feat(2): Q3.3 lasuite-meet recipe_meta — DEPS=keycloak + OIDC_AT_INSTALL + livekit-domain flatten (reuses lasuite-drive machinery)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
38
tests/lasuite-meet/recipe_meta.py
Normal file
38
tests/lasuite-meet/recipe_meta.py
Normal file
@ -0,0 +1,38 @@
|
||||
# Per-recipe harness config for lasuite-meet (Phase 2 Q3.3 — La Suite / impress sibling of
|
||||
# lasuite-docs + lasuite-drive; real-time video meetings via LiveKit, OIDC-dependent).
|
||||
#
|
||||
# Stack: app (React SPA) + backend (Django) + celery + db (postgres) + redis + livekit (SFU/WebSocket
|
||||
# signaling) + web (nginx). OIDC (keycloak) is REQUIRED by the recipe.
|
||||
#
|
||||
# Health: the SPA is served at `/` and returns 200 unauthenticated (login is OIDC-gated, exercised by
|
||||
# the SSO functional tests, not the install health check).
|
||||
HEALTH_PATH = "/"
|
||||
HEALTH_OK = (200, 301, 302)
|
||||
# Moderate stack (no onlyoffice/collabora office backends — lighter than lasuite-drive); livekit +
|
||||
# impress front/backend + postgres. Generous but smaller window than drive.
|
||||
DEPLOY_TIMEOUT = 1200
|
||||
HTTP_TIMEOUT = 600
|
||||
|
||||
# SSO-dependent (recipe.toml requires=["keycloak"], [sso] provider=keycloak). Wire OIDC at INSTALL
|
||||
# time against the live-warm keycloak — same machinery as lasuite-drive (Q3.2a): the orchestrator
|
||||
# provisions the per-run realm BEFORE the single `abra app deploy`, and tests/lasuite-meet/
|
||||
# install_steps.sh writes the OIDC env + client secret into that one deploy (no post-deploy
|
||||
# reconverge). Meet boots fine with OIDC env set because keycloak is live-warm.
|
||||
DEPS = ["keycloak"]
|
||||
OIDC_AT_INSTALL = True
|
||||
|
||||
|
||||
def EXTRA_ENV(domain):
|
||||
# lasuite-meet routes LiveKit's WebSocket signaling on a DOMAIN-derived **nested** subdomain
|
||||
# `LIVEKIT_DOMAIN="livekit.${DOMAIN}"`. The cc-ci wildcard TLS cert is `*.ci.commoninternet.net`
|
||||
# (single label only), so a 2-label name like `livekit.lasuite-meet-pr0-abc.ci.commoninternet.net`
|
||||
# is NOT covered → TLS failure on that router. Flatten to a single-label SIBLING under the
|
||||
# wildcard (`livekit-<domain>`) so the existing wildcard cert covers it and Traefik routes it with
|
||||
# no cert/gateway change. Same fix as lasuite-drive's minio/collabora siblings (DECISIONS.md
|
||||
# "Phase 2 — nested DOMAIN-derived subdomains").
|
||||
return {
|
||||
"LIVEKIT_DOMAIN": f"livekit-{domain}",
|
||||
# abra's internal per-deploy convergence TIMEOUT (default 300s) is too short for this stack on
|
||||
# a cold image cache; bump it (kept under DEPLOY_TIMEOUT so Python never kills abra mid-wait).
|
||||
"TIMEOUT": "1000",
|
||||
}
|
||||
Reference in New Issue
Block a user