From fa51c56049a99ef17d86b0327bcf66f47338da45 Mon Sep 17 00:00:00 2001 From: Morgan Helton Date: Sun, 26 May 2024 12:17:01 -0500 Subject: [PATCH] envoy: allow specification of external binary --- pkg/envoy/envoy.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go index 62f2d34c..879001cd 100644 --- a/pkg/envoy/envoy.go +++ b/pkg/envoy/envoy.go @@ -8,9 +8,9 @@ import ( "errors" "fmt" "io" + "io/fs" "os" "os/exec" - "path" "path/filepath" "regexp" "strconv" @@ -34,8 +34,12 @@ import ( const ( configFileName = "envoy-config.yaml" + workingDirectoryName = ".pomerium-envoy" + embeddedEnvoyPermissions fs.FileMode = 0o700 ) +var OverrideEnvoyPath = "" + type serverOptions struct { services string logLevel config.LogLevel @@ -58,17 +62,16 @@ type Server struct { // NewServer creates a new server with traffic routed by envoy. func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) { - if err := preserveRlimitNofile(); err != nil { - log.Debug(ctx).Err(err).Msg("couldn't preserve RLIMIT_NOFILE before starting Envoy") - } + envoyPath := OverrideEnvoyPath + wd := filepath.Join(os.TempDir(), workingDirectoryName) - envoyPath, err := Extract() + err := os.MkdirAll(wd, embeddedEnvoyPermissions) if err != nil { - return nil, fmt.Errorf("extracting envoy: %w", err) + return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err) } srv := &Server{ - wd: path.Dir(envoyPath), + wd: wd, builder: builder, grpcPort: src.GetConfig().GRPCPort, httpPort: src.GetConfig().HTTPPort, -- 2.44.1