Each stack consists of at least two environments, UAT and Live

  • UAT is where final acceptance testing is performed, and acts as a staging site for code deployment to Live
  • Live is where the publically accessible copy of your site lives.

UAT and Live are designed to be as similar as possible to each other, to minimise the chance that a difference could cause functionality that operated correctly on UAT to fail on the Live server once deployed there.

However there are some necessary differences, listed here:

Differences in access authorisation

UAT needs to have it's access restricted to only authorised users. It may contain code that hasn't yet gone through security vetting, and the data and functionality changes are often considered privileged prior to pushing live.

Therefore, the cwp-core module turns on "Basic Authentication" on UAT. Prior to accessing most website content, the user must provide credentials of either:

  • An administrator
  • A member of a group with the "Allow users to use their accounts to access the UAT server" permission

UAT access protection is limited to content served directly by Silverstripe, most commonly page content and draft/protected assets. It does not apply to files served outside of Silverstripe such as published assets. Those assets are instead served directly from the web server. An example of a published asset is a file that's been published in the CMS and will be available through a URL such as 'mysite.uat.cwp.govt.nz/assets/my-document.pdf'. We strongly recommend protecting sensitive data on your environments by requesting an IP whitelist.

There is no protection on live, and it is accessible to all public users (except in the case where an IP whitelist has been explicitly requested).

Diagram showing UAT content protections

Testing ANONYMOUS AND limited access users on UAT

It is useful to note that providing a username and password to the Basic Authentication dialog doesn't log you into SilverStripe itself, but only authorises you to access the UAT server.

You can therefore use a highly priveleged user in the Basic Authentication dialog and then log in to SilverStripe itself using a low priveleged user account in order to test how the site behaves as that more restricted user.

You can also log out of SilverStripe and log in again as another user while still preserving your permission to access UAT.

First time access to change passwords

In order to avoid a chicken & egg situation, on UAT, when you follow a valid "reset password" link, and that link is for a member that is either an administrator or a member of a group with the "Allow users to use their accounts to access the UAT server" permission, you will be able to access the password reset form without first having to provide credentials. 

Differences in deployment

Participating Agencies have full control over deployment to UAT via Dashboard, and can deploy any version they like at any time.

Deployment to live must occur via a request to the service desk, and only the version of code currently on UAT can be deployed to live.

See the deployment documentation for more details

Differences in availability

UAT servers are not covered by SLAs. They aren't monitored for outages, aren't covered by the selected Disaster Recovery option, and aren't backed up unless an agency specifically requests it.

Live servers are covered by all SLAs, are monitored for outages, are covered by the selected Disaster Recovery option, and are always backed up.

Differences in configuration

The constant SS_ENVIRONMENT_TYPE will be set to "test" on UAT, and "live" on production.

The constant CWP_ENVIRONMENT will be set to "uat" on UAT and "prod" on production


Last modified: