Skip to content

Commit

Permalink
Moved internal/auth to configauth
Browse files Browse the repository at this point in the history 
Signed-off-by: Juraci Paixão Kröhling <juraci@kroehling.de>
  • Loading branch information
@jpkrohling
jpkrohling committed Sep 30, 2020
1 parent e893ac4 commit 5c2247d
Show file tree
Hide file tree
Showing 10 changed files with 92 additions and 65 deletions.
8 changes: 3 additions & 5 deletions internal/auth/authenticator.go → config/configauth/authenticator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
package configauth

import (
"context"
Expand All @@ -21,8 +21,6 @@ import (

"google.golang.org/grpc"
"google.golang.org/grpc/metadata"

"go.opentelemetry.io/collector/config/configauth"
)

var (
Expand Down Expand Up @@ -52,8 +50,8 @@ type authenticateFunc func(context.Context, map[string][]string) (context.Contex
type unaryInterceptorFunc func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, authenticate authenticateFunc) (interface{}, error)
type streamInterceptorFunc func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler, authenticate authenticateFunc) error

// New creates an authenticator based on the given configuration
func New(cfg configauth.Authentication) (Authenticator, error) {
// NewAuthenticator creates an authenticator based on the given configuration
func NewAuthenticator(cfg Authentication) (Authenticator, error) {
if cfg.OIDC == nil {
return nil, errNoOIDCProvided
}
Expand Down
12 changes: 5 additions & 7 deletions internal/auth/authenticator_test.go → config/configauth/authenticator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
package configauth

import (
"context"
Expand All @@ -22,14 +22,12 @@ import (
"github.com/stretchr/testify/assert"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"

"go.opentelemetry.io/collector/config/configauth"
)

func TestNew(t *testing.T) {
func TestNewAuthenticator(t *testing.T) {
// test
p, err := New(configauth.Authentication{
OIDC: &configauth.OIDC{
p, err := NewAuthenticator(Authentication{
OIDC: &OIDC{
Audience: "some-audience",
IssuerURL: "http://example.com",
},
Expand All @@ -42,7 +40,7 @@ func TestNew(t *testing.T) {

func TestMissingOIDC(t *testing.T) {
// test
p, err := New(configauth.Authentication{})
p, err := NewAuthenticator(Authentication{})

// verify
assert.Nil(t, p)
Expand Down
25 changes: 25 additions & 0 deletions config/configauth/configauth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@

package configauth

import (
"context"

"google.golang.org/grpc"
)

// Authentication defines the auth settings for the receiver
type Authentication struct {
// The attribute (header name) to look for auth data. Optional, default value: "authentication".
Expand Down Expand Up @@ -47,3 +53,22 @@ type OIDC struct {
// Optional.
GroupsClaim string `mapstructure:"groups_claim"`
}

// ToServerOptions builds a set of server options ready to be used by the gRPC server
func (a *Authentication) ToServerOptions() ([]grpc.ServerOption, error) {
auth, err := NewAuthenticator(*a)
if err != nil {
return nil, err
}

// perhaps we should use a timeout here?
// TODO: we need a hook to call auth.Close()
if err := auth.Start(context.Background()); err != nil {
return nil, err
}

return []grpc.ServerOption{
grpc.UnaryInterceptor(auth.UnaryInterceptor),
grpc.StreamInterceptor(auth.StreamInterceptor),
}, nil
}
20 changes: 20 additions & 0 deletions config/configauth/empty_test.go → config/configauth/configauth_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,23 @@
// limitations under the License.

package configauth

import (
"testing"

"github.com/stretchr/testify/assert"
)

func TestToServerOptions(t *testing.T) {
// prepare
auth := &Authentication{
OIDC: &OIDC{},
}
// test
opts, err := auth.ToServerOptions()

// verify
// an error here is a positive confirmation that Auth kicked in
assert.Error(t, err)
assert.Nil(t, opts)
}
2 changes: 1 addition & 1 deletion internal/auth/context.go → config/configauth/context.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
package configauth

import "context"

