Commit Graph

61 Commits

Author SHA1 Message Date
renovate[bot]
d0921efa28
build(deps): update arm64v8/alpine docker tag to v3.14.0 (#2085)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-16 10:13:37 +10:00
James Elliott
e029f4b5af
build: optimize docker builds (#2059)
* build: optimize docker builds

This change is so that each of the COPY/RUN steps occurs in a single layer which should theoretically decrease build times.

* build: include license and move scripts
2021-06-06 14:46:31 +10:00
renovate[bot]
0c91f5c898
build(deps): update golang docker tag to v1.16.5 (#2060)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-06-04 14:36:51 +10:00
renovate[bot]
544373de17
build(deps): update golang docker tag to v1.16.4 (#1984)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-05-07 10:24:17 +10:00
renovate[bot]
756ba04980
build(deps): update arm64v8/alpine docker tag to v3.13.5 (#1917)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-15 12:43:24 +10:00
renovate[bot]
ce3ac65326
build(deps): update golang docker tag to v1.16.3 (#1884)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-03 22:09:23 +11:00
renovate[bot]
2275fe0a7c
build(deps): update arm64v8/alpine docker tag to v3.13.4 (#1878)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-04-01 17:02:15 +11:00
renovate[bot]
77e21165c9
build(deps): update arm64v8/alpine docker tag to v3.13.3 (#1855)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-03-26 13:54:11 +11:00
James Elliott
5e72f8e8c7
build(deps): update to golang 1.16.2 explicitly (#1818) 2021-03-13 09:32:13 +11:00
Amir Zarrinkafsh
74721a9f41
feat: go:embed static assets (#1733)
* feat: go:embed static assets

Go 1.16 introduced the ability to embed files within a generated binary directly with the go tool chain. This simplifies our dependencies and the significantly improves the development workflow for future developers.

Key points to note:

Due to the inability to embed files that do not reside within the local package we need to duplicate our `config.template.yml` within `internal/configuration`.

To avoid issues with the development workflow empty mock files have been included within `internal/server/public_html`. These are substituted with the respective generated files during the CI/CD and build workflows.

* fix(suites): increase ldap suite test timeout

* fix(server): fix swagger asset CSP
2021-02-22 10:07:06 +11:00
renovate[bot]
1f16f0945a
build(deps): update arm64v8/alpine docker tag to v3.13.2 (#1727)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-02-18 14:09:39 +11:00
renovate[bot]
681a42afff
build(deps): update arm64v8/alpine docker tag to v3.13.1 (#1651)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-01-31 09:11:51 +11:00
dependabot-preview[bot]
f74ada099c
[MISC] (deps): Bump golang from 1.15.6-alpine to 1.15.7-alpine (#1621)
Bumps golang from 1.15.6-alpine to 1.15.7-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2021-01-22 09:34:05 +11:00
dependabot-preview[bot]
fc272415ea
[MISC] (deps): Bump arm64v8/alpine from 3.12.3 to 3.13.0 (#1613)
Bumps arm64v8/alpine from 3.12.3 to 3.13.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2021-01-18 11:28:13 +11:00
Amir Zarrinkafsh
3487fd392e
[FEATURE] Add API docs and swagger-ui (#1544)
* [FEATURE] Add API docs and swagger-ui

This change will serve out swagger-ui at the `/api/` root path.

* Update descriptions and summaries in API spec

* Utilise frontend assets from unit testing for Docker build steps

* Fix tag for /api/user/* endpoints

* Fix response schema for /api/user/info/2fa_method

* Template and inject the session name during runtime into swagger-ui

This change also factorises and renames index.go into template.go, this can now be generically utilised to template any file.

* Fix integration tests

* Add U2F endpoints

* Change swagger directory to api

This change is to more closely conform to the golang-standards project layout.

