test(suites): caddy (#3305)
parent
1060bcee06
commit
bda87db79c
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
###############################################################
|
||||
# Authelia minimal configuration #
|
||||
###############################################################
|
||||
|
||||
jwt_secret: unsecure_secret
|
||||
|
||||
server:
|
||||
port: 9091
|
||||
asset_path: /config/assets/
|
||||
tls:
|
||||
certificate: /config/ssl/cert.pem
|
||||
key: /config/ssl/key.pem
|
||||
|
||||
log:
|
||||
level: debug
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /config/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
domain: example.com
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
remember_me_duration: 1y
|
||||
|
||||
storage:
|
||||
encryption_key: a_not_so_secure_encryption_key
|
||||
local:
|
||||
path: /config/db.sqlite
|
||||
|
||||
access_control:
|
||||
default_policy: bypass
|
||||
rules:
|
||||
- domain: "public.example.com"
|
||||
policy: bypass
|
||||
- domain: "admin.example.com"
|
||||
policy: two_factor
|
||||
- domain: "secure.example.com"
|
||||
policy: two_factor
|
||||
- domain: "singlefactor.example.com"
|
||||
policy: one_factor
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
host: smtp
|
||||
port: 1025
|
||||
sender: admin@example.com
|
||||
disable_require_tls: true
|
||||
...
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
version: '3'
|
||||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- './Caddy/configuration.yml:/config/configuration.yml:ro'
|
||||
- './Caddy/users.yml:/config/users.yml'
|
||||
- './common/ssl:/config/ssl:ro'
|
||||
...
|
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
john:
|
||||
displayname: "John Doe"
|
||||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
|
||||
email: john.doe@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
|
||||
harry:
|
||||
displayname: "Harry Potter"
|
||||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
|
||||
email: harry.potter@authelia.com
|
||||
groups: []
|
||||
|
||||
bob:
|
||||
displayname: "Bob Dylan"
|
||||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
|
||||
email: bob.dylan@authelia.com
|
||||
groups:
|
||||
- dev
|
||||
|
||||
james:
|
||||
displayname: "James Dean"
|
||||
password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/" # yamllint disable-line rule:line-length
|
||||
email: james.dean@authelia.com
|
||||
...
|
|
@ -0,0 +1,65 @@
|
|||
(tls-transport) {
|
||||
transport http {
|
||||
tls
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
|
||||
:8085 {
|
||||
log
|
||||
reverse_proxy authelia-backend:9091 {
|
||||
import tls-transport
|
||||
}
|
||||
}
|
||||
|
||||
login.example.com:8080 {
|
||||
tls internal
|
||||
log
|
||||
route {
|
||||
reverse_proxy /.well-known/* authelia-backend:9091 {
|
||||
import tls-transport
|
||||
}
|
||||
|
||||
reverse_proxy /api/* authelia-backend:9091 {
|
||||
import tls-transport
|
||||
}
|
||||
|
||||
reverse_proxy /locales/* authelia-backend:9091 {
|
||||
import tls-transport
|
||||
}
|
||||
|
||||
reverse_proxy /jwks.json authelia-backend:9091 {
|
||||
import tls-transport
|
||||
}
|
||||
|
||||
reverse_proxy authelia-frontend:3000 :8085 {
|
||||
lb_policy first
|
||||
lb_try_duration 5s
|
||||
lb_try_interval 250ms
|
||||
|
||||
fail_duration 10s
|
||||
max_fails 1
|
||||
unhealthy_status 5xx
|
||||
unhealthy_request_count 1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
mail.example.com:8080 {
|
||||
tls internal
|
||||
log
|
||||
reverse_proxy smtp:1080
|
||||
}
|
||||
|
||||
*.example.com:8080 {
|
||||
tls internal
|
||||
log
|
||||
forward_auth authelia-backend:9091 {
|
||||
uri /api/verify?rd=https://login.example.com:8080
|
||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||
import tls-transport
|
||||
}
|
||||
|
||||
reverse_proxy /headers httpbin:8000
|
||||
reverse_proxy nginx-backend
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
version: '3'
|
||||
services:
|
||||
caddy:
|
||||
image: caddy:2.5.1-alpine
|
||||
volumes:
|
||||
- ./example/compose/caddy/Caddyfile:/etc/caddy/Caddyfile
|
||||
networks:
|
||||
authelianet:
|
||||
ipv4_address: 192.168.240.100
|
||||
...
