internal: fix race conditions when accessing settings before bootstrap

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-08-06 00:24:49 +02:00
parent d5703dce39
commit 85640d402f
6 changed files with 31 additions and 34 deletions

View file

@ -56,6 +56,7 @@ outposts:
# %(build_hash)s: Build hash if you're running a beta version # %(build_hash)s: Build hash if you're running a beta version
container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s container_image_base: ghcr.io/goauthentik/%(type)s:%(version)s
discover: true discover: true
disable_embedded_outpost: false
ldap: ldap:
tls: tls:

View file

@ -61,7 +61,7 @@ func main() {
g := gounicorn.NewGoUnicorn() g := gounicorn.NewGoUnicorn()
ws := web.NewWebServer(g) ws := web.NewWebServer(g)
g.HealthyCallback = func() { g.HealthyCallback = func() {
if !config.Get().DisableEmbeddedOutpost { if !config.Get().Outposts.DisableEmbeddedOutpost {
go attemptProxyStart(ws, u) go attemptProxyStart(ws, u)
} }
} }

1
go.mod
View file

@ -16,7 +16,6 @@ require (
github.com/gorilla/securecookie v1.1.1 github.com/gorilla/securecookie v1.1.1
github.com/gorilla/sessions v1.2.1 github.com/gorilla/sessions v1.2.1
github.com/gorilla/websocket v1.5.0 github.com/gorilla/websocket v1.5.0
github.com/imdario/mergo v0.3.13
github.com/jellydator/ttlcache/v3 v3.0.0 github.com/jellydator/ttlcache/v3 v3.0.0
github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484
github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba

3
go.sum
View file

@ -221,8 +221,6 @@ github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4= github.com/jellydator/ttlcache/v3 v3.0.0 h1:zmFhqrB/4sKiEiJHhtseJsNRE32IMVmJSs4++4gaQO4=
github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4= github.com/jellydator/ttlcache/v3 v3.0.0/go.mod h1:WwTaEmcXQ3MTjOm4bsZoDFiCu/hMvNWLO1w67RXz6h4=
@ -675,7 +673,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

View file

@ -9,7 +9,6 @@ import (
"strings" "strings"
env "github.com/Netflix/go-env" env "github.com/Netflix/go-env"
"github.com/imdario/mergo"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
"gopkg.in/yaml.v2" "gopkg.in/yaml.v2"
) )
@ -18,8 +17,9 @@ var cfg *Config
func Get() *Config { func Get() *Config {
if cfg == nil { if cfg == nil {
cfg = defaultConfig() c := defaultConfig()
cfg.Setup() c.Setup()
cfg = c
} }
return cfg return cfg
} }
@ -28,10 +28,12 @@ func defaultConfig() *Config {
return &Config{ return &Config{
Debug: false, Debug: false,
Listen: ListenConfig{ Listen: ListenConfig{
HTTP: "localhost:9000", HTTP: "0.0.0.0:9000",
HTTPS: "localhost:9443", HTTPS: "0.0.0.0:9443",
LDAP: "localhost:3389", LDAP: "0.0.0.0:3389",
LDAPS: "localhost:6636", LDAPS: "0.0.0.0:6636",
Metrics: "0.0.0.0:9300",
Debug: "0.0.0.0:9900",
}, },
Paths: PathsConfig{ Paths: PathsConfig{
Media: "./media", Media: "./media",
@ -64,28 +66,20 @@ func (c *Config) LoadConfig(path string) error {
if err != nil { if err != nil {
return fmt.Errorf("Failed to load config file: %w", err) return fmt.Errorf("Failed to load config file: %w", err)
} }
nc := Config{} err = yaml.Unmarshal(raw, c)
err = yaml.Unmarshal(raw, &nc)
if err != nil { if err != nil {
return fmt.Errorf("Failed to parse YAML: %w", err) return fmt.Errorf("Failed to parse YAML: %w", err)
} }
if err := mergo.Merge(c, nc, mergo.WithOverride); err != nil {
return fmt.Errorf("failed to overlay config: %w", err)
}
c.walkScheme(c) c.walkScheme(c)
log.WithField("path", path).Debug("Loaded config") log.WithField("path", path).Debug("Loaded config")
return nil return nil
} }
func (c *Config) fromEnv() error { func (c *Config) fromEnv() error {
nc := Config{} _, err := env.UnmarshalFromEnviron(c)
_, err := env.UnmarshalFromEnviron(&nc)
if err != nil { if err != nil {
return fmt.Errorf("failed to load environment variables: %w", err) return fmt.Errorf("failed to load environment variables: %w", err)
} }
if err := mergo.Merge(c, nc, mergo.WithOverride); err != nil {
return fmt.Errorf("failed to overlay config: %w", err)
}
c.walkScheme(c) c.walkScheme(c)
log.Debug("Loaded config from environment") log.Debug("Loaded config from environment")
return nil return nil

