outposts: remove duplicate startup/setup code, add pyroscope, make sentry not reconfigure every time (#14724)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-06-07 03:01:00 +02:00
parent a01bb551d0
commit b7417e77c7
17 changed files with 176 additions and 279 deletions
--- a/internal/outpost/ak/api.go
+++ b/internal/outpost/ak/api.go
@ -135,6 +135,10 @@ func NewAPIController(akURL url.URL, token string) *APIController {
 	return ac
 }

+func (a *APIController) Log() *log.Entry {
+	return a.logger
+}
+
 // Start Starts all handlers, non-blocking
 func (a *APIController) Start() error {
 	err := a.Server.Refresh()
--- a/internal/outpost/ak/entrypoint/entrypoint.go
+++ b/internal/outpost/ak/entrypoint/entrypoint.go
@ -0,0 +1,51 @@
+package entrypoint
+
+import (
+	"errors"
+	"net/url"
+	"os"
+
+	"goauthentik.io/internal/common"
+	"goauthentik.io/internal/config"
+	"goauthentik.io/internal/debug"
+	"goauthentik.io/internal/outpost/ak"
+)
+
+func OutpostMain(appName string, server func(ac *ak.APIController) ak.Outpost) error {
+	debug.EnableDebugServer(appName)
+	akURL := config.Get().AuthentikHost
+	if akURL == "" {
+		return errors.New("environment variable `AUTHENTIK_HOST` not set")
+	}
+	akToken := config.Get().AuthentikToken
+	if akToken == "" {
+		return errors.New("environment variable `AUTHENTIK_TOKEN` not set")
+	}
+
+	akURLActual, err := url.Parse(akURL)
+	if err != nil {
+		return err
+	}
+
+	ex := common.Init()
+	defer common.Defer()
+
+	ac := ak.NewAPIController(*akURLActual, akToken)
+	if ac == nil {
+		os.Exit(1)
+	}
+	defer ac.Shutdown()
+
+	ac.Server = server(ac)
+
+	err = ac.Start()
+	if err != nil {
+		ac.Log().WithError(err).Panic("Failed to run server")
+		return err
+	}
+
+	for {
+		<-ex
+		return nil
+	}
+}
--- a/internal/outpost/ak/global.go
+++ b/internal/outpost/ak/global.go
@ -48,20 +48,20 @@ func doGlobalSetup(outpost api.Outpost, globalConfig *api.Config) {
 	if globalConfig.ErrorReporting.Enabled {
 		if !initialSetup {
 			l.WithField("env", globalConfig.ErrorReporting.Environment).Debug("Error reporting enabled")
-		}
-		err := sentry.Init(sentry.ClientOptions{
-			Dsn:           globalConfig.ErrorReporting.SentryDsn,
-			Environment:   globalConfig.ErrorReporting.Environment,
-			EnableTracing: true,
-			TracesSampler: sentryutils.SamplerFunc(float64(globalConfig.ErrorReporting.TracesSampleRate)),
-			Release:       fmt.Sprintf("authentik@%s", constants.VERSION),
-			HTTPTransport: webutils.NewUserAgentTransport(constants.UserAgentOutpost(), http.DefaultTransport),
-			IgnoreErrors: []string{
-				http.ErrAbortHandler.Error(),
-			},
-		})
-		if err != nil {
-			l.WithField("env", globalConfig.ErrorReporting.Environment).WithError(err).Warning("Failed to initialise sentry")
+			err := sentry.Init(sentry.ClientOptions{
+				Dsn:           globalConfig.ErrorReporting.SentryDsn,
+				Environment:   globalConfig.ErrorReporting.Environment,
+				EnableTracing: true,
+				TracesSampler: sentryutils.SamplerFunc(float64(globalConfig.ErrorReporting.TracesSampleRate)),
+				Release:       fmt.Sprintf("authentik@%s", constants.VERSION),
+				HTTPTransport: webutils.NewUserAgentTransport(constants.UserAgentOutpost(), http.DefaultTransport),
+				IgnoreErrors: []string{
+					http.ErrAbortHandler.Error(),
+				},
+			})
+			if err != nil {
+				l.WithField("env", globalConfig.ErrorReporting.Environment).WithError(err).Warning("Failed to initialise sentry")
+			}
 		}
 	}

--- a/internal/outpost/ldap/ldap.go
+++ b/internal/outpost/ldap/ldap.go
@ -26,7 +26,7 @@ type LDAPServer struct {
 	providers   []*ProviderInstance
 }

-func NewServer(ac *ak.APIController) *LDAPServer {
+func NewServer(ac *ak.APIController) ak.Outpost {
 	ls := &LDAPServer{
 		log:       log.WithField("logger", "authentik.outpost.ldap"),
 		ac:        ac,
--- a/internal/outpost/proxyv2/proxyv2.go
+++ b/internal/outpost/proxyv2/proxyv2.go
@ -35,7 +35,7 @@ type ProxyServer struct {
 	akAPI       *ak.APIController
 }

-func NewProxyServer(ac *ak.APIController) *ProxyServer {
+func NewProxyServer(ac *ak.APIController) ak.Outpost {
 	l := log.WithField("logger", "authentik.outpost.proxyv2")
 	defaultCert, err := crypto.GenerateSelfSignedCert()
 	if err != nil {
--- a/internal/outpost/rac/rac.go
+++ b/internal/outpost/rac/rac.go
@ -23,7 +23,7 @@ type RACServer struct {
 	conns map[string]connection.Connection
 }

-func NewServer(ac *ak.APIController) *RACServer {
+func NewServer(ac *ak.APIController) ak.Outpost {
 	rs := &RACServer{
 		log:   log.WithField("logger", "authentik.outpost.rac"),
 		ac:    ac,
--- a/internal/outpost/radius/radius.go
+++ b/internal/outpost/radius/radius.go
@ -34,7 +34,7 @@ type RadiusServer struct {
 	providers []*ProviderInstance
 }

-func NewServer(ac *ak.APIController) *RadiusServer {
+func NewServer(ac *ak.APIController) ak.Outpost {
 	rs := &RadiusServer{
 		log:       log.WithField("logger", "authentik.outpost.radius"),
 		ac:        ac,