diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2025-03-09 01:53:44 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-09 01:53:44 +1100 |
| commit | 9241731a4dd5592b4a02b5352c903b4d06b6f4ab (patch) | |
| tree | 5184b98751912a261ff70fd8721b9cd4f1c98f1e /experimental/embed/config_test.go | |
| parent | bbcb38ab9ff35e69d5d52a71ab56346749f5e8b1 (diff) | |
feat(embed): make authelia embedable (#8841)
This adds a highly experimental option for developers looking to embed Authelia within another go binary.
Closes #5803
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Diffstat (limited to 'experimental/embed/config_test.go')
| -rw-r--r-- | experimental/embed/config_test.go | 195 |
1 files changed, 195 insertions, 0 deletions
diff --git a/experimental/embed/config_test.go b/experimental/embed/config_test.go new file mode 100644 index 000000000..eb0ce6e2f --- /dev/null +++ b/experimental/embed/config_test.go @@ -0,0 +1,195 @@ +package embed + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/authelia/authelia/v4/internal/configuration" +) + +func TestNewConfiguration(t *testing.T) { + testCases := []struct { + name string + paths []string + filters []configuration.BytesFilter + keys []string + warnings []string + errors []string + err string + }{ + { + name: "ShouldHandleWebAuthn", + paths: []string{"../../internal/configuration/test_resources/config.webauthn.yml"}, + keys: []string{ + "server.endpoints.rate_limits.reset_password_finish.enable", + "server.endpoints.rate_limits.reset_password_start.enable", + "server.endpoints.rate_limits.second_factor_duo.enable", + "server.endpoints.rate_limits.second_factor_totp.enable", + "server.endpoints.rate_limits.session_elevation_finish.enable", + "server.endpoints.rate_limits.session_elevation_start.enable", + "webauthn.selection_criteria.attachment", + "webauthn.selection_criteria.discoverability", + "webauthn.selection_criteria.user_verification", + }, + warnings: nil, + errors: []string{ + "identity_validation: reset_password: option 'jwt_secret' is required when the reset password functionality isn't disabled", + "authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured", + "access_control: 'default_policy' option 'deny' is invalid: when no rules are specified it must be 'two_factor' or 'one_factor'", + "session: option 'cookies' is required", + "storage: option 'encryption_key' is required", + "storage: configuration for a 'local', 'mysql' or 'postgres' database must be provided", + "notifier: you must ensure either the 'smtp' or 'filesystem' notifier is configured", + }, + }, + { + name: "ShouldHandleConfigWithDefinitions", + paths: []string{"../../internal/configuration/test_resources/config_with_definitions.yml"}, + keys: []string{ + "access_control.default_policy", + "access_control.networks", + "access_control.networks[].name", + "access_control.networks[].networks", + "access_control.rules", + "access_control.rules[].domain", + "access_control.rules[].networks", + "access_control.rules[].policy", + "access_control.rules[].resources", + "access_control.rules[].subject", + "authentication_backend.ldap.additional_groups_dn", + "authentication_backend.ldap.additional_users_dn", + "authentication_backend.ldap.address", + "authentication_backend.ldap.attributes.group_name", + "authentication_backend.ldap.attributes.mail", + "authentication_backend.ldap.attributes.username", + "authentication_backend.ldap.base_dn", + "authentication_backend.ldap.groups_filter", + "authentication_backend.ldap.tls.private_key", + "authentication_backend.ldap.user", + "authentication_backend.ldap.users_filter", + "authentication_backend.refresh_interval", + "definitions.network.lan", + "definitions.user_attributes.example.expression", + "duo_api.hostname", + "duo_api.integration_key", + "log.level", + "notifier.smtp.address", + "notifier.smtp.disable_require_tls", + "notifier.smtp.sender", + "notifier.smtp.username", + "regulation.ban_time", + "regulation.find_time", + "regulation.max_retries", + "server.address", + "server.endpoints.authz.auth-request.authn_strategies", + "server.endpoints.authz.auth-request.authn_strategies[].name", + "server.endpoints.authz.auth-request.implementation", + "server.endpoints.authz.ext-authz.authn_strategies", + "server.endpoints.authz.ext-authz.authn_strategies[].name", + "server.endpoints.authz.ext-authz.implementation", + "server.endpoints.authz.forward-auth.authn_strategies", + "server.endpoints.authz.forward-auth.authn_strategies[].name", + "server.endpoints.authz.forward-auth.implementation", + "server.endpoints.authz.legacy.implementation", + "server.endpoints.rate_limits.reset_password_finish.enable", + "server.endpoints.rate_limits.reset_password_start.enable", + "server.endpoints.rate_limits.second_factor_duo.enable", + "server.endpoints.rate_limits.second_factor_totp.enable", + "server.endpoints.rate_limits.session_elevation_finish.enable", + "server.endpoints.rate_limits.session_elevation_start.enable", + "session.cookies", + "session.cookies[].authelia_url", + "session.cookies[].default_redirection_url", + "session.cookies[].domain", + "session.expiration", + "session.inactivity", + "session.name", + "session.redis.high_availability.sentinel_name", + "session.redis.host", + "session.redis.port", + "storage.mysql.address", + "storage.mysql.database", + "storage.mysql.username", + "totp.issuer", + "webauthn.selection_criteria.discoverability", + "webauthn.selection_criteria.user_verification", + }, + warnings: nil, + errors: []string{ + "duo_api: option 'secret_key' is required when duo is enabled but it's absent", + "identity_validation: reset_password: option 'jwt_secret' is required when the reset password functionality isn't disabled", + "authentication_backend: ldap: option 'password' is required", + "session: option 'secret' is required when using the 'redis' provider", + "storage: option 'encryption_key' is required", + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + t.Run("Individual", func(t *testing.T) { + keys, config, val, err := NewConfiguration(tc.paths, tc.filters) + + assert.Equal(t, tc.keys, keys) + + if tc.err != "" { + assert.EqualError(t, err, tc.err) + assert.Nil(t, config) + } else { + assert.NoError(t, err) + assert.NotNil(t, config) + ValidateConfigurationKeys(keys, val) + ValidateConfiguration(config, val) + } + + require.Len(t, val.Warnings(), len(tc.warnings)) + require.Len(t, val.Errors(), len(tc.errors)) + + for i, err := range val.Warnings() { + assert.EqualError(t, err, tc.warnings[i]) + } + + for i, err := range val.Errors() { + assert.EqualError(t, err, tc.errors[i]) + } + }) + t.Run("Combined", func(t *testing.T) { + keys, config, val, err := NewConfiguration(tc.paths, tc.filters) + + assert.Equal(t, tc.keys, keys) + + if tc.err != "" { + assert.EqualError(t, err, tc.err) + assert.Nil(t, config) + } else { + assert.NoError(t, err) + assert.NotNil(t, config) + ValidateConfigurationAndKeys(config, keys, val) + } + + require.Len(t, val.Warnings(), len(tc.warnings)) + require.Len(t, val.Errors(), len(tc.errors)) + + for i, err := range val.Warnings() { + assert.EqualError(t, err, tc.warnings[i]) + } + + for i, err := range val.Errors() { + assert.EqualError(t, err, tc.errors[i]) + } + }) + }) + } +} + +func TestNewNamedConfigFileFilters(t *testing.T) { + filters, err := NewNamedConfigFileFilters("abc") + assert.Nil(t, filters) + assert.EqualError(t, err, "error occurred loading filters: invalid filter named 'abc'") + + filters, err = NewNamedConfigFileFilters("template") + assert.NotNil(t, filters) + assert.NoError(t, err) +} |