Commit Graph

2488 Commits

Author SHA1 Message Date
Clément Michaud
ce7b6b8167
Build docker image upfront in CI and use it in integration tests. (#555)
* Build docker image upfront in CI and use it in integration tests.

Previously, the development workflow was broken because the container
generated from Dockerfile.CI was used in dev environments but the binary
was not pre-built as it is on buildkite. I propose to just remove that
image and use the "to be published" image instead in integration tests.

This will have several advantages:
- Fix the dev workflow.
- Remove CI arch from authelia-scripts build command
- Optimize CI time in buildkite since we'll cache a way small artifact
- We don't build authelia more than once for earch arch.

* Fix suites and only build ARM images on master or tagged commits

* Optimise pipeline dependencies and Kubernetes suite to utilise cache

* Run unit tests and docker image build in parallel.

* Fix suite trying to write on read only fs.

Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-01-17 20:46:51 +01:00
Clément Michaud
da22227563
Add trimpath build flag and fix go version to guarantee reproducible build. (#553) 2020-01-16 22:17:03 +01:00
Amir Zarrinkafsh
9b8be0fef0 Remove Travis and promote Buildkite (#545)
* Remove Travis and promote Buildkite

* Add Docker Size badge to README.md

* Call MicroBadger webhook to update metadata for shields

Add updateMicroBadger function and refactor publishDockerReadme to be called explicitly instead of on every deployManifest call.
2020-01-16 21:57:44 +01:00
Amir Zarrinkafsh
5914f96de4
Add git tag back to binary artifact. 2020-01-13 11:30:05 +11:00
Clement Michaud
a823b6368a Remove build time and git tag from binary artifact.
That way it's easy to build a given commit and check whether
it's the same binary than the one published on Github.
2020-01-12 20:17:11 +01:00
Clement Michaud
1deb46778c Prepare changelog for v4.1.0 release. 2020-01-12 20:17:11 +01:00
Amir Zarrinkafsh
072a8c468c Reduce number of Docker layers 2020-01-11 14:25:50 +11:00
James Elliott
242386e279 Force TLS and valid x509 certs in SMTP Notifier by default
- Adjust AUTH LOGIN functionality to be closer to AUTH PLAIN
- Removed: secure (notifier smtp conf) boolean string
- Added: disable_verify_cert (notifier smtp conf) boolean
    - disables X509 validation of certificates
- Added: disable_require_tls (notifier smtp conf) boolean
    - allows emails to be sent over plain text (for non-authenticated only)
- Added: trusted_cert (notifier smtp conf) string (path)
    - allows specifying the path of a PEM format cert to add to trusted cert pool
- Make SMTP notifier return errors on connection over plain text
- Make SMTP notifier return errors on TLS connection with invalid certs
- Implemented various debug logging for the SMTP notifier
- Implemented explicit SMTP closes on errors (previously left con open)
- Split SMTPNotifier Send func to seperate funcs for:
    - writing future test suites and startup checks more easily
    - organization and readability
- Add details of changes to docs/security.yml
- Adjust config.yml's (template and test) for the changes
2020-01-10 17:37:16 +01:00
James Elliott
1ef3485418 Fix duplicate Content-Type header in SMTPNotifier
- SMTPNotifier would send the Content-Type header twice
- Fixes #498
2020-01-10 17:37:16 +01:00
James Elliott
a39245a8e8 Fixed duplicate key in kube example
- rules key was duplicated in the ingress.yml
2020-01-10 17:37:16 +01:00
Amir Zarrinkafsh
6cd79d0c4b Update README.md for HAProxy references 2020-01-10 11:41:01 +01:00
Amir Zarrinkafsh
d4288bd74f Add HAProxy suite to travis 2020-01-10 11:41:01 +01:00
Amir Zarrinkafsh
7dc4ac5cd9 Create a suite for HAProxy 2020-01-10 11:41:01 +01:00
Amir Zarrinkafsh
c60904add7 Revert migration script to ensure data is migrated 2020-01-10 11:33:18 +01:00
Silver Bullet
eeefec2fac Update references to remove hash router
* Update references to remove hash router

In commit 9ae2096, the redirection parameter is changed in the example `nginx.conf`, and also in other places like `internal/middlewares/identity_verification.go`:

```
- link := fmt.Sprintf("%s://%s/#%s?token=%s", ctx.XForwardedProto(),
+ link := fmt.Sprintf("%s://%s%s?token=%s", ctx.XForwardedProto(),
```
2020-01-10 11:33:18 +01:00
Amir Zarrinkafsh
612881ca67 Fix spelling errors 2020-01-10 11:33:18 +01:00
Amir Zarrinkafsh
1b39d28cbe
Optimise Buildkite steps
* Utilise multi-threaded zstd for compression

* Fix container removal on dirty exit

* Optimise build step agents
2020-01-07 22:28:04 +11:00
Amir Zarrinkafsh
e4764ad2cf Separate download and extract steps for reporting 2020-01-07 13:13:41 +11:00
Amir Zarrinkafsh
e97a11a9c1 Utilise zstd for compression 2020-01-07 13:13:41 +11:00
Amir Zarrinkafsh
8b8d0c0037 Shellcheck Buildkite pipeline 2020-01-06 02:20:14 +11:00
Amir Zarrinkafsh
4ca603883a Clean up Dockerfiles 2020-01-06 02:20:14 +11:00
Amir Zarrinkafsh
8dbd3c54fc Cross compile natively from amd64
Reduce reliance on QEMU in order to speed up the pipeline.
2020-01-05 23:37:46 +11:00
Amir Zarrinkafsh
30ddfeab38 Build static Go binary 2020-01-05 16:28:28 +11:00
Amir Zarrinkafsh
58734a9d7a Optimise Travis build and deploy steps
These should only run on the master or tagged branches. This also means that while we are utilising Travis that there aren't long 20-30 blocks waiting on a PR to go green due to the build steps.
2020-01-03 09:01:29 +01:00
mqmq0
d30f999628 Update configuration.md
Fixed the link for you.
2020-01-03 08:59:59 +01:00
Amir Zarrinkafsh
e8ea1d814c Update to Alpine linux 3.11.2 2020-01-02 17:54:47 +11:00
Amir Zarrinkafsh
7f7a3af60c Make Buildkite wait blocks conditional
This is so they do not appear on the Buildkite interface when their subsequent steps will not be executed.
2020-01-01 13:43:02 +11:00
Amir Zarrinkafsh
fd53bbef2d Update QEMU to v4.2.0-2 2019-12-29 22:50:29 +11:00
Amir Zarrinkafsh
e85fc6b1b2 Automatically retry failed integration tests
Default parameters retry on exit_status=* and will retry a single step a maximum of 2 times (3 total with initial failure)
2019-12-29 09:06:25 +11:00
James Elliott
6e946dc859 Added sec warn, more debug logging detail
- Added a warning for users who attempt authentication on servers that don't allow STARTTLS (they are transmitted in plain text)
- Included a note when AUTH fails due to no supported mechanisms including the mechanisms supported (PLAIN and LOGIN)
2019-12-28 09:35:01 +01:00
James Elliott
c4b56a6002 Implement SMTP StartTLS and Adaptive Auth
- If the STARTTLS extension is advertised we automatically STARTTLS before authenticating or sending
- Uses the secure config key to determine if we should verify the cert. By default it does not verify the cert (should not break any configs)
- Attempt auth when the config has a SMTP password and the server supports the AUTH extension and either the PLAIN or LOGIN mechanism
- Check the mechanisms supported by the server and use PLAIN or LOGIN depending on which is supported
- Changed secure key to use boolean values instead of strings
- Arranged SMTP notifier properties/vars to be in the same order
- Log the steps for STARTTLS (debug only)
- Log the steps for AUTH (debug only)
2019-12-28 09:35:01 +01:00
Clement Michaud
716e017521 Add early checks for user hashes. 2019-12-28 09:08:54 +01:00
Clement Michaud
1ee442e86f Improve logs of password hashing to help troubleshoot issues. 2019-12-28 09:08:54 +01:00
Amir Zarrinkafsh
d037fb2728 Allow authelia-scripts to be called in e2etest setup 2019-12-28 09:08:18 +01:00
Amir Zarrinkafsh
2fb20882d9
Utilise Buildkite for Authelia CI/CD (#507)
Publish steps are currently disabled.
2019-12-27 22:07:53 +11:00
Mike Kusold
511b0b3c62 Distribute authelia-scripts in docker image
Building and copying the authelia-scripts binary so that migrations can
easily be ran.
2019-12-24 14:23:02 +11:00
Amir Zarrinkafsh
fabb76754e
Rename org from clems4ever to authelia
Also fix references from config.yml to configuration.yml
2019-12-24 13:14:52 +11:00
Amir Zarrinkafsh
3a330c3383
Move Buildkite CI tooling to new repo 2019-12-23 10:13:17 +11:00
Amir Zarrinkafsh
2d062284d6
Move Buildkite CI tooling to new repo
https://github.com/authelia/buildkite
https://hub.docker.com/r/authelia/buildkite
2019-12-22 05:58:21 +11:00
Amir Zarrinkafsh
3fb84fabc2 Update README.md 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh
90bd13cb4c Add README.md with usage instructions 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh
1f7cf5c172 Example docker-compose.yml for nodes and registrycache 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh
8939ca4f65 Rename abc user to buildkite 2019-12-21 19:13:01 +01:00
Amir Zarrinkafsh
9e7dac1107 Add Buildkite CI tooling 2019-12-21 19:13:01 +01:00
James Elliott
09b4e4e57e Allow blank additional_groups_dn and additional_users_dn
- Make the DN concatenation uniform between both Users and Groups
- Make it possible to use a blank or commented out additional_users_dn or additional_groups_dn for ldap backends
- Fixes #508
2019-12-19 23:29:16 +01:00
James Elliott
f3cf092433 Fix second_factor_method creation length
- mobile_push is 11 characters long, but db init sets it to 10.
2019-12-19 23:27:04 +01:00
James Elliott
a189c28af3 Fix PostgreSQL Update Second Factor Method Pref
- column name is second_factor_method, not method
2019-12-19 23:27:04 +01:00
Clement Michaud
bdf0c07a41 Display correct RemoteIP in logs. 2019-12-11 19:01:16 +01:00
Clement Michaud
4dd6260ac8 Revert "Read X-Real-Ip as the remote IP provided by the proxy."
This reverts commit fccb55f714.

Avoid exposing Authelia to more attacks by only keeping X-Forwarded-For.
2019-12-11 08:29:32 +01:00
Clement Michaud
fccb55f714 Read X-Real-Ip as the remote IP provided by the proxy.
Authelia needs to know with what IP was the request originating in
order to apply network based ACL rules. Authelia already supported
X-Forwarded-For but X-Real-IP is another way to define it. It takes
precedence over X-Forwarded-For.
2019-12-10 23:47:05 +01:00