[FEATURE] Docker simplification and configuration generation (#1113)

* [FEATURE] Docker simplification and configuration generation
The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template.

This will allow more seamless bootstrapping of an environment no matter the deployment method.

We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment.

Users with the old volume mappings have two options:
1. Change their mappings to conform to `/config`
2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping

* Adjust paths relative to `/etc/authelia` and simplify to single volume for compose
* Add generation for file backend based user database
* Refactor Docker volumes and paths to /config
* Refactor Docker WORKDIR to /app
* Fix integration tests
* Update BREAKING.md for v4.20.0
* Run go mod tidy
* Fix log_file_path in miscellaneous.md docs
* Generate config and userdb with 0600 permissions
* Fix log_file_path in config.template.yml

1 files changed, 37 insertions, 0 deletions

diff --git a/internal/authentication/file_user_provider_test.go b/internal/authentication/file_user_provider_test.go
index 2c9dbe1ff..7ce16def4 100644
--- a/internal/authentication/file_user_provider_test.go
+++ b/internal/authentication/file_user_provider_test.go
@@ -7,7 +7,9 @@ import (
 	"strings"
 	"testing"
 
+	"aletheia.icu/broccoli/fs"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/authelia/authelia/internal/configuration/schema"
 )
@@ -32,6 +34,41 @@ func WithDatabase(content []byte, f func(path string)) {
 	}
 }
 
+func TestShouldErrorNoUserDBInEmbeddedFS(t *testing.T) {
+	oldCfg := cfg
+	cfg = fs.New(false, []byte("\x1b~\x00\x80\x8d\x94n\xc2|\x84J\xf7\xbfn\xfd\xf7w;.\x8d m\xb2&\xd1Z\xec\xb2\x05\xb9\xc00\x8a\xf7(\x80^78\t(\f\f\xc3p\xc2\xc1\x06[a\xa2\xb3\xa4P\xe5\xa14\xfb\x19\xb2cp\xf6\x90-Z\xb2\x11\xe0l\xa1\x80\\\x95Vh\t\xc5\x06\x16\xfa\x8c\xc0\"!\xa5\xcf\xf7$\x9a\xb2\a`\xc6\x18\xc8~\xce8\r\x16Z\x9d\xc3\xe3\xff\x00"))
+	errors := checkDatabase("./nonexistent.yml")
+	cfg = oldCfg
+
+	require.Len(t, errors, 3)
+
+	require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
+	require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
+	require.EqualError(t, errors[2], "Unable to open users_database.template.yml: file does not exist")
+}
+
+func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
+	_ = os.Mkdir("/tmp/noperms/", 0000)
+	errors := checkDatabase("/tmp/noperms/users_database.yml")
+
+	require.Len(t, errors, 3)
+
+	require.EqualError(t, errors[0], "Unable to find database file: /tmp/noperms/users_database.yml")
+	require.EqualError(t, errors[1], "Generating database file: /tmp/noperms/users_database.yml")
+	require.EqualError(t, errors[2], "Unable to generate /tmp/noperms/users_database.yml: open /tmp/noperms/users_database.yml: permission denied")
+}
+
+func TestShouldErrorAndGenerateUserDB(t *testing.T) {
+	errors := checkDatabase("./nonexistent.yml")
+	_ = os.Remove("./nonexistent.yml")
+
+	require.Len(t, errors, 3)
+
+	require.EqualError(t, errors[0], "Unable to find database file: ./nonexistent.yml")
+	require.EqualError(t, errors[1], "Generating database file: ./nonexistent.yml")
+	require.EqualError(t, errors[2], "Generated database at: ./nonexistent.yml")
+}
+
 func TestShouldCheckUserArgon2idPasswordIsCorrect(t *testing.T) {
 	WithDatabase(UserDatabaseContent, func(path string) {
 		config := DefaultFileAuthenticationBackendConfiguration