recipe-maintainers/recipe-maintainer
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
460eba090ba6765b05a929d32d16ca984cf66e5a
recipe-maintainer/recipe-info/lasuite-drive/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit) 
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

4.4 KiB
Raw Blame History

La Suite Drive Tests

Requires

  • keycloak

Target

Prerequisites

Keycloak (keycloak.<DOMAIN_SUFFIX>) must be deployed before testing lasuite-drive. The OIDC login test and any manual authentication testing depend on it. If Keycloak is not running, deploy it first with /recipe-deploy keycloak.

Automated Checks

Run the scripts in tests/ to perform automated testing:

  • tests/health_check.py — Confirms the instance is reachable and returns HTTP 200.

  • tests/wopi_configured.py — Verifies WOPI discovery endpoints are reachable:

    1. Checks Collabora discovery endpoint returns valid WOPI XML
    2. Checks OnlyOffice discovery endpoint returns valid WOPI XML

  • tests/wopi_on_startup.py — Confirms WOPI configuration runs automatically on celery worker startup:

    1. Checks celery worker container logs for the entrypoint WOPI trigger message
    2. Verifies the trigger completed without errors

  • tests/celery_beat_wopi.py — Verifies Celery Beat WOPI scheduling:

    1. Confirms the celery-beat service is running
    2. Confirms the old scheduler service is removed
    3. Waits up to 90s for the WOPI configuration task to fire and checks logs via SSH

    Thorough mode only. This test sleeps ~15-90 seconds waiting for the Celery Beat scheduler to fire. Skip in quick mode. Requires the test instance to have WOPI_CONFIGURATION_CRONTAB_MINUTE=* and WOPI_CONFIGURATION_CRONTAB_HOUR=* set so the task fires every minute.

  • tests/oidc_login.py — Tests the full OIDC authentication flow end-to-end:

    1. Verifies Drive's /api/v1.0/authenticate/ redirects to Keycloak
    2. Obtains an access token from Keycloak via direct access grant (password flow)
    3. Calls Drive's /api/v1.0/users/me/ with the token and verifies the correct user is returned

    This test reads credentials from keycloak-test-credentials.<DOMAIN_SUFFIX>.toml.

Keycloak OIDC Integration

La Suite Drive requires an OIDC provider. The test instance uses Keycloak at keycloak.<DOMAIN_SUFFIX>.

Setup

Run setup_keycloak_integration.py to configure everything automatically. The script:

  1. Creates a lasuite-drive realm in Keycloak
  2. Creates a drive OIDC client (confidential, standard flow + direct access grants)
  3. Creates a test user (testuser / testpass123)
  4. Inserts the OIDC client secret into the Drive app via abra app secret insert
  5. Updates the Drive env file with OIDC_REALM, AUTH_DOMAIN, OIDC_RP_CLIENT_ID
  6. Writes all credentials to keycloak-test-credentials.<DOMAIN_SUFFIX>.toml

After running the setup script, redeploy Drive:

abra app deploy lasuite-drive.<DOMAIN_SUFFIX> --chaos --force --no-input

The script is idempotent — it skips resources that already exist and resets the test user password.

Credentials

All Keycloak credentials are stored in keycloak-test-credentials.<DOMAIN_SUFFIX>.toml (sourceable):

Variable Description
KC_ADMIN_USER / KC_ADMIN_PASS Keycloak admin (master realm)
KC_REALM Keycloak realm name (lasuite-drive)
KC_CLIENT_ID / KC_CLIENT_SECRET OIDC client ID and secret
KC_TEST_USER / KC_TEST_PASS Test user credentials
KC_TEST_EMAIL Test user email

Key Endpoints

Endpoint Purpose
https://lasuite-drive.<DOMAIN_SUFFIX>/api/v1.0/authenticate/ Initiates OIDC login (302 redirect to Keycloak)
https://lasuite-drive.<DOMAIN_SUFFIX>/api/v1.0/callback/ OIDC callback (Keycloak redirects here after login)
https://keycloak.<DOMAIN_SUFFIX>/realms/lasuite-drive/protocol/openid-connect/token Keycloak token endpoint

Post-Deploy Steps

After deploying Drive for the first time, run:

  1. Migrations: script -qefc 'abra app cmd lasuite-drive.<DOMAIN_SUFFIX> backend migrate --no-input' /dev/null
  2. Minio buckets: abra app restart lasuite-drive.<DOMAIN_SUFFIX> minio-createbuckets --no-input (will appear to hang — this is expected)
  3. Keycloak integration: python3 setup_keycloak_integration.py then redeploy

Manual Verification

  1. Open https://lasuite-drive.<DOMAIN_SUFFIX> in a browser.
  2. Confirm the La Suite Drive landing page loads without errors.
  3. Click "Login" and verify the OIDC redirect to Keycloak works.
  4. Log in with test credentials (testuser / testpass123).
  5. After logging in, verify you can create and open a document.