* Add authentication for u2f endpoints

* Modify u2f endpoint descriptions

* Rename and fix u2f 2fa sign endpoints

* Fix request body for /api/secondfactor/u2f/sign endpoint

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2021-01-03 15:28:46 +11:00
dependabot-preview[bot]
620f51d610
[MISC] (deps): Bump arm64v8/alpine from 3.12.2 to 3.12.3 (#1571)
Bumps arm64v8/alpine from 3.12.2 to 3.12.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-31 08:07:29 +11:00
dependabot-preview[bot]
b5e23f3392
[MISC] (deps): Bump arm64v8/alpine from 3.12.1 to 3.12.2 (#1539)
Bumps arm64v8/alpine from 3.12.1 to 3.12.2.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-12-15 22:29:24 +01:00
dependabot-preview[bot]
c2708c40ab
[MISC] (deps): Bump golang from 1.15.5-alpine to 1.15.6-alpine (#1519)
Bumps golang from 1.15.5-alpine to 1.15.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-12-12 10:52:08 +11:00
dependabot-preview[bot]
7c5dd9af2c
[MISC] (deps): Bump golang from 1.15.4-alpine to 1.15.5-alpine (#1462)
Bumps golang from 1.15.4-alpine to 1.15.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-16 10:27:51 +11:00
Amir Zarrinkafsh
423cd09f26
[BUGFIX] Dynamically determine healthcheck URL (#1444) 2020-11-11 15:22:09 +11:00
dependabot-preview[bot]
e67c52524d
[MISC] (deps): Bump golang from 1.15.3-alpine to 1.15.4-alpine (#1437)
Bumps golang from 1.15.3-alpine to 1.15.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-11-10 09:57:58 +11:00
Amir Zarrinkafsh
43af825f47
[FEATURE] Add health checks to containers (#1425) 2020-11-05 11:59:06 +11:00
dependabot-preview[bot]
9891f99752
[MISC] (deps): Bump arm64v8/alpine from 3.12.0 to 3.12.1 (#1408)
Bumps arm64v8/alpine from 3.12.0 to 3.12.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 22:04:11 +11:00
dependabot-preview[bot]
563d1416f8
[MISC] (deps): Bump node from 14-alpine to 15-alpine (#1409)
Bumps node from 14-alpine to 15-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-26 11:33:24 +11:00
dependabot-preview[bot]
5b67c38e57
[MISC] (deps): Bump golang from 1.15.2-alpine to 1.15.3-alpine (#1389)
Bumps golang from 1.15.2-alpine to 1.15.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-10-20 21:44:39 +11:00
Amir Zarrinkafsh
15b165f503
[BUGFIX] Fix Dockerfile WORKDIR (#1392)
The WORKDIR needs to be set early to ensure that the files are copied into the appropriate directory.
This is a minor regression that was introduced in af2ae328e7.
2020-10-19 11:24:24 +11:00
akusei
af2ae328e7
[FEATURE] Container privilege de-escalation (#1370)
* support for running as non-root

* forgot to save file

* removed write perms for user on entrypoint script

* preserve existing user behavior

* fix entrypoint permissions to account for non-root user

* typo in chmod on line 63

* better entrypoint script; moved to root

* execute bit

* support for running as non-root

* forgot to save file

* removed write perms for user on entrypoint script

* preserve existing user behavior

* fix entrypoint permissions to account for non-root user

* typo in chmod on line 63

* better entrypoint script; moved to root

* execute bit

* very rough draft documentation

* added missing header

* typo changes -> changed

* Update entrypoint.sh

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>

* Apply suggestions from code review

looks good

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-10-19 10:12:21 +11:00
dependabot-preview[bot]
7e4744d308
[MISC] (deps): Bump golang from 1.15.1-alpine to 1.15.2-alpine (#1314)
Bumps golang from 1.15.1-alpine to 1.15.2-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-11 11:36:45 +10:00
dependabot-preview[bot]
8f0865bd63
[MISC] (deps): Bump golang from 1.15.0-alpine to 1.15.1-alpine (#1304)
Bumps golang from 1.15.0-alpine to 1.15.1-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-04 10:57:24 +10:00
dependabot-preview[bot]
bdb752ed48
[MISC] (deps): Bump golang from 1.14.6-alpine to 1.15.0-alpine (#1269)
Bumps golang from 1.14.6-alpine to 1.15.0-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-13 11:28:03 +10:00
dependabot-preview[bot]
bf9695beef
[MISC] (deps): Bump golang from 1.14.5-alpine to 1.14.6-alpine (#1236)
Bumps golang from 1.14.5-alpine to 1.14.6-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-28 11:39:08 +10:00
dependabot-preview[bot]
0a1697bf60
[MISC] (deps): Bump golang from 1.14.4-alpine to 1.14.5-alpine (#1208)
Bumps golang from 1.14.4-alpine to 1.14.5-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-17 10:24:20 +10:00
Amir Zarrinkafsh
ddfce52939
[MISC] Strip debugging information from compiled binaries (#1141) 2020-06-21 21:52:35 +10:00
Amir Zarrinkafsh
ff7f9a50ab
[FEATURE] Docker simplification and configuration generation (#1113)
* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml
2020-06-17 16:25:35 +10:00
dependabot-preview[bot]
7c6cb402f5
[MISC] (deps): Bump golang from 1.14.3-alpine to 1.14.4-alpine (#1086)
Bumps golang from 1.14.3-alpine to 1.14.4-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-06-04 22:02:52 +02:00
dependabot-preview[bot]
7dc79b2ac4
[MISC] (deps): Bump arm64v8/alpine from 3.11.6 to 3.12.0 (#1071)
Bumps arm64v8/alpine from 3.11.6 to 3.12.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-06-01 13:32:31 +10:00
dependabot-preview[bot]
13e2050d91
[MISC] (deps): Bump golang from 1.14.2-alpine to 1.14.3-alpine (#1029)
Bumps golang from 1.14.2-alpine to 1.14.3-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-05-19 08:22:02 +10:00
Amir Zarrinkafsh
f8bd506326
[FEATURE] Embed static assets in Go binary (#916)
* [FEATURE] Embed static assets in Go binary

