tsidp-server.go: read ENV vars using Go

Remove the script used to read environment variables in docker and
instead read the variables using plain Go. This simplifies the container
build and make it possible to use tools like Ko to build the container.

Signed-off-by: Rodrigo Schio <[email protected]>

Author: rschio

Dockerfile

@@ -35,11 +35,6 @@ RUN addgroup -g 1001 -S app && \
 # Copy the binary from builder
 COPY --from=builder /app/tsidp-server /tsidp-server
 
-# Copy the entrypoint script
-COPY scripts/docker/run.sh /run.sh
-RUN chmod +x /run.sh
-
 USER app:app
 
-# Run the binary through the entrypoint script
-ENTRYPOINT ["/run.sh"]
+ENTRYPOINT ["/tsidp-server"]

scripts/docker/run.sh

@@ -19,6 +19,7 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
+	"strconv"
 	"strings"
 	"time"
 
@@ -37,20 +38,20 @@ import (
 // Command line flags
 // Migrated from legacy/tsidp.go:64-73
 var (
-	flagPort               = flag.Int("port", 443, "port to listen on")
-	flagLocalPort          = flag.Int("local-port", -1, "allow requests from localhost")
-	flagUseLocalTailscaled = flag.Bool("use-local-tailscaled", false, "use local tailscaled instead of tsnet")
-	flagFunnel             = flag.Bool("funnel", false, "use Tailscale Funnel to make tsidp available on the public internet")
-	flagHostname           = flag.String("hostname", "idp", "tsnet hostname to use instead of idp")
-	flagDir                = flag.String("dir", "", "tsnet state directory; a default one will be created if not provided")
-	flagEnableSTS          = flag.Bool("enable-sts", false, "enable OIDC STS token exchange support")
+	flagPort               = flag.Int("port", envInt("TSIDP_PORT", 443), "port to listen on")
+	flagLocalPort          = flag.Int("local-port", envInt("TSIDP_LOCAL_PORT", -1), "allow requests from localhost")
+	flagUseLocalTailscaled = flag.Bool("use-local-tailscaled", envBool("TSIDP_USE_LOCAL_TAILSCALED", false), "use local tailscaled instead of tsnet")
+	flagFunnel             = flag.Bool("funnel", envBool("TSIDP_USE_FUNNEL", false), "use Tailscale Funnel to make tsidp available on the public internet")
+	flagHostname           = flag.String("hostname", envString("TS_HOSTNAME", "idp"), "tsnet hostname to use instead of idp")
+	flagDir                = flag.String("dir", envString("TS_STATE_DIR", ""), "tsnet state directory; a default one will be created if not provided")
+	flagEnableSTS          = flag.Bool("enable-sts", envBool("TSIDP_ENABLE_STS", false), "enable OIDC STS token exchange support")
 
 	// application logging levels
-	flagLogLevel = flag.String("log", "info", "log levels: debug, info, warn, error")
+	flagLogLevel = flag.String("log", envString("TSIDP_LOG", "info"), "log levels: debug, info, warn, error")
 
 	// extended debugging information
-	flagDebugAllRequests = flag.Bool("debug-all-requests", false, "capture and print all HTTP requests and responses")
-	flagDebugTSNet       = flag.Bool("debug-tsnet", false, "enable tsnet.Server logging")
+	flagDebugAllRequests = flag.Bool("debug-all-requests", envBool("TSIDP_DEBUG_ALL_REQUESTS", false), "capture and print all HTTP requests and responses")
+	flagDebugTSNet       = flag.Bool("debug-tsnet", envBool("TSIDP_DEBUG_TSNET", false), "enable tsnet.Server logging")
 )
 
 // main initializes and starts the tsidp server
@@ -345,3 +346,39 @@ func (rw *responseWrapper) Write(b []byte) (int, error) {
 	// Write to the original response writer
 	return rw.ResponseWriter.Write(b)
 }
+
+func envString(key, defaultVal string) string {
+	str := os.Getenv(key)
+	if str == "" {
+		return defaultVal
+	}
+	return str
+}
+
+func envBool(key string, defaultVal bool) bool {
+	str := os.Getenv(key)
+	if str == "" {
+		return defaultVal
+	}
+
+	v, err := strconv.ParseBool(str)
+	if err != nil {
+		slog.Error("invalid value for bool env", "key", key)
+		os.Exit(1)
+	}
+	return v
+}
+
+func envInt(key string, defaultVal int) int {
+	str := os.Getenv(key)
+	if str == "" {
+		return defaultVal
+	}
+
+	v, err := strconv.Atoi(str)
+	if err != nil {
+		slog.Error("invalid value for int env", "key", key)
+		os.Exit(1)
+	}
+	return v
+}