema", kwargs={"version": api_version})
+        ).url
+        scheme = "http" if settings.DEBUG else "https"
+        notification_service, _ = Service.objects.update_or_create(
+            api_root=f"{scheme}://{notifs_api_root}",
+            oas=f"{scheme}://{notifs_oas_url}",
+            defaults={
+                "label": "Open Notificaties",
+                "api_type": APITypes.nrc,
+                "client_id": settings.NOTIF_OPENZAAK_CLIENT_ID,
+                "secret": settings.NOTIF_OPENZAAK_SECRET,
+                "auth_type": AuthTypes.zgw,
+                "user_id": settings.NOTIF_OPENZAAK_CLIENT_ID,
+                "user_representation": f"Open Notificaties {organization}",
+            },
+        )
+        config = NotificationsConfig.get_solo()
+        config.notifications_api_service = notification_service
+        config.save()
+
     def test_configuration(self) -> None:
         """
         This check depends on the configuration  of permissions in Open Zaak

src/nrc/tests/commands/test_setup_configuration.py

@@ -9,10 +9,12 @@
 import requests
 import requests_mock
 from jwt import decode
+from notifications_api_common.models import NotificationsConfig
 from rest_framework import status
 from vng_api_common.authorizations.models import AuthorizationsConfig
 from zds_client.auth import ClientAuth
-from zgw_consumers.constants import APITypes
+from zgw_consumers.constants import APITypes, AuthTypes
+from zgw_consumers.models import Service
 from zgw_consumers.test import mock_service_oas_get
 
 from nrc.config.authorization import AuthorizationStep, OpenZaakAuthStep
@@ -118,6 +120,35 @@ def test_setup_configuration(self, m):
 
             self.assertEqual(response.status_code, status.HTTP_200_OK)
 
+        with self.subTest("Open Notificaties can access itself"):
+            notifications_service = Service.objects.get()
+
+            self.assertEqual(
+                notifications_service.api_root,
+                "https://open-notificaties.example.com/api/v1/",
+            )
+            self.assertEqual(
+                notifications_service.oas,
+                "https://open-notificaties.example.com/api/v1/schema/openapi.yaml",
+            )
+            self.assertEqual(notifications_service.label, "Open Notificaties")
+            self.assertEqual(notifications_service.api_type, APITypes.nrc)
+            self.assertEqual(notifications_service.client_id, "notif-client-id")
+            self.assertEqual(notifications_service.secret, "notif-secret")
+            self.assertEqual(notifications_service.auth_type, AuthTypes.zgw)
+            self.assertEqual(notifications_service.user_id, "notif-client-id")
+            self.assertEqual(
+                notifications_service.user_representation, "Open Notificaties ACME"
+            )
+
+            config = NotificationsConfig.get_solo()
+
+            self.assertEqual(config.notifications_api_service, notifications_service)
+            # resp = self.client.get("/view-config/")
+
+        # import pdb; pdb.set_trace()
+        # TODO add test for service creation and check view config?
+
     @requests_mock.Mocker()
     def test_setup_configuration_selftest_fails(self, m):
         m.get("http://open-notificaties.example.com/", exc=requests.ConnectionError)