From 0f25e112b8e9a0b9c7419a4364dc5f39583ee9d7 Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Wed, 26 May 2021 14:09:16 -0700 Subject: [PATCH 1/9] Port client side authentication from PR #3128 --- config/configauth/clientauth.go | 78 ++++++++++ config/configauth/configauth.go | 26 +--- config/configauth/configauth_test.go | 17 +-- config/configauth/mock_clientauth.go | 66 +++++++++ config/configauth/mock_clientauth_test.go | 139 ++++++++++++++++++ .../{mocks.go => mock_serverauth.go} | 2 +- ...{mocks_test.go => mock_serverauth_test.go} | 0 .../{authenticator.go => serverauth.go} | 12 +- ...thenticator_test.go => serverauth_test.go} | 0 config/configgrpc/configgrpc.go | 7 +- extension/authoidcextension/extension.go | 2 +- 11 files changed, 313 insertions(+), 36 deletions(-) create mode 100644 config/configauth/clientauth.go create mode 100644 config/configauth/mock_clientauth.go create mode 100644 config/configauth/mock_clientauth_test.go rename config/configauth/{mocks.go => mock_serverauth.go} (97%) rename config/configauth/{mocks_test.go => mock_serverauth_test.go} (100%) rename config/configauth/{authenticator.go => serverauth.go} (92%) rename config/configauth/{authenticator_test.go => serverauth_test.go} (100%) diff --git a/config/configauth/clientauth.go b/config/configauth/clientauth.go new file mode 100644 index 00000000000..0b796fe1dab --- /dev/null +++ b/config/configauth/clientauth.go @@ -0,0 +1,78 @@ +// Copyright The OpenTelemetry Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package configauth + +import ( + "fmt" + "net/http" + + "google.golang.org/grpc/credentials" + + "go.opentelemetry.io/collector/component" + "go.opentelemetry.io/collector/config" +) + +// ClientAuthenticator is an Extension that can be used as an authenticator for the configauth.Authentication option. +// Authenticators are then included as part of OpenTelemetry Collector builds and can be referenced by their +// names from the Authentication configuration. +type ClientAuthenticator interface { + component.Extension +} + +// HTTPClientAuthenticator is a ClientAuthenticator that can be used as an authenticator +// for the configauth.Authentication option for HTTP clients. +type HTTPClientAuthenticator interface { + ClientAuthenticator + RoundTripper(base http.RoundTripper) (http.RoundTripper, error) +} + +// GRPCClientAuthenticator is a ClientAuthenticator that can be used as an authenticator for +// the configauth.Authentication option for gRPC clients. +type GRPCClientAuthenticator interface { + ClientAuthenticator + PerRPCCredentials() (credentials.PerRPCCredentials, error) +} + +// GetHTTPClientAuthenticator attempts to select the appropriate HTTPClientAuthenticator from the list of extensions, +// based on the component id of the extension. If an authenticator is not found, an error is returned. +// This should be only used by HTTP clients. +func GetHTTPClientAuthenticator(extensions map[config.ComponentID]component.Extension, + componentID config.ComponentID) (HTTPClientAuthenticator, error) { + for name, ext := range extensions { + if name == componentID { + if auth, ok := ext.(HTTPClientAuthenticator); ok { + return auth, nil + } + return nil, fmt.Errorf("requested authenticator is not for HTTP clients") + } + } + return nil, fmt.Errorf("failed to resolve authenticator %q: %w", componentID.String(), errAuthenticatorNotFound) +} + +// GetGRPCClientAuthenticator attempts to select the appropriate GRPCClientAuthenticator from the list of extensions, +// based on the component id of the extension. If an authenticator is not found, an error is returned. +// This should only be used by gRPC clients. +func GetGRPCClientAuthenticator(extensions map[config.ComponentID]component.Extension, + componentID config.ComponentID) (GRPCClientAuthenticator, error) { + for name, ext := range extensions { + if name == componentID { + if auth, ok := ext.(GRPCClientAuthenticator); ok { + return auth, nil + } + return nil, fmt.Errorf("requested authenticator is not for gRPC clients") + } + } + return nil, fmt.Errorf("failed to resolve authenticator %q: %w", componentID.String(), errAuthenticatorNotFound) +} diff --git a/config/configauth/configauth.go b/config/configauth/configauth.go index fe023963504..f40815b2943 100644 --- a/config/configauth/configauth.go +++ b/config/configauth/configauth.go @@ -23,35 +23,25 @@ import ( ) var ( - errAuthenticatorNotFound = errors.New("authenticator not found") - errAuthenticatorNotProvided = errors.New("authenticator not provided") + errAuthenticatorNotFound = errors.New("authenticator not found") ) -// Authentication