fd02d9f4b8
All checks were successful
continuous-integration/drone/push Build is passing
harness.meta.HookCtx (frozen): .domain, .base_url, .meta (RecipeMeta), .deps (provisioned dep creds from $CCCI_DEPS_FILE or None), .op (current lifecycle op or None); built via meta.hook_ctx() at each hook call site. All recipe callables now take ctx: EXTRA_ENV(ctx), UPGRADE_EXTRA_ENV(ctx), READY_PROBE(ctx), BACKUP_VERIFY(ctx), SCREENSHOT(page, ctx), ops.py pre_<op>(ctx). Dict-valued EXTRA_ENV/UPGRADE_EXTRA_ENV unchanged (only the callable signature moved). Call sites converted: deploy_app env shaping, perform_upgrade, wait_ready_probes (gains op=), _perform_op BACKUP_VERIFY, screenshot.capture, _run_pre_hook. Legacy signatures fail FAST with a clear migration message: the registry carries hook_params per hook key, enforced at meta.load() (MetaError names the old vs new signature); ops.py pre-op hooks get the same check at the orchestrator call site (meta.check_hook_signature) — no silent TypeError mid-run. Migrated every in-repo user mechanically (17 ops.py files; cryptpad/lasuite-*/ mailu EXTRA_ENV; mumble+lasuite-drive READY_PROBE; ghost/discourse BACKUP_VERIFY) — seeded values, probes and assertions byte-identical (domain -> ctx.domain; keycloak pre_restore's meta arg -> ctx.meta). Unit tests: hook_ctx field contract, ctx.deps from the run deps file, legacy- signature MetaError (READY_PROBE/EXTRA_ENV/SCREENSHOT + pre-op checker), ctx signatures accepted. Docs table regenerated (signature docs in key docs). Verified on cc-ci: cc-ci-run -m pytest tests/unit -q -> 180 passed; scripts/lint.sh -> PASS.
34 lines
1.3 KiB
Python
34 lines
1.3 KiB
Python
"""keycloak — pre-op seed hooks (Phase 1e HC3). The orchestrator runs these BEFORE the op; the
|
|
matching test_<op>.py asserts post-op (assertion-only). The data marker is a realm in mariadb,
|
|
written via the keycloak admin API (kc_admin)."""
|
|
|
|
import os
|
|
import sys
|
|
|
|
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
|
|
import kc_admin # noqa: E402
|
|
from harness import generic # noqa: E402
|
|
|
|
|
|
def _token(domain):
|
|
return kc_admin.admin_token(domain, kc_admin.admin_password(domain))
|
|
|
|
|
|
def pre_upgrade(ctx):
|
|
# create the marker realm (DB data) before the upgrade so the overlay can prove it survives
|
|
assert kc_admin.create_marker_realm(ctx.domain, _token(ctx.domain)) in (201, 409)
|
|
|
|
|
|
def pre_backup(ctx):
|
|
# establish the marker realm before the backup op captures mariadb
|
|
assert kc_admin.create_marker_realm(ctx.domain, _token(ctx.domain)) in (201, 409)
|
|
|
|
|
|
def pre_restore(ctx):
|
|
# backup-bot-two cycles the keycloak container during backup → wait for serving, re-auth, then
|
|
# delete the realm (diverge from the backup) so a successful restore is observable
|
|
generic.assert_serving(ctx.domain, ctx.meta)
|
|
tok = _token(ctx.domain)
|
|
assert kc_admin.delete_marker_realm(ctx.domain, tok) in (204, 200)
|
|
assert not kc_admin.marker_realm_exists(ctx.domain, tok), "delete did not take"
|