Better integrate Docker related commands in authelia-scripts.

This commit is contained in:
Clement Michaud 2019-03-01 22:52:01 +01:00
parent a56e5adc42
commit 38271e3335
16 changed files with 191 additions and 34 deletions

View File

@ -35,7 +35,7 @@ before_script:
script:
- "./scripts/authelia-scripts travis"
after_success:
- "./scripts/authelia-scripts publish-docker"
- "./scripts/authelia-scripts docker publish"
deploy:
provider: npm

View File

@ -14,8 +14,7 @@ program
.command('travis', 'Build and test Authelia on Travis.')
.command('hash-password <password>', 'Hash a password with SSHA512.')
.command('build-docker', 'Build Docker image containing production version of Authelia.')
.command('publish-docker', 'Publish Docker image containing production version of Authelia to Dockerhub.')
.command('docker', 'Docker related commands.')
.parse(process.argv);

View File

@ -1,3 +0,0 @@
#!/bin/bash
docker build -t clems4ever/authelia .

View File

@ -0,0 +1,8 @@
#!/usr/bin/env node
var program = require('commander');
program
.command('build', 'Build docker image clems4ever/authelia.')
.command('publish', 'Publish image clems4ever/authelia to Dockerhub.')
.parse(process.argv);

View File

@ -0,0 +1,10 @@
#!/usr/bin/env node
var { exec } = require('./utils/exec');
var { IMAGE_NAME } = require('./utils/docker');
async function main() {
await exec(`docker build -t ${IMAGE_NAME} .`);
}
main();

View File

@ -21,7 +21,6 @@ function deploy_on_dockerhub {
echo "==========================================================="
echo "Docker image $IMAGE_WITH_TAG will be deployed on Dockerhub."
echo "==========================================================="
docker build -t $IMAGE_NAME .
docker tag $IMAGE_NAME $IMAGE_WITH_TAG;
docker push $IMAGE_WITH_TAG;
echo "Docker image deployed successfully."

View File

@ -9,10 +9,9 @@ program
.option('--headless', 'Run in headless mode.')
.parse(process.argv);
let suite;
let withServer = false;
let args = [];
const ENVIRONMENT_FILENAME = '.suite';
const ENVIRONMENT_FILENAME = '.suite'; // This file is created by the start command.
if (fs.existsSync(ENVIRONMENT_FILENAME)) {
const suite = fs.readFileSync(ENVIRONMENT_FILENAME);

View File

@ -15,6 +15,9 @@ authelia-scripts build
# Run unit tests
authelia-scripts unittest
# Build the docker image
authelia-scripts docker build
# Run integration tests
authelia-scripts test --headless test/suites/**/*.ts

View File

@ -1,14 +0,0 @@
#!/bin/bash
set -e
docker-compose \
-f docker-compose.yml \
-f example/compose/docker-compose.base.yml \
-f example/compose/mongo/docker-compose.yml \
-f example/compose/redis/docker-compose.yml \
-f example/compose/nginx/backend/docker-compose.yml \
-f example/compose/nginx/portal/docker-compose.yml \
-f example/compose/smtp/docker-compose.yml \
-f example/compose/httpbin/docker-compose.yml \
-f example/compose/ldap/docker-compose.yml $*

View File

@ -1,6 +0,0 @@
#!/bin/bash
DC_SCRIPT=./scripts/example-commit/dc-example.sh
$DC_SCRIPT build
$DC_SCRIPT up -d httpbin mongo redis openldap authelia smtp nginx-portal nginx-backend

View File

@ -1,5 +0,0 @@
#!/bin/bash
DC_SCRIPT=./scripts/example-commit/dc-example.sh
$DC_SCRIPT down

5
scripts/utils/docker.js Normal file
View File

@ -0,0 +1,5 @@
module.exports = {
IMAGE_NAME: 'clems4ever/authelia'
}

21
scripts/utils/exec.js Normal file
View File

@ -0,0 +1,21 @@
var spawn = require('child_process').spawn;
function exec(cmd) {
return new Promise((resolve, reject) => {
const command = spawn(cmd, {
shell: true
});
command.stdout.pipe(process.stdout);
command.stderr.pipe(process.stderr);
command.on('exit', function(statusCode) {
if (statusCode != 0) {
reject(new Error('Exited with status ' + statusCode));
return;
}
resolve();
})
})
}
module.exports = { exec }

View File

@ -8,6 +8,10 @@ import BasicAuthentication from "./scenarii/BasicAuthentication";
import AutheliaRestart from "./scenarii/AutheliaRestart";
import AuthenticationRegulation from "./scenarii/AuthenticationRegulation";
before(function() {
});
AutheliaSuite('Complete configuration', __dirname + '/config.yml', function() {
this.timeout(10000);

View File

@ -0,0 +1,110 @@
###############################################################
# Authelia minimal configuration #
###############################################################
port: 9091
logs_level: debug
default_redirection_url: https://home.example.com:8080/
authentication_backend:
file:
path: ./users_database.yml
session:
secret: unsecure_session_secret
domain: example.com
inactivity: 5000
expiration: 8000
# Configuration of the storage backend used to store data and secrets. i.e. totp data
storage:
local:
path: /tmp/authelia/db
# TOTP Issuer Name
#
# This will be the issuer name displayed in Google Authenticator
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
totp:
issuer: example.com
# Access Control
#
# Access control is a set of rules you can use to restrict user access to certain
# resources.
access_control:
# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
default_policy: deny
rules:
- domain: single_factor.example.com
policy: one_factor
- domain: '*.example.com'
subject: "group:admins"
policy: two_factor
- domain: dev.example.com
resources:
- '^/users/john/.*$'
subject: "user:john"
policy: two_factor
- domain: dev.example.com
resources:
- '^/users/harry/.*$'
subject: "user:harry"
policy: two_factor
- domain: '*.mail.example.com'
subject: "user:bob"
policy: two_factor
- domain: dev.example.com
resources:
- '^/users/bob/.*$'
subject: "user:bob"
policy: two_factor
# Configuration of the authentication regulation mechanism.
regulation:
# Set it to 0 to disable max_retries.
max_retries: 3
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
find_time: 10
# The length of time before a banned user can login again.
ban_time: 5
# Default redirection URL
#
# Note: this parameter is optional. If not provided, user won't
# be redirected upon successful authentication.
#default_redirection_url: https://authelia.example.domain
notifier:
# For testing purpose, notifications can be sent in a file
# filesystem:
# filename: /tmp/authelia/notification.txt
# Use your email account to send the notifications. You can use an app password.
# List of valid services can be found here: https://nodemailer.com/smtp/well-known/
## email:
## username: user@example.com
## password: yourpassword
## sender: admin@example.com
## service: gmail
# Use a SMTP server for sending notifications
smtp:
username: test
password: password
secure: false
host: 127.0.0.1
port: 1025
sender: admin@example.com

View File

@ -0,0 +1,27 @@
import ChildProcess from 'child_process';
import Bluebird from 'bluebird';
import Assert from 'assert';
const execAsync = Bluebird.promisify<string, string>(ChildProcess.exec);
function sleep(ms: number) {
return new Promise(resolve => setTimeout(resolve, ms));
}
describe('Test docker container can run', function() {
this.timeout(15000);
before(async function() {
await execAsync('docker run -d -v $(pwd)/config.yml:/etc/authelia/config.yml --name authelia-test clems4ever/authelia');
});
after(async function() {
await execAsync('docker rm -f authelia-test');
});
it('should be running', async function() {
await sleep(5000);
const output: string = await execAsync('docker ps -a | grep "authelia-test"');
Assert(output.match(new RegExp('Up [0-9] seconds')));
});
});