test(suites): caddy (#3305)

internal/suites/Caddy/configuration.yml

@@ -0,0 +1,52 @@
+---
+###############################################################
+#                Authelia minimal configuration               #
+###############################################################
+
+jwt_secret: unsecure_secret
+
+server:
+  port: 9091
+  asset_path: /config/assets/
+  tls:
+    certificate: /config/ssl/cert.pem
+    key: /config/ssl/key.pem
+
+log:
+  level: debug
+
+authentication_backend:
+  file:
+    path: /config/users.yml
+
+session:
+  secret: unsecure_session_secret
+  domain: example.com
+  expiration: 3600  # 1 hour
+  inactivity: 300  # 5 minutes
+  remember_me_duration: 1y
+
+storage:
+  encryption_key: a_not_so_secure_encryption_key
+  local:
+    path: /config/db.sqlite
+
+access_control:
+  default_policy: bypass
+  rules:
+    - domain: "public.example.com"
+      policy: bypass
+    - domain: "admin.example.com"
+      policy: two_factor
+    - domain: "secure.example.com"
+      policy: two_factor
+    - domain: "singlefactor.example.com"
+      policy: one_factor
+
+notifier:
+  smtp:
+    host: smtp
+    port: 1025
+    sender: admin@example.com
+    disable_require_tls: true
+...

internal/suites/Caddy/docker-compose.yml

@@ -0,0 +1,9 @@
+---
+version: '3'
+services:
+  authelia-backend:
+    volumes:
+      - './Caddy/configuration.yml:/config/configuration.yml:ro'
+      - './Caddy/users.yml:/config/users.yml'
+      - './common/ssl:/config/ssl:ro'
+...

internal/suites/Caddy/users.yml

@@ -0,0 +1,35 @@
+---
+###############################################################
+#                         Users Database                      #
+###############################################################
+
+# This file can be used if you do not have an LDAP set up.
+
+# List of users
+users:
+  john:
+    displayname: "John Doe"
+    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"  # yamllint disable-line rule:line-length
+    email: john.doe@authelia.com
+    groups:
+      - admins
+      - dev
+
+  harry:
+    displayname: "Harry Potter"
+    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"  # yamllint disable-line rule:line-length
+    email: harry.potter@authelia.com
+    groups: []
+
+  bob:
+    displayname: "Bob Dylan"
+    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"  # yamllint disable-line rule:line-length
+    email: bob.dylan@authelia.com
+    groups:
+      - dev
+
+  james:
+    displayname: "James Dean"
+    password: "$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"  # yamllint disable-line rule:line-length
+    email: james.dean@authelia.com
+...

internal/suites/example/compose/caddy/Caddyfile

@@ -0,0 +1,65 @@
+(tls-transport) {
+	transport http {
+		tls
+		tls_insecure_skip_verify
+	}
+}
+
+:8085 {
+	log
+	reverse_proxy authelia-backend:9091 {
+		import tls-transport
+	}
+}
+
+login.example.com:8080 {
+	tls internal
+	log
+	route {
+		reverse_proxy /.well-known/* authelia-backend:9091 {
+			import tls-transport
+		}
+
+		reverse_proxy /api/* authelia-backend:9091 {
+			import tls-transport
+		}
+
+		reverse_proxy /locales/* authelia-backend:9091 {
+			import tls-transport
+		}
+
+		reverse_proxy /jwks.json authelia-backend:9091 {
+			import tls-transport
+		}
+
+		reverse_proxy authelia-frontend:3000 :8085 {
+			lb_policy first
+			lb_try_duration 5s
+			lb_try_interval 250ms
+
+			fail_duration 10s
+			max_fails 1
+			unhealthy_status 5xx
+			unhealthy_request_count 1
+		}
+	}
+}
+
+mail.example.com:8080 {
+	tls internal
+	log
+	reverse_proxy smtp:1080
+}
+
+*.example.com:8080 {
+	tls internal
+	log
+	forward_auth authelia-backend:9091 {
+		uri /api/verify?rd=https://login.example.com:8080
+		copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
+		import tls-transport
+	}
+
+	reverse_proxy /headers httpbin:8000
+	reverse_proxy nginx-backend
+}

internal/suites/example/compose/caddy/docker-compose.yml

@@ -0,0 +1,11 @@
+---
+version: '3'
+services:
+  caddy:
+    image: caddy:2.5.1-alpine
+    volumes:
+      - ./example/compose/caddy/Caddyfile:/etc/caddy/Caddyfile
+    networks:
+      authelianet:
+        ipv4_address: 192.168.240.100
+...

