From b264e63235c8d6f236d8c594c48076ab70bc10f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Michaud?= Date: Thu, 21 May 2020 06:35:22 +0200 Subject: [PATCH] [DEV] Fix permission issue with dev workflow. (#1033) * [DEV] Fix permission issue with dev workflow. nginx backend was facing permission denied errors because the permissions of the html files were too restricted. Moreover those files were added to the docker image while they could just be mounted as other services. * Fix Kubernetes integration test Co-authored-by: Amir Zarrinkafsh --- .../example/compose/nginx/backend/Dockerfile | 4 -- .../compose/nginx/backend/docker-compose.yml | 6 ++- .../nginx/backend/html/admin/secret.html | 0 .../backend/html/dev/groups/admin/secret.html | 0 .../backend/html/dev/groups/dev/secret.html | 0 .../backend/html/dev/users/bob/secret.html | 0 .../backend/html/dev/users/harry/secret.html | 0 .../backend/html/dev/users/john/secret.html | 0 .../nginx/backend/html/home/index.html | 0 .../compose/nginx/backend/html/icon.png | Bin .../nginx/backend/html/mail/secret.html | 0 .../nginx/backend/html/public/index.html | 0 .../nginx/backend/html/public/secret.html | 0 .../nginx/backend/html/secure/index.html | 0 .../nginx/backend/html/secure/secret.html | 0 .../backend/html/singlefactor/secret.html | 0 internal/suites/example/kube/apps/apps.yml | 32 +++++++++-- .../example/kube/apps/configs/entrypoint.sh | 5 ++ .../example/kube/apps/configs/html.tar.gz | Bin 0 -> 3658 bytes .../example/kube/apps/configs/nginx.conf | 51 ++++++++++++++++++ internal/suites/example/kube/bootstrap.sh | 1 + internal/suites/suite_kubernetes.go | 7 +-- 22 files changed, 89 insertions(+), 17 deletions(-) delete mode 100644 internal/suites/example/compose/nginx/backend/Dockerfile mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/admin/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/dev/groups/admin/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/dev/groups/dev/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/dev/users/bob/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/dev/users/harry/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/dev/users/john/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/home/index.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/icon.png mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/mail/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/public/index.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/public/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/secure/index.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/secure/secret.html mode change 100644 => 100755 internal/suites/example/compose/nginx/backend/html/singlefactor/secret.html create mode 100644 internal/suites/example/kube/apps/configs/entrypoint.sh create mode 100644 internal/suites/example/kube/apps/configs/html.tar.gz create mode 100644 internal/suites/example/kube/apps/configs/nginx.conf diff --git a/internal/suites/example/compose/nginx/backend/Dockerfile b/internal/suites/example/compose/nginx/backend/Dockerfile deleted file mode 100644 index e119e442..00000000 --- a/internal/suites/example/compose/nginx/backend/Dockerfile +++ /dev/null @@ -1,4 +0,0 @@ -FROM nginx:alpine - -ADD html /usr/share/nginx/html -ADD nginx.conf /etc/nginx/nginx.conf \ No newline at end of file diff --git