defines the auth settings for the receiver. +// Authentication defines the auth settings for the receiver type Authentication struct { - // Authenticator specifies the name of the extension to use in order to authenticate the incoming data point. + // AuthenticatorName specifies the name of the extension to use in order to authenticate the incoming data point. AuthenticatorName string `mapstructure:"authenticator"` } -// GetAuthenticator attempts to select the appropriate Authenticator from the list of extensions, based on the requested extension name. +// GetServerAuthenticator attempts to select the appropriate from the list of extensions, based on the requested extension name. // If an authenticator is not found, an error is returned. -func GetAuthenticator(extensions map[config.ComponentID]component.Extension, requested string) (Authenticator, error) { - if requested == "" { - return nil, errAuthenticatorNotProvided - } - - reqID, err := config.NewIDFromString(requested) - if err != nil { - return nil, err - } - +func GetServerAuthenticator(extensions map[config.ComponentID]component.Extension, componentID config.ComponentID) (ServerAuthenticator, error) { for name, ext := range extensions { - if auth, ok := ext.(Authenticator); ok { - if name == reqID { + if auth, ok := ext.(ServerAuthenticator); ok { + if name == componentID { return auth, nil } } } - return nil, fmt.Errorf("failed to resolve authenticator %q: %w", requested, errAuthenticatorNotFound) + return nil, fmt.Errorf("failed to resolve authenticator %q: %w", componentID.String(), errAuthenticatorNotFound) } diff --git a/config/configauth/configauth_test.go b/config/configauth/configauth_test.go index 91ad6173727..f3e5e7d9645 100644 --- a/config/configauth/configauth_test.go +++ b/config/configauth/configauth_test.go @@ -33,7 +33,10 @@ func TestGetAuthenticator(t *testing.T) { } // test - authenticator, err := GetAuthenticator(ext, cfg.AuthenticatorName) + componentID, err := config.NewIDFromString(cfg.AuthenticatorName) + assert.NoError(t, err) + + authenticator, err := GetServerAuthenticator(ext, componentID) // verify assert.NoError(t, err) @@ -48,13 +51,7 @@ func TestGetAuthenticatorFails(t *testing.T) { expected error }{ { - desc: "Authenticator not provided", - cfg: &Authentication{}, - ext: map[config.ComponentID]component.Extension{}, - expected: errAuthenticatorNotProvided, - }, - { - desc: "Authenticator not found", + desc: "ServerAuthenticator not found", cfg: &Authentication{ AuthenticatorName: "does-not-exist", }, @@ -64,7 +61,9 @@ func TestGetAuthenticatorFails(t *testing.T) { } for _, tC := range testCases { t.Run(tC.desc, func(t *testing.T) { - authenticator, err := GetAuthenticator(tC.ext, tC.cfg.AuthenticatorName) + componentID, err := config.NewIDFromString(tC.cfg.AuthenticatorName) + assert.NoError(t, err) + authenticator, err := GetServerAuthenticator(tC.ext, componentID) assert.ErrorIs(t, err, tC.expected) assert.Nil(t, authenticator) }) diff --git a/config/configauth/mock_clientauth.go b/config/configauth/mock_clientauth.go new file mode 100644 index 00000000000..68097e84ca1 --- /dev/null +++ b/config/configauth/mock_clientauth.go @@ -0,0 +1,66 @@ +// Copyright The OpenTelemetry Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package configauth + +import ( + "context" + "errors" + "net/http" + + "google.golang.org/grpc/credentials" + + "go.opentelemetry.io/collector/component" +) + +var ( + _ HTTPClientAuthenticator = (*MockClientAuthenticator)(nil) + _ GRPCClientAuthenticator = (*MockClientAuthenticator)(nil) + errMockError = errors.New("mock Error") +) + +// MockClientAuthenticator provides a mock implementation of GRPCClientAuthenticator and HTTPClientAuthenticator interfaces +type MockClientAuthenticator struct { + ResultRoundTripper http.RoundTripper + ResultPerRPCCredentials credentials.PerRPCCredentials + MustError bool +} + +// Start for the MockClientAuthenticator does nothing +func (m *MockClientAuthenticator) Start(ctx context.Context, host component.Host) error { + return nil +} + +// Shutdown for the MockClientAuthenticator does nothing +func (m *MockClientAuthenticator) Shutdown(ctx context.Context) error { + return nil +} + +// RoundTripper for the MockClientAuthenticator either returns error if the mock authenticator is forced to or +// returns the supplied resultRoundTripper. +func (m *MockClientAuthenticator) RoundTripper(base http.RoundTripper) (http.RoundTripper, error) { + if m.MustError { + return nil, errMockError + } + return m.ResultRoundTripper, nil +} + +// PerRPCCredentials for the MockClientAuthenticator