From 32a743f501910b21c700c0f126edadc99ceb11eb Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 13:14:42 +0100 Subject: [PATCH] =?UTF-8?q?feat(2):=20Q3.3=20lasuite-meet=20recipe=5Fmeta?= =?UTF-8?q?=20=E2=80=94=20DEPS=3Dkeycloak=20+=20OIDC=5FAT=5FINSTALL=20+=20?= =?UTF-8?q?livekit-domain=20flatten=20(reuses=20lasuite-drive=20machinery)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-Authored-By: Claude Opus 4.8 (1M context) --- tests/lasuite-meet/recipe_meta.py | 38 +++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 tests/lasuite-meet/recipe_meta.py diff --git a/tests/lasuite-meet/recipe_meta.py b/tests/lasuite-meet/recipe_meta.py new file mode 100644 index 0000000..b921e6b --- /dev/null +++ b/tests/lasuite-meet/recipe_meta.py @@ -0,0 +1,38 @@ +# Per-recipe harness config for lasuite-meet (Phase 2 Q3.3 — La Suite / impress sibling of +# lasuite-docs + lasuite-drive; real-time video meetings via LiveKit, OIDC-dependent). +# +# Stack: app (React SPA) + backend (Django) + celery + db (postgres) + redis + livekit (SFU/WebSocket +# signaling) + web (nginx). OIDC (keycloak) is REQUIRED by the recipe. +# +# Health: the SPA is served at `/` and returns 200 unauthenticated (login is OIDC-gated, exercised by +# the SSO functional tests, not the install health check). +HEALTH_PATH = "/" +HEALTH_OK = (200, 301, 302) +# Moderate stack (no onlyoffice/collabora office backends — lighter than lasuite-drive); livekit + +# impress front/backend + postgres. Generous but smaller window than drive. +DEPLOY_TIMEOUT = 1200 +HTTP_TIMEOUT = 600 + +# SSO-dependent (recipe.toml requires=["keycloak"], [sso] provider=keycloak). Wire OIDC at INSTALL +# time against the live-warm keycloak — same machinery as lasuite-drive (Q3.2a): the orchestrator +# provisions the per-run realm BEFORE the single `abra app deploy`, and tests/lasuite-meet/ +# install_steps.sh writes the OIDC env + client secret into that one deploy (no post-deploy +# reconverge). Meet boots fine with OIDC env set because keycloak is live-warm. +DEPS = ["keycloak"] +OIDC_AT_INSTALL = True + + +def EXTRA_ENV(domain): + # lasuite-meet routes LiveKit's WebSocket signaling on a DOMAIN-derived **nested** subdomain + # `LIVEKIT_DOMAIN="livekit.${DOMAIN}"`. The cc-ci wildcard TLS cert is `*.ci.commoninternet.net` + # (single label only), so a 2-label name like `livekit.lasuite-meet-pr0-abc.ci.commoninternet.net` + # is NOT covered → TLS failure on that router. Flatten to a single-label SIBLING under the + # wildcard (`livekit-`) so the existing wildcard cert covers it and Traefik routes it with + # no cert/gateway change. Same fix as lasuite-drive's minio/collabora siblings (DECISIONS.md + # "Phase 2 — nested DOMAIN-derived subdomains"). + return { + "LIVEKIT_DOMAIN": f"livekit-{domain}", + # abra's internal per-deploy convergence TIMEOUT (default 300s) is too short for this stack on + # a cold image cache; bump it (kept under DEPLOY_TIMEOUT so Python never kills abra mid-wait). + "TIMEOUT": "1000", + }