8cd72fd78d
All checks were successful
continuous-integration/drone/push Build is passing
a) compose.ccci.yml is FIRST-CLASS: the harness auto-copies tests/<recipe>/ compose.ccci.yml into the run's recipe checkout (ABRA_DIR-aware, lifecycle. provide_ccci_overlay) and auto-chaoses the pinned base deploy on its presence (kills the R7 implicit coupling). ghost/discourse install_steps.sh (copy-only boilerplate) deleted; CHAOS_BASE_DEPLOY removed from both metas + the registry. b) install-time deps wiring is the ONLY mode: deps with DEPS provision BEFORE the single deploy; legacy post-deploy provisioning + the setup_custom_tests.sh invocation machinery deleted. lasuite-docs migrated to install_steps.sh OIDC wiring (same env names/values as the old hook — only the timing moved); lasuite-drive's remaining post-deploy MinIO bucket one-shot moved to ops.py pre_install; both setup_custom_tests.sh files deleted; OIDC_AT_INSTALL removed from drive/meet metas + the registry. c) SKIP_GENERIC meta key deleted (zero users). Env form CCCI_SKIP_GENERIC* stays as the documented dev-only escape hatch; when active in a drone CI run the orchestrator prints a loud !! warning (manifest embedding lands in P5). d) conftest cleanup: dead pre-deploy-once fixtures deployed/deployed_app deleted (zero users), app_domain + _short + _wait_healthy dropped (only users were the deleted fixtures); deps_apps+deps_creds consolidated into ONE deps fixture (entries expose .domain etc. as attributes; dict access intact); the 6 lasuite test files renamed deps_creds->deps (fixture name only — assertions and flows byte-identical). requires_deps marker + F2-11 skip-report plumbing unchanged. Registry is now exactly the 14 final keys; docs §4 table regenerated. Stale setup_custom_tests/OIDC_AT_INSTALL prose in docstrings/comments/assert MESSAGES updated (no assert logic or expected value touched). Verified on cc-ci: cc-ci-run -m pytest tests/unit -q -> 175 passed; scripts/lint.sh -> PASS.
136 lines
5.8 KiB
Python
136 lines
5.8 KiB
Python
"""lasuite-meet — §4.3 meeting flow (Phase 2 P3): create a room, read it back, get a LiveKit join
|
|
token, delete it. Port of recipe-maintainer's meeting_flow.py.
|
|
|
|
SOURCE: references/recipe-maintainer/recipe-info/lasuite-meet/tests/meeting_flow.py
|
|
|
|
Meet's characteristic behavior is real-time meetings: a user creates a room and receives a LiveKit
|
|
(SFU) join token for WebSocket signaling. This is the §4.3 create-an-object + read-it-back, plus the
|
|
distinctive WebRTC-signaling feature (LiveKit token issuance) — not a health/200 stand-in. Flow:
|
|
1. OIDC password grant (the per-run keycloak user) → a Meet API bearer token.
|
|
2. POST /api/v1.0/rooms/ {name, access_level:public} → 201 with id/slug AND a LiveKit room+token.
|
|
3. GET /api/v1.0/rooms/{id}/ (read-it-back) → 200, again with a LiveKit token for the same room.
|
|
4. Assert the LiveKit token is a real JWT carrying a video grant for that room (token issuance —
|
|
the maximal testable subset of the WebRTC path; full UDP media relay is out of scope, see
|
|
test_livekit_signaling.py / DECISIONS if an env-blocker is recorded).
|
|
5. DELETE /api/v1.0/rooms/{id}/ → 204; GET again → 404 (object actually removed).
|
|
|
|
@requires_deps: skips with a clear reason if the keycloak dep wasn't provisioned (then F2-11 fails
|
|
the run rather than going green on a skipped SSO-dependent test).