Expand Down
2 changes: 1 addition & 1 deletion internal/auth/context_test.go → config/configauth/context_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
package configauth

import (
"context"
Expand Down
10 changes: 4 additions & 6 deletions internal/auth/oidc_authenticator.go → config/configauth/oidc_authenticator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
package configauth

import (
"context"
Expand All @@ -29,13 +29,11 @@ import (

"github.com/coreos/go-oidc"
"google.golang.org/grpc"

"go.opentelemetry.io/collector/config/configauth"
)

type oidcAuthenticator struct {
attribute string
config configauth.OIDC
config OIDC
provider *oidc.Provider
verifier *oidc.IDTokenVerifier

Expand All @@ -56,7 +54,7 @@ var (
errNotAuthenticated = errors.New("authentication didn't succeed")
)

func newOIDCAuthenticator(cfg configauth.Authentication) (*oidcAuthenticator, error) {
func newOIDCAuthenticator(cfg Authentication) (*oidcAuthenticator, error) {
if cfg.OIDC.Audience == "" {
return nil, errNoClientIDProvided
}
Expand Down Expand Up @@ -189,7 +187,7 @@ func getGroupsFromClaims(claims map[string]interface{}, groupsClaim string) ([]s
return []string{}, nil
}

func getProviderForConfig(config configauth.OIDC) (*oidc.Provider, error) {
func getProviderForConfig(config OIDC) (*oidc.Provider, error) {
t := &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Expand Down
62 changes: 30 additions & 32 deletions internal/auth/oidc_authenticator_test.go → config/configauth/oidc_authenticator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
package configauth

import (
"context"
Expand All @@ -34,8 +34,6 @@ import (
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/grpc"

"go.opentelemetry.io/collector/config/configauth"
)

func TestOIDCAuthenticationSucceeded(t *testing.T) {
Expand All @@ -45,8 +43,8 @@ func TestOIDCAuthenticationSucceeded(t *testing.T) {
oidcServer.Start()
defer oidcServer.Close()

config := configauth.Authentication{
OIDC: &configauth.OIDC{
config := Authentication{
OIDC: &OIDC{
IssuerURL: oidcServer.URL,
Audience: "unit-test",
GroupsClaim: "memberships",
Expand Down Expand Up @@ -122,7 +120,7 @@ func TestOIDCProviderForConfigWithTLS(t *testing.T) {
oidcServer.StartTLS()

// prepare the processor configuration
config := configauth.OIDC{
config := OIDC{
IssuerURL: oidcServer.URL,
IssuerCAPath: caFile.Name(),
Audience: "unit-test",
Expand Down Expand Up @@ -196,7 +194,7 @@ func TestOIDCFailedToLoadIssuerCAFromPathInvalidContent(t *testing.T) {
defer os.Remove(file.Name())
file.Write([]byte("foobar"))

config := configauth.OIDC{
config := OIDC{
IssuerCAPath: file.Name(),
}

Expand All @@ -210,8 +208,8 @@ func TestOIDCFailedToLoadIssuerCAFromPathInvalidContent(t *testing.T) {

func TestOIDCInvalidAuthHeader(t *testing.T) {
// prepare
p, err := newOIDCAuthenticator(configauth.Authentication{
OIDC: &configauth.OIDC{
p, err := newOIDCAuthenticator(Authentication{
OIDC: &OIDC{
Audience: "some-audience",
IssuerURL: "http://example.com",
},
Expand All @@ -228,8 +226,8 @@ func TestOIDCInvalidAuthHeader(t *testing.T) {

func TestOIDCNotAuthenticated(t *testing.T) {
// prepare
p, err := newOIDCAuthenticator(configauth.Authentication{
OIDC: &configauth.OIDC{
p, err := newOIDCAuthenticator(Authentication{
OIDC: &OIDC{
Audience: "some-audience",
IssuerURL: "http://example.com",
},
Expand All @@ -246,8 +244,8 @@ func TestOIDCNotAuthenticated(t *testing.T) {

