cc-ci/tests/lasuite-drive/PARITY.md

Parity — lasuite-drive

Phase-2 P2 mapping table. The Adversary cold-verifies parity by reading the source recipe-info/lasuite-drive/tests/<file> and the cc-ci file side-by-side.

Enrollment status: Q3.2 SSO iteration. Base deploy + lifecycle (install/upgrade/backup/restore data-integrity) + parity health_check landed first; the base proved cold-green @2026-05-28 (all 12 services incl. onlyoffice+collabora). Now landed on top: DEPS=["keycloak"] + setup_custom_tests.sh OIDC wiring + the OIDC SSO test + the MinIO storage round-trip (the §4.3 specifics). WOPI discovery is a further (3rd) test beyond the ≥2 floor — still planned. This file is updated as each row lands; nothing is a silent omission.

recipe-maintainer file	cc-ci file	what's verified	status
recipe-info/lasuite-drive/tests/health_check.py	tests/lasuite-drive/functional/test_health_check.py	App serves over HTTPS and returns 200/301/302 from /. Port preserves the assertion shape, adapted to the ephemeral per-run domain via live_app.	ported
recipe-info/lasuite-drive/tests/oidc_login.py	tests/lasuite-drive/functional/test_oidc_with_keycloak.py	Original: Drive /api/v1.0/authenticate/ redirects to Keycloak → password-grant token → /api/v1.0/users/me/ returns the user. cc-ci port deploys keycloak as a per-run dep (DEPS=["keycloak"]), wires OIDC env via setup_custom_tests.sh, exercises discovery + password grant + JWT claims (iss/azp/typ/exp) against the dep realm lasuite-drive (mirrors the proven lasuite-docs test_oidc_with_keycloak). @requires_deps so a deps-not-ready skip fails the run (F2-11), not a silent green.	ported
recipe-info/lasuite-drive/tests/wopi_configured.py	tests/lasuite-drive/functional/test_wopi_configured.py (planned)	Original: Collabora + OnlyOffice WOPI discovery endpoints return valid WOPI XML. cc-ci port checks the Collabora discovery XML over the flattened collabora-<domain> route (pure HTTP, no browser/SSO).	pending
recipe-info/lasuite-drive/tests/wopi_on_startup.py	(see DECISIONS / DEFERRED)	Original: greps celery worker container logs for the entrypoint WOPI trigger. cc-ci port via docker service logs on the celery service.	pending
recipe-info/lasuite-drive/tests/celery_beat_wopi.py	(likely DEFERRED — "thorough mode only")	Original sleeps 15–90s waiting for Celery Beat to fire; recipe-maintainer marks it "thorough mode only". Candidate for the --extra-tests opt-in (DEFERRED.md), like the matrix-synapse operational ports.	likely deferred

Recipe-specific tests (Phase-2 P3, ≥2 beyond parity)

cc-ci file	what's verified	status
functional/test_oidc_with_keycloak.py	SSO round-trip against the dep keycloak: OIDC discovery advertises realm lasuite-drive; password grant yields a valid JWT with iss/azp/typ/exp claims. Drive is OIDC-required — this is its defining auth path.	landed
functional/test_minio_storage.py	The §4.3 create-an-object + read-it-back, at Drive's storage layer: confirms the drive-media-storage MinIO bucket exists, then a real upload → list → download round-trip (unique marker) asserting the bytes survive. Runs mc inside the minio container with the in-container root creds. Non-health-only: a missing bucket or broken object store fails it.	landed
functional/test_wopi_configured.py (planned, 3rd beyond floor)	Collabora WOPI discovery XML served + valid over the flattened collabora-<domain> route — Drive's in-browser office-editing feature.	planned

Backup data-integrity (P4) — landed

Exercised by the Phase-1d/1e lifecycle overlays (tests/lasuite-drive/{test_backup.py,test_restore.py, ops.py}): a ci_marker row is seeded in postgres pre-backup, the table dropped pre-restore, and the restored DB asserted to match the pre-mutation original. Real seed→backup→mutate→restore→assert.

Non-ports / deferrals

celery_beat_wopi.py is recipe-maintainer "thorough mode only" (sleeps up to 90s for a scheduler tick) — a candidate for the --extra-tests opt-in deferral (DEFERRED.md), consistent with the matrix-synapse operational-test deferrals. Confirmed/justified when the SSO iteration lands.