main: move pomerium main code to an internal cmd package so that it can be called directly from tests (#734)

* main: move pomerium main code to an internal cmd package so that it can be called directly from tests * fix test
2025-08-03 00:40:25 +02:00 · 2020-05-19 11:17:40 -06:00 · 2020-05-19 11:17:40 -06:00 · e30e717942
commit e30e717942
parent 095e06294a
5 changed files with 259 additions and 269 deletions
--- a/cmd/pomerium/main.go
+++ b/cmd/pomerium/main.go
@ -4,29 +4,10 @@ import (
 	"context"
 	"flag"
 	"fmt"
-	"net"
-	"os"
-	"os/signal"
-	"sync"
-	"syscall"

-	"github.com/pomerium/pomerium/authenticate"
-	"github.com/pomerium/pomerium/authorize"
-	"github.com/pomerium/pomerium/cache"
-	"github.com/pomerium/pomerium/config"
-	"github.com/pomerium/pomerium/internal/controlplane"
-	"github.com/pomerium/pomerium/internal/envoy"
-	pbCache "github.com/pomerium/pomerium/internal/grpc/cache"
-	"github.com/pomerium/pomerium/internal/httputil"
+	"github.com/pomerium/pomerium/internal/cmd/pomerium"
 	"github.com/pomerium/pomerium/internal/log"
-	"github.com/pomerium/pomerium/internal/telemetry/metrics"
-	"github.com/pomerium/pomerium/internal/telemetry/trace"
-	"github.com/pomerium/pomerium/internal/urlutil"
 	"github.com/pomerium/pomerium/internal/version"
-	"github.com/pomerium/pomerium/proxy"
-
-	envoy_service_auth_v2 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v2"
-	"golang.org/x/sync/errgroup"
 )

 var versionFlag = flag.Bool("version", false, "prints the version")
@ -44,179 +25,5 @@ func run(ctx context.Context) error {
 		fmt.Println(version.FullVersion())
 		return nil
 	}
-	opt, err := config.NewOptionsFromConfig(*configFile)
-	if err != nil {
-		return err
-	}
-	var optionsUpdaters []config.OptionsUpdater
-
-	log.Info().Str("version", version.FullVersion()).Msg("cmd/pomerium")
-
-	if err := setupMetrics(opt); err != nil {
-		return err
-	}
-	if err := setupTracing(opt); err != nil {
-		return err
-	}
-
-	// setup the control plane
-	controlPlane, err := controlplane.NewServer()
-	if err != nil {
-		return fmt.Errorf("error creating control plane: %w", err)
-	}
-	optionsUpdaters = append(optionsUpdaters, controlPlane)
-	err = controlPlane.UpdateOptions(*opt)
-	if err != nil {
-		return fmt.Errorf("error updating control plane options: %w", err)
-	}
-
-	_, grpcPort, _ := net.SplitHostPort(controlPlane.GRPCListener.Addr().String())
-	_, httpPort, _ := net.SplitHostPort(controlPlane.HTTPListener.Addr().String())
-
-	// create envoy server
-	envoyServer, err := envoy.NewServer(grpcPort, httpPort)
-	if err != nil {
-		return fmt.Errorf("error creating envoy server")
-	}
-
-	// add services
-	if err := setupAuthenticate(opt, controlPlane); err != nil {
-		return err
-	}
-	if err := setupAuthorize(opt, controlPlane, &optionsUpdaters); err != nil {
-		return err
-	}
-	if err := setupCache(opt, controlPlane); err != nil {
-		return err
-	}
-	if err := setupProxy(opt, controlPlane); err != nil {
-		return err
-	}
-
-	// start the config change listener
-	go config.WatchChanges(*configFile, opt, optionsUpdaters)
-
-	ctx, cancel := context.WithCancel(ctx)
-	go func() {
-		ch := make(chan os.Signal, 2)
-		signal.Notify(ch, os.Interrupt)
-		signal.Notify(ch, syscall.SIGTERM)
-		<-ch
-		cancel()
-	}()
-
-	// run everything
-	eg, ctx := errgroup.WithContext(ctx)
-	eg.Go(func() error {
-		return controlPlane.Run(ctx)
-	})
-	eg.Go(func() error {
-		return envoyServer.Run(ctx)
-	})
-	return eg.Wait()
-}
-
-func setupAuthenticate(opt *config.Options, controlPlane *controlplane.Server) error {
-	if !config.IsAuthenticate(opt.Services) {
-		return nil
-	}
-
-	svc, err := authenticate.New(*opt)
-	if err != nil {
-		return fmt.Errorf("error creating authenticate service: %w", err)
-	}
-	host := urlutil.StripPort(opt.AuthenticateURL.Host)
-	sr := controlPlane.HTTPRouter.Host(host).Subrouter()
-	svc.Mount(sr)
-	log.Info().Str("host", host).Msg("enabled authenticate service")
-
-	return nil
-}
-
-func setupAuthorize(opt *config.Options, controlPlane *controlplane.Server, optionsUpdaters *[]config.OptionsUpdater) error {
-	if !config.IsAuthorize(opt.Services) {
-		return nil
-	}
-
-	svc, err := authorize.New(*opt)
-	if err != nil {
-		return fmt.Errorf("error creating authorize service: %w", err)
-	}
-	envoy_service_auth_v2.RegisterAuthorizationServer(controlPlane.GRPCServer, svc)
-
-	log.Info().Msg("enabled authorize service")
-
-	*optionsUpdaters = append(*optionsUpdaters, svc)
-	err = svc.UpdateOptions(*opt)
-	if err != nil {
-		return fmt.Errorf("error updating authorize options: %w", err)
-	}
-	return nil
-}
-
-func setupCache(opt *config.Options, controlPlane *controlplane.Server) error {
-	if !config.IsCache(opt.Services) {
-		return nil
-	}
-
-	svc, err := cache.New(*opt)
-	if err != nil {
-		return fmt.Errorf("error creating config service: %w", err)
-	}
-	defer svc.Close()
-	pbCache.RegisterCacheServer(controlPlane.GRPCServer, svc)
-	log.Info().Msg("enabled cache service")
-	return nil
-}
-
-func setupMetrics(opt *config.Options) error {
-	if opt.MetricsAddr != "" {
-		handler, err := metrics.PrometheusHandler()
-		if err != nil {
-			return err
-		}
-		metrics.SetBuildInfo(opt.Services)
-		metrics.RegisterInfoMetrics()
-		serverOpts := &httputil.ServerOptions{
-			Addr:     opt.MetricsAddr,
-			Insecure: true,
-			Service:  "metrics",
-		}
-		var wg sync.WaitGroup
-		_, err = httputil.NewServer(serverOpts, handler, &wg)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func setupProxy(opt *config.Options, controlPlane *controlplane.Server) error {
-	if !config.IsProxy(opt.Services) {
-		return nil
-	}
-
-	svc, err := proxy.New(*opt)
-	if err != nil {
-		return fmt.Errorf("error creating proxy service: %w", err)
-	}
-	controlPlane.HTTPRouter.PathPrefix("/").Handler(svc)
-	return nil
-}
-
-func setupTracing(opt *config.Options) error {
-	if opt.TracingProvider != "" {
-		tracingOpts := &trace.TracingOptions{
-			Provider:                opt.TracingProvider,
-			Service:                 opt.Services,
-			Debug:                   opt.TracingDebug,
-			JaegerAgentEndpoint:     opt.TracingJaegerAgentEndpoint,
-			JaegerCollectorEndpoint: opt.TracingJaegerCollectorEndpoint,
-			ZipkinEndpoint:          opt.ZipkinEndpoint,
-		}
-		if err := trace.RegisterTracing(tracingOpts); err != nil {
-			return err
-		}
-	}
-	return nil
+	return pomerium.Run(ctx, *configFile)
 }
--- a/cmd/pomerium/main_test.go
+++ b/cmd/pomerium/main_test.go
@ -1,236 +0,0 @@
-package main
-
-import (
-	"context"
-	"io/ioutil"
-	"os"
-	"os/signal"
-	"syscall"
-	"testing"
-	"time"
-
-	"github.com/pomerium/pomerium/config"
-)
-
-func Test_setupTracing(t *testing.T) {
-	tests := []struct {
-		name string
-		opt  *config.Options
-	}{
-		{"good jaeger", &config.Options{TracingProvider: "jaeger", TracingJaegerAgentEndpoint: "localhost:0", TracingJaegerCollectorEndpoint: "localhost:0"}},
-		{"dont register aything", &config.Options{}},
-		{"bad provider", &config.Options{TracingProvider: "bad provider"}},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			setupTracing(tt.opt)
-		})
-	}
-}
-
-func Test_setupMetrics(t *testing.T) {
-	tests := []struct {
-		name string
-		opt  *config.Options
-	}{
-		{"dont register aything", &config.Options{}},
-		{"good metrics server", &config.Options{MetricsAddr: "localhost:0"}},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			c := make(chan os.Signal, 1)
-			signal.Notify(c, syscall.SIGINT)
-			defer signal.Stop(c)
-			setupMetrics(tt.opt)
-			syscall.Kill(syscall.Getpid(), syscall.SIGINT)
-			waitSig(t, c, syscall.SIGINT)
-		})
-	}
-}
-
-func waitSig(t *testing.T, c <-chan os.Signal, sig os.Signal) {
-	select {
-	case s := <-c:
-		if s != sig {
-			t.Fatalf("signal was %v, want %v", s, sig)
-		}
-	case <-time.After(1 * time.Second):
-		t.Fatalf("timeout waiting for %v", sig)
-	}
-}
-
-func Test_run(t *testing.T) {
-	os.Clearenv()
-	t.Parallel()
-	tests := []struct {
-		name           string
-		versionFlag    bool
-		configFileFlag string
-		wantErr        bool
-	}{
-		{"simply print version", true, "", false},
-		{"nil configuration", false, "", true},
-		{"bad proxy no authenticate url", false, `
-		{
-			"address": ":9433",
-			"grpc_address": ":9444",
-			"insecure_server": true,
-			"authorize_service_url": "https://authorize.corp.example",
-			"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"services": "proxy",
-			"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		  }
-		`, true},
-		{"bad authenticate no cookie secret", false, `
-		{
-			"address": ":9433",
-			"grpc_address": ":9444",
-			"insecure_server": true,
-			"authenticate_service_url": "https://authenticate.corp.example",
-			"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"services": "authenticate",
-			"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		  }
-		`, true},
-		{"bad authorize service bad shared key", false, `
-		{
-			"address": ":9433",
-			"grpc_address": ":9444",
-			"insecure_server": true,
