Skip to content

feat: implement auth-gated homelab service probe and access-failure artifact capture#205

Open
clubanderson wants to merge 1 commit into
projectbluefin:mainfrom
clubanderson:feat/homelab-auth-probe
Open

feat: implement auth-gated homelab service probe and access-failure artifact capture#205
clubanderson wants to merge 1 commit into
projectbluefin:mainfrom
clubanderson:feat/homelab-auth-probe

Conversation

@clubanderson

Copy link
Copy Markdown
Contributor

Closes #83. Implements the auth-gated access lane on top of the existing homelab-access-probe WorkflowTemplate (auth-mode=true routing already present). See PR description in commit message.

- Add tests/homelab_access/test_auth_probe.py: 15 tests (14 active + 1
  explicit skip for SSO deferred to projectbluefin#61), organised in three classes:
  TestUnauthenticatedRejection — 401 status, WWW-Authenticate header,
  Basic realm, body does not contain protected content;
  TestAuthenticatedAccess — 200 on correct credentials, access-ok body,
  wrong password/username both return 401;
  TestHttpsIntegrityUnderAuth — TLS handshake passes, plaintext HTTP
  cannot reach protected content, auth-evidence artifact written
- Add manifests/homelab-access-auth.yaml: GitOps-owned ConfigMap
  documenting the auth contract shape (scheme, realm, expected statuses,
  artifact-dir); actual credentials are ephemeral per workflow run
- Justfile: add run-homelab-auth target (submits homelab-access-probe
  WorkflowTemplate with -p auth-mode=true)
- WORKFLOWS.md: document homelab-access-probe in both auth and non-auth
  modes, artifact locations, and operator entry points
- RUNBOOK.md: add 5 auth-lane failure mode rows

The existing homelab-access-probe WorkflowTemplate already routes
auth-mode=true to test_auth_probe.py; this PR provides the test
implementation and operator surfaces.

Out of scope: SSO / identity-provider integration (issue projectbluefin#61)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

@hanthor hanthor left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM — well-structured test/infra addition, clean code.

@hanthor hanthor left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth-gated homelab service probe with access-failure artifact capture — good operational observability. Merge after foundational #202. LGTM.

@hanthor hanthor left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved via org-wide review.

@hanthor hanthor left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved via org-wide review.

@hanthor hanthor left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Approved ✅

Part of the structured service-catalog project build-up. Conventional Commits format, referenced issues, consistent with related PRs in the series.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat: implement auth-gated homelab service probe and access-failure artifact capture

3 participants