View file

@ -1,14 +1,14 @@
package config package config
type Config struct { type Config struct {
Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"` Debug bool `yaml:"debug" env:"AUTHENTIK_DEBUG"`
SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"` SecretKey string `yaml:"secret_key" env:"AUTHENTIK_SECRET_KEY"`
Listen ListenConfig `yaml:"listen"` Listen ListenConfig `yaml:"listen"`
Paths PathsConfig `yaml:"paths"` Paths PathsConfig `yaml:"paths"`
LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"` LogLevel string `yaml:"log_level" env:"AUTHENTIK_LOG_LEVEL"`
ErrorReporting ErrorReportingConfig `yaml:"error_reporting"` ErrorReporting ErrorReportingConfig `yaml:"error_reporting"`
Redis RedisConfig `yaml:"redis"` Redis RedisConfig `yaml:"redis"`
DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_WEB__DISABLE_EMBEDDED_OUTPOST"` Outposts OutpostConfig `yaml:"outposts" `
} }
type RedisConfig struct { type RedisConfig struct {
@ -30,10 +30,10 @@ type RedisConfig struct {
type ListenConfig struct { type ListenConfig struct {
HTTP string `yaml:"listen_http" env:"AUTHENTIK_LISTEN__HTTP"` HTTP string `yaml:"listen_http" env:"AUTHENTIK_LISTEN__HTTP"`
HTTPS string `yaml:"listen_https" env:"AUTHENTIK_LISTEN__HTTPS"` HTTPS string `yaml:"listen_https" env:"AUTHENTIK_LISTEN__HTTPS"`
LDAP string `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP,default=0.0.0.0:3389"` LDAP string `yaml:"listen_ldap" env:"AUTHENTIK_LISTEN__LDAP"`
LDAPS string `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS,default=0.0.0.0:6636"` LDAPS string `yaml:"listen_ldaps" env:"AUTHENTIK_LISTEN__LDAPS"`
Metrics string `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS,default=0.0.0.0:9300"` Metrics string `yaml:"listen_metrics" env:"AUTHENTIK_LISTEN__METRICS"`
Debug string `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG,default=0.0.0.0:9900"` Debug string `yaml:"listen_debug" env:"AUTHENTIK_LISTEN__DEBUG"`
} }
type PathsConfig struct { type PathsConfig struct {
@ -47,3 +47,9 @@ type ErrorReportingConfig struct {
DSN string DSN string
SampleRate float64 `yaml:"sample_rate" env:"AUTHENTIK_ERROR_REPORTING__SAMPLE_RATE"` SampleRate float64 `yaml:"sample_rate" env:"AUTHENTIK_ERROR_REPORTING__SAMPLE_RATE"`
} }
type OutpostConfig struct {
ContainerImageBase string `yaml:"container_image_base" env:"AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE"`
Discover bool `yaml:"discover" env:"AUTHENTIK_OUTPOSTS__DISCOVER"`
DisableEmbeddedOutpost bool `yaml:"disable_embedded_outpost" env:"AUTHENTIK_OUTPOSTS__DISABLE_EMBEDDED_OUTPOST"`
}