|
|
@ -0,0 +1,84 @@
|
|||
package suites
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"time"
|
||||
)
|
||||
|
||||
var caddySuiteName = "Caddy"
|
||||
|
||||
func init() {
|
||||
dockerEnvironment := NewDockerEnvironment([]string{
|
||||
"internal/suites/docker-compose.yml",
|
||||
"internal/suites/Caddy/docker-compose.yml",
|
||||
"internal/suites/example/compose/authelia/docker-compose.backend.{}.yml",
|
||||
"internal/suites/example/compose/authelia/docker-compose.frontend.{}.yml",
|
||||
"internal/suites/example/compose/nginx/backend/docker-compose.yml",
|
||||
"internal/suites/example/compose/caddy/docker-compose.yml",
|
||||
"internal/suites/example/compose/smtp/docker-compose.yml",
|
||||
"internal/suites/example/compose/httpbin/docker-compose.yml",
|
||||
})
|
||||
|
||||
if os.Getenv("CI") == t {
|
||||
dockerEnvironment = NewDockerEnvironment([]string{
|
||||
"internal/suites/docker-compose.yml",
|
||||
"internal/suites/Caddy/docker-compose.yml",
|
||||
"internal/suites/example/compose/authelia/docker-compose.backend.{}.yml",
|
||||
"internal/suites/example/compose/nginx/backend/docker-compose.yml",
|
||||
"internal/suites/example/compose/caddy/docker-compose.yml",
|
||||
"internal/suites/example/compose/smtp/docker-compose.yml",
|
||||
"internal/suites/example/compose/httpbin/docker-compose.yml",
|
||||
})
|
||||
}
|
||||
|
||||
setup := func(suitePath string) error {
|
||||
if err := dockerEnvironment.Up(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return waitUntilAutheliaIsReady(dockerEnvironment, caddySuiteName)
|
||||
}
|
||||
|
||||
displayAutheliaLogs := func() error {
|
||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Println(backendLogs)
|
||||
|
||||
if os.Getenv("CI") != t {
|
||||
frontendLogs, err := dockerEnvironment.Logs("authelia-frontend", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Println(frontendLogs)
|
||||
}
|
||||
|
||||
caddyLogs, err := dockerEnvironment.Logs("caddy", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
fmt.Println(caddyLogs)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
teardown := func(suitePath string) error {
|
||||
err := dockerEnvironment.Down()
|
||||
return err
|
||||
}
|
||||
|
||||
GlobalRegistry.Register(caddySuiteName, Suite{
|
||||
SetUp: setup,
|
||||
SetUpTimeout: 5 * time.Minute,
|
||||
OnSetupTimeout: displayAutheliaLogs,
|
||||
OnError: displayAutheliaLogs,
|
||||
TestTimeout: 2 * time.Minute,
|
||||
TearDown: teardown,
|
||||
TearDownTimeout: 2 * time.Minute,
|
||||
})
|
||||
}
|
|
@ -0,0 +1,39 @@
|
|||
package suites
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
)
|
||||
|
||||
type CaddySuite struct {
|
||||
*RodSuite
|
||||
}
|
||||
|
||||
func NewCaddySuite() *CaddySuite {
|
||||
return &CaddySuite{RodSuite: new(RodSuite)}
|
||||
}
|
||||
|
||||
func (s *CaddySuite) Test1FAScenario() {
|
||||
suite.Run(s.T(), New1FAScenario())
|
||||
}
|
||||
|
||||
func (s *CaddySuite) Test2FAScenario() {
|
||||
suite.Run(s.T(), New2FAScenario())
|
||||
}
|
||||
|
||||
func (s *CaddySuite) TestCustomHeaders() {
|
||||
suite.Run(s.T(), NewCustomHeadersScenario())
|
||||
}
|
||||
|
||||
func (s *CaddySuite) TestResetPasswordScenario() {
|
||||
suite.Run(s.T(), NewResetPasswordScenario())
|
||||
}
|
||||
|
||||
func TestCaddySuite(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("skipping suite test in short mode")
|
||||
}
|
||||
|
||||
suite.Run(t, NewCaddySuite())
|
||||
}
|
Loading…
Reference in New Issue