authelia/internal/configuration/reader.go

package configuration

import (
	"errors"
	"fmt"
	"io/ioutil"
	"os"
	"strings"

	"github.com/spf13/viper"
	"gopkg.in/yaml.v2"

	"github.com/authelia/authelia/internal/configuration/schema"
	"github.com/authelia/authelia/internal/configuration/validator"
)

// Read a YAML configuration and create a Configuration object out of it.
func Read(configPath string) (*schema.Configuration, []error) {
	if configPath == "" {
		return nil, []error{errors.New("No config file path provided")}
	}

	_, err := os.Stat(configPath)
	if err != nil {
		return nil, []error{fmt.Errorf("Unable to find config file: %v", configPath)}
	}

	file, err := ioutil.ReadFile(configPath)
	if err != nil {
		return nil, []error{fmt.Errorf("Failed to %v", err)}
	}

	var data interface{}

	err = yaml.Unmarshal(file, &data)
	if err != nil {
		return nil, []error{fmt.Errorf("Error malformed %v", err)}
	}

	viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))

	viper.BindEnv("authelia.jwt_secret.file")                           //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
	viper.BindEnv("authelia.duo_api.secret_key.file")                   //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
	viper.BindEnv("authelia.session.secret.file")                       //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
	viper.BindEnv("authelia.authentication_backend.ldap.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
	viper.BindEnv("authelia.notifier.smtp.password.file")               //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
	viper.BindEnv("authelia.session.redis.password.file")               //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
	viper.BindEnv("authelia.storage.mysql.password.file")               //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.
	viper.BindEnv("authelia.storage.postgres.password.file")            //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.

	viper.SetConfigFile(configPath)

	_ = viper.ReadInConfig()

	var configuration schema.Configuration

	viper.Unmarshal(&configuration) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.

	val := schema.NewStructValidator()
	validator.ValidateSecrets(&configuration, val, viper.GetViper())
	validator.ValidateConfiguration(&configuration, val)
	validator.ValidateKeys(val, viper.AllKeys())

	if val.HasErrors() {
		return nil, val.Errors()
	}

	return &configuration, nil
}
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`package configuration`

