Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 Flea Flicker
|
affb697708 |
+6
-1
@@ -354,7 +354,12 @@ These cases cover the `CustomerPortal` initialisation path that bridges an Authe
|
||||
|
||||
**Pre-conditions:**
|
||||
|
||||
- UAT is configured with Authentik SSO and the `seed-uat-passwords` Secret in `groombook-uat` provides the seeded customer credentials (`uat-seed-password-source` memory).
|
||||
- UAT is configured with Authentik SSO. The seeded customer **Authentik** password lives in the `authentik-uat-users-credentials` Secret in the `groombook-uat` namespace (key `uat_customer_password`) — **NOT** in `seed-uat-passwords:customer-password` (that Secret holds the *Better Auth* email+password credential, a separate identity store; see GRO-2089). Pull the Authentik password at the start of every run:
|
||||
```bash
|
||||
CUSTOMER_AUTHENTIK=$(kubectl get secret authentik-uat-users-credentials -n groombook-uat \
|
||||
-o jsonpath='{.data.uat_customer_password}' | base64 -d)
|
||||
```
|
||||
The Authentik user is provisioned by Terraform (`infra/terraform/users.tf`); the `lifecycle.ignore_changes = [password]` block means the password is set on initial creation and never auto-rotated, so the value held in the live Secret is the one Authentik itself has. If Authentik rejects it, the user was re-provisioned out-of-band via the Authentik admin UI and the Secret has drifted from the live identity — fix the Secret (or the admin-set password) and re-run.
|
||||
- `POST /api/portal/session-from-auth` from [GRO-1866](https://paperclip.farhoodlabs.com/GRO/issues/GRO-1866) is deployed on UAT.
|
||||
- Clear cookies and localStorage between cases unless otherwise noted.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user