diff --git a/internal/zero/bootstrap/bootstrap.go b/internal/zero/bootstrap/bootstrap.go index a86e43d68..41dbb4f03 100644 --- a/internal/zero/bootstrap/bootstrap.go +++ b/internal/zero/bootstrap/bootstrap.go @@ -20,7 +20,6 @@ import ( "github.com/pomerium/pomerium/internal/log" "github.com/pomerium/pomerium/internal/retry" - sdk "github.com/pomerium/pomerium/internal/zero/api" connect_mux "github.com/pomerium/pomerium/internal/zero/connect-mux" ) @@ -34,17 +33,7 @@ const ( ) // Run initializes the bootstrap config source -func (svc *Source) Run( - ctx context.Context, - api *sdk.API, - fileCachePath string, -) error { - log.Ctx(ctx).Info().Str("bootstrap-config-path", fileCachePath). - Msg("initializing bootstrap config source") - - svc.api = api - svc.fileCachePath = fileCachePath - +func (svc *Source) Run(ctx context.Context) error { svc.tryLoadFromFile(ctx) eg, ctx := errgroup.WithContext(ctx) @@ -109,18 +98,27 @@ func (svc *Source) updateAndSave(ctx context.Context) error { return fmt.Errorf("load bootstrap config from API: %w", err) } - err = SaveBootstrapConfigToFile(cfg, svc.fileCachePath, svc.fileCipher) + svc.UpdateBootstrap(ctx, *cfg) + + if svc.fileCachePath == nil { + return nil + } + + err = SaveBootstrapConfigToFile(cfg, *svc.fileCachePath, svc.fileCipher) if err != nil { log.Ctx(ctx).Error().Err(err). Msg("failed to save bootstrap config to file, note it may prevent Pomerium from starting up in case of connectivity issues") } - svc.UpdateBootstrap(ctx, *cfg) return nil } func (svc *Source) tryLoadFromFile(ctx context.Context) { - cfg, err := LoadBootstrapConfigFromFile(svc.fileCachePath, svc.fileCipher) + if svc.fileCachePath == nil { + return + } + + cfg, err := LoadBootstrapConfigFromFile(*svc.fileCachePath, svc.fileCipher) if err != nil { log.Ctx(ctx).Error().Err(err).Msg("failed to load bootstrap config from file") return diff --git a/internal/zero/bootstrap/new.go b/internal/zero/bootstrap/new.go index 8bf8b67fa..590b9e81f 100644 --- a/internal/zero/bootstrap/new.go +++ b/internal/zero/bootstrap/new.go @@ -25,7 +25,7 @@ type Source struct { api *sdk.API - fileCachePath string + fileCachePath *string fileCipher cipher.AEAD checkForUpdate chan struct{} @@ -33,7 +33,7 @@ type Source struct { } // New creates a new bootstrap config source -func New(secret []byte) (*Source, error) { +func New(secret []byte, fileCachePath *string, api *sdk.API) (*Source, error) { cfg := new(config.Config) err := setConfigDefaults(cfg) @@ -54,7 +54,9 @@ func New(secret []byte) (*Source, error) { } svc := &Source{ + api: api, source: source{ready: make(chan struct{})}, + fileCachePath: fileCachePath, fileCipher: cipher, checkForUpdate: make(chan struct{}, 1), } diff --git a/internal/zero/bootstrap/new_test.go b/internal/zero/bootstrap/new_test.go index 8a2a75517..c729649ca 100644 --- a/internal/zero/bootstrap/new_test.go +++ b/internal/zero/bootstrap/new_test.go @@ -11,7 +11,7 @@ import ( func TestConfigDeterministic(t *testing.T) { secret := []byte("secret") - src, err := bootstrap.New(secret) + src, err := bootstrap.New(secret, nil, nil) require.NoError(t, err) cfg := src.GetConfig() require.NotNil(t, cfg) @@ -20,7 +20,7 @@ func TestConfigDeterministic(t *testing.T) { require.NoError(t, cfg.Options.Validate()) // test that the config is deterministic - src2, err := bootstrap.New(secret) + src2, err := bootstrap.New(secret, nil, nil) require.NoError(t, err) cfg2 := src2.GetConfig() diff --git a/internal/zero/bootstrap/source_test.go b/internal/zero/bootstrap/source_test.go index 7fad274cb..bd70d823e 100644 --- a/internal/zero/bootstrap/source_test.go +++ b/internal/zero/bootstrap/source_test.go @@ -18,7 +18,7 @@ func TestConfigChanges(t *testing.T) { secret := []byte("secret") - src, err := bootstrap.New(secret) + src, err := bootstrap.New(secret, nil, nil) require.NoError(t, err) ptr := func(s string) *string { return &s } diff --git a/internal/zero/cmd/command.go b/internal/zero/cmd/command.go index b26bcad77..644ea5f31 100644 --- a/internal/zero/cmd/command.go +++ b/internal/zero/cmd/command.go @@ -28,19 +28,22 @@ func Run(ctx context.Context, configFile string) error { return errors.New("no token provided") } - bootstrapConfigFileName, err := getBootstrapConfigFileName() - if err != nil { - return fmt.Errorf("error getting bootstrap config path: %w", err) - } - - return controller.Run( - withInterrupt(ctx), + opts := []controller.Option{ controller.WithAPIToken(token), controller.WithClusterAPIEndpoint(getClusterAPIEndpoint()), controller.WithConnectAPIEndpoint(getConnectAPIEndpoint()), controller.WithOTELAPIEndpoint(getOTELAPIEndpoint()), - controller.WithBootstrapConfigFileName(bootstrapConfigFileName), - ) + } + + bootstrapConfigFileName, err := getBootstrapConfigFileName() + if err != nil { + log.Ctx(ctx).Error().Err(err).Msg("would not be able to save cluster bootstrap config, that will prevent Pomerium from starting independent from the control plane") + } else { + log.Ctx(ctx).Info().Str("file", bootstrapConfigFileName).Msg("cluster bootstrap config path") + opts = append(opts, controller.WithBootstrapConfigFileName(bootstrapConfigFileName)) + } + + return controller.Run(withInterrupt(ctx), opts...) } // IsManagedMode returns true if Pomerium should start in managed mode using this command. diff --git a/internal/zero/controller/config.go b/internal/zero/controller/config.go index 016bab07b..9f7b631e2 100644 --- a/internal/zero/controller/config.go +++ b/internal/zero/controller/config.go @@ -12,7 +12,7 @@ type controllerConfig struct { otelEndpoint string tmpDir string - bootstrapConfigFileName string + bootstrapConfigFileName *string reconcilerLeaseDuration time.Duration databrokerRequestTimeout time.Duration @@ -56,7 +56,7 @@ func WithAPIToken(token string) Option { // WithBootstrapConfigFileName sets the name of the file to store the bootstrap config in. func WithBootstrapConfigFileName(name string) Option { return func(c *controllerConfig) { - c.bootstrapConfigFileName = name + c.bootstrapConfigFileName = &name } } diff --git a/internal/zero/controller/controller.go b/internal/zero/controller/controller.go index 68a5016fb..5bb958904 100644 --- a/internal/zero/controller/controller.go +++ b/internal/zero/controller/controller.go @@ -31,7 +31,7 @@ func Run(ctx context.Context, opts ...Option) error { return fmt.Errorf("init api: %w", err) } - src, err := bootstrap.New([]byte(c.cfg.apiToken)) + src, err := bootstrap.New([]byte(c.cfg.apiToken), c.cfg.bootstrapConfigFileName, c.api) if err != nil { return fmt.Errorf("error creating bootstrap config: %w", err) } @@ -82,7 +82,7 @@ func (c *controller) runBootstrap(ctx context.Context) error { ctx = log.WithContext(ctx, func(c zerolog.Context) zerolog.Context { return c.Str("service", "zero-bootstrap") }) - return c.bootstrapConfig.Run(ctx, c.api, c.cfg.bootstrapConfigFileName) + return c.bootstrapConfig.Run(ctx) } func (c *controller) runPomeriumCore(ctx context.Context) error {