			`import (`
[MISC] Catch and warn on malformed configuration yaml (#1089) If the configuration yaml is poorly indented or special values are not appropriately escaped Authelia attempts to load said configuration and fails. This attempts to unmarshal the config into an empty interface to catch and warn on malformed yaml. Using the example from issue https://github.com/authelia/authelia/issues/1053#issuecomment-634791662 ```yaml host: 0.0.0.0 port: 9091 log_level: debug jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU default_redirection_url: example.com totp: issuer: example.com period: 30 skew: 1 authentication_backend: file: path: /etc/authelia/users_database.yml access_control: default_policy: deny rules: - domain: example.com policy: bypass - domain: "*.example.com" policy: one_factor session: name: authelia_session secret: TVPMIcDFbBwhnW3kLJzKhdjeHhtqisr7m28FgRY8oLh2A4lwuV2jV2ZGdGbh4aa expiration: 3600 inactivity: 300 domain: example.com regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: example.com port: 3306 database: authelia username: authelia password: example.com notifier: smtp: username: example.com password: example.com host: smtp.gmail.com port: 465 sender: example.com ``` We would actually get a more meaningful error which helps pinpoint the issue: `Error malformed yaml: line 23: did not find expected alphabetic or numeric character` 2020-06-08 22:22:41 +00:00			`"errors"`
Introduce viper in order to read secrets from env variables. 2020-01-21 20:56:44 +00:00			`"fmt"`
[MISC] Catch and warn on malformed configuration yaml (#1089) If the configuration yaml is poorly indented or special values are not appropriately escaped Authelia attempts to load said configuration and fails. This attempts to unmarshal the config into an empty interface to catch and warn on malformed yaml. Using the example from issue https://github.com/authelia/authelia/issues/1053#issuecomment-634791662 ```yaml host: 0.0.0.0 port: 9091 log_level: debug jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU default_redirection_url: example.com totp: issuer: example.com period: 30 skew: 1 authentication_backend: file: path: /etc/authelia/users_database.yml access_control: default_policy: deny rules: - domain: example.com policy: bypass - domain: "*.example.com" policy: one_factor session: name: authelia_session secret: TVPMIcDFbBwhnW3kLJzKhdjeHhtqisr7m28FgRY8oLh2A4lwuV2jV2ZGdGbh4aa expiration: 3600 inactivity: 300 domain: example.com regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: example.com port: 3306 database: authelia username: authelia password: example.com notifier: smtp: username: example.com password: example.com host: smtp.gmail.com port: 465 sender: example.com ``` We would actually get a more meaningful error which helps pinpoint the issue: `Error malformed yaml: line 23: did not find expected alphabetic or numeric character` 2020-06-08 22:22:41 +00:00			`"io/ioutil"`
			`"os"`
Introduce viper in order to read secrets from env variables. 2020-01-21 20:56:44 +00:00			`"strings"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go 2020-04-05 12:37:21 +00:00			`"github.com/spf13/viper"`
[MISC] Catch and warn on malformed configuration yaml (#1089) If the configuration yaml is poorly indented or special values are not appropriately escaped Authelia attempts to load said configuration and fails. This attempts to unmarshal the config into an empty interface to catch and warn on malformed yaml. Using the example from issue https://github.com/authelia/authelia/issues/1053#issuecomment-634791662 ```yaml host: 0.0.0.0 port: 9091 log_level: debug jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU default_redirection_url: example.com totp: issuer: example.com period: 30 skew: 1 authentication_backend: file: path: /etc/authelia/users_database.yml access_control: default_policy: deny rules: - domain: example.com policy: bypass - domain: "*.example.com" policy: one_factor session: name: authelia_session secret: TVPMIcDFbBwhnW3kLJzKhdjeHhtqisr7m28FgRY8oLh2A4lwuV2jV2ZGdGbh4aa expiration: 3600 inactivity: 300 domain: example.com regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: example.com port: 3306 database: authelia username: authelia password: example.com notifier: smtp: username: example.com password: example.com host: smtp.gmail.com port: 465 sender: example.com ``` We would actually get a more meaningful error which helps pinpoint the issue: `Error malformed yaml: line 23: did not find expected alphabetic or numeric character` 2020-06-08 22:22:41 +00:00			`"gopkg.in/yaml.v2"`
[MISC] Update durations to notation format and housekeeping (#824) * added regulation validator * made regulations find_time and ban_time values duration notation strings * added DefaultRegulationConfiguration for the validator * made session expiration and inactivity values duration notation strings * TOTP period does not need to be converted because adjustment should be discouraged * moved TOTP defaults to DefaultTOTPConfiguration and removed the consts * arranged the root config validator in configuration file order * adjusted tests for the changes * moved duration notation docs to root of configuration * added references to duration notation where applicable * project wide gofmt and goimports: * run gofmt * run goimports -local github.com/authelia/authelia -w on all files * Make jwt_secret error uniform and add tests * now at 100% coverage for internal/configuration/validator/configuration.go 2020-04-05 12:37:21 +00:00
Rename org from clems4ever to authelia Also fix references from config.yml to configuration.yml 2019-12-24 02:14:52 +00:00			`"github.com/authelia/authelia/internal/configuration/schema"`
			`"github.com/authelia/authelia/internal/configuration/validator"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`)`

			`// Read a YAML configuration and create a Configuration object out of it.`
			`func Read(configPath string) (*schema.Configuration, []error) {`
[MISC] Catch and warn on malformed configuration yaml (#1089) If the configuration yaml is poorly indented or special values are not appropriately escaped Authelia attempts to load said configuration and fails. This attempts to unmarshal the config into an empty interface to catch and warn on malformed yaml. Using the example from issue https://github.com/authelia/authelia/issues/1053#issuecomment-634791662 ```yaml host: 0.0.0.0 port: 9091 log_level: debug jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU default_redirection_url: example.com totp: issuer: example.com period: 30 skew: 1 authentication_backend: file: path: /etc/authelia/users_database.yml access_control: default_policy: deny rules: - domain: example.com policy: bypass - domain: "*.example.com" policy: one_factor session: name: authelia_session secret: TVPMIcDFbBwhnW3kLJzKhdjeHhtqisr7m28FgRY8oLh2A4lwuV2jV2ZGdGbh4aa expiration: 3600 inactivity: 300 domain: example.com regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: example.com port: 3306 database: authelia username: authelia password: example.com notifier: smtp: username: example.com password: example.com host: smtp.gmail.com port: 465 sender: example.com ``` We would actually get a more meaningful error which helps pinpoint the issue: `Error malformed yaml: line 23: did not find expected alphabetic or numeric character` 2020-06-08 22:22:41 +00:00			`if configPath == "" {`
			`return nil, []error{errors.New("No config file path provided")}`
			`}`

			`_, err := os.Stat(configPath)`
			`if err != nil {`
			`return nil, []error{fmt.Errorf("Unable to find config file: %v", configPath)}`
			`}`

