internal: fix race conditions when accessing settings before bootstrap

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:24:49 +02:00 · 2022-08-06 00:24:49 +02:00 · 85640d402f
parent d5703dce39
commit 85640d402f
6 changed files with 31 additions and 34 deletions
--- a/authentik/lib/default.yml
+++ b/authentik/lib/default.yml
@ -56,6 +56,7 @@ outposts:
  # %(build_hash)s: Build hash if you're running a beta version
  container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
  discover: true
+  disable_embedded_outpost: false

 ldap:
  tls:
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -61,7 +61,7 @@ func main() {
 	g := gounicorn.NewGoUnicorn()
 	ws := web.NewWebServer(g)
 	g.HealthyCallback = func() {
-		if !config.Get().DisableEmbeddedOutpost {
+		if !config.Get().Outposts.DisableEmbeddedOutpost {
 			go attemptProxyStart(ws, u)
 		}
 	}
--- a/go.mod
+++ b/go.mod
@ -16,7 +16,6 @@ require (
 	github.com/gorilla/securecookie v1.1.1
 	github.com/gorilla/sessions v1.2.1
 	github.com/gorilla/websocket v1.5.0
-	github.com/imdario/mergo v0.3.13
 	github.com/jellydator/ttlcache/v3 v3.0.0
 	github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
 	github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba
--- a/go.sum
+++ b/go.sum
@ -221,8 +221,6 @@ github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
-github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4=
 github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4=
@ -675,7 +673,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -9,7 +9,6 @@ import (
 	"strings"

 	env "github.com/Netflix/go-env"
-	"github.com/imdario/mergo"
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v2"
 )
@ -18,8 +17,9 @@ var cfg *Config

 func Get() *Config {
 	if cfg == nil {
-		cfg = defaultConfig()
-		cfg.Setup()
+		c := defaultConfig()
+		c.Setup()
+		cfg = c
 	}
 	return cfg
 }
@ -28,10 +28,12 @@ func defaultConfig() *Config {
 	return &Config{
 		Debug: false,
 		Listen: ListenConfig{
-			HTTP:  "localhost:9000",
-			HTTPS: "localhost:9443",
-			LDAP:  "localhost:3389",
-			LDAPS: "localhost:6636",
+			HTTP:    "0.0.0.0:9000",
+			HTTPS:   "0.0.0.0:9443",
+			LDAP:    "0.0.0.0:3389",
+			LDAPS:   "0.0.0.0:6636",
+			Metrics: "0.0.0.0:9300",
+			Debug:   "0.0.0.0:9900",
 		},
 		Paths: PathsConfig{
 			Media: "./media",
@ -64,28 +66,20 @@ func (c *Config) LoadConfig(path string) error {
 	if err != nil {
 		return fmt.Errorf("Failed to load config file: %w", err)
 	}
-	nc := Config{}
-	err = yaml.Unmarshal(raw, &nc)
+	err = yaml.Unmarshal(raw, c)
 	if err != nil {
 		return fmt.Errorf("Failed to parse YAML: %w", err)
 	}
-	if err := mergo.Merge(c, nc, mergo.WithOverride); err != nil {
-		return fmt.Errorf("failed to overlay config: %w", err)
-	}
 	c.walkScheme(c)
 	log.WithField("path", path).Debug("Loaded config")
 	return nil
 }

 func (c *Config) fromEnv() error {
-	nc := Config{}
-	_, err := env.UnmarshalFromEnviron(&nc)
+	_, err := env.UnmarshalFromEnviron(c)
 	if err != nil {
 		return fmt.Errorf("failed to load environment variables: %w", err)
 	}
-	if err := mergo.Merge(c, nc, mergo.WithOverride); err != nil {
-		return fmt.Errorf("failed to overlay config: %w", err)
-	}
 	c.walkScheme(c)
 	log.Debug("Loaded config from environment")
 	return nil
--- a/internal/config/struct.go
+++ b/internal/config/struct.go
@ -1,14 +1,14 @@
 package config

 type Config struct {
-	Debug                  bool                 `yaml:"debug" env:"AUTHENTIK_DEBUG"`
-	SecretKey              string               `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
-	Listen                 ListenConfig         `yaml:"listen"`
-	Paths                  PathsConfig          `yaml:"paths"`
-	LogLevel               string               `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
-	ErrorReporting         ErrorReportingConfig `yaml:"error_reporting"`
-	Redis                  RedisConfig          `yaml:"redis"`
-	DisableEmbeddedOutpost bool                 `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"`
+	Debug          bool                 `yaml:"debug" env:"AUTHENTIK_DEBUG"`
+	SecretKey      string               `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
+	Listen         ListenConfig         `yaml:"listen"`
+	Paths          PathsConfig          `yaml:"paths"`
+	LogLevel       string               `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
+	ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
+	Redis          RedisConfig          `yaml:"redis"`
+	Outposts       OutpostConfig        `yaml:"outposts" `
 }

 type RedisConfig struct {
@ -30,10 +30,10 @@ type RedisConfig struct {
 type ListenConfig struct {
 	HTTP    string `yaml:"listen_http" env:"AUTHENTIK_LISTEN__HTTP"`
 	HTTPS   string `yaml:"listen_https" env:"AUTHENTIK_LISTEN__HTTPS"`
-	LDAP    string `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP,default=0.0.0.0:3389"`
-	LDAPS   string `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS,default=0.0.0.0:6636"`
-	Metrics string `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS,default=0.0.0.0:9300"`
-	Debug   string `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG,default=0.0.0.0:9900"`
+	LDAP    string `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP"`
+	LDAPS   string `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS"`
+	Metrics string `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS"`
+	Debug   string `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG"`
 }

 type PathsConfig struct {
@ -47,3 +47,9 @@ type ErrorReportingConfig struct {
 	DSN         string
 	SampleRate  float64 `yaml:"sample_rate" env:"AUTHENTIK_ERROR_REPORTING__SAMPLE_RATE"`
 }
+
+type OutpostConfig struct {
+	ContainerImageBase     string `yaml:"container_image_base" env:"AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE"`
+	Discover               bool   `yaml:"discover" env:"AUTHENTIK_OUTPOSTS__DISCOVER"`
+	DisableEmbeddedOutpost bool   `yaml:"disable_embedded_outpost" env:"AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST"`
+}