maykinmedia
diff --git a/‎.github/workflows/ci.yml
+3 b/‎.github/workflows/ci.yml
+3
diff --git a/‎bin/setup_configuration.sh
+2-1 b/‎bin/setup_configuration.sh
+2-1
diff --git a/‎django-setup-config.env
-11 b/‎django-setup-config.env
-11
diff --git a/‎docker-compose.yml
+2-2 b/‎docker-compose.yml
+2-2
diff --git a/‎docker/setup_configuration/data.yaml
+123 b/‎docker/setup_configuration/data.yaml
+123
diff --git a/‎requirements/base.in
+1-1 b/‎requirements/base.in
+1-1
diff --git a/‎requirements/base.txt
+22-10 b/‎requirements/base.txt
+22-10
diff --git a/‎requirements/ci.txt
+19-7 b/‎requirements/ci.txt
+19-7
@@ -208,6 +208,9 @@ jobs:
     name: Check that documentation for configuration steps is up-to-date
     runs-on: ubuntu-latest
 
+    # Disabled while we complete the upgrade to the latest setup-configuration
+    if: false
+
     steps:
       - uses: actions/checkout@v3
         with:
 
@@ -12,4 +12,5 @@ SCRIPTPATH=$(dirname "$SCRIPT")
 ${SCRIPTPATH}/wait_for_db.sh
 
 src/manage.py migrate
-src/manage.py setup_configuration --no-selftest
+src/manage.py setup_configuration \
+    --yaml-file /app/setup_configuration/data.yaml
@@ -107,9 +107,9 @@ services:
     <<: *web-service
     container_name: open-inwoner-web-init
     ports: []
-    env_file:
-      - django-setup-config.env
     command: /setup_configuration.sh
+    volumes:
+      - ./docker/setup_configuration:/app/setup_configuration
 
   nginx:
     image: nginx
 
@@ -0,0 +1,123 @@
+# Admin OIDC
+oidc_db_config_enable: true
+oidc_db_config_admin_auth:
+  items:
+    - identifier: admin-oidc
+      enabled: True
+      oidc_rp_client_id: testid
+      oidc_rp_client_secret: 7DB3KUAAizYCcmZufpHRVOcD0TOkNO3I
+      oidc_rp_scopes_list:
+        - openid
+        - email
+        - profile
+      oidc_rp_sign_algo: RS256
+      endpoint_config:
+        oidc_op_authorization_endpoint: https://example.com/realms/test/protocol/openid-connect/auth
+        oidc_op_token_endpoint: https://example.com/realms/test/protocol/openid-connect/token
+        oidc_op_user_endpoint: https://example.com/realms/test/protocol/openid-connect/userinfo
+      username_claim:
+        - sub
+      groups_claim:
+        - roles
+      claim_mapping:
+        first_name:
+          - given_name
+      sync_groups: true
+      sync_groups_glob_pattern: '*'
+      default_groups:
+        - Functioneel beheer
+      make_users_staff: true
+      superuser_group_names:
+        - superuser
+      oidc_use_nonce: true
+      oidc_nonce_size: 32
+      oidc_state_size: 32
+      userinfo_claims_source: id_token
+
+# Setup service connectivity
+zgw_consumers_config_enable: True
+zgw_consumers:
+  services:
+    - identifier: zaken-test
+      label: Open Zaak - Zaken API
+      api_root: http://localhost:8003/zaken/api/v1/
+      api_type: zrc
+      auth_type: zgw
+      client_id: test-vcr
+      secret: test-vcr
+    - identifier: documenten-test
+      label: Open Zaak - Documenten API
+      api_root: http://localhost:8003/documenten/api/v1/
+      api_type: drc
+      auth_type: zgw
+      client_id: test-vcr
+      secret: test-vcr
+    - identifier: catalogi-test
+      label: Open Zaak - Catalogi API
+      api_root: http://localhost:8003/catalogi/api/v1/
+      api_type: ztc
+      auth_type: zgw
+      client_id: test-vcr
+      secret: test-vcr
+    - identifier: besluiten-test
+      label: Open Zaak - Besluiten API
+      api_root: http://localhost:8003/besluiten/api/v1/
+      api_type: brc
+      auth_type: zgw
+      client_id: test-vcr
+      secret: test-vcr
+    - identifier: selectielijst
+      label: Open Zaak (public) - Selectielijst API
+      api_root: https://selectielijst.openzaak.nl/api/v1/
+      api_type: orc
+      auth_type: no_auth
+    - identifier: klanten-test
+      label: eSuite klanten API
+      api_root: http://localhost:8003/klanten/api/v1/
+      api_type: kc
+      auth_type: zgw
+      client_id: test-vcr
+      secret: test-vcr
+    - identifier: contactmomenten-test
+      label: eSuite contactmomemnten API
+      api_root: http://localhost:8003/contactmomenten/api/v1/
+      api_type: cmc
+      auth_type: zgw
+      client_id: test-vcr
+      secret: test-vcr
+
+openzaak_config_enable: true
+openzaak_config:
+  zaak_max_confidentiality: openbaar
+  document_max_confidentiality: vertrouwelijk
+  max_upload_size: 50
+  skip_notification_statustype_informeren: false
+  reformat_esuite_zaak_identificatie: true
+  fetch_eherkenning_zaken_with_rsin: false
+  use_zaak_omschrijving_as_title: 'true'
+  order_statuses_by_date_set: false
+  title_text: title text from setup configuration
+  enable_categories_filtering_with_zaken: true
+  action_required_deadline_days: 1874
+  zaken_filter_enabled: 'true'
+  allowed_file_extensions:
+    - .pdf
+    - .txt
+  api_groups:
+    - zaken_api_identifier: zaken-test
+      documenten_api_identifier: documenten-test
+      catalogi_api_identifier: catalogi-test
+
+openklant_config_enable: true
+openklant_config:
+  klanten_service_identifier: klanten-test
+  contactmomenten_service_identifier: contactmomenten-test
+  exclude_contactmoment_kanalen: []
+  register_email: [email protected]
+  register_contact_moment: true
+  register_bronorganisatie_rsin: '837194569'
+  register_channel: email
+  register_type: bericht
+  register_employee_id: '1234'
+  use_rsin_for_innNnpId_query_parameter: true
+  send_email_confirmation: false
@@ -42,7 +42,7 @@ fontawesomefree
 django-timeline-logger
 django-csp
 django-csp-reports
-mozilla-django-oidc-db
+mozilla-django-oidc-db[setup-configuration]
 django-open-forms-client
 django-htmx
 playwright
 