internal/suites/suite_caddy.go

@@ -0,0 +1,84 @@
+package suites
+
+import (
+	"fmt"
+	"os"
+	"time"
+)
+
+var caddySuiteName = "Caddy"
+
+func init() {
+	dockerEnvironment := NewDockerEnvironment([]string{
+		"internal/suites/docker-compose.yml",
+		"internal/suites/Caddy/docker-compose.yml",
+		"internal/suites/example/compose/authelia/docker-compose.backend.{}.yml",
+		"internal/suites/example/compose/authelia/docker-compose.frontend.{}.yml",
+		"internal/suites/example/compose/nginx/backend/docker-compose.yml",
+		"internal/suites/example/compose/caddy/docker-compose.yml",
+		"internal/suites/example/compose/smtp/docker-compose.yml",
+		"internal/suites/example/compose/httpbin/docker-compose.yml",
+	})
+
+	if os.Getenv("CI") == t {
+		dockerEnvironment = NewDockerEnvironment([]string{
+			"internal/suites/docker-compose.yml",
+			"internal/suites/Caddy/docker-compose.yml",
+			"internal/suites/example/compose/authelia/docker-compose.backend.{}.yml",
+			"internal/suites/example/compose/nginx/backend/docker-compose.yml",
+			"internal/suites/example/compose/caddy/docker-compose.yml",
+			"internal/suites/example/compose/smtp/docker-compose.yml",
+			"internal/suites/example/compose/httpbin/docker-compose.yml",
+		})
+	}
+
+	setup := func(suitePath string) error {
+		if err := dockerEnvironment.Up(); err != nil {
+			return err
+		}
+
+		return waitUntilAutheliaIsReady(dockerEnvironment, caddySuiteName)
+	}
+
+	displayAutheliaLogs := func() error {
+		backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println(backendLogs)
+
+		if os.Getenv("CI") != t {
+			frontendLogs, err := dockerEnvironment.Logs("authelia-frontend", nil)
+			if err != nil {
+				return err
+			}
+
+			fmt.Println(frontendLogs)
+		}
+
+		caddyLogs, err := dockerEnvironment.Logs("caddy", nil)
+		if err != nil {
+			return err
+		}
+
+		fmt.Println(caddyLogs)
+
+		return nil
+	}
+
+	teardown := func(suitePath string) error {
+		err := dockerEnvironment.Down()
+		return err
+	}
+
+	GlobalRegistry.Register(caddySuiteName, Suite{
+		SetUp:           setup,
+		SetUpTimeout:    5 * time.Minute,
+		OnSetupTimeout:  displayAutheliaLogs,
+		OnError:         displayAutheliaLogs,
+		TestTimeout:     2 * time.Minute,
+		TearDown:        teardown,
+		TearDownTimeout: 2 * time.Minute,
+	})
+}

internal/suites/suite_caddy_test.go

@@ -0,0 +1,39 @@
+package suites
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+)
+
+type CaddySuite struct {
+	*RodSuite
+}
+
+func NewCaddySuite() *CaddySuite {
+	return &CaddySuite{RodSuite: new(RodSuite)}
+}
+
+func (s *CaddySuite) Test1FAScenario() {
+	suite.Run(s.T(), New1FAScenario())
+}
+
+func (s *CaddySuite) Test2FAScenario() {
+	suite.Run(s.T(), New2FAScenario())
+}
+
+func (s *CaddySuite) TestCustomHeaders() {
+	suite.Run(s.T(), NewCustomHeadersScenario())
+}
+
+func (s *CaddySuite) TestResetPasswordScenario() {
+	suite.Run(s.T(), NewResetPasswordScenario())
+}
+
+func TestCaddySuite(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping suite test in short mode")
+	}
+
+	suite.Run(t, NewCaddySuite())
+}