mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Better integrate Docker related commands in authelia-scripts.
This commit is contained in:
parent
a56e5adc42
commit
38271e3335
|
@ -35,7 +35,7 @@ before_script:
|
||||||
script:
|
script:
|
||||||
- "./scripts/authelia-scripts travis"
|
- "./scripts/authelia-scripts travis"
|
||||||
after_success:
|
after_success:
|
||||||
- "./scripts/authelia-scripts publish-docker"
|
- "./scripts/authelia-scripts docker publish"
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
provider: npm
|
provider: npm
|
||||||
|
|
|
@ -14,8 +14,7 @@ program
|
||||||
|
|
||||||
.command('travis', 'Build and test Authelia on Travis.')
|
.command('travis', 'Build and test Authelia on Travis.')
|
||||||
.command('hash-password <password>', 'Hash a password with SSHA512.')
|
.command('hash-password <password>', 'Hash a password with SSHA512.')
|
||||||
.command('build-docker', 'Build Docker image containing production version of Authelia.')
|
.command('docker', 'Docker related commands.')
|
||||||
.command('publish-docker', 'Publish Docker image containing production version of Authelia to Dockerhub.')
|
|
||||||
.parse(process.argv);
|
.parse(process.argv);
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
docker build -t clems4ever/authelia .
|
|
8
scripts/authelia-scripts-docker
Executable file
8
scripts/authelia-scripts-docker
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env node
|
||||||
|
|
||||||
|
var program = require('commander');
|
||||||
|
|
||||||
|
program
|
||||||
|
.command('build', 'Build docker image clems4ever/authelia.')
|
||||||
|
.command('publish', 'Publish image clems4ever/authelia to Dockerhub.')
|
||||||
|
.parse(process.argv);
|
10
scripts/authelia-scripts-docker-build
Executable file
10
scripts/authelia-scripts-docker-build
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/usr/bin/env node
|
||||||
|
|
||||||
|
var { exec } = require('./utils/exec');
|
||||||
|
var { IMAGE_NAME } = require('./utils/docker');
|
||||||
|
|
||||||
|
async function main() {
|
||||||
|
await exec(`docker build -t ${IMAGE_NAME} .`);
|
||||||
|
}
|
||||||
|
|
||||||
|
main();
|
|
@ -21,7 +21,6 @@ function deploy_on_dockerhub {
|
||||||
echo "==========================================================="
|
echo "==========================================================="
|
||||||
echo "Docker image $IMAGE_WITH_TAG will be deployed on Dockerhub."
|
echo "Docker image $IMAGE_WITH_TAG will be deployed on Dockerhub."
|
||||||
echo "==========================================================="
|
echo "==========================================================="
|
||||||
docker build -t $IMAGE_NAME .
|
|
||||||
docker tag $IMAGE_NAME $IMAGE_WITH_TAG;
|
docker tag $IMAGE_NAME $IMAGE_WITH_TAG;
|
||||||
docker push $IMAGE_WITH_TAG;
|
docker push $IMAGE_WITH_TAG;
|
||||||
echo "Docker image deployed successfully."
|
echo "Docker image deployed successfully."
|
|
@ -9,10 +9,9 @@ program
|
||||||
.option('--headless', 'Run in headless mode.')
|
.option('--headless', 'Run in headless mode.')
|
||||||
.parse(process.argv);
|
.parse(process.argv);
|
||||||
|
|
||||||
let suite;
|
|
||||||
let withServer = false;
|
let withServer = false;
|
||||||
let args = [];
|
let args = [];
|
||||||
const ENVIRONMENT_FILENAME = '.suite';
|
const ENVIRONMENT_FILENAME = '.suite'; // This file is created by the start command.