a/internal/suites/example/compose/nginx/backend/docker-compose.yml b/internal/suites/example/compose/nginx/backend/docker-compose.yml index 42cf7a6b..49af4cac 100644 --- a/internal/suites/example/compose/nginx/backend/docker-compose.yml +++ b/internal/suites/example/compose/nginx/backend/docker-compose.yml @@ -1,8 +1,7 @@ version: '3' services: nginx-backend: - build: - context: ./example/compose/nginx/backend + image: nginx:alpine labels: - 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x - 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x @@ -17,5 +16,8 @@ services: - 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x + volumes: + - ./example/compose/nginx/backend/html:/usr/share/nginx/html + - ./example/compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf networks: - authelianet \ No newline at end of file diff --git a/internal/suites/example/compose/nginx/backend/html/admin/secret.html b/internal/suites/example/compose/nginx/backend/html/admin/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/dev/groups/admin/secret.html b/internal/suites/example/compose/nginx/backend/html/dev/groups/admin/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/dev/groups/dev/secret.html b/internal/suites/example/compose/nginx/backend/html/dev/groups/dev/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/dev/users/bob/secret.html b/internal/suites/example/compose/nginx/backend/html/dev/users/bob/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/dev/users/harry/secret.html b/internal/suites/example/compose/nginx/backend/html/dev/users/harry/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/dev/users/john/secret.html b/internal/suites/example/compose/nginx/backend/html/dev/users/john/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/home/index.html b/internal/suites/example/compose/nginx/backend/html/home/index.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/icon.png b/internal/suites/example/compose/nginx/backend/html/icon.png old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/mail/secret.html b/internal/suites/example/compose/nginx/backend/html/mail/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/public/index.html b/internal/suites/example/compose/nginx/backend/html/public/index.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/public/secret.html b/internal/suites/example/compose/nginx/backend/html/public/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/secure/index.html b/internal/suites/example/compose/nginx/backend/html/secure/index.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/secure/secret.html b/internal/suites/example/compose/nginx/backend/html/secure/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/compose/nginx/backend/html/singlefactor/secret.html b/internal/suites/example/compose/nginx/backend/html/singlefactor/secret.html old mode 100644 new mode 100755 diff --git a/internal/suites/example/kube/apps/apps.yml b/internal/suites/example/kube/apps/apps.yml index b0eb2ddf..c1870b5c 100644 --- a/internal/suites/example/kube/apps/apps.yml +++ b/internal/suites/example/kube/apps/apps.yml @@ -17,11 +17,33 @@ spec: app: test-app spec: containers: - - name: test-app - imagePullPolicy: Never - image: nginx-backend - ports: - - containerPort: 80 + - name: test-app + image: nginx:alpine + command: ["/entrypoint.sh"] + ports: + - containerPort: 