* Refactor/consolidate code and specify public_html via configuration

* Update docs and config template for assets

* Update AUR package pre-requisites and systemd unit

* Include static assets as Buildkite and GitHub artifacts

* Remove references to PUBLIC_DIR

* Only serve assets via embedded filesystem and remove configuration references

* Update authelia-scripts helper to build the embedded filesystem

* Mock the embedded filesystem for unit tests
Add to gitignore to ensure this isn't overwritten.

* Move go:generate to satisfy linter
2020-04-29 00:07:20 +10:00
dependabot-preview[bot]
3ba06c2e9d
[MISC] (deps): Bump node from 12-alpine to 14-alpine (#932)
Bumps node from 12-alpine to 14-alpine.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-28 09:38:20 +10:00
Daniel Sutton
ca4a890fb2
[MISC] Update to alpine 3.11.6 (#917)
* update to alpine 3.11.6

Signed-off-by: Daniel Sutton <daniel@ducksecops.uk>
2020-04-25 22:56:32 +02:00
Clément Michaud
b12d9d405f
[FEATURE] Add Content-Security-Policy meta to login portal. (#822)
CSP is used to avoid some attacks where the hacker tries to execute
untrusted code in the browser.

The policy is to use assets hosted on the the original website and in order to make CSP work with material UI, a nonce is generated at each request of index.html and injected in the template as well as provided in the Content-Security-Policy header (https://material-ui.com/styles/advanced/#how-does-one-implement-csp)

Fix #815
2020-04-21 10:23:28 +10:00
Amir Zarrinkafsh
94fb28c6c0
[MISC] Update Go to 1.14.2 (#863) 2020-04-13 20:14:49 +10:00
Amir Zarrinkafsh
0d9a5812c7
[Buildkite] Update musl-cross-make toolchain to gcc 9.2.0 (#703)
Built using `musl-1.1.24`, `linux-headers-headers-4.19.88`
2020-03-14 12:45:55 +01:00
Amir Zarrinkafsh
cc25b565c7
[MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively (#685)
* [MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively

* Argon2id memory in MB for Config Template

* Doc Fix

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
2020-03-06 19:40:56 +11:00
Clément Michaud
c1aecf0afc
Add authelia directory in the PATH of docker images. (#621) 2020-02-06 10:02:18 +11:00
Amir Zarrinkafsh
9a685fefad Update alpine to 3.11.3 2020-01-22 11:53:15 +11:00
Clement Michaud
2acf8bf21c Add hash-password and migrate commands to authelia binary.
This reduce the size of the docker image and avoid confusing users.

We keep the commands in authelia-scripts too in order to keep the
current workflow of developers.
2020-01-22 11:53:15 +11:00
Clément Michaud
ce7b6b8167
Build docker image upfront in CI and use it in integration tests. (#555)
* Build docker image upfront in CI and use it in integration tests.

Previously, the development workflow was broken because the container
generated from Dockerfile.CI was used in dev environments but the binary
was not pre-built as it is on buildkite. I propose to just remove that
image and use the "to be published" image instead in integration tests.

This will have several advantages:
- Fix the dev workflow.
- Remove CI arch from authelia-scripts build command
- Optimize CI time in buildkite since we'll cache a way small artifact
- We don't build authelia more than once for earch arch.

* Fix suites and only build ARM images on master or tagged commits

* Optimise pipeline dependencies and Kubernetes suite to utilise cache

* Run unit tests and docker image build in parallel.

* Fix suite trying to write on read only fs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-01-17 20:46:51 +01:00
Clément Michaud
da22227563
Add trimpath build flag and fix go version to guarantee reproducible build. (#553) 2020-01-16 22:17:03 +01:00
Amir Zarrinkafsh
5914f96de4
Add git tag back to binary artifact. 2020-01-13 11:30:05 +11:00