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import base64
|
|
import json
|
|
import os
|
|
import sys
|
|
|
|
import pytest
|
|
|
|
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
|
|
from harness import http as harness_http # noqa: E402
|
|
from harness import sso
|
|
|
|
|
|
def _b64url(seg: str) -> bytes:
|
|
return base64.urlsafe_b64decode(seg + "=" * ((4 - len(seg) % 4) % 4))
|
|
|
|
|
|
def _creds(deps: dict) -> dict:
|
|
kc = deps["keycloak"]
|
|
return {
|
|
"provider": "keycloak",
|
|
"provider_domain": kc["domain"],
|
|
"realm": kc["realm"],
|
|
"client_id": kc["client_id"],
|
|
"client_secret": kc["client_secret"],
|
|
"user": kc["user"],
|
|
"password": kc["password"],
|
|
"email": kc["email"],
|
|
"discovery_url": kc["discovery_url"],
|
|
"token_url": kc["token_url"],
|
|
"auth_url": kc["auth_url"],
|
|
"userinfo_url": kc["userinfo_url"],
|
|
}
|
|
|
|
|
|
@pytest.mark.requires_deps
|
|
def test_create_room_get_livekit_token_and_read_back(live_app, deps):
|
|
assert "keycloak" in deps, f"keycloak creds missing; got {list(deps.keys())}"
|
|
base = f"https://{live_app}"
|
|
token = sso.oidc_password_grant(_creds(deps))
|
|
assert isinstance(token, str) and token.count(".") == 2, "OIDC access token is not a JWT"
|
|
auth = {"Authorization": f"Bearer {token}"}
|
|
|
|
# --- create a room (the object) ---
|
|
status, body = harness_http.http_post(
|
|
f"{base}/api/v1.0/rooms/",
|
|
data={"name": "ccci-meeting", "access_level": "public"},
|
|
headers=auth,
|
|
)
|
|
assert status == 201, f"room create returned HTTP {status} (expected 201); body={body!r}"
|
|
assert isinstance(body, dict), f"room create body not JSON: {body!r}"
|
|
room_id = body.get("id")
|
|
livekit = body.get("livekit") or {}
|
|
lk_room = livekit.get("room")
|
|
lk_token = livekit.get("token")
|
|
assert room_id, f"room created but no id: {body!r}"
|
|
assert (
|
|
lk_token and isinstance(lk_token, str) and lk_token.count(".") == 2
|
|
), f"room created but no LiveKit JWT token: {livekit!r}"
|
|
|
|
try:
|
|
# --- read it back (a fresh authenticated GET of the created room) ---
|
|
status, got = harness_http.http_request(
|
|
"GET", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth
|
|
)
|
|
assert status == 200, f"room read-back returned HTTP {status} (expected 200); body={got!r}"
|
|
assert (
|
|
isinstance(got, dict) and got.get("id") == room_id
|
|
), f"read-back room id mismatch: {got!r}"
|
|
got_lk = got.get("livekit") or {}
|
|
assert got_lk.get("token"), f"read-back room missing LiveKit token: {got!r}"
|
|
assert (
|
|
got_lk.get("room") == lk_room
|
|
), f"read-back LiveKit room {got_lk.get('room')!r} != create-time {lk_room!r}"
|
|
|
|
# --- the LiveKit token is a real signaling grant for this room (WebRTC subset) ---
|
|
payload = json.loads(_b64url(lk_token.split(".")[1]))
|
|
video = payload.get("video") or {}
|
|
assert (
|
|
video.get("room") == lk_room or payload.get("room") == lk_room
|
|
), f"LiveKit JWT does not grant the created room {lk_room!r}: {payload!r}"
|
|
finally:
|
|
# --- delete the room (cleanup + a real DELETE mutation) ---
|
|
del_status, _ = harness_http.http_request(
|
|
"DELETE", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth
|
|
)
|
|
assert del_status in (
|
|
204,
|
|
200,
|
|
), f"room delete returned HTTP {del_status} (expected 204/200)"
|
|
|
|
# --- best-effort: confirm the delete took (404 on re-GET). The §4.3 floor (create-an-object +
|
|
# read-it-back + LiveKit-token issuance) is already proven by the hard assertions above; this
|
|
# recipe version (lasuite-meet 0.3.0+v1.16.0) may soft-delete / delete async, so a re-GET can
|
|
# still 200 briefly. Poll for the 404; tolerate a persistent 200 (soft delete) without failing —
|
|
# do NOT weaken the §4.3 assertions, only this cleanup-verification whose semantics are
|
|
# version-dependent. (Recorded in PARITY.md.)
|
|
import time
|
|
|
|
gone = False
|
|
for _ in range(5):
|
|
status, _ = harness_http.http_request(
|
|
"GET", f"{base}/api/v1.0/rooms/{room_id}/", headers=auth
|
|
)
|
|
if status == 404:
|
|
gone = True
|
|
break
|
|
time.sleep(3)
|
|
if not gone:
|
|
print(
|
|
f" note: room {room_id} still GETs HTTP {status} after DELETE (soft/async delete on this "
|
|
"meet version); §4.3 create+read-back+LiveKit-token already asserted above",
|
|
flush=True,
|
|
)
|