Templating

Authelia has several methods where users can interact with templates.

Enable Templating#

By default the Notification Templates have templating enabled. To enable templating in configuration files, set the environment variable X_AUTHELIA_CONFIG_FILTERS to template. For more information see Configuration > Methods > Files: File Filters.

Validation / Debugging#

Notifications#

No specific method exists at this time to validate these templates, however a bad template may cause an error before startup.

Configuration#

Two methods exist to validate the config template output:

1. The authelia config template command.
2. The log level value of trace will output the fully rendered configuration as a base64 string.

Functions#

Functions can be used to perform specific actions when executing templates. The following is a simple guide on which functions exist.

Standard Functions#

Go has a set of standard functions which can be used. See the Go Documentation for more information.

Helm-like Functions#

The following functions which mimic the behavior of helm exist in most templating areas:

• env
• expandenv
• split
• splitList
• join
• contains
• hasPrefix
• hasSuffix
• lower
• upper
• title
• trim
• trimAll
• trimSuffix
• trimPrefix
• replace
• quote
• sha1sum
• sha256sum
• sha512sum
• squote
• now
• ago
• toDate
• mustToDate
• date
• dateInZone
• htmlDate
• htmlDateInZone
• duration
• unixEpoch
• keys
• sortAlpha
• b64enc
• b64dec
• b32enc
• b32dec
• list
• dict
• get
• set
• isAbs
• base
• dir
• ext
• clean
• osBase
• osClean
• osDir
• osExt
• osIsAbs
• deepEqual
• typeOf
• typeIs
• typeIsLike
• kindOf
• kindIs
• default
• empty
• indent
• nindent
• uuidv4
• urlquery
• urlunquery (opposite of urlquery)
• fromYaml
• toYaml
• toYamlPretty

See the Helm Documentation for more information. Please note that only the functions listed above are supported and while the intention is to make the functions behave exactly the same they may not necessarily behave exactly the same.

Special Note: The env and expandenv function automatically excludes environment variables that start with AUTHELIA_ or X_AUTHELIA_ and end with one of KEY, SECRET, PASSWORD, TOKEN, or CERTIFICATE_CHAIN.

Special Functions#

The following is a list of special functions and their syntax.

iterate#

This template function takes a single input and is a positive integer. Returns a slice of uints from 0 to the provided input.

mustEnv#

Same as env except if the environment variable is not set it returns an error.

fileContent#

This template function takes a single input and is a string which should be a path. Returns the content of a file.

Example:

example: |
  {{- fileContent "/absolute/path/to/file" | nindent 2 }}  

secret#

Overload for fileContent except that tailing newlines will be removed.

secret example#

example: '{{ secret "/absolute/path/to/file" }}'

mindent#

Similar function to nindent except it skips indenting if there are no newlines, and includes the YAML multiline formatting string provided. Input is in the format of (int, string, string).

mindent example#

Input:

example: {{ secret "/absolute/path/to/file" | mindent 2 "|" | msquote }}

Output (with multiple lines):

example: |
  <content of "/absolute/path/to/file">  

Output (without multiple lines):

example: '<content of "/absolute/path/to/file">'

mquote#

Similar to the quote function except it skips quoting for strings with multiple lines.

See the mindent example for an example usage (just replace msquote with mquote, and the expected quote char is " instead of ').

msquote#

Similar to the squote function except it skips quoting for strings with multiple lines.

See the mindent example for an example usage.

glob#

The glob function takes a single glob pattern argument and returns a list of files that match that pattern.

Examples:

{{ range (glob "/opt/data/*.yml") }}
{{ . }}
{{ end }}

{{ range (walk "/opt/data/*" "" false) }}
{{ fileContent . }}
{{ end }}

walk#

The walk function takes three arguments, path (string), pattern (string), and skipDir (boolean). It’s a function which walks an entire tree of a given path and produces a list of structs with the following spec for every file in that path:

type WalkInfo struct {
  // Path is the relative path of the file or directory.
  Path string

  // AbsolutePath is the absolute file system path of the file or directory.
  AbsolutePath string

  // Name is the file or directory name.
  Name string

  // Size is the size in bytes of the file or directory.
  Size int64

  // Mode is the os.FileMode of the file or directory.
  Mode os.FileMode

  // Modified is time.Time that the file or directory was last modified.
  Modified time.Time

  // IsDir is truthy if this is a directory otherwise it is not.
  IsDir bool
}

The path must be defined and must be a valid file path.

If pattern is defined it must be a valid go regex pattern and the full file path and name is evaluated against the pattern.

If skipDir is true any directories will be removed from the results.

Examples:

{{ range (walk "/opt/data" "" false) }}
{{ .AbsolutePath }}
{{ end }}

{{ range (walk "/opt/data" "" false) }}
  {{ if not .IsDir }}
{{ fileContent .AbsolutePath }}
  {{- end }}
{{ end }}

{{ range (walk "/opt/data" "^.*\.yml" false) }}
{{ .AbsolutePath }}
{{ end }}

{{ range (walk "/opt/data" "^.*\.yml" false) }}
  {{ if not .IsDir }}
{{ fileContent .AbsolutePath }}
  {{- end }}
{{ end }}

toYamlCustom#

Converts an object into a YAML string with custom space indentation. Takes two inputs the first being the same as toYaml the second being the number of spaces to indent the YAML with.