80 + volumeMounts: + - name: config-volume + mountPath: /entrypoint.sh + subPath: entrypoint.sh + - name: config-volume + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: config-volume + mountPath: /tmp/html.tar.gz + subPath: html.tar.gz + volumes: + - name: config-volume + configMap: + name: nginx-config + items: + - key: entrypoint.sh + path: entrypoint.sh + mode: 0755 + - key: nginx.conf + path: nginx.conf + - key: html.tar.gz + path: html.tar.gz --- apiVersion: v1 diff --git a/internal/suites/example/kube/apps/configs/entrypoint.sh b/internal/suites/example/kube/apps/configs/entrypoint.sh new file mode 100644 index 00000000..971912ff --- /dev/null +++ b/internal/suites/example/kube/apps/configs/entrypoint.sh @@ -0,0 +1,5 @@ +#! /bin/sh + +rm -rf /usr/share/nginx/html && \ +tar xfz /tmp/html.tar.gz -C /usr/share/nginx/ && \ +nginx "-g daemon off;" \ No newline at end of file diff --git a/internal/suites/example/kube/apps/configs/html.tar.gz b/internal/suites/example/kube/apps/configs/html.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d2622950f28a80fc8548ce394b7f66d8c7bbd964 GIT binary patch literal 3658 zcmV-Q4z=+giwFP!000001MOT1SQFP44&s8SD2NN%>VON?O7;+62yufdukJz>_aT{( zks&kAOoYg@#T}KZ)jqYw1;t%)snuE)tsAY?=TlI69xAceUn*D1z&er0K?o2)V&{tC7}ebV>cEJ8J)&d#M{2y)jO8`n5TrIB zu#UL^mo!Rah^9ZgKp+yKa1*IT)FQ5#8-k(61kiAg#R-s16t*tKBe=v8xb ztCM@PJ`SO}@E~rL1u-;Vc=I@f1igs_PSUWEhPW|-z^A!b;RKhq`mxoK|8B*S9Qz{mgU4c7k|RlQ;HKa@ZJaSLA9 z-&MQ+isHXSESJjdPxLQxQHKrC_Jy5m<< z1Z;#T+Kd58dfZ5dQ0RC>1xbWbBry!q;uub zsznS<4VPHBpHMVNJ*9&ITa<=O6l#nIm$(sua6L;vk7F2~1ezgc>J)PajZn0e2beca z;uu8WNeGY#iZesqOyE8Yg@vVQOl`tS&rG-r$a0Qho50GZxUyrcNe&V*+0AlZVI^uq z9ZcIqBCn=ib__?|rXXY(K{mfvz!Yc+L-eqg#>om;moxG;1<)bmY^hmVOSNwu-IK&k z1XbE(H^Po)X_NgN?3i()$FrnGur3ibmYE0F2`<=fs+^gXG8EYh@w!rhzVc-Pos|?w zEqY0@FZD8_#!v|98ZDa`%Azs2p{$PCF7U~8x=+EJKn9p3&E-nO_PSf7I6SUgfk2DnY%E~ED|YQZc~5{%?>3&V$i zDGJebV(BKK7*<*@aO$wgVM*;I5)VW|NU$~K^bSUm)HsfG*0Qj)CVSAq5~mQO zj%5V{LA0Q5LU9uXA&jY+*}$N<0iqk@HF`J!fs&9orUz6fTq6Y2Wo^TnMhjyGoT3?3 zE5IJtQ8TOhQk6u}oInJLk3)5cW%`URE%Rlj3ycSBNF!_`H+K>SA~OrgvQ(J+m@0{x zC$Nwf2BTRz(h!R#yzMI->l7_9m@z;SPU=c$se47nYW+u)!XylfYmTLVz^dgfR9bNC%2Q z6Go3Bz>Qik0z?5bqdk_7inUG~XdtH@g1}JDa}nm)2-N6oe+V!P6K_=xN@{DZZJ|yl z;iI@kYjfYP(==S=g}&b`4s`b$@d;Vt|_FQldT>0}~nN-4`|GEWb?eF~OfR%s#r;sW6_rKf% z{`p_^2J8P;8@h-`1^zD$RVeNJUn&*LdH;6@X7umdvw?RD=C#HKQN1Dtf=`I~?^PT8 zq{ff`4Sdw3x<^HO0sPBLmj-^XOZ1ARz~@iQe-C2NiaOvTfQ}qO55o0y64<^9l9G~y z%vp*SCJ-S`#%GkMTL=WTIz>fviyksHXCaD3$M}Ey{89F{arz5BKP_+h!HzWlwX09J zt6jhOtV~7VzxoHIq)Vo~GcCkxK+S{|nQK3pJ4DipnBg^T6$Ec<*&(g#tkLyWeTlxG zf0H)jMLC7j$K@{QoB!ER^^y0BmZX$Ce|mhv{o^@ve0{qsau<0){XV_kX<{+u9~sp+ zV(Vv;O~Y^A(lofy#qU&h=9k@TjZW|LX@hCYf>y-E`TfvJ5>{9ctE1(r{GSZ#_f4O+ zJLycq^=9EK6Ebo};vT*?vuZ;#3o_n1u`lD<@TDD))Bd#ux3fbG>o-q7KPK|`Melg6 z@cL>)gUBv#(aOBM%LAJrLf^B`;sv?qhHv=KhokqOMw-q)Jo8;-)%d$JwBFxbFwY(l z2wlorKcjAkbz}Noy5BVGeER7@!8sp&`gG(9+JyLY>>Y7%qySsdNhut@Yw?2Y{9a?D zj@+KtX|SNz1gNiHTXa_2qa}M5E<8E&gkASFRbBd+2c1 z?`LL|OxwLZa{Y>xjZckg=$|#-ADO)Voo#bkoxAhFzm3O^e{|%)-KRdeLon!erhwiY z+U40gtOwP@bJKzartvYRy1rPU;!#l9ZmT)&!8x-U+p zeg6H=pKmfJH6C!3xW8xpuIyd+RCNTW3Ugy?4LH`k)#%6c)8)r9^ZejK6FD{usv(Sp2CA!D~<_HUbuKj zaFJP*ox80yZQlVMD@omi);;KXt*FH>?XL=YKHjrek}mmiSX0kNLyPa_6opfD7F~IA zYThTZS#6&6-yGJuD{|-LlJ|>Gj9n;NoF_;V4DC^)dG1re?1Ib31zSA39!E7kMt)-~8yc+Ybj%^;&aQDSU5s0Ca%vGdV9yb0aT& z>DDIg4$svEe7-t1dF0S_KQHYbbnDj>xASMV3@#qpcK*Y9cOv)Z>>wL&yD-=gaK1)O z^t+B5^`3s(B@^pRc$~icIyrTB$#*A~42_Sk;k(XL@H9Go#^QFzraq`udr0Es_=jsV z=TC>Tb3A$ul=_VvK4nYKV4u1vce9ljZq0eVYf{=?