diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index 03e98d34c4f..3b91fa4edfe 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -16,6 +16,7 @@ package configgrpc import ( + "context" "fmt" "net" "strings" @@ -27,8 +28,10 @@ import ( "google.golang.org/grpc/encoding/gzip" "google.golang.org/grpc/keepalive" + "go.opentelemetry.io/collector/config/configauth" "go.opentelemetry.io/collector/config/confignet" "go.opentelemetry.io/collector/config/configtls" + "go.opentelemetry.io/collector/internal/auth" ) // Compression gRPC keys for supported compression types within collector @@ -157,9 +160,12 @@ type GRPCServerSettings struct { // Keepalive anchor for all the settings related to keepalive. Keepalive *KeepaliveServerConfig `mapstructure:"keepalive,omitempty"` + + // Auth for this receiver + Auth *configauth.Authentication `mapstructure:"auth,omitempty"` } -// ToServerOption maps configgrpc.GRPCClientSettings to a slice of dial options for gRPC +// ToDialOptions maps configgrpc.GRPCClientSettings to a slice of dial options for gRPC func (gcs *GRPCClientSettings) ToDialOptions() ([]grpc.DialOption, error) { var opts []grpc.DialOption if gcs.Compression != "" { @@ -287,6 +293,22 @@ func (gss *GRPCServerSettings) ToServerOption() ([]grpc.ServerOption, error) { } } + if gss.Auth != nil { + auth, err := auth.New(*gss.Auth) + if err != nil { + return nil, err + } + + // perhaps we should use a timeout here? + if err := auth.Start(context.Background()); err != nil { + return nil, err + } + + // TODO: we need a hook to call auth.Close() + + opts = append(opts, grpc.UnaryInterceptor(auth.UnaryInterceptor), grpc.StreamInterceptor(auth.StreamInterceptor)) + } + return opts, nil } diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index 4010db38043..035176fd6a2 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -22,8 +22,10 @@ import ( "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/grpc" + "go.opentelemetry.io/collector/config/configauth" "go.opentelemetry.io/collector/config/confignet" "go.opentelemetry.io/collector/config/configtls" otelcol "go.opentelemetry.io/collector/internal/data/opentelemetry-proto-gen/collector/trace/v1" @@ -74,7 +76,7 @@ func TestDefaultGrpcServerSettings(t *testing.T) { assert.Len(t, opts, 0) } -func TestAllGrpcServerSettings(t *testing.T) { +func TestAllGrpcServerSettingsExceptAuth(t *testing.T) { gss := &GRPCServerSettings{ NetAddr: confignet.NetAddr{ Endpoint: "localhost:1234", @@ -107,6 +109,25 @@ func TestAllGrpcServerSettings(t *testing.T) { assert.Len(t, opts, 7) } +func TestGrpcServerAuthSettings(t *testing.T) { + gss := &GRPCServerSettings{} + + // sanity check + _, err := gss.ToServerOption() + require.NoError(t, err) + + // test + gss.Auth = &configauth.Authentication{ + OIDC: &configauth.OIDC{}, + } + opts, err := gss.ToServerOption() + + // verify + // an error here is a positive confirmation that Auth kicked in + assert.Error(t, err) + assert.Nil(t, opts) +} + func TestGRPCClientSettingsError(t *testing.T) { tests := []struct { settings GRPCClientSettings