@@ -256,8 +256,10 @@ django-sessionprofile==1.0
     # via
     #   -r requirements/base.in
     #   django-digid-eherkenning
-django-setup-configuration==0.3.0
-    # via -r requirements/base.in
+django-setup-configuration==0.5.0
+    # via
+    #   -r requirements/base.in
+    #   mozilla-django-oidc-db
 django-simple-certmanager==1.4.1
     # via
     #   django-digid-eherkenning
@@ -405,7 +407,7 @@ messagebird==2.1.0
     # via -r requirements/base.in
 mozilla-django-oidc==4.0.1
     # via mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -r requirements/base.in
     #   django-digid-eherkenning
@@ -440,10 +442,17 @@ psycopg2==2.9.9
     # via -r requirements/base.in
 pycparser==2.20
     # via cffi
-pydantic[email]==2.6.4
-    # via -r requirements/base.in
-pydantic-core==2.16.3
+pydantic[email]==2.9.2
+    # via
+    #   -r requirements/base.in
+    #   django-setup-configuration
+    #   pydantic-settings
+pydantic-core==2.23.4
     # via pydantic
+pydantic-settings[yaml]==2.7.0
+    # via
+    #   django-setup-configuration
+    #   pydantic-settings
 pydyf==0.1.2
     # via weasyprint
 pyee==12.0.0
@@ -475,19 +484,22 @@ python-dateutil==2.8.2
     #   python-crontab
 python-decouple==3.5
     # via -r requirements/base.in
-python-dotenv==0.19.0
-    # via -r requirements/base.in
+python-dotenv==1.0.1
+    # via
+    #   -r requirements/base.in
+    #   pydantic-settings
 python-stdnum==1.17
     # via django-localflavor
 pytz==2021.3
     # via
     #   -r requirements/base.in
     #   django-yubin
     #   djangorestframework
-pyyaml==6.0
+pyyaml==6.0.2
     # via
     #   drf-spectacular
     #   gemma-zds-client
+    #   pydantic-settings
     #   tablib
     #   zgw-consumers-oas
 qrcode==6.1
@@ -593,7 +605,7 @@ xmlsec==1.3.12
     # via maykin-python3-saml
 xsdata==23.8
     # via -r requirements/base.in
-zgw-consumers==0.35.1
+zgw-consumers==0.36.1
     # via
     #   -r requirements/base.in
     #   notifications-api-common
 
@@ -438,10 +438,11 @@ django-sessionprofile==1.0
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   django-digid-eherkenning
-django-setup-configuration==0.3.0
+django-setup-configuration==0.5.0
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   mozilla-django-oidc-db
 django-simple-certmanager==1.4.1
     # via
     #   -c requirements/base.txt
@@ -749,11 +750,12 @@ mozilla-django-oidc==4.0.1
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   mozilla-django-oidc-db
-mozilla-django-oidc-db==0.19.0
+mozilla-django-oidc-db[setup-configuration]==0.21.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   django-digid-eherkenning
+    #   mozilla-django-oidc-db
 multidict==6.0.5
     # via yarl
 mypy-extensions==1.0.0
@@ -837,16 +839,24 @@ pycparser==2.20
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   cffi
-pydantic[email]==2.6.4
+pydantic[email]==2.9.2
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   django-setup-configuration
     #   pydantic
-pydantic-core==2.16.3
+    #   pydantic-settings
+pydantic-core==2.23.4
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   pydantic
+pydantic-settings[yaml]==2.7.0
+    # via
+    #   -c requirements/base.txt
+    #   -r requirements/base.txt
+    #   django-setup-configuration
+    #   pydantic-settings
 pydyf==0.1.2
     # via
     #   -c requirements/base.txt
@@ -920,10 +930,11 @@ python-decouple==3.5
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
-python-dotenv==0.19.0
+python-dotenv==1.0.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
+    #   pydantic-settings
 python-stdnum==1.17
     # via
     #   -c requirements/base.txt
@@ -935,12 +946,13 @@ pytz==2021.3
     #   -r requirements/base.txt
     #   django-yubin
     #   djangorestframework
-pyyaml==6.0
+pyyaml==6.0.2
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt
     #   drf-spectacular
     #   gemma-zds-client
+    #   pydantic-settings
     #   tablib
     #   vcrpy
     #   zgw-consumers-oas
@@ -1165,7 +1177,7 @@ xsdata==23.8
     #   -r requirements/base.txt
 yarl==1.9.8
     # via vcrpy
-zgw-consumers==0.35.1
+zgw-consumers==0.36.1
     # via
     #   -c requirements/base.txt
     #   -r requirements/base.txt