recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/recipe-info/authentik/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

86 lines
3.2 KiB
Markdown
Raw Blame History

# Authentik Test Plan
Target: `https://authentik.<DOMAIN_SUFFIX>`
## Services
| Service | Image | Purpose |
|---------|-------|---------|
| app | `ghcr.io/goauthentik/server` | Web server (port 9000) |
| worker | `ghcr.io/goauthentik/server` | Background worker |
| db | `postgres:15` | PostgreSQL database |
## Test Setup
Before running all tests, the following must be in place:
### 1. Deploy authentik
```bash
abra app deploy authentik.<DOMAIN_SUFFIX> --chaos --force --no-input
```
### 2. Deploy the ld2 instance (test dependency)
The OIDC integration test uses a second La Suite Docs instance (`ld2`) as the relying party. This is separate from the primary `lasuite-docs` instance (which uses Keycloak for SSO).
If `ld2` does not exist yet, create it:
```bash
abra app new lasuite-docs --server <SERVER> --domain ld2.<DOMAIN_SUFFIX> --no-input
abra app secret generate ld2.<DOMAIN_SUFFIX> --all -m --no-input
abra app deploy ld2.<DOMAIN_SUFFIX> --chaos --force --no-input
```
If it already exists, just deploy:
```bash
abra app deploy ld2.<DOMAIN_SUFFIX> --chaos --force --no-input
```
### 3. Run the Authentik-Docs integration setup
```bash
python3 recipe-info/authentik/setup_docs_integration.py
```
This configures authentik as the OIDC provider for ld2:
1. Creates an OAuth2 provider (`lasuite-docs`) via the authentik REST API
2. Creates an Application linked to the provider
3. Creates a test user (`testuser` / `testpass123`) with an APP_PASSWORD token
4. Inserts the OIDC client secret into the ld2 Docs app via `abra app secret insert`
5. Updates the ld2 env file with authentik OIDC endpoints
6. Writes credentials to `authentik-test-credentials.<DOMAIN_SUFFIX>.toml`
### 4. Redeploy ld2 with OIDC config
```bash
abra app deploy ld2.<DOMAIN_SUFFIX> --chaos --force --no-input
```
## Automated Tests
- `tests/health_check.py` — HTTP 200 check on the main URL
- `tests/oidc_integration.py` — Full OIDC flow: obtains a token from authentik for a test user, then authenticates against the ld2 La Suite Docs API
### Credentials
| Key | Description |
|-----|-------------|
| `ak_token` | Authentik admin bootstrap token |
| `ak_client_id` / `ak_client_secret` | OIDC client ID and secret |
| `ak_test_user` / `ak_test_pass` | Test user credentials (password for browser login) |
| `ak_test_app_password` | APP_PASSWORD token for password grant (authentik requires this instead of regular passwords) |
| `ak_test_email` | Test user email |
Stored in `authentik-test-credentials.<DOMAIN_SUFFIX>.toml`.
## Manual Verification
1. Open `https://authentik.<DOMAIN_SUFFIX>` in a browser — should show the authentik login page
2. Log in with admin credentials: `akadmin` / `<admin_pass from testsecrets>`
3. Navigate to Admin Interface — should load the admin dashboard
4. Check System → System Tasks — background worker should be processing tasks
5. Navigate to Applications → Providers — verify `lasuite-docs` OAuth2 provider exists
6. Navigate to Applications → Applications — verify `lasuite-docs` application exists
7. Open `https://ld2.<DOMAIN_SUFFIX>` — click Login and verify the OIDC redirect to authentik works
8. Log in as `testuser` / `testpass123` — should redirect back to Docs as the authenticated user
Reference in New Issue View Git Blame Copy Permalink