summaryrefslogtreecommitdiff
path: root/internal/configuration/reader_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/configuration/reader_test.go')
-rw-r--r--internal/configuration/reader_test.go75
1 files changed, 72 insertions, 3 deletions
diff --git a/internal/configuration/reader_test.go b/internal/configuration/reader_test.go
index 8e57bfdc1..95d37acf5 100644
--- a/internal/configuration/reader_test.go
+++ b/internal/configuration/reader_test.go
@@ -4,6 +4,7 @@ import (
"io/ioutil"
"os"
"path"
+ "runtime"
"sort"
"testing"
@@ -27,6 +28,7 @@ func resetEnv() {
_ = os.Unsetenv("AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE")
_ = os.Unsetenv("AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE")
_ = os.Unsetenv("AUTHELIA_SESSION_REDIS_PASSWORD_FILE")
+ _ = os.Unsetenv("AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE")
_ = os.Unsetenv("AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE")
_ = os.Unsetenv("AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE")
}
@@ -49,6 +51,7 @@ func setupEnv(t *testing.T) string {
createTestingTempFile(t, dir, "authentication", "ldap_secret_from_env")
createTestingTempFile(t, dir, "notifier", "smtp_secret_from_env")
createTestingTempFile(t, dir, "redis", "redis_secret_from_env")
+ createTestingTempFile(t, dir, "redis-sentinel", "redis-sentinel_secret_from_env")
createTestingTempFile(t, dir, "mysql", "mysql_secret_from_env")
createTestingTempFile(t, dir, "postgres", "postgres_secret_from_env")
@@ -65,7 +68,56 @@ func TestShouldErrorNoConfigPath(t *testing.T) {
require.EqualError(t, errors[0], "No config file path provided")
}
+func TestShouldErrorSecretNotExist(t *testing.T) {
+ dir := "/path/not/exist"
+
+ require.NoError(t, os.Setenv("AUTHELIA_JWT_SECRET_FILE", dir+"jwt"))
+ require.NoError(t, os.Setenv("AUTHELIA_DUO_API_SECRET_KEY_FILE", dir+"duo"))
+ require.NoError(t, os.Setenv("AUTHELIA_SESSION_SECRET_FILE", dir+"session"))
+ require.NoError(t, os.Setenv("AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE", dir+"authentication"))
+ require.NoError(t, os.Setenv("AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE", dir+"notifier"))
+ require.NoError(t, os.Setenv("AUTHELIA_SESSION_REDIS_PASSWORD_FILE", dir+"redis"))
+ require.NoError(t, os.Setenv("AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE", dir+"redis-sentinel"))
+ require.NoError(t, os.Setenv("AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE", dir+"mysql"))
+ require.NoError(t, os.Setenv("AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE", dir+"postgres"))
+
+ _, errors := Read("./test_resources/config.yml")
+
+ require.Len(t, errors, 12)
+
+ if runtime.GOOS == windows {
+ assert.EqualError(t, errors[0], "error loading secret file (jwt_secret): open /path/not/existjwt: The system cannot find the path specified.")
+ assert.EqualError(t, errors[1], "error loading secret file (session.secret): open /path/not/existsession: The system cannot find the path specified.")
+ assert.EqualError(t, errors[2], "error loading secret file (duo_api.secret_key): open /path/not/existduo: The system cannot find the path specified.")
+ assert.EqualError(t, errors[3], "error loading secret file (session.redis.password): open /path/not/existredis: The system cannot find the path specified.")
+ assert.EqualError(t, errors[4], "error loading secret file (session.redis.high_availability.sentinel_password): open /path/not/existredis-sentinel: The system cannot find the path specified.")
+ assert.EqualError(t, errors[5], "error loading secret file (authentication_backend.ldap.password): open /path/not/existauthentication: The system cannot find the path specified.")
+ assert.EqualError(t, errors[6], "error loading secret file (notifier.smtp.password): open /path/not/existnotifier: The system cannot find the path specified.")
+ assert.EqualError(t, errors[7], "error loading secret file (storage.mysql.password): open /path/not/existmysql: The system cannot find the path specified.")
+ } else {
+ assert.EqualError(t, errors[0], "error loading secret file (jwt_secret): open /path/not/existjwt: no such file or directory")
+ assert.EqualError(t, errors[1], "error loading secret file (session.secret): open /path/not/existsession: no such file or directory")
+ assert.EqualError(t, errors[2], "error loading secret file (duo_api.secret_key): open /path/not/existduo: no such file or directory")
+ assert.EqualError(t, errors[3], "error loading secret file (session.redis.password): open /path/not/existredis: no such file or directory")
+ assert.EqualError(t, errors[4], "error loading secret file (session.redis.high_availability.sentinel_password): open /path/not/existredis-sentinel: no such file or directory")
+ assert.EqualError(t, errors[5], "error loading secret file (authentication_backend.ldap.password): open /path/not/existauthentication: no such file or directory")
+ assert.EqualError(t, errors[6], "error loading secret file (notifier.smtp.password): open /path/not/existnotifier: no such file or directory")
+ assert.EqualError(t, errors[7], "error loading secret file (storage.mysql.password): open /path/not/existmysql: no such file or directory")
+ }
+
+ assert.EqualError(t, errors[8], "Provide a JWT secret using \"jwt_secret\" key")
+ assert.EqualError(t, errors[9], "Please provide a password to connect to the LDAP server")
+ assert.EqualError(t, errors[10], "The session secret must be set when using the redis sentinel session provider")
+ assert.EqualError(t, errors[11], "the SQL username and password must be provided")
+}
+
func TestShouldErrorPermissionsOnLocalFS(t *testing.T) {
+ if runtime.GOOS == windows {
+ t.Skip("skipping test due to being on windows")
+ }
+
+ resetEnv()
+
_ = os.Mkdir("/tmp/noperms/", 0000)
_, errors := Read("/tmp/noperms/configuration.yml")
@@ -88,12 +140,23 @@ func TestShouldErrorAndGenerateConfigFile(t *testing.T) {
}
func TestShouldErrorPermissionsConfigFile(t *testing.T) {
+ resetEnv()
+
_ = ioutil.WriteFile("/tmp/authelia/permissions.yml", []byte{}, 0000) // nolint:gosec
_, errors := Read("/tmp/authelia/permissions.yml")
- require.Len(t, errors, 1)
-
- require.EqualError(t, errors[0], "Failed to open /tmp/authelia/permissions.yml: permission denied")
+ if runtime.GOOS == windows {
+ require.Len(t, errors, 5)
+ assert.EqualError(t, errors[0], "Provide a JWT secret using \"jwt_secret\" key")
+ assert.EqualError(t, errors[1], "Please provide `ldap` or `file` object in `authentication_backend`")
+ assert.EqualError(t, errors[2], "Set domain of the session object")
+ assert.EqualError(t, errors[3], "A storage configuration must be provided. It could be 'local', 'mysql' or 'postgres'")
+ assert.EqualError(t, errors[4], "A notifier configuration must be provided")
+ } else {
+ require.Len(t, errors, 1)
+
+ assert.EqualError(t, errors[0], "Failed to open /tmp/authelia/permissions.yml: permission denied")
+ }
}
func TestShouldErrorParseBadConfigFile(t *testing.T) {
@@ -113,6 +176,7 @@ func TestShouldParseConfigFile(t *testing.T) {
require.NoError(t, os.Setenv("AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE", dir+"authentication"))
require.NoError(t, os.Setenv("AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE", dir+"notifier"))
require.NoError(t, os.Setenv("AUTHELIA_SESSION_REDIS_PASSWORD_FILE", dir+"redis"))
+ require.NoError(t, os.Setenv("AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE", dir+"redis-sentinel"))
require.NoError(t, os.Setenv("AUTHELIA_STORAGE_MYSQL_PASSWORD_FILE", dir+"mysql"))
require.NoError(t, os.Setenv("AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE", dir+"postgres"))
@@ -134,10 +198,15 @@ func TestShouldParseConfigFile(t *testing.T) {
assert.Equal(t, "ldap_secret_from_env", config.AuthenticationBackend.Ldap.Password)
assert.Equal(t, "smtp_secret_from_env", config.Notifier.SMTP.Password)
assert.Equal(t, "redis_secret_from_env", config.Session.Redis.Password)
+ assert.Equal(t, "redis-sentinel_secret_from_env", config.Session.Redis.HighAvailability.SentinelPassword)
assert.Equal(t, "mysql_secret_from_env", config.Storage.MySQL.Password)
assert.Equal(t, "deny", config.AccessControl.DefaultPolicy)
assert.Len(t, config.AccessControl.Rules, 12)
+
+ require.NotNil(t, config.Session)
+ require.NotNil(t, config.Session.Redis)
+ require.NotNil(t, config.Session.Redis.HighAvailability)
}
func TestShouldParseAltConfigFile(t *testing.T) {