|
||||||
|
|
||||||
if (fs.existsSync(ENVIRONMENT_FILENAME)) {
|
if (fs.existsSync(ENVIRONMENT_FILENAME)) {
|
||||||
const suite = fs.readFileSync(ENVIRONMENT_FILENAME);
|
const suite = fs.readFileSync(ENVIRONMENT_FILENAME);
|
||||||
|
|
|
@ -15,6 +15,9 @@ authelia-scripts build
|
||||||
# Run unit tests
|
# Run unit tests
|
||||||
authelia-scripts unittest
|
authelia-scripts unittest
|
||||||
|
|
||||||
|
# Build the docker image
|
||||||
|
authelia-scripts docker build
|
||||||
|
|
||||||
# Run integration tests
|
# Run integration tests
|
||||||
authelia-scripts test --headless test/suites/**/*.ts
|
authelia-scripts test --headless test/suites/**/*.ts
|
||||||
|
|
||||||
|
|
|
@ -1,14 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
docker-compose \
|
|
||||||
-f docker-compose.yml \
|
|
||||||
-f example/compose/docker-compose.base.yml \
|
|
||||||
-f example/compose/mongo/docker-compose.yml \
|
|
||||||
-f example/compose/redis/docker-compose.yml \
|
|
||||||
-f example/compose/nginx/backend/docker-compose.yml \
|
|
||||||
-f example/compose/nginx/portal/docker-compose.yml \
|
|
||||||
-f example/compose/smtp/docker-compose.yml \
|
|
||||||
-f example/compose/httpbin/docker-compose.yml \
|
|
||||||
-f example/compose/ldap/docker-compose.yml $*
|
|
|
@ -1,6 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
DC_SCRIPT=./scripts/example-commit/dc-example.sh
|
|
||||||
|
|
||||||
$DC_SCRIPT build
|
|
||||||
$DC_SCRIPT up -d httpbin mongo redis openldap authelia smtp nginx-portal nginx-backend
|
|
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
DC_SCRIPT=./scripts/example-commit/dc-example.sh
|
|
||||||
|
|
||||||
$DC_SCRIPT down
|
|
5
scripts/utils/docker.js
Normal file
5
scripts/utils/docker.js
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
IMAGE_NAME: 'clems4ever/authelia'
|
||||||
|
}
|
21
scripts/utils/exec.js
Normal file
21
scripts/utils/exec.js
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
var spawn = require('child_process').spawn;
|
||||||
|
|
||||||
|
function exec(cmd) {
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
const command = spawn(cmd, {
|
||||||
|
shell: true
|
||||||
|
});
|
||||||
|
command.stdout.pipe(process.stdout);
|
||||||
|
command.stderr.pipe(process.stderr);
|
||||||
|
|
||||||
|
command.on('exit', function(statusCode) {
|
||||||
|
if (statusCode != 0) {
|
||||||
|
reject(new Error('Exited with status ' + statusCode));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
resolve();
|
||||||
|
})
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = { exec }
|
|
@ -8,6 +8,10 @@ import BasicAuthentication from "./scenarii/BasicAuthentication";
|
||||||
import AutheliaRestart from "./scenarii/AutheliaRestart";
|
import AutheliaRestart from "./scenarii/AutheliaRestart";
|
||||||
import AuthenticationRegulation from "./scenarii/AuthenticationRegulation";
|
import AuthenticationRegulation from "./scenarii/AuthenticationRegulation";
|
||||||
|
|
||||||
|
before(function() {
|
||||||
|
|
||||||
|
});
|
||||||
|
|
||||||
AutheliaSuite('Complete configuration', __dirname + '/config.yml', function() {
|
AutheliaSuite('Complete configuration', __dirname + '/config.yml', function() {
|
||||||
this.timeout(10000);
|
this.timeout(10000);
|
||||||
|
|
||||||
|
|
110
test/suites/docker/config.yml
Normal file
110
test/suites/docker/config.yml
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
###############################################################
|
||||||
|
# Authelia minimal configuration #
|
||||||
|
###############################################################
|
||||||
|
|
||||||
|
port: 9091
|
||||||
|
|
||||||
|
logs_level: debug
|
||||||
|
|
||||||
|
default_redirection_url: https://home.example.com:8080/
|
||||||
|
|
||||||
|
authentication_backend:
|
||||||
|
file:
|
||||||
|
path: ./users_database.yml
|
||||||
|
|
||||||
|
session:
|
||||||
|
secret: unsecure_session_secret
|
||||||
|
domain: example.com
|
||||||
|
inactivity: 5000
|
||||||
|
expiration: 8000
|
||||||
|
|
||||||
|
# Configuration of the storage backend used to store data and secrets. i.e. totp data
|
||||||
|
storage:
|
||||||
|
local:
|
||||||
|
path: /tmp/authelia/db
|
||||||
|
|
||||||
|
# TOTP Issuer Name
|
||||||
|
#
|
||||||
|
# This will be the issuer name displayed in Google Authenticator
|
||||||
|
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
||||||
|
totp:
|
||||||
|
issuer: example.com
|
||||||
|
|
||||||
|
# Access Control
|
||||||
|
#
|
||||||
|
# Access control is a set of rules you can use to restrict user access to certain
|
||||||
|
# resources.
|
||||||
|
access_control:
|
||||||
|
# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
|
||||||
|
default_policy: deny
|
||||||
|
|
||||||
|
rules:
|
||||||
|
- domain: single_factor.example.com
|
||||||
|
policy: one_factor
|
||||||
|
|
||||||
|
- domain: '*.example.com'
|
||||||
|
subject: "group:admins"
|
||||||
|
policy: two_factor
|
||||||
|
|
||||||
|
- domain: dev.example.com
|
||||||
|
resources:
|
||||||
|
- '^/users/john/.*$'
|
||||||
|
subject: "user:john"
|
||||||
|
policy: two_factor
|
||||||
|
|
||||||
|
- domain: dev.example.com
|
||||||
|
resources:
|
||||||
|
- '^/users/harry/.*$'
|
||||||
|
subject: "user:harry"
|
||||||
|
policy: two_factor
|
||||||
|
|
||||||
|
- domain: '*.mail.example.com'
|
||||||
|
subject: "user:bob"
|
||||||
|
policy: two_factor
|
||||||
|
|
||||||
|
- domain: dev.example.com
|
||||||
|
resources:
|
||||||
|
- '^/users/bob/.*$'
|
||||||
|
subject: "user:bob"
|
||||||
|
policy: two_factor
|
||||||
|
|
||||||
|
|
||||||
|
# Configuration of the authentication regulation mechanism.
|
||||||
|
regulation:
|
||||||
|
# Set it to 0 to disable max_retries.
|
||||||
|
max_retries: 3
|
||||||
|
|
||||||
|
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
||||||
|
find_time: 10
|
||||||
|
|
||||||
|
# The length of time before a banned user can login again.
|
||||||
|
ban_time: 5
|
||||||
|
|
||||||
|
# Default redirection URL
|
||||||
|
#
|
||||||
|
# Note: this parameter is optional. If not provided, user won't
|
||||||
|
# be redirected upon successful authentication.
|
||||||
|
#default_redirection_url: https://authelia.example.domain
|
||||||
|
|
||||||
|
notifier:
|
||||||
|
# For testing purpose, notifications can be sent in a file
|
||||||
|
# filesystem:
|
||||||
|
# filename: /tmp/authelia/notification.txt
|
||||||
|
|
||||||
|
# Use your email account to send the notifications. You can use an app password.
|
||||||
|
# List of valid services can be found here: https://nodemailer.com/smtp/well-known/
|
||||||
|
## email:
|
||||||
|
## username: user@example.com
|
||||||
|
## password: yourpassword
|
||||||
|
## sender: admin@example.com
|
||||||
|
## service: gmail
|
||||||
|
|
||||||
|
# Use a SMTP server for sending notifications
|
||||||
|
smtp:
|
||||||
|
username: test
|
||||||
|
password: password
|
||||||
|
secure: false
|
||||||
|
host: 127.0.0.1
|
||||||
|
port: 1025
|
||||||
|
sender: admin@example.com
|
||||||
|
|
27
test/suites/docker/index.ts
Normal file
27
test/suites/docker/index.ts
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
import ChildProcess from 'child_process';
|
||||||
|
import Bluebird from 'bluebird';
|
||||||
|
import Assert from 'assert';
|
||||||
|
|
||||||
|
const execAsync = Bluebird.promisify<string, string>(ChildProcess.exec);
|
||||||
|
|
||||||
|
function sleep(ms: number) {
|
||||||
|
return new Promise(resolve => setTimeout(resolve, ms));
|
||||||
|
}
|
||||||
|
|
||||||
|
describe('Test docker container can run', function() {
|
||||||
|
this.timeout(15000);
|
||||||
|
|
||||||
|
before(async function() {
|
||||||
|
await execAsync('docker run -d -v $(pwd)/config.yml:/etc/authelia/config.yml --name authelia-test clems4ever/authelia');
|
||||||
|
});
|
||||||
|
|
||||||
|
after(async function() {
|
||||||
|
await execAsync('docker rm -f authelia-test');
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should be running', async function() {
|
||||||
|
await sleep(5000);
|
||||||
|
const output: string = await execAsync('docker ps -a | grep "authelia-test"');
|
||||||
|
Assert(output.match(new RegExp('Up [0-9] seconds')));
|
||||||
|
});
|
||||||
|
});
|
Loading…
Reference in New Issue
Block a user