recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/recipe-info/immich/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

70 lines
2.3 KiB
Markdown
Raw Blame History

# Immich Tests
## Target
- **URL:** https://immich.<DOMAIN_SUFFIX>
## Dependencies
- **Authentik** (`authentik.<DOMAIN_SUFFIX>`) — required for SSO/OIDC testing
## Test Setup
Before running all tests, the following must be in place:
### 1. Deploy authentik
```bash
abra app deploy authentik.<DOMAIN_SUFFIX> --chaos --force --no-input
```
### 2. Deploy Immich
```bash
abra app deploy immich.<DOMAIN_SUFFIX> --chaos --force --no-input
```
### 3. Run the Authentik integration setup
```bash
python3 recipe-info/immich/setup_authentik_integration.py
```
This configures authentik as the OAuth provider for Immich:
1. Creates an OAuth2 provider (`immich`) via the authentik REST API
2. Creates an Application linked to the provider
3. Creates a test user (`testuser` / `testpass123`) with an APP_PASSWORD token
4. Creates an Immich admin account via the Immich API
5. Configures Immich's OAuth settings via the Immich system config API
6. Writes credentials to `authentik-test-credentials.<DOMAIN_SUFFIX>.toml`
**Important:** The APP_PASSWORD token becomes invalid if authentik is redeployed. If the `oidc_login.py` test fails with "invalid, expired, revoked" token errors, re-run this setup script.
### 4. Verify
No redeploy needed — Immich's OAuth is configured via its API, not env vars.
## Automated Tests
- `tests/health_check.py` — Confirms the instance is reachable and returns HTTP 200.
- `tests/oidc_login.py` — Tests SSO/OIDC integration with Authentik. Checks OIDC discovery, APP_PASSWORD token grant, and Immich API authentication.
### Credentials
| Key | Description |
|-----|-------------|
| `ak_client_id` / `ak_client_secret` | OIDC client ID and secret |
| `ak_test_user` / `ak_test_pass` | Test user credentials (password for browser login) |
| `ak_test_app_password` | APP_PASSWORD token for password grant (authentik requires this instead of regular passwords) |
| `ak_test_email` | Test user email |
| `ak_discovery_endpoint` | Authentik OIDC discovery URL |
Stored in `authentik-test-credentials.<DOMAIN_SUFFIX>.toml`.
## Manual Verification
1. Open https://immich.<DOMAIN_SUFFIX> in a browser.
2. Confirm the Immich web interface loads without errors.
3. Confirm the "Login with Authentik" button appears on the login page.
4. Click it and verify redirect to Authentik for authentication.
Reference in New Issue View Git Blame Copy Permalink