pkgs/servers/http/pomerium/external-envoy.diff

   1 diff --git a/pkg/envoy/envoy.go b/pkg/envoy/envoy.go
   2 index e32cfc29..9d32c057 100644
   3 --- a/pkg/envoy/envoy.go
   4 +++ b/pkg/envoy/envoy.go
   5 @@ -8,9 +8,9 @@ import (
   6         "errors"
   7         "fmt"
   8         "io"
   9 +       "io/fs"
  10         "os"
  11         "os/exec"
  12 -       "path"
  13         "path/filepath"
  14         "regexp"
  15         "strconv"
  16 @@ -36,8 +36,12 @@ import (
  17
  18  const (
  19         configFileName = "envoy-config.yaml"
  20 +       workingDirectoryName = ".pomerium-envoy"
  21 +       embeddedEnvoyPermissions     fs.FileMode = 0o700
  22  )
  23
  24 +var OverrideEnvoyPath = ""
  25 +
  26  type serverOptions struct {
  27         services string
  28         logLevel string
  29 @@ -60,13 +64,16 @@ type Server struct {
  30
  31  // NewServer creates a new server with traffic routed by envoy.
  32  func NewServer(ctx context.Context, src config.Source, builder *envoyconfig.Builder) (*Server, error) {
  33 -       envoyPath, err := Extract()
  34 +       envoyPath := OverrideEnvoyPath
  35 +       wd := filepath.Join(os.TempDir(), workingDirectoryName)
  36 +
  37 +       err := os.MkdirAll(wd, embeddedEnvoyPermissions)
  38         if err != nil {
  39 -               return nil, fmt.Errorf("extracting envoy: %w", err)
  40 +               return nil, fmt.Errorf("error creating temporary working directory for envoy: %w", err)
  41         }
  42
  43         srv := &Server{
  44 -               wd:        path.Dir(envoyPath),
  45 +               wd:        wd,
  46                 builder:   builder,
  47                 grpcPort:  src.GetConfig().GRPCPort,
  48                 httpPort:  src.GetConfig().HTTPPort,