either returns error if the mock authenticator is forced to or +// returns the supplied resultPerRPCCredentials. +func (m *MockClientAuthenticator) PerRPCCredentials() (credentials.PerRPCCredentials, error) { + if m.MustError { + return nil, errMockError + } + return m.ResultPerRPCCredentials, nil +} diff --git a/config/configauth/mock_clientauth_test.go b/config/configauth/mock_clientauth_test.go new file mode 100644 index 00000000000..99da40f4963 --- /dev/null +++ b/config/configauth/mock_clientauth_test.go @@ -0,0 +1,139 @@ +// Copyright The OpenTelemetry Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package configauth + +import ( + "context" + "net/http" + "testing" + + "github.com/stretchr/testify/assert" + "google.golang.org/grpc/credentials" +) + +func TestNilStartAndShutdown(t *testing.T) { + // prepare + m := &MockClientAuthenticator{} + + // test and verify + origCtx := context.Background() + + err := m.Start(origCtx, nil) + assert.NoError(t, err) + + err = m.Shutdown(origCtx) + assert.NoError(t, err) +} + +type customRoundTripper struct{} + +func (c *customRoundTripper) RoundTrip(request *http.Request) (*http.Response, error) { + return nil, nil +} + +func TestMockRoundTripper(t *testing.T) { + testcases := []struct { + name string + expectedErr bool + clientAuth MockClientAuthenticator + }{ + { + name: "no_error", + expectedErr: false, + clientAuth: MockClientAuthenticator{ + ResultRoundTripper: &customRoundTripper{}, + MustError: false, + }, + }, + { + name: "error", + expectedErr: true, + clientAuth: MockClientAuthenticator{ + ResultRoundTripper: &customRoundTripper{}, + MustError: true, + }, + }, + } + + for _, testcase := range testcases { + t.Run(testcase.name, func(t *testing.T) { + tripper, err := testcase.clientAuth.RoundTripper(nil) + if testcase.expectedErr { + assert.Error(t, err) + return + } + assert.NotNil(t, tripper) + assert.NoError(t, err) + // check if the resultant tripper is indeed the one provided + _, ok := tripper.(*customRoundTripper) + assert.True(t, ok) + }) + } +} + +type customPerRPCCredentials struct{} + +var _ credentials.PerRPCCredentials = (*customPerRPCCredentials)(nil) + +func (c *customPerRPCCredentials) GetRequestMetadata(context.Context, ...string) (map[string]string, error) { + return nil, nil +} + +func (c *customPerRPCCredentials) RequireTransportSecurity() bool { + return true +} + +func TestMockPerRPCCredential(t *testing.T) { + testcases := []struct { + name string + expectedErr bool + clientAuth MockClientAuthenticator + }{ + { + name: "no_error", + expectedErr: false, + clientAuth: MockClientAuthenticator{ + ResultPerRPCCredentials: &customPerRPCCredentials{}, + MustError: false, + }, + }, + { + name: "error", + expectedErr: true, + clientAuth: MockClientAuthenticator{ + ResultPerRPCCredentials: &customPerRPCCredentials{}, + MustError: true, + }, + }, + } + + for _, testcase := range testcases { + t.Run(testcase.name, func(t *testing.T) { + credential, err := testcase.clientAuth.PerRPCCredentials() + if err != nil { + return + } + if testcase.expectedErr { + assert.Error(t, err) + return + } + assert.NotNil(t, credential) + assert.NoError(t, err) + // check if the resultant tripper is indeed the one provided + _, ok := credential.(*customPerRPCCredentials) + assert.True(t, ok) + }) + } +} diff --git a/config/configauth/mocks.go b/config/configauth/mock_serverauth.go similarity index 97% rename from config/configauth/mocks.go rename to config/configauth/mock_serverauth.go index 132068e29e2..1f5ead65906 100644 --- a/config/configauth/mocks.go +++ b/config/configauth/mock_serverauth.go @@ -23,7 +23,7 @@ import ( ) var ( - _ Authenticator = (*MockAuthenticator)(nil) + _ ServerAuthenticator = (*MockAuthenticator)(nil) _ component.Extension = (*MockAuthenticator)(nil) ) diff --git a/config/configauth/mocks_test.go b/config/configauth/mock_serverauth_test.go similarity index 100% rename from config/configauth/mocks_test.go rename to config/configauth/mock_serverauth_test.go diff --git a/config/configauth/authenticator.go b/config/configauth/serverauth.go similarity index 92% rename from config/configauth/authenticator.go rename to config/configauth/serverauth.go index a682646cfa0..c56abb67cdc 100644 --- a/config/configauth/authenticator.go +++ b/config/configauth/serverauth.go @@ -28,12 +28,12 @@ var ( errMetadataNotFound = errors.New("no request metadata found") ) -// Authenticator is an Extension that can be used as an authenticator for the configauth.Authentication option. +// ServerAuthenticator is an Extension that can be used as an authenticator for the