open-telemetry · bogdandrutu · Oct 1, 2020 · Sep 18, 2020
diff --git a/internal/auth/authenticator.go → config/configauth/authenticator.go b/internal/auth/authenticator.go → config/configauth/authenticator.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package auth
+package configauth
 
 import (
 	"context"
@@ -21,8 +21,6 @@ import (
 
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"
-
-	"go.opentelemetry.io/collector/config/configauth"
 )
 
 var (
@@ -52,8 +50,8 @@ type authenticateFunc func(context.Context, map[string][]string) (context.Contex
 type unaryInterceptorFunc func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, authenticate authenticateFunc) (interface{}, error)
 type streamInterceptorFunc func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler, authenticate authenticateFunc) error
 
-// New creates an authenticator based on the given configuration
-func New(cfg configauth.Authentication) (Authenticator, error) {
+// NewAuthenticator creates an authenticator based on the given configuration
+func NewAuthenticator(cfg Authentication) (Authenticator, error) {
 	if cfg.OIDC == nil {
 		return nil, errNoOIDCProvided
 	}

diff --git a/internal/auth/authenticator_test.go → config/configauth/authenticator_test.go b/internal/auth/authenticator_test.go → config/configauth/authenticator_test.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package auth
+package configauth
 
 import (
 	"context"
@@ -22,14 +22,12 @@ import (
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/metadata"
-
-	"go.opentelemetry.io/collector/config/configauth"
 )
 
-func TestNew(t *testing.T) {
+func TestNewAuthenticator(t *testing.T) {
 	// test
-	p, err := New(configauth.Authentication{
-		OIDC: &configauth.OIDC{
+	p, err := NewAuthenticator(Authentication{
+		OIDC: &OIDC{
 			Audience:  "some-audience",
 			IssuerURL: "http://example.com",
 		},
@@ -42,7 +40,7 @@ func TestNew(t *testing.T) {
 
 func TestMissingOIDC(t *testing.T) {
 	// test
-	p, err := New(configauth.Authentication{})
+	p, err := NewAuthenticator(Authentication{})
 
 	// verify
 	assert.Nil(t, p)

diff --git a/config/configauth/configauth.go b/config/configauth/configauth.go
@@ -14,6 +14,12 @@
 
 package configauth
 
+import (
+	"context"
+
+	"google.golang.org/grpc"
+)
+
 // Authentication defines the auth settings for the receiver
 type Authentication struct {
 	// The attribute (header name) to look for auth data. Optional, default value: "authentication".
@@ -47,3 +53,22 @@ type OIDC struct {
 	// Optional.
 	GroupsClaim string `mapstructure:"groups_claim"`
 }
+
+// ToServerOptions builds a set of server options ready to be used by the gRPC server
+func (a *Authentication) ToServerOptions() ([]grpc.ServerOption, error) {
+	auth, err := NewAuthenticator(*a)
+	if err != nil {
+		return nil, err
+	}
+
+	// perhaps we should use a timeout here?
+	// TODO: we need a hook to call auth.Close()
+	if err := auth.Start(context.Background()); err != nil {
+		return nil, err
+	}
+
+	return []grpc.ServerOption{
+		grpc.UnaryInterceptor(auth.UnaryInterceptor),
+		grpc.StreamInterceptor(auth.StreamInterceptor),
+	}, nil
+}
diff --git a/config/configauth/configauth_test.go b/config/configauth/configauth_test.go
@@ -0,0 +1,74 @@
+// Copyright The OpenTelemetry Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package configauth
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestToServerOptions(t *testing.T) {
+	// prepare
+	oidcServer, err := newOIDCServer()
+	require.NoError(t, err)
+	oidcServer.Start()
+	defer oidcServer.Close()
+
+	config := Authentication{
+		OIDC: &OIDC{
+			IssuerURL:   oidcServer.URL,
+			Audience:    "unit-test",
+			GroupsClaim: "memberships",
+		},
+	}
+
+	// test
+	opts, err := config.ToServerOptions()
+
+	// verify
+	assert.NoError(t, err)
+	assert.NotNil(t, opts)
+	assert.Len(t, opts, 2) // we have two interceptors
+}
+
+func TestInvalidConfigurationFailsOnToServerOptions(t *testing.T) {
+
+	for _, tt := range []struct {
+		cfg Authentication
+	}{
+		{
+			Authentication{},
+		},
+		{
+			Authentication{
+				OIDC: &OIDC{
+					IssuerURL:   "http://oidc.acme.invalid",
+					Audience:    "unit-test",
+					GroupsClaim: "memberships",
+				},
+			},
+		},
+	} {
+		// test
+		opts, err := tt.cfg.ToServerOptions()
+
+		// verify
+		assert.Error(t, err)
+		assert.Nil(t, opts)
+	}
+
+}
diff --git a/internal/auth/context.go → config/configauth/context.go b/internal/auth/context.go → config/configauth/context.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package auth
+package configauth
 
 import "context"
 

diff --git a/internal/auth/context_test.go → config/configauth/context_test.go b/internal/auth/context_test.go → config/configauth/context_test.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package auth
+package configauth
 
 import (
 	"context"

diff --git a/config/configauth/empty_test.go b/config/configauth/empty_test.go
diff --git a/internal/auth/oidc_authenticator.go → config/configauth/oidc_authenticator.go b/internal/auth/oidc_authenticator.go → config/configauth/oidc_authenticator.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package auth
+package configauth
 
 import (
 	"context"
@@ -29,13 +29,11 @@ import (
 
 	"github.com/coreos/go-oidc"
 	"google.golang.org/grpc"
-
-	"go.opentelemetry.io/collector/config/configauth"
 )
 
 type oidcAuthenticator struct {
 	attribute string
-	config    configauth.OIDC
+	config    OIDC
 	provider  *oidc.Provider
 	verifier  *oidc.IDTokenVerifier
 
@@ -56,7 +54,7 @@ var (
 	errNotAuthenticated                  = errors.New("authentication didn't succeed")
 )
 
-func newOIDCAuthenticator(cfg configauth.Authentication) (*oidcAuthenticator, error) {
+func newOIDCAuthenticator(cfg Authentication) (*oidcAuthenticator, error) {
 	if cfg.OIDC.Audience == "" {
 		return nil, errNoClientIDProvided
 	}
@@ -189,7 +187,7 @@ func getGroupsFromClaims(claims map[string]interface{}, groupsClaim string) ([]s
 	return []string{}, nil
 }
 
-func getProviderForConfig(config configauth.OIDC) (*oidc.Provider, error) {
+func getProviderForConfig(config OIDC) (*oidc.Provider, error) {
 	t := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		DialContext: (&net.Dialer{