recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/recipe-info/authentik/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

3.2 KiB
Raw Blame History

Authentik Test Plan

Target: https://authentik.<DOMAIN_SUFFIX>

Services

Service Image Purpose
app ghcr.io/goauthentik/server Web server (port 9000)
worker ghcr.io/goauthentik/server Background worker
db postgres:15 PostgreSQL database

Test Setup

Before running all tests, the following must be in place:

1. Deploy authentik

abra app deploy authentik.<DOMAIN_SUFFIX> --chaos --force --no-input

2. Deploy the ld2 instance (test dependency)

The OIDC integration test uses a second La Suite Docs instance (ld2) as the relying party. This is separate from the primary lasuite-docs instance (which uses Keycloak for SSO).

If ld2 does not exist yet, create it:

abra app new lasuite-docs --server <SERVER> --domain ld2.<DOMAIN_SUFFIX> --no-input
abra app secret generate ld2.<DOMAIN_SUFFIX> --all -m --no-input
abra app deploy ld2.<DOMAIN_SUFFIX> --chaos --force --no-input

If it already exists, just deploy:

abra app deploy ld2.<DOMAIN_SUFFIX> --chaos --force --no-input

3. Run the Authentik-Docs integration setup

python3 recipe-info/authentik/setup_docs_integration.py

This configures authentik as the OIDC provider for ld2:

  1. Creates an OAuth2 provider (lasuite-docs) via the authentik REST API
  2. Creates an Application linked to the provider
  3. Creates a test user (testuser / testpass123) with an APP_PASSWORD token
  4. Inserts the OIDC client secret into the ld2 Docs app via abra app secret insert
  5. Updates the ld2 env file with authentik OIDC endpoints
  6. Writes credentials to authentik-test-credentials.<DOMAIN_SUFFIX>.toml

4. Redeploy ld2 with OIDC config

abra app deploy ld2.<DOMAIN_SUFFIX> --chaos --force --no-input

Automated Tests

  • tests/health_check.py — HTTP 200 check on the main URL
  • tests/oidc_integration.py — Full OIDC flow: obtains a token from authentik for a test user, then authenticates against the ld2 La Suite Docs API

Credentials

Key Description
ak_token Authentik admin bootstrap token
ak_client_id / ak_client_secret OIDC client ID and secret
ak_test_user / ak_test_pass Test user credentials (password for browser login)
ak_test_app_password APP_PASSWORD token for password grant (authentik requires this instead of regular passwords)
ak_test_email Test user email

Stored in authentik-test-credentials.<DOMAIN_SUFFIX>.toml.

Manual Verification

  1. Open https://authentik.<DOMAIN_SUFFIX> in a browser — should show the authentik login page
  2. Log in with admin credentials: akadmin / <admin_pass from testsecrets>
  3. Navigate to Admin Interface — should load the admin dashboard
  4. Check System → System Tasks — background worker should be processing tasks
  5. Navigate to Applications → Providers — verify lasuite-docs OAuth2 provider exists
  6. Navigate to Applications → Applications — verify lasuite-docs application exists
  7. Open https://ld2.<DOMAIN_SUFFIX> — click Login and verify the OIDC redirect to authentik works
  8. Log in as testuser / testpass123 — should redirect back to Docs as the authenticated user