configauth.Authentication option. // Authenticators are then included as part of OpenTelemetry Collector builds and can be referenced by their -// names from the Authentication configuration. Each Authenticator is free to define its own behavior and configuration options, +// names from the Authentication configuration. Each ServerAuthenticator is free to define its own behavior and configuration options, // but note that the expectations that come as part of Extensions exist here as well. For instance, multiple instances of the same // authenticator should be possible to exist under different names. -type Authenticator interface { +type ServerAuthenticator interface { component.Extension // Authenticate checks whether the given headers map contains valid auth data. Successfully authenticated calls will always return a nil error. @@ -58,17 +58,17 @@ type Authenticator interface { } // AuthenticateFunc defines the signature for the function responsible for performing the authentication based on the given headers map. -// See Authenticator.Authenticate. +// See ServerAuthenticator.Authenticate. type AuthenticateFunc func(ctx context.Context, headers map[string][]string) error // GrpcUnaryInterceptorFunc defines the signature for the function intercepting unary gRPC calls, useful for authenticators to use as // types for internal structs, making it easier to mock them in tests. -// See Authenticator.GrpcUnaryServerInterceptor. +// See ServerAuthenticator.GrpcUnaryServerInterceptor. type GrpcUnaryInterceptorFunc func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler, authenticate AuthenticateFunc) (interface{}, error) // GrpcStreamInterceptorFunc defines the signature for the function intercepting streaming gRPC calls, useful for authenticators to use as // types for internal structs, making it easier to mock them in tests. -// See Authenticator.GrpcStreamServerInterceptor. +// See ServerAuthenticator.GrpcStreamServerInterceptor. type GrpcStreamInterceptorFunc func(srv interface{}, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler, authenticate AuthenticateFunc) error // DefaultGrpcUnaryServerInterceptor provides a default implementation of GrpcUnaryInterceptorFunc, useful for most authenticators. diff --git a/config/configauth/authenticator_test.go b/config/configauth/serverauth_test.go similarity index 100% rename from config/configauth/authenticator_test.go rename to config/configauth/serverauth_test.go diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index 00d6897fabc..9019cd87591 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -296,7 +296,12 @@ func (gss *GRPCServerSettings) ToServerOption(ext map[config.ComponentID]compone } if gss.Auth != nil { - authenticator, err := configauth.GetAuthenticator(ext, gss.Auth.AuthenticatorName) + componentID, cperr := config.NewIDFromString(gss.Auth.AuthenticatorName) + if cperr != nil { + return nil, cperr + } + + authenticator, err := configauth.GetServerAuthenticator(ext, componentID) if err != nil { return nil, err } diff --git a/extension/authoidcextension/extension.go b/extension/authoidcextension/extension.go index 97aa2b05439..b35d41510c9 100644 --- a/extension/authoidcextension/extension.go +++ b/extension/authoidcextension/extension.go @@ -48,7 +48,7 @@ type oidcExtension struct { } var ( - _ configauth.Authenticator = (*oidcExtension)(nil) + _ configauth.ServerAuthenticator = (*oidcExtension)(nil) errNoAudienceProvided = errors.New("no Audience provided for the OIDC configuration") errNoIssuerURL = errors.New("no IssuerURL provided for the OIDC configuration") From 439e7bc0d7e4d5ec9114aefc52f0c0c9148aff30 Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Wed, 26 May 2021 14:18:46 -0700 Subject: [PATCH 2/9] fixed readme --- config/configauth/README.md | 4 ++-- extension/authoidcextension/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/configauth/README.md b/config/configauth/README.md index e3b814d6a85..098c1502d35 100644 --- a/config/configauth/README.md +++ b/config/configauth/README.md @@ -32,6 +32,6 @@ receivers: ## Creating an authenticator -New authenticators can be added by creating a new extension that also implements the `configauth.Authenticator` extension. Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. - +New authenticators can be added by creating a new extension that also implements the `configauth.ServerAuthenticator` or `config.ClientAuthenticator` for server specific authentication or client specific authentication respectively. +Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. For other cases, you'll need to include your custom authenticator as part of your custom OpenTelemetry Collector, perhaps being built using the [OpenTelemetry Collector Builder](https://github.com/open-telemetry/opentelemetry-collector-builder). diff --git a/extension/authoidcextension/README.md b/extension/authoidcextension/README.md index 4b93b3d4e4a..272b301b07b 100644 --- a/extension/authoidcextension/README.md +++ b/extension/authoidcextension/README.md @@ -1,6 +1,6 @@ # Authenticator - OIDC -This extension implements a `configauth.Authenticator`, to be used in receivers inside the `auth` settings. The authenticator type has to be set to `oidc`. +This extension implements a `configauth.ServerAuthenticator`, to be used in receivers inside the `auth` settings. The authenticator type has to be set to `oidc`. ## Configuration From 15a12e985ddd972d3b6b2b6c3749fc1b846e9c3d Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Thu, 27 May 2021 10:26:39 -0700 Subject: [PATCH 3/9] period --- config/configauth/configauth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/configauth/configauth.go b/config/configauth/configauth.go index f40815b2943..a2518441823 100644 --- a/config/configauth/configauth.go +++ b/config/configauth/configauth.go @@ -26,7 +26,7 @@ var ( errAuthenticatorNotFound = errors.New("authenticator not found") ) -// Authentication defines the auth settings for the receiver +// Authentication defines the auth settings for the receiver. type Authentication struct { // AuthenticatorName specifies the name of the extension to use in order to authenticate the incoming data point. AuthenticatorName string `mapstructure:"authenticator"` From c9c7eccd42d0f11c093bfaba6e22816785d8114f Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Fri, 28 May 2021 10:22:34 -0700 Subject: [PATCH 4/9] addressed review comments --- config/configauth/README.md | 4 +--- config/configauth/configauth.go | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/config/configauth/README.md b/config/configauth/README.md index 098c1502d35..253691166e6 100644 --- a/config/configauth/README.md +++ b/config/configauth/README.md @@ -32,6 +32,4 @@ receivers: ## Creating an authenticator -New authenticators can be added by creating a new extension that also implements the `configauth.ServerAuthenticator` or `config.ClientAuthenticator` for server specific authentication or client specific authentication respectively. -Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. -For other cases, you'll need to include your custom authenticator as part of your custom OpenTelemetry Collector, perhaps being built using the [OpenTelemetry Collector Builder](https://github.com/open-telemetry/opentelemetry-collector-builder). +New authenticators can be added by creating a new extension that also implements the `configauth.Authenticator` extension. Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. \ No newline at end of file diff --git a/config/configauth/configauth.go b/config/configauth/configauth.go index a2518441823..16c26328a82 100644 --- a/config/configauth/configauth.go +++ b/config/configauth/configauth.go @@ -35,9 +35,9 @@ type Authentication struct { // GetServerAuthenticator attempts to select the appropriate from the list of extensions, based on the requested extension name. // If an authenticator is not found, an error is returned. func GetServerAuthenticator(extensions map[config.ComponentID]component.Extension, componentID config.ComponentID) (ServerAuthenticator, error) { - for name, ext := range extensions { + for id, ext := range extensions { if auth, ok := ext.(ServerAuthenticator); ok { - if name == componentID { + if id == componentID { return auth, nil } } From 5358d8cfa8bef331d583aa4a8c88eee405028799 Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Fri, 28 May 2021 10:24:56 -0700 Subject: [PATCH 5/9] added missing statement --- config/configauth/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/configauth/README.md b/config/configauth/README.md index 253691166e6..2552282a123 100644 --- a/config/configauth/README.md +++ b/config/configauth/README.md @@ -32,4 +32,6 @@ receivers: ## Creating an authenticator -New authenticators can be added by creating a new extension that also implements the `configauth.Authenticator` extension. Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. \ No newline at end of file +New authenticators can be added by creating a new extension that also implements the `configauth.Authenticator` extension. Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. + +For other cases, you'll need to include your custom authenticator as part of your custom OpenTelemetry Collector, perhaps being built using the [OpenTelemetry Collector Builder](https://github.com/open-telemetry/opentelemetry-collector-builder). \ No newline at end of file From 954e7f37075c79fe69bbb337f490bb84a7c3556c Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Fri, 28 May 2021 10:26:01 -0700 Subject: [PATCH 6/9] added missing statement --- config/configauth/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/configauth/README.md b/config/configauth/README.md index 2552282a123..e3b814d6a85 100644 --- a/config/configauth/README.md +++ b/config/configauth/README.md @@ -34,4 +34,4 @@ receivers: New authenticators can be added by creating a new extension that also implements the `configauth.Authenticator` extension. Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. -For other cases, you'll need to include your custom authenticator as part of your custom OpenTelemetry Collector, perhaps being built using the [OpenTelemetry Collector Builder](https://github.com/open-telemetry/opentelemetry-collector-builder). \ No newline at end of file +For other cases, you'll need to include your custom authenticator as part of your custom OpenTelemetry Collector, perhaps being built using the [OpenTelemetry Collector Builder](https://github.com/open-telemetry/opentelemetry-collector-builder). From ac7b753ca9e48bbfbf3afa2576f9900e9f1a4e7e Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Fri, 28 May 2021 10:27:58 -0700 Subject: [PATCH 7/9] added missing statement --- config/configauth/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/configauth/README.md b/config/configauth/README.md index e3b814d6a85..fc4e00f918b 100644 --- a/config/configauth/README.md +++ b/config/configauth/README.md @@ -32,6 +32,6 @@ receivers: ## Creating an authenticator -New authenticators can be added by creating a new extension that also implements the `configauth.Authenticator` extension. Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. +New authenticators can be added by creating a new extension that also implements the `configauth.ServerAuthenticator` extension. Generic authenticators that may be used by a good number of users might be accepted as part of the core distribution, or as part of the contrib distribution. If you have interest in contributing one authenticator, open an issue with your proposal. For other cases, you'll need to include your custom authenticator as part of your custom OpenTelemetry Collector, perhaps being built using the [OpenTelemetry Collector Builder](https://github.com/open-telemetry/opentelemetry-collector-builder). From 3ceb231dcceceae2089e8195aee4299bd44e1ed3 Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Fri, 28 May 2021 10:32:31 -0700 Subject: [PATCH 8/9] added missing statement --- config/configauth/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/configauth/README.md b/config/configauth/README.md index fc4e00f918b..c8bf9f0f6c0 100644 --- a/config/configauth/README.md +++ b/config/configauth/README.md @@ -4,7 +4,7 @@ This module allows server types, such as gRPC and HTTP, to be configured to perf The currently known authenticators: -- [oidc](../../extension/authoidcextension) +- [oidc](../../extension/oidcauthextension) Examples: ```yaml From 028e63708935d228ac54107edb75bce1d8947532 Mon Sep 17 00:00:00 2001 From: Pavan Krishna Date: Fri, 28 May 2021 10:33:10 -0700 Subject: [PATCH 9/9] added missing statement --- config/configauth/clientauth.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/configauth/clientauth.go b/config/configauth/clientauth.go index 0b796fe1dab..622c4954a9f 100644 --- a/config/configauth/clientauth.go +++ b/config/configauth/clientauth.go @@ -50,8 +50,8 @@ type GRPCClientAuthenticator interface { // This should be only used by HTTP clients. func GetHTTPClientAuthenticator(extensions map[config.ComponentID]component.Extension, componentID config.ComponentID) (HTTPClientAuthenticator, error) { - for name, ext := range extensions { - if name == componentID { + for id, ext := range extensions { + if id == componentID { if auth, ok := ext.(HTTPClientAuthenticator); ok { return auth, nil } @@ -66,8 +66,8 @@ func GetHTTPClientAuthenticator(extensions map[config.ComponentID]component.Exte // This should only be used by gRPC clients. func GetGRPCClientAuthenticator(extensions map[config.ComponentID]component.Extension, componentID config.ComponentID) (GRPCClientAuthenticator, error) { - for name, ext := range extensions { - if name == componentID { + for id, ext := range extensions { + if id == componentID { if auth, ok := ext.(GRPCClientAuthenticator); ok { return auth, nil }