From 2f56df4dc3f3d9047a8b960cf9f5afb3cde4f825 Mon Sep 17 00:00:00 2001
From: Luca Sacchi Ricciardi <luca.sacchi@gmail.com>
Date: Fri, 3 Apr 2026 17:38:17 +0200
Subject: [PATCH] docs(06): create Phase 6 plans for Lab 05 Database & RDS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 06-PLAN.md: Combined execution plan (test + docs + infra)
- 06-RESEARCH.md: Domain research on PostgreSQL, RDS parallels

Lab 05 integrates all previous concepts:
- Lab 01: Non-root containers (INF-01)
- Lab 02: Private networks (INF-02)
- Lab 03: Resource limits (INF-03)
- Lab 04: Named volumes (INF-04)

Key concepts:
- PostgreSQL in private network → RDS in VPC
- Named volume → EBS volume
- Resource limits → DB instance class

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .../phases/06-lab-05-database-rds/06-PLAN.md  | 117 +++++++++++++++++
 .../06-lab-05-database-rds/06-RESEARCH.md     | 121 ++++++++++++++++++
 2 files changed, 238 insertions(+)
 create mode 100644 .planning/phases/06-lab-05-database-rds/06-PLAN.md
 create mode 100644 .planning/phases/06-lab-05-database-rds/06-RESEARCH.md

