Files
recipe-maintainer/recipe-info/lasuite-drive/test.md
autonomic-bot f283a371bb recipe-maintainer: public snapshot (secrets + deployment plans removed, single commit)
Sanitized single-commit public mirror of recipe-maintainer.
- Removed test-ssh/.testenv (live creds); added test-ssh/.testenv.example placeholders.
- Removed plans/ and planned-updates/ (deployment-planning docs) so no client/
  deployment domains appear in the public repo.
- All other secret stores were already gitignored.
- docs.coopcloud.tech retained as a submodule (public upstream).
2026-06-16 20:18:24 +00:00

101 lines
4.4 KiB
Markdown

# La Suite Drive Tests
## Requires
- keycloak
## Target
- **URL:** https://lasuite-drive.<DOMAIN_SUFFIX>
- **Keycloak:** https://keycloak.<DOMAIN_SUFFIX> (realm: `lasuite-drive`)
## Prerequisites
Keycloak (`keycloak.<DOMAIN_SUFFIX>`) must be deployed before testing lasuite-drive. The OIDC login test and any manual authentication testing depend on it. If Keycloak is not running, deploy it first with `/recipe-deploy keycloak`.
## Automated Checks
Run the scripts in `tests/` to perform automated testing:
- `tests/health_check.py` — Confirms the instance is reachable and returns HTTP 200.
- `tests/wopi_configured.py` — Verifies WOPI discovery endpoints are reachable:
1. Checks Collabora discovery endpoint returns valid WOPI XML
2. Checks OnlyOffice discovery endpoint returns valid WOPI XML
- `tests/wopi_on_startup.py` — Confirms WOPI configuration runs automatically on celery worker startup:
1. Checks celery worker container logs for the entrypoint WOPI trigger message
2. Verifies the trigger completed without errors
- `tests/celery_beat_wopi.py` — Verifies Celery Beat WOPI scheduling:
1. Confirms the `celery-beat` service is running
2. Confirms the old `scheduler` service is removed
3. Waits up to 90s for the WOPI configuration task to fire and checks logs via SSH
**Thorough mode only.** This test sleeps ~15-90 seconds waiting for the Celery Beat scheduler to fire. Skip in quick mode. Requires the test instance to have `WOPI_CONFIGURATION_CRONTAB_MINUTE=*` and `WOPI_CONFIGURATION_CRONTAB_HOUR=*` set so the task fires every minute.
- `tests/oidc_login.py` — Tests the full OIDC authentication flow end-to-end:
1. Verifies Drive's `/api/v1.0/authenticate/` redirects to Keycloak
2. Obtains an access token from Keycloak via direct access grant (password flow)
3. Calls Drive's `/api/v1.0/users/me/` with the token and verifies the correct user is returned
This test reads credentials from `keycloak-test-credentials.<DOMAIN_SUFFIX>.toml`.
## Keycloak OIDC Integration
La Suite Drive **requires** an OIDC provider. The test instance uses Keycloak at `keycloak.<DOMAIN_SUFFIX>`.
### Setup
Run `setup_keycloak_integration.py` to configure everything automatically. The script:
1. Creates a `lasuite-drive` realm in Keycloak
2. Creates a `drive` OIDC client (confidential, standard flow + direct access grants)
3. Creates a test user (`testuser` / `testpass123`)
4. Inserts the OIDC client secret into the Drive app via `abra app secret insert`
5. Updates the Drive env file with `OIDC_REALM`, `AUTH_DOMAIN`, `OIDC_RP_CLIENT_ID`
6. Writes all credentials to `keycloak-test-credentials.<DOMAIN_SUFFIX>.toml`
After running the setup script, redeploy Drive:
```
abra app deploy lasuite-drive.<DOMAIN_SUFFIX> --chaos --force --no-input
```
The script is idempotent — it skips resources that already exist and resets the test user password.
### Credentials
All Keycloak credentials are stored in `keycloak-test-credentials.<DOMAIN_SUFFIX>.toml` (sourceable):
| Variable | Description |
|----------|-------------|
| `KC_ADMIN_USER` / `KC_ADMIN_PASS` | Keycloak admin (master realm) |
| `KC_REALM` | Keycloak realm name (`lasuite-drive`) |
| `KC_CLIENT_ID` / `KC_CLIENT_SECRET` | OIDC client ID and secret |
| `KC_TEST_USER` / `KC_TEST_PASS` | Test user credentials |
| `KC_TEST_EMAIL` | Test user email |
### Key Endpoints
| Endpoint | Purpose |
|----------|---------|
| `https://lasuite-drive.<DOMAIN_SUFFIX>/api/v1.0/authenticate/` | Initiates OIDC login (302 redirect to Keycloak) |
| `https://lasuite-drive.<DOMAIN_SUFFIX>/api/v1.0/callback/` | OIDC callback (Keycloak redirects here after login) |
| `https://keycloak.<DOMAIN_SUFFIX>/realms/lasuite-drive/protocol/openid-connect/token` | Keycloak token endpoint |
## Post-Deploy Steps
After deploying Drive for the first time, run:
1. **Migrations:** `script -qefc 'abra app cmd lasuite-drive.<DOMAIN_SUFFIX> backend migrate --no-input' /dev/null`
2. **Minio buckets:** `abra app restart lasuite-drive.<DOMAIN_SUFFIX> minio-createbuckets --no-input` (will appear to hang — this is expected)
3. **Keycloak integration:** `python3 setup_keycloak_integration.py` then redeploy
## Manual Verification
1. Open https://lasuite-drive.<DOMAIN_SUFFIX> in a browser.
2. Confirm the La Suite Drive landing page loads without errors.
3. Click "Login" and verify the OIDC redirect to Keycloak works.
4. Log in with test credentials (`testuser` / `testpass123`).
5. After logging in, verify you can create and open a document.