recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/recipe-info/immich/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

2.3 KiB
Raw Blame History

Immich Tests

Target

Dependencies

  • Authentik (authentik.<DOMAIN_SUFFIX>) — required for SSO/OIDC testing

Test Setup

Before running all tests, the following must be in place:

1. Deploy authentik

abra app deploy authentik.<DOMAIN_SUFFIX> --chaos --force --no-input

2. Deploy Immich

abra app deploy immich.<DOMAIN_SUFFIX> --chaos --force --no-input

3. Run the Authentik integration setup

python3 recipe-info/immich/setup_authentik_integration.py

This configures authentik as the OAuth provider for Immich:

  1. Creates an OAuth2 provider (immich) via the authentik REST API
  2. Creates an Application linked to the provider
  3. Creates a test user (testuser / testpass123) with an APP_PASSWORD token
  4. Creates an Immich admin account via the Immich API
  5. Configures Immich's OAuth settings via the Immich system config API
  6. Writes credentials to authentik-test-credentials.<DOMAIN_SUFFIX>.toml

Important: The APP_PASSWORD token becomes invalid if authentik is redeployed. If the oidc_login.py test fails with "invalid, expired, revoked" token errors, re-run this setup script.

4. Verify

No redeploy needed — Immich's OAuth is configured via its API, not env vars.

Automated Tests

  • tests/health_check.py — Confirms the instance is reachable and returns HTTP 200.
  • tests/oidc_login.py — Tests SSO/OIDC integration with Authentik. Checks OIDC discovery, APP_PASSWORD token grant, and Immich API authentication.

Credentials

Key Description
ak_client_id / ak_client_secret OIDC client ID and secret
ak_test_user / ak_test_pass Test user credentials (password for browser login)
ak_test_app_password APP_PASSWORD token for password grant (authentik requires this instead of regular passwords)
ak_test_email Test user email
ak_discovery_endpoint Authentik OIDC discovery URL

Stored in authentik-test-credentials.<DOMAIN_SUFFIX>.toml.

Manual Verification

  1. Open https://immich.<DOMAIN_SUFFIX> in a browser.
  2. Confirm the Immich web interface loads without errors.
  3. Confirm the "Login with Authentik" button appears on the login page.
  4. Click it and verify redirect to Authentik for authentication.