bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(portal): improve e2e auth errors

Browse Source
This commit is contained in:
Brad Stein 2026-01-04 03:01:56 -03:00
parent c298946ce0
commit b9d2fa8277
2 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/tests/test_portal_onboarding_flow.py
View File

@ -100,7 +100,7 @@ def _keycloak_client_token(keycloak_base: str, realm: str, client_id: str, clien
) )
token = payload.get("access_token") token = payload.get("access_token")
if not isinstance(token, str) or not token: if not isinstance(token, str) or not token:
raise SystemExit("keycloak admin token response missing access_token") raise SystemExit("keycloak token response missing access_token")
return token return token
@ -254,7 +254,10 @@ def main() -> int:
imap_keycloak_username = os.environ.get("E2E_IMAP_KEYCLOAK_USERNAME", "robotuser").strip() imap_keycloak_username = os.environ.get("E2E_IMAP_KEYCLOAK_USERNAME", "robotuser").strip()
imap_wait_sec = int(os.environ.get("E2E_IMAP_WAIT_SECONDS", "90")) imap_wait_sec = int(os.environ.get("E2E_IMAP_WAIT_SECONDS", "90"))
try:
token = _keycloak_client_token(keycloak_base, realm, kc_admin_client_id, kc_admin_client_secret) token = _keycloak_client_token(keycloak_base, realm, kc_admin_client_id, kc_admin_client_secret)
except SystemExit as exc:
raise SystemExit(f"failed to fetch keycloak token for admin client {kc_admin_client_id!r}: {exc}")
mailbox_user = _keycloak_find_user(keycloak_base, realm, token, imap_keycloak_username) mailbox_user = _keycloak_find_user(keycloak_base, realm, token, imap_keycloak_username)
if not mailbox_user: if not mailbox_user:
raise SystemExit(f"unable to locate Keycloak mailbox user {imap_keycloak_username!r}") raise SystemExit(f"unable to locate Keycloak mailbox user {imap_keycloak_username!r}")
@ -316,7 +319,11 @@ def main() -> int:
if not isinstance(portal_admin_user_id, str) or not portal_admin_user_id: if not isinstance(portal_admin_user_id, str) or not portal_admin_user_id:
raise SystemExit("portal admin user missing id") raise SystemExit("portal admin user missing id")
try:
e2e_subject_token = _keycloak_client_token(keycloak_base, realm, portal_e2e_client_id, portal_e2e_client_secret) e2e_subject_token = _keycloak_client_token(keycloak_base, realm, portal_e2e_client_id, portal_e2e_client_secret)
except SystemExit as exc:
raise SystemExit(f"failed to fetch keycloak token for E2E client {portal_e2e_client_id!r}: {exc}")
try:
portal_bearer = _keycloak_token_exchange( portal_bearer = _keycloak_token_exchange(
keycloak_base=keycloak_base, keycloak_base=keycloak_base,
realm=realm, realm=realm,
@ -326,6 +333,8 @@ def main() -> int:
requested_subject=portal_admin_user_id, requested_subject=portal_admin_user_id,
audience=portal_target_client_id, audience=portal_target_client_id,
) )
except SystemExit as exc:
raise SystemExit(f"failed to exchange token for portal approval as {portal_admin_username!r}: {exc}")
approve_url = f"{portal_base}/api/admin/access/requests/{urllib.parse.quote(username, safe='')}/approve" approve_url = f"{portal_base}/api/admin/access/requests/{urllib.parse.quote(username, safe='')}/approve"
approve_resp = _request_json("POST", approve_url, portal_bearer, payload=None, timeout_s=60) approve_resp = _request_json("POST", approve_url, portal_bearer, payload=None, timeout_s=60)

2
services/bstein-dev-home/portal-onboarding-e2e-test-job.yaml
View File

@ -2,7 +2,7 @@
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: portal-onboarding-e2e-test-9 name: portal-onboarding-e2e-test-10
namespace: bstein-dev-home namespace: bstein-dev-home
spec: spec:
backoffLimit: 0 backoffLimit: 0