func TestProviderNotReacheable(t *testing.T) {
// prepare
p, err := newOIDCAuthenticator(configauth.Authentication{
OIDC: &configauth.OIDC{
p, err := newOIDCAuthenticator(Authentication{
OIDC: &OIDC{
Audience: "some-audience",
IssuerURL: "http://example.com",
},
Expand All @@ -268,8 +266,8 @@ func TestFailedToVerifyToken(t *testing.T) {
oidcServer.Start()
defer oidcServer.Close()

p, err := newOIDCAuthenticator(configauth.Authentication{
OIDC: &configauth.OIDC{
p, err := newOIDCAuthenticator(Authentication{
OIDC: &OIDC{
IssuerURL: oidcServer.URL,
Audience: "unit-test",
},
Expand All @@ -296,13 +294,13 @@ func TestFailedToGetGroupsClaimFromToken(t *testing.T) {

for _, tt := range []struct {
casename string
config configauth.Authentication
config Authentication
expectedError error
}{
{
"groupsClaimNonExisting",
configauth.Authentication{
OIDC: &configauth.OIDC{
Authentication{
OIDC: &OIDC{
IssuerURL: oidcServer.URL,
Audience: "unit-test",
GroupsClaim: "non-existing-claim",
Expand All @@ -312,8 +310,8 @@ func TestFailedToGetGroupsClaimFromToken(t *testing.T) {
},
{
"usernameClaimNonExisting",
configauth.Authentication{
OIDC: &configauth.OIDC{
Authentication{
OIDC: &OIDC{
IssuerURL: oidcServer.URL,
Audience: "unit-test",
UsernameClaim: "non-existing-claim",
Expand All @@ -323,8 +321,8 @@ func TestFailedToGetGroupsClaimFromToken(t *testing.T) {
},
{
"usernameNotString",
configauth.Authentication{
OIDC: &configauth.OIDC{
Authentication{
OIDC: &OIDC{
IssuerURL: oidcServer.URL,
Audience: "unit-test",
UsernameClaim: "some-non-string-field",
Expand Down Expand Up @@ -438,8 +436,8 @@ func TestEmptyGroupsClaim(t *testing.T) {

func TestMissingClient(t *testing.T) {
// prepare
config := configauth.Authentication{
OIDC: &configauth.OIDC{
config := Authentication{
OIDC: &OIDC{
IssuerURL: "http://example.com/",
},
}
Expand All @@ -454,8 +452,8 @@ func TestMissingClient(t *testing.T) {

func TestMissingIssuerURL(t *testing.T) {
// prepare
config := configauth.Authentication{
OIDC: &configauth.OIDC{
config := Authentication{
OIDC: &OIDC{
Audience: "some-audience",
},
}
Expand All @@ -470,8 +468,8 @@ func TestMissingIssuerURL(t *testing.T) {

func TestClose(t *testing.T) {
// prepare
config := configauth.Authentication{
OIDC: &configauth.OIDC{
config := Authentication{
OIDC: &OIDC{
Audience: "some-audience",
IssuerURL: "http://example.com/",
},
Expand All @@ -489,8 +487,8 @@ func TestClose(t *testing.T) {

func TestUnaryInterceptor(t *testing.T) {
// prepare
config := configauth.Authentication{
OIDC: &configauth.OIDC{
config := Authentication{
OIDC: &OIDC{
Audience: "some-audience",
IssuerURL: "http://example.com/",
},
Expand Down Expand Up @@ -519,8 +517,8 @@ func TestUnaryInterceptor(t *testing.T) {

func TestStreamInterceptor(t *testing.T) {
// prepare
config := configauth.Authentication{
OIDC: &configauth.OIDC{
config := Authentication{
OIDC: &OIDC{
Audience: "some-audience",
IssuerURL: "http://example.com/",
},
Expand Down
2 changes: 1 addition & 1 deletion internal/auth/oidc_server_test.go → config/configauth/oidc_server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.

package auth
package configauth

import (
"bytes"
Expand Down
Loading

0 comments on commit 5c2247d

Please sign in to comment.