feat(core): DSPX-2126 simplify docker compose UX

docker-compose.base.yaml

@@ -0,0 +1,200 @@
+# Base docker-compose configuration with shared services
+# This file is extended by docker-compose.yaml and docker-compose.consumer.yaml
+networks:
+  default:
+    name: opentdf_platform
+
+services:
+  opentdfdb:
+    image: postgres:15-alpine
+    restart: always
+    user: postgres
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: changeme
+      POSTGRES_DB: opentdf
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+    ports:
+      - "${POSTGRES_EXPOSE_PORT:-5432}:5432"
+
+  jaeger:
+    image: jaegertracing/all-in-one:latest
+    environment:
+      COLLECTOR_OTLP_ENABLED: "true"
+    ports:
+      - "16686:16686"   # Web UI
+      - "4317:4317"     # OTLP gRPC
+      - "4318:4318"     # OTLP HTTP
+      - "14250:14250"   # Model/collector gRPC
+    profiles:
+      - tracing
+    restart: always
+
+  # Entity Resolution Service Testing Infrastructure
+  # 
+  # Provides PostgreSQL and OpenLDAP services for comprehensive ERS testing
+  # Enables full multi-strategy ERS testing with SQL and LDAP providers
+  #
+  # Usage:
+  #   docker-compose --profile ers-test up -d                    # Start ERS test services
+  #   docker-compose --profile ers-admin up -d                   # Include LDAP admin UI  
+  #   ERS_TEST_POSTGRES_URL="postgres://ers_test_user:ers_test_pass@localhost:5433/ers_test?sslmode=disable" \
+  #   ERS_TEST_LDAP_URL="ldap://localhost:1389" \
+  #   go test ./service/entityresolution/integration -run TestMultiStrategy -v
+  #
+  # Services:
+  #   - ers-postgres: PostgreSQL 16 on port 5433 with test schema and data
+  #   - ers-ldap: OpenLDAP on port 1389 with organizational test data
+  #   - ers-ldap-admin: phpLDAPadmin on port 6443 (ers-admin profile only)
+
+  # PostgreSQL for ERS SQL provider testing
+  ers-postgres:
+    image: postgres:16-alpine
+    container_name: ers_test_postgres
+    profiles:
+      - ers-test
+      - ers-admin
+    ports:
+      - "5433:5432"  # Different port to avoid conflicts with main opentdfdb
+    environment:
+      POSTGRES_DB: ers_test
+      POSTGRES_USER: ers_test_user
+      POSTGRES_PASSWORD: ers_test_pass
+      POSTGRES_INITDB_ARGS: "--encoding=UTF-8"
+    volumes:
+      - ers_postgres_data:/var/lib/postgresql/data
+      - ./service/entityresolution/integration/sql_test_data:/docker-entrypoint-initdb.d
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ers_test_user -d ers_test"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  # OpenLDAP for ERS LDAP provider testing
+  ers-ldap:
+    image: osixia/openldap:1.5.0
+    container_name: ers_test_openldap
+    profiles:
+      - ers-test
+      - ers-admin
+    ports:
+      - "1389:389"   # LDAP port (different from standard 389)
+      - "1636:636"   # LDAPS port (different from standard 636)
+    environment:
+      LDAP_ORGANISATION: "OpenTDF Test"
+      LDAP_DOMAIN: "opentdf.test"
+      LDAP_ADMIN_PASSWORD: "admin_password"
+      LDAP_CONFIG_PASSWORD: "config_password"
+      LDAP_READONLY_USER: "true"
+      LDAP_READONLY_USER_USERNAME: "readonly"
+      LDAP_READONLY_USER_PASSWORD: "readonly_password"
+      LDAP_RFC2307BIS_SCHEMA: "false"
+      LDAP_BACKEND: "mdb"
+      LDAP_TLS: "true"
+      LDAP_TLS_ENFORCE: "false"
+      LDAP_REPLICATION: "false"
+      KEEP_EXISTING_CONFIG: "false"
+      LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
+    volumes:
+      - ers_ldap_data:/var/lib/ldap
+      - ers_ldap_config:/etc/ldap/slapd.d
+      - ./service/entityresolution/integration/ldap_test_data:/container/service/slapd/assets/config/bootstrap/ldif/custom
+    healthcheck:
+      test: ["CMD-SHELL", "ldapsearch -x -H ldap://localhost:389 -b dc=opentdf,dc=test -D cn=admin,dc=opentdf,dc=test -w admin_password '(objectclass=*)' dn"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    restart: unless-stopped
+
+  # phpLDAPadmin for LDAP management (admin profile only)
+  ers-ldap-admin:
+    image: osixia/phpldapadmin:latest
+    container_name: ers_ldap_admin
+    profiles:
+      - ers-admin  # Only available with --profile ers-admin
+    ports:
+      - "6443:443"
+    environment:
+      PHPLDAPADMIN_LDAP_HOSTS: ers-ldap
+      PHPLDAPADMIN_HTTPS: "false"
+    depends_on:
+      ers-ldap:
+        condition: service_healthy
+
+  # Base Keycloak configuration (extended by specific compose files)
+  keycloak:
+    image: keycloak/keycloak:25.0
+    restart: always
+    command:
+    - "start-dev"
+    - "--verbose"
+    - "-Djavax.net.ssl.trustStorePassword=password"
+    - "-Djavax.net.ssl.HostnameVerifier=AllowAll"
+    - "-Djavax.net.ssl.trustStore=/truststore/truststore.jks"
+    - "--spi-truststore-file-hostname-verification-policy=ANY"
+    environment:
+      KC_PROXY: edge
+      KC_HTTP_RELATIVE_PATH: /auth
+      KC_DB_VENDOR: postgres
+      KC_DB_URL_HOST: keycloakdb
+      KC_DB_URL_PORT: 5432
+      KC_DB_URL_DATABASE: keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: changeme
+      KC_HOSTNAME_STRICT: "false"
+      KC_HOSTNAME_STRICT_BACKCHANNEL: "false"
+      KC_HOSTNAME_STRICT_HTTPS: "false"
+      KC_HTTP_ENABLED: "true"
+      KC_HTTP_PORT: "8888"
+      KC_HTTPS_PORT: "8443"
+      KC_HTTP_MANAGEMENT_PORT: "9001"
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: changeme
+      KC_FEATURES: "preview,token-exchange"
+      KC_HEALTH_ENABLED: "true"
+      KC_HTTPS_KEY_STORE_PASSWORD: "password"
+      KC_HTTPS_KEY_STORE_FILE: "/truststore/truststore.jks"
+      KC_HTTPS_CERTIFICATE_FILE: "/etc/x509/tls/localhost.crt"
+      KC_HTTPS_CERTIFICATE_KEY_FILE: "/etc/x509/tls/localhost.key"
+      KC_HTTPS_CLIENT_AUTH: "request"
+      JAVA_OPTS_APPEND: "${JAVA_OPTS_APPEND:-}"
+    ports:
+      - "${KC_EXPOSE_PORT:-8443}:8443"
+      - "${KC_EXPOSE_PORT_HTTP:-8888}:8888"
+      - "${KC_EXPOSE_PORT_MGMT:-9001}:9001"
+    healthcheck:
+      test:
+        - CMD-SHELL
+        - |
+          [ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { 
+            public static void main(String[] args) throws java.lang.Throwable { 
+              javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); 
+              javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance(\"SSL\"); 
+              sc.init(null, new javax.net.ssl.TrustManager[]{ 
+                new javax.net.ssl.X509TrustManager() { 
+                  public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } 
+                  public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {} 
+                  public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {} 
+                } 
+              }, new java.security.SecureRandom()); 
+              javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 
+              java.net.HttpURLConnection conn = (java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection(); 
+              System.exit(java.net.HttpURLConnection.HTTP_OK == conn.getResponseCode() ? 0 : 1); 
+            } 
+          }" > /tmp/HealthCheck.java && java ${JAVA_OPTS_APPEND} /tmp/HealthCheck.java https://localhost:9001/auth/health/live
+      timeout: 10s
+      retries: 3
+      start_period: 2m
+
+volumes:
+  ers_postgres_data:
+    name: ers_test_postgres_data
+  ers_ldap_data:
+    name: ers_test_ldap_data
+  ers_ldap_config:
+    name: ers_test_ldap_config