diff --git a/.planning/phases/06-lab-05-database-rds/06-PLAN.md b/.planning/phases/06-lab-05-database-rds/06-PLAN.md
new file mode 100644
index 0000000..af3e3aa
--- /dev/null
+++ b/.planning/phases/06-lab-05-database-rds/06-PLAN.md
@@ -0,0 +1,117 @@
+---
+phase: 06-lab-05-database-rds
+plan: 01
+type: execute
+wave: 0
+depends_on: [02-lab-01-iam-sicurezza, 03-lab-02-network-vpc, 04-lab-03-compute-ec2, 05-lab-04-storage-s3]
+files_modified:
+  - labs/lab-05-database/tests/01-database-creation-test.sh
+  - labs/lab-05-database/tests/02-private-network-test.sh
+  - labs/lab-05-database/tests/03-persistence-test.sh
+  - labs/lab-05-database/tests/04-security-test.sh
+  - labs/lab-05-database/tests/99-final-verification.sh
+  - labs/lab-05-database/tests/run-all-tests.sh
+  - labs/lab-05-database/tests/quick-test.sh
+autonomous: true
+requirements: [LAB-05, TEST-01, TEST-05, INF-01, INF-02, INF-03, INF-04]
+user_setup: []
+
+must_haves:
+  truths:
+    - "Test scripts validate PostgreSQL deployment in private network"
+    - "Tests verify database is NOT accessible from host (INF-02)"
+    - "Tests verify data persistence (INF-04)"
+    - "Tests verify resource limits (INF-03)"
+    - "Tests verify non-root execution (INF-01)"
+  artifacts:
+    - path: "labs/lab-05-database/tests/01-database-creation-test.sh"
+      provides: "Database creation validation"
+      min_lines: 80
+    - path: "labs/lab-05-database/tests/02-private-network-test.sh"
+      provides: "Private network isolation testing"
+      min_lines: 100
+    - path: "labs/lab-05-database/tests/03-persistence-test.sh"
+      provides: "Data persistence verification (INF-04)"
+      min_lines: 80
+    - path: "labs/lab-05-database/tests/04-security-test.sh"
+      provides: "Security compliance testing (INF-01, INF-02, INF-03)"
+      min_lines: 100
+    - path: "labs/lab-05-database/tests/99-final-verification.sh"
+      provides: "Student double-check command"
+      min_lines: 120
+    - path: "labs/lab-05-database/tests/run-all-tests.sh"
+      provides: "Test orchestration with fail-fast"
+      min_lines: 60
+    - path: "labs/lab-05-database/tests/quick-test.sh"
+      provides: "Quick validation for development"
+      min_lines: 40
+key_links:
+  - from: "tests/02-private-network-test.sh"
+    to: "Lab 02 private networks"
+    via: "VPC private network concepts"
+    pattern: "private.*network"
+  - from: "tests/03-persistence-test.sh"
+    to: "Lab 04 named volumes"
+    via: "Volume persistence patterns"
+    pattern: "volume.*persistence"
+---
+
+<objective>
+Create comprehensive test infrastructure for Lab 05 (Database & RDS) following TDD RED phase methodology. Tests validate PostgreSQL deployment in private network, data persistence, resource limits, and full security compliance (INF-01, INF-02, INF-03, INF-04).
+
+Purpose: Establish verification foundation before implementing database infrastructure. Tests fail initially (RED phase) and pass after implementation (GREEN phase in Plan 06-03).
+
+Output: 7 bash test scripts covering database creation, private network isolation, persistence, security compliance, and final verification for students.
+</objective>
+
+<execution_context>
+@/home/luca/.claude/get-shit-done/workflows/execute-plan.md
+@/home/luca/.claude/get-shit-done/templates/summary.md
+</execution_context>
+
+<context>
+@.planning/REQUIREMENTS.md
+@.planning/phases/02-lab-01-iam-sicurezza/02-01-SUMMARY.md
+@.planning/phases/03-lab-02-network-vpc/03-01-SUMMARY.md
+
+# Integration with Previous Labs
+
+Lab 05 integrates concepts from all previous labs:
+- **Lab 01:** Non-root containers (INF-01)
+- **Lab 02:** Private networks (INF-02)
+- **Lab 03:** Resource limits (INF-03)
+- **Lab 04:** Named volumes (INF-04)
+
+# Test Requirements
+
+1. **Database Creation (01-database-creation-test.sh)**
+   - Verify PostgreSQL container starts
+   - Verify database initialization
+   - Verify connection parameters
+
+2. **Private Network Isolation (02-private-network-test.sh)**
+   - Verify database is in private network
+   - Verify database NOT accessible from host
+   - Verify only containers in same network can connect
+
+3. **Data Persistence (03-persistence-test.sh)**
+   - Verify data survives container restart
+   - Verify data survives container removal
+   - Verify volume is correctly mounted
+
+4. **Security Compliance (04-security-test.sh)**
+   - INF-01: Container runs as non-root
+   - INF-02: No ports exposed on host
+   - INF-03: Resource limits configured
+   - INF-04: Named volume for data
+
+5. **Final Verification (99-final-verification.sh)**
+   - End-to-end student validation
+   - All INF requirements verified
+   - Database functionality tested
+
+# Tone Guidelines
+- Direct, simple language (Italian)
+- No emojis
+- Technically accurate
+- Step-by-step with verification at each step
diff --git a/.planning/phases/06-lab-05-database-rds/06-RESEARCH.md b/.planning/phases/06-lab-05-database-rds/06-RESEARCH.md
new file mode 100644
index 0000000..1282a64
--- /dev/null
+++ b/.planning/phases/06-lab-05-database-rds/06-RESEARCH.md
@@ -0,0 +1,121 @@
+# Research: Lab 05 - Database & RDS
+
+**Objective:** Simulate AWS RDS (Relational Database Service) using PostgreSQL in Docker private network.
+
+---
+
+## Domain Research
+
+### PostgreSQL in Docker
+
+**Official Image:** `postgres:16-alpine`
+- Lightweight Alpine-based PostgreSQL
+- Default port: 5432
+- Environment variables for configuration:
+  - `POSTGRES_DB`: Database name
+  - `POSTGRES_USER`: Username
+  - `POSTGRES_PASSWORD`: Password
+  - `POSTGRES_INITDB_ARGS`: Initialization arguments
+
+**Healthcheck:** `pg_isready` command
+- Tests if PostgreSQL is ready to accept connections
+- Returns 0 if ready, non-zero if not ready
+
+### RDS Concepts
+
+**AWS RDS Features:**
+- Managed database service
+- Deployed in VPC private subnets
+- Automated backups (not simulating in lab)
+- Multi-AZ deployment (not simulating in lab)
+- Resource limits (instance classes)
+- Encryption at rest (not simulating in lab)
+
+**Instance Classes (for PARALLELISM):**
+- db.t2.micro: 1 vCPU, 1 GB RAM
+- db.t2.small: 1 vCPU, 2 GB RAM
+- db.t2.medium: 2 vCPU, 4 GB RAM
+
+### Integration with Previous Labs
+
+**Lab 01 (IAM):** Non-root containers
+- PostgreSQL container must NOT run as root
+
+**Lab 02 (Network):** Private networks
+- Database must be in private network
+- NO ports exposed on host
+
+**Lab 03 (Compute):** Resource limits
+- PostgreSQL must have CPU/memory limits
+
+**Lab 04 (Storage):** Named volumes
+- Database data must persist in named volume
+
+---
+
+## Common Pitfalls
+
+1. **Database accessible from host**
+   - Must NOT expose ports on host
+   - Only accessible from containers in same private network
+
+2. **Data loss on container restart**
+   - Must use named volume for data directory
+   - Volume must persist across container lifecycle
+
+3. **Running as root**
+   - PostgreSQL image runs as postgres user by default
+   - Must verify non-root execution
+
+4. **No resource limits**
+   - Must configure cpus and memory limits
+   - Prevents database from consuming all host resources
+
+---
+
+## Testing Strategy
+
+### RED Phase Tests (Plan 06-01)
+
+1. **Database Creation Test**
+   - Verify container starts successfully
+   - Verify database is initialized
+   - Verify pg_isready works
+
+2. **Private Network Test**
+   - Verify database is in private network
+   - Verify NOT accessible from host
+   - Verify accessible from same network
+
+3. **Persistence Test**
+   - Create test data
+   - Stop container
+   - Start container
+   - Verify data still exists
+
+4. **Security Test**
+   - INF-01: Non-root user
+   - INF-02: No host port bindings
+   - INF-03: Resource limits
+   - INF-04: Named volume
+
+### GREEN Phase Implementation (Plan 06-03)
+
+- docker-compose.yml with PostgreSQL in private network
+- Named volume for data persistence
+- Resource limits for CPU/memory
+- Healthcheck configuration
+- No host port bindings (INF-02)
+
+---
+
+## Cloud Parallels (PARA-01/02/03/04)
+
+| Local Concept | AWS Equivalent | Parallel |
+|---------------|----------------|----------|
+| PostgreSQL container | RDS Instance | Managed database |
+| Private network | VPC Private Subnet | Isolated deployment |
+| Named volume | EBS volume | Data persistence |
+| Resource limits | Instance class | Compute allocation |
+| No root access | AWS IAM authentication | Access control |
+| pg_isready | RDS health check | Availability check |