From 07e30441c455ecffdab828b5bf7f9a7c64ed33bc Mon Sep 17 00:00:00 2001 From: Rodrigo Schio Date: Wed, 19 Nov 2025 18:34:06 -0400 Subject: [PATCH] tsidp-server.go: read ENV vars using Go Remove the script used to read environment variables in docker and instead read the variables using plain Go. This simplifies the container build and make it possible to use tools like Ko to build the container. Signed-off-by: Rodrigo Schio --- Dockerfile | 7 +----- scripts/docker/run.sh | 53 ---------------------------------------- tsidp-server.go | 57 +++++++++++++++++++++++++++++++++++-------- 3 files changed, 48 insertions(+), 69 deletions(-) delete mode 100755 scripts/docker/run.sh diff --git a/Dockerfile b/Dockerfile index 69cb32fdc..46d4b073e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,11 +35,6 @@ RUN addgroup -g 1001 -S app && \ # Copy the binary from builder COPY --from=builder /app/tsidp-server /tsidp-server -# Copy the entrypoint script -COPY scripts/docker/run.sh /run.sh -RUN chmod +x /run.sh - USER app:app -# Run the binary through the entrypoint script -ENTRYPOINT ["/run.sh"] \ No newline at end of file +ENTRYPOINT ["/tsidp-server"] diff --git a/scripts/docker/run.sh b/scripts/docker/run.sh deleted file mode 100755 index bb861eedf..000000000 --- a/scripts/docker/run.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh - -# Build command arguments based on environment variables -ARGS="" - -if [ -n "$TS_STATE_DIR" ]; then - ARGS="$ARGS -dir=$TS_STATE_DIR" -fi - -if [ -n "$TS_HOSTNAME" ]; then - ARGS="$ARGS -hostname=$TS_HOSTNAME" -fi - -if [ -n "$TSIDP_USE_FUNNEL" ]; then - ARGS="$ARGS -funnel" -fi - -if [ -n "$TSIDP_ENABLE_STS" ]; then - ARGS="$ARGS -enable-sts" -fi - -if [ -n "$TSIDP_PORT" ]; then - ARGS="$ARGS -port=$TSIDP_PORT" -fi - -if [ -n "$TSIDP_LOCAL_PORT" ]; then - ARGS="$ARGS -local-port=$TSIDP_LOCAL_PORT" -fi - -# logging control -if [ -n "$TSIDP_LOG" ]; then - case "$TSIDP_LOG" in - debug|info|warn|error) - ARGS="$ARGS -log=$TSIDP_LOG" - ;; - *) - echo "Error: TSIDP_LOG_LEVEL must be one of: debug, info, warn, error" - echo "Current value: $TSIDP_LOG" - exit 1 - ;; - esac -fi - -if [ -n "$TSIDP_DEBUG_ALL_REQUESTS" ]; then - ARGS="$ARGS -debug-all-requests" -fi - -if [ -n "$TSIDP_DEBUG_TSNET" ]; then - ARGS="$ARGS -debug-tsnet" -fi - -# Execute tsidp-server with the built arguments -exec /tsidp-server $ARGS "$@" \ No newline at end of file diff --git a/tsidp-server.go b/tsidp-server.go index 26ec132c2..0246e654c 100644 --- a/tsidp-server.go +++ b/tsidp-server.go @@ -19,6 +19,7 @@ import ( "net/http" "os" "os/signal" + "strconv" "strings" "time" @@ -37,20 +38,20 @@ import ( // Command line flags // Migrated from legacy/tsidp.go:64-73 var ( - flagPort = flag.Int("port", 443, "port to listen on") - flagLocalPort = flag.Int("local-port", -1, "allow requests from localhost") - flagUseLocalTailscaled = flag.Bool("use-local-tailscaled", false, "use local tailscaled instead of tsnet") - flagFunnel = flag.Bool("funnel", false, "use Tailscale Funnel to make tsidp available on the public internet") - flagHostname = flag.String("hostname", "idp", "tsnet hostname to use instead of idp") - flagDir = flag.String("dir", "", "tsnet state directory; a default one will be created if not provided") - flagEnableSTS = flag.Bool("enable-sts", false, "enable OIDC STS token exchange support") + flagPort = flag.Int("port", envInt("TSIDP_PORT", 443), "port to listen on") + flagLocalPort = flag.Int("local-port", envInt("TSIDP_LOCAL_PORT", -1), "allow requests from localhost") + flagUseLocalTailscaled = flag.Bool("use-local-tailscaled", envBool("TSIDP_USE_LOCAL_TAILSCALED", false), "use local tailscaled instead of tsnet") + flagFunnel = flag.Bool("funnel", envBool("TSIDP_USE_FUNNEL", false), "use Tailscale Funnel to make tsidp available on the public internet") + flagHostname = flag.String("hostname", envString("TS_HOSTNAME", "idp"), "tsnet hostname to use instead of idp") + flagDir = flag.String("dir", envString("TS_STATE_DIR", ""), "tsnet state directory; a default one will be created if not provided") + flagEnableSTS = flag.Bool("enable-sts", envBool("TSIDP_ENABLE_STS", false), "enable OIDC STS token exchange support") // application logging levels - flagLogLevel = flag.String("log", "info", "log levels: debug, info, warn, error") + flagLogLevel = flag.String("log", envString("TSIDP_LOG", "info"), "log levels: debug, info, warn, error") // extended debugging information - flagDebugAllRequests = flag.Bool("debug-all-requests", false, "capture and print all HTTP requests and responses") - flagDebugTSNet = flag.Bool("debug-tsnet", false, "enable tsnet.Server logging") + flagDebugAllRequests = flag.Bool("debug-all-requests", envBool("TSIDP_DEBUG_ALL_REQUESTS", false), "capture and print all HTTP requests and responses") + flagDebugTSNet = flag.Bool("debug-tsnet", envBool("TSIDP_DEBUG_TSNET", false), "enable tsnet.Server logging") ) // main initializes and starts the tsidp server @@ -345,3 +346,39 @@ func (rw *responseWrapper) Write(b []byte) (int, error) { // Write to the original response writer return rw.ResponseWriter.Write(b) } + +func envString(key, defaultVal string) string { + str := os.Getenv(key) + if str == "" { + return defaultVal + } + return str +} + +func envBool(key string, defaultVal bool) bool { + str := os.Getenv(key) + if str == "" { + return defaultVal + } + + v, err := strconv.ParseBool(str) + if err != nil { + slog.Error("invalid value for bool env", "key", key) + os.Exit(1) + } + return v +} + +func envInt(key string, defaultVal int) int { + str := os.Getenv(key) + if str == "" { + return defaultVal + } + + v, err := strconv.Atoi(str) + if err != nil { + slog.Error("invalid value for int env", "key", key) + os.Exit(1) + } + return v +}