-			"authorize_service_url": "https://authorize.corp.example",
-			"shared_secret": "^^^",
-			"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"services": "authorize",
-			"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		  }
-		`, true},
-		{"bad http port", false, `
-		{
-			"address": ":-1",
-			"grpc_address": ":9444",
-			"grpc_insecure": true,
-			"insecure_server": true,
-			"authorize_service_url": "https://authorize.corp.example",
-			"authenticate_service_url": "https://authenticate.corp.example",
-			"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"services": "proxy",
-			"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		  }
-		`, true},
-		{"bad redirect port", false, `
-		{
-			"address": ":9433",
-			"http_redirect_addr":":-1",
-			"grpc_address": ":9444",
-			"grpc_insecure": true,
-			"insecure_server": true,
-			"authorize_service_url": "https://authorize.corp.example",
-			"authenticate_service_url": "https://authenticate.corp.example",
-			"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"services": "proxy",
-			"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		  }
-		`, true},
-		{"bad metrics port ", false, `
-		{
-			"address": ":9433",
-			"metrics_address": ":-1",
-			"grpc_insecure": true,
-			"insecure_server": true,
-			"authorize_service_url": "https://authorize.corp.example",
-			"authenticate_service_url": "https://authenticate.corp.example",
-			"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"services": "proxy",
-			"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		  }
-		`, true},
-		{"malformed tracing provider", false, `
-		{
-			"tracing_provider": "bad tracing provider",
-			"address": ":9433",
-			"grpc_address": ":9444",
-			"grpc_insecure": true,
-			"insecure_server": true,
-			"authorize_service_url": "https://authorize.corp.example",
-			"authenticate_service_url": "https://authenticate.corp.example",
-			"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-			"services": "proxy",
-			"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		  }
-		`, true},
-		// {"simple cache", false, `
-		// {
-		// 	"address": ":9433",
-		// 	"grpc_address": ":9444",
-		// 	"grpc_insecure": false,
-		// 	"insecure_server": true,
-		// 	"cache_service_url": "https://authorize.corp.example",
-		// 	"authenticate_service_url": "https://authenticate.corp.example",
-		// 	"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-		// 	"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-		// 	"services": "cache",
-		// 	"cache_store": "bolt",
-		// 	"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		//   }
-		// `, false},
-		// {"malformed cache", false, `
-		// {
-		// 	"address": ":9433",
-		// 	"grpc_address": ":9444",
-		// 	"grpc_insecure": false,
-		// 	"insecure_server": true,
-		// 	"cache_service_url": "https://authorize.corp.example",
-		// 	"authenticate_service_url": "https://authenticate.corp.example",
-		// 	"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-		// 	"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-		// 	"services": "cache",
-		// 	"cache_store": "bad bolt",
-		// 	"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		//   }
-		// `, true},
-		// {"bad cache port", false, `
-		// {
-		// 	"address": ":9433",
-		// 	"grpc_address": ":9999999",
-		// 	"grpc_insecure": false,
-		// 	"insecure_server": true,
-		// 	"cache_service_url": "https://authorize.corp.example",
-		// 	"authenticate_service_url": "https://authenticate.corp.example",
-		// 	"shared_secret": "YixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-		// 	"cookie_secret": "zixWi1MYh77NMECGGIJQevoonYtVF+ZPRkQZrrmeRqM=",
-		// 	"services": "cache",
-		// 	"cache_store": "bolt",
-		// 	"policy": [{ "from": "https://pomerium.io", "to": "https://httpbin.org" }]
-		//   }
-		// `, true},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			versionFlag = &tt.versionFlag
-			tmpFile, err := ioutil.TempFile(os.TempDir(), "*.json")
-			if err != nil {
-				t.Fatal("Cannot create temporary file", err)
-			}
-			defer os.Remove(tmpFile.Name())
-			fn := tmpFile.Name()
-			if _, err := tmpFile.Write([]byte(tt.configFileFlag)); err != nil {
-				tmpFile.Close()
-				t.Fatal(err)
-			}
-			configFile = &fn
-
-			ctx, clearTimeout := context.WithTimeout(context.Background(), 500*time.Millisecond)
-			defer clearTimeout()
-
-			err = run(ctx)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("run() error = %v, wantErr %v", err, tt.wantErr)
-			}
-		})
-	}
-}