diff --git a/driver/configuration/provider_koanf_public_test.go b/driver/configuration/provider_koanf_public_test.go index f995c72445..044be58efc 100644 --- a/driver/configuration/provider_koanf_public_test.go +++ b/driver/configuration/provider_koanf_public_test.go @@ -25,6 +25,7 @@ import ( "github.com/ory/oathkeeper/pipeline/authz" "github.com/ory/oathkeeper/pipeline/mutate" "github.com/ory/oathkeeper/x" + "github.com/ory/x/otelx" ) func setup(t *testing.T) *configuration.KoanfProvider { @@ -333,7 +334,8 @@ func TestKoanfProvider(t *testing.T) { }) t.Run("authorizer=remote_json", func(t *testing.T) { - a := authz.NewAuthorizerRemoteJSON(p) + l := logrusx.New("", "") + a := authz.NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig())) assert.True(t, p.AuthorizerIsEnabled(a.GetID())) require.NoError(t, a.Validate(nil)) diff --git a/driver/registry_memory.go b/driver/registry_memory.go index af83338707..faee2a2c4b 100644 --- a/driver/registry_memory.go +++ b/driver/registry_memory.go @@ -383,8 +383,8 @@ func (r *RegistryMemory) prepareAuthz() { authz.NewAuthorizerAllow(r.c), authz.NewAuthorizerDeny(r.c), authz.NewAuthorizerKetoEngineACPORY(r.c), - authz.NewAuthorizerRemote(r.c), - authz.NewAuthorizerRemoteJSON(r.c), + authz.NewAuthorizerRemote(r.c, r), + authz.NewAuthorizerRemoteJSON(r.c, r), } r.authorizers = map[string]authz.Authorizer{} diff --git a/driver/registry_memory_test.go b/driver/registry_memory_test.go index 3d4ede8134..11f2765be3 100644 --- a/driver/registry_memory_test.go +++ b/driver/registry_memory_test.go @@ -4,13 +4,20 @@ package driver import ( + "context" "testing" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/ory/oathkeeper/driver/configuration" + "github.com/ory/x/logrusx" ) func TestRegistryMemoryAvailablePipelineAuthorizers(t *testing.T) { - r := NewRegistryMemory() + c, err := configuration.NewKoanfProvider(context.Background(), nil, logrusx.New("", "")) + require.NoError(t, err) + r := NewRegistry(c) got := r.AvailablePipelineAuthorizers() assert.ElementsMatch(t, got, []string{"allow", "deny", "keto_engine_acp_ory", "remote", "remote_json"}) } @@ -29,7 +36,9 @@ func TestRegistryMemoryPipelineAuthorizer(t *testing.T) { } for _, tt := range tests { t.Run(tt.id, func(t *testing.T) { - r := NewRegistryMemory() + c, err := configuration.NewKoanfProvider(context.Background(), nil, logrusx.New("", "")) + require.NoError(t, err) + r := NewRegistry(c) a, err := r.PipelineAuthorizer(tt.id) if (err != nil) != tt.wantErr { t.Errorf("PipelineAuthorizer() error = %v, wantErr %v", err, tt.wantErr) diff --git a/pipeline/authz/remote.go b/pipeline/authz/remