Make JSON Service Registry read only

[Kostas Kalevras]

Hello team

We are using Apereo CAS in production with the JPA Service Registry and are planning to move to 7.X and Palantir for server administration.

We have also written our own custom code for the server using the overlay architecture and implement development and testing on a Docker environment which also includes puppeteer tests for regression testing (these are also used as PR tests in a branch protection setting). These puppeteer tests check for all protocols (CAS, OIDC, SAML, REST etc).

One problem we are facing is that the service definitions must be already setup in order for the tests to run (even as a github action). If we try to initialize services using JSON files as per the documentation we face a few problems.

Initialization from JSON files requires the JSON service registry. This registry is read-write. Which means that if we add a new service using the relevant endpoint then that service is added twice, once in the JPA and once as a JSON file in the JSON service registry. We already tried making the JSON directory read-only by mounting an ro Docker volume but this leads to the JSON service registry throwing an exception when adding a new service.

Is there a way (property) to make the JSON service registry read-only? Taking a look at the relevant source code did not show promising results. Our only alternative is to make the puppeteer test add the services using the relevant endpoint before it runs but we'd prefer to have the corresponding general service JSON files in our CAS source code (src/main/resources/services/*.json).

Thank you for your help