From 85640d402f6ed6c7f89e53481cd8ef63318a88cf Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 6 Aug 2022 00:24:49 +0200 Subject: [PATCH] internal: fix race conditions when accessing settings before bootstrap Signed-off-by: Jens Langhammer --- authentik/lib/default.yml | 1 + cmd/server/main.go | 2 +- go.mod | 1 - go.sum | 3 --- internal/config/config.go | 28 +++++++++++----------------- internal/config/struct.go | 30 ++++++++++++++++++------------ 6 files changed, 31 insertions(+), 34 deletions(-) diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 3ef5b6193..5fd47caed 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -56,6 +56,7 @@ outposts: # %(build_hash)s: Build hash if you're running a beta version container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s discover: true + disable_embedded_outpost: false ldap: tls: diff --git a/cmd/server/main.go b/cmd/server/main.go index 59dfff58d..a013af2e0 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -61,7 +61,7 @@ func main() { g := gounicorn.NewGoUnicorn() ws := web.NewWebServer(g) g.HealthyCallback = func() { - if !config.Get().DisableEmbeddedOutpost { + if !config.Get().Outposts.DisableEmbeddedOutpost { go attemptProxyStart(ws, u) } } diff --git a/go.mod b/go.mod index 8133f0a5b..6e172b55a 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,6 @@ require ( github.com/gorilla/securecookie v1.1.1 github.com/gorilla/sessions v1.2.1 github.com/gorilla/websocket v1.5.0 - github.com/imdario/mergo v0.3.13 github.com/jellydator/ttlcache/v3 v3.0.0 github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba diff --git a/go.sum b/go.sum index 2a254c066..58731cd17 100644 --- a/go.sum +++ b/go.sum @@ -221,8 +221,6 @@ github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk= -github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4= github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4= @@ -675,7 +673,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/config/config.go b/internal/config/config.go index 74e25e85e..7a49ceb15 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -9,7 +9,6 @@ import ( "strings" env "github.com/Netflix/go-env" - "github.com/imdario/mergo" log "github.com/sirupsen/logrus" "gopkg.in/yaml.v2" ) @@ -18,8 +17,9 @@ var cfg *Config func Get() *Config { if cfg == nil { - cfg = defaultConfig() - cfg.Setup() + c := defaultConfig() + c.Setup() + cfg = c } return cfg } @@ -28,10 +28,12 @@ func defaultConfig() *Config { return &Config{ Debug: false, Listen: ListenConfig{ - HTTP: "localhost:9000", - HTTPS: "localhost:9443", - LDAP: "localhost:3389", - LDAPS: "localhost:6636", + HTTP: "0.0.0.0:9000", + HTTPS: "0.0.0.0:9443", + LDAP: "0.0.0.0:3389", + LDAPS: "0.0.0.0:6636", + Metrics: "0.0.0.0:9300", + Debug: "0.0.0.0:9900", }, Paths: PathsConfig{ Media: "./media", @@ -64,28 +66,20 @@ func (c *Config) LoadConfig(path string) error { if err != nil { return fmt.Errorf("Failed to load config file: %w", err) } - nc := Config{} - err = yaml.Unmarshal(raw, &nc) + err = yaml.Unmarshal(raw, c) if err != nil { return fmt.Errorf("Failed to parse YAML: %w", err) } - if err := mergo.Merge(c, nc, mergo.WithOverride); err != nil { - return fmt.Errorf("failed to overlay config: %w", err) - } c.walkScheme(c) log.WithField("path", path).Debug("Loaded config") return nil } func (c *Config) fromEnv() error { - nc := Config{} - _, err := env.UnmarshalFromEnviron(&nc) + _, err := env.UnmarshalFromEnviron(c) if err != nil { return fmt.Errorf("failed to load environment variables: %w", err) } - if err := mergo.Merge(c, nc, mergo.WithOverride); err != nil { - return fmt.Errorf("failed to overlay config: %w", err) - } c.walkScheme(c) log.Debug("Loaded config from environment") return nil diff --git a/internal/config/struct.go b/internal/config/struct.go index 9bde3bd3c..252b56563 100644 --- a/internal/config/struct.go +++ b/internal/config/struct.go @@ -1,14 +1,14 @@ package config type Config struct { - Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"` - SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"` - Listen ListenConfig `yaml:"listen"` - Paths PathsConfig `yaml:"paths"` - LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"` - ErrorReporting ErrorReportingConfig `yaml:"error_reporting"` - Redis RedisConfig `yaml:"redis"` - DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"` + Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"` + SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"` + Listen ListenConfig `yaml:"listen"` + Paths PathsConfig `yaml:"paths"` + LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"` + ErrorReporting ErrorReportingConfig `yaml:"error_reporting"` + Redis RedisConfig `yaml:"redis"` + Outposts OutpostConfig `yaml:"outposts" ` } type RedisConfig struct { @@ -30,10 +30,10 @@ type RedisConfig struct { type ListenConfig struct { HTTP string `yaml:"listen_http" env:"AUTHENTIK_LISTEN__HTTP"` HTTPS string `yaml:"listen_https" env:"AUTHENTIK_LISTEN__HTTPS"` - LDAP string `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP,default=0.0.0.0:3389"` - LDAPS string `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS,default=0.0.0.0:6636"` - Metrics string `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS,default=0.0.0.0:9300"` - Debug string `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG,default=0.0.0.0:9900"` + LDAP string `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP"` + LDAPS string `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS"` + Metrics string `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS"` + Debug string `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG"` } type PathsConfig struct { @@ -47,3 +47,9 @@ type ErrorReportingConfig struct { DSN string SampleRate float64 `yaml:"sample_rate" env:"AUTHENTIK_ERROR_REPORTING__SAMPLE_RATE"` } + +type OutpostConfig struct { + ContainerImageBase string `yaml:"container_image_base" env:"AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE"` + Discover bool `yaml:"discover" env:"AUTHENTIK_OUTPOSTS__DISCOVER"` + DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST"` +}