			`file, err := ioutil.ReadFile(configPath)`
			`if err != nil {`
			`return nil, []error{fmt.Errorf("Failed to %v", err)}`
			`}`

			`var data interface{}`

			`err = yaml.Unmarshal(file, &data)`
			`if err != nil {`
			`return nil, []error{fmt.Errorf("Error malformed %v", err)}`
			`}`

Introduce viper in order to read secrets from env variables. 2020-01-21 20:56:44 +00:00			`viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))`
Bind secret environment variable to allow unmarshalling. 2020-01-21 22:02:03 +00:00
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes 2020-04-23 01:11:32 +00:00			`viper.BindEnv("authelia.jwt_secret.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
			`viper.BindEnv("authelia.duo_api.secret_key.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
			`viper.BindEnv("authelia.session.secret.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
			`viper.BindEnv("authelia.authentication_backend.ldap.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
			`viper.BindEnv("authelia.notifier.smtp.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
			`viper.BindEnv("authelia.session.redis.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
			`viper.BindEnv("authelia.storage.mysql.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
			`viper.BindEnv("authelia.storage.postgres.password.file") //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
Introduce viper in order to read secrets from env variables. 2020-01-21 20:56:44 +00:00			`viper.SetConfigFile(configPath)`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
[MISC] Catch and warn on malformed configuration yaml (#1089) If the configuration yaml is poorly indented or special values are not appropriately escaped Authelia attempts to load said configuration and fails. This attempts to unmarshal the config into an empty interface to catch and warn on malformed yaml. Using the example from issue https://github.com/authelia/authelia/issues/1053#issuecomment-634791662 ```yaml host: 0.0.0.0 port: 9091 log_level: debug jwt_secret: RUtG9TnbXrOl1XLLmDgySw1DGgx9QcrtepIf1uDDBlBVKFZxkVBruYKBi32PvaU default_redirection_url: example.com totp: issuer: example.com period: 30 skew: 1 authentication_backend: file: path: /etc/authelia/users_database.yml access_control: default_policy: deny rules: - domain: example.com policy: bypass - domain: "*.example.com" policy: one_factor session: name: authelia_session secret: TVPMIcDFbBwhnW3kLJzKhdjeHhtqisr7m28FgRY8oLh2A4lwuV2jV2ZGdGbh4aa expiration: 3600 inactivity: 300 domain: example.com regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: example.com port: 3306 database: authelia username: authelia password: example.com notifier: smtp: username: example.com password: example.com host: smtp.gmail.com port: 465 sender: example.com ``` We would actually get a more meaningful error which helps pinpoint the issue: `Error malformed yaml: line 23: did not find expected alphabetic or numeric character` 2020-06-08 22:22:41 +00:00			`_ = viper.ReadInConfig()`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
Introduce viper in order to read secrets from env variables. 2020-01-21 20:56:44 +00:00			`var configuration schema.Configuration`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-05 19:35:32 +00:00
[MISC] Ignore errcheck recommendations for legacy code (#893) * [MISC] Ignore errcheck recommendations for legacy code Some of this is likely intended to stay how it is, some could use refactoring, for now we will mark is and ignore it from the linter to be potentially addressed in the future. * [MISC] Ensure files are gofmt-ed 2020-04-22 03:33:14 +00:00			`viper.Unmarshal(&configuration) //nolint:errcheck // TODO: Legacy code, consider refactoring time permitting.`
Introduce viper in order to read secrets from env variables. 2020-01-21 20:56:44 +00:00
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`val := schema.NewStructValidator()`
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes 2020-04-23 01:11:32 +00:00			`validator.ValidateSecrets(&configuration, val, viper.GetViper())`
			`validator.ValidateConfiguration(&configuration, val)`
[FEATURE] Config Validation (#901) * [FEATURE] Config Validation * check configuration for invalid keys on startup * allow users to manually trigger all configuration validation on a file using a cmd * setup all defaults in config template and run tests against it to prevent accidents * use tests to check bad configuration values are caught * use tests to check old configuration values are caught * add tests for specific key errors * resolve merge conflicts * nolint prealloc for test 2020-04-23 01:47:27 +00:00			`validator.ValidateKeys(val, viper.AllKeys())`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00
			`if val.HasErrors() {`
			`return nil, val.Errors()`
			`}`

Introduce viper in order to read secrets from env variables. 2020-01-21 20:56:44 +00:00			`return &configuration, nil`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-24 21:52:08 +00:00			`}`