&)Rr|uV6~x{FHF9|HjD24+@7o zX?`_!kW!dEa#GQ}dL9ScZ7OcJrOzURr+9yH!}U$-NL7QUL@aN->gbY1vXG|BHpQlo zNNAch=E;v9TYUy}-T(Vm57T?~NADalHD=J0=gNEWT_!%vSDcJlwQN*e{iYgXy{{*| zrtkjc!=63Ly5A&*SiNfE{A-!umTy+;ukE5g5H-) z4%PWbdn_f_W7fqs`^VP*TGoDfK}N{VubwCD?6~=l!j>_jA1`lwyItzO4UNv9opQF{ z1y7%_1ILm-y59XvlMk;y3h3-}e)g7A9+?+fsFz@ZdOLSN8d6k<5~Feo_I*`XT{LBm zU+T#ZTd&&@_=RVhNp;0I#`~Y5-+DH>W?p-zRq?$so%3(`G;c<>hO+AB&)NN}`S8B{ zeG3z&j4fXFXG)*Ez}RO!z37{&hi4SCeNvao8Ya$Py*zu)30Tpl-S+37$qtuz^(E%^ zle{~>!P_@tf1N%yr{L&=hIL}}B4uB4BNL{hBKt;c>OOjs)8jvz|GCGMPN!`}72f{| zmGb*Px4_2!E_(sA^7}tI)6Lg^ZUDdktKMM!pE-+nA&)A=e;NPxpYB1a{Vk7WT*0IA z_Lqjr#Jv680ekzqA{12K{xZ2Zl()Y-;K=^YE(9xI|0xvA`~Q6X=X&tJ2;pXJ2`DHjgUAf4PL;|G5Q@ z?Eglb|MB}jw}6lT)f;yH&-^`&(|J@O{!1ltKK{D{4(#vr_kgMp|CuH}{<{Hu{IA~N z{{D;o2B0_U``@Mf`#)}ht^MDm?|+x_?|-@l{P(}}-~Vp)|2OIT-Mq4zw$8;5&(Dr0Ofi>f&c&j literal 0 HcmV?d00001 diff --git a/internal/suites/example/kube/apps/configs/nginx.conf b/internal/suites/example/kube/apps/configs/nginx.conf new file mode 100644 index 00000000..37d20fda --- /dev/null +++ b/internal/suites/example/kube/apps/configs/nginx.conf @@ -0,0 +1,51 @@ +worker_processes 1; + +events { + worker_connections 1024; +} + + +http { + server { + listen 80; + root /usr/share/nginx/html/home; + server_name home.example.com; + } + + server { + listen 80; + root /usr/share/nginx/html/public; + server_name public.example.com; + } + + server { + listen 80; + root /usr/share/nginx/html/secure; + server_name secure.example.com; + } + + server { + listen 80; + root /usr/share/nginx/html/admin; + server_name admin.example.com; + } + + server { + listen 80; + root /usr/share/nginx/html/dev; + server_name dev.example.com; + } + + server { + listen 80; + root /usr/share/nginx/html/mail; + server_name mx1.mail.example.com mx2.mail.example.com; + } + + server { + listen 80; + root /usr/share/nginx/html/singlefactor; + server_name singlefactor.example.com; + } +} + diff --git a/internal/suites/example/kube/bootstrap.sh b/internal/suites/example/kube/bootstrap.sh index 32a72286..bdc087e7 100755 --- a/internal/suites/example/kube/bootstrap.sh +++ b/internal/suites/example/kube/bootstrap.sh @@ -3,6 +3,7 @@ start_apps() { # Create TLS certificate and key for HTTPS termination kubectl create secret generic test-app-tls --namespace=authelia --from-file=apps/ssl/server.key --from-file=apps/ssl/server.cert + kubectl create configmap nginx-config --namespace=authelia --from-file=apps/configs/entrypoint.sh --from-file=apps/configs/nginx.conf --from-file=apps/configs/html.tar.gz # Spawn the applications kubectl apply -f apps diff --git a/internal/suites/suite_kubernetes.go b/internal/suites/suite_kubernetes.go index a7af84f3..b3376938 100644 --- a/internal/suites/suite_kubernetes.go +++ b/internal/suites/suite_kubernetes.go @@ -22,11 +22,6 @@ func init() { return err } - cmd = utils.Shell("docker build -t nginx-backend internal/suites/example/compose/nginx/backend") - if err := cmd.Run(); err != nil { - return err - } - exists, err := kind.ClusterExists() if err != nil { @@ -115,7 +110,7 @@ func init() { func loadDockerImages() error { kind := Kind{} - images := []string{"authelia:dist", "nginx-backend"} + images := []string{"authelia:dist"} for _, image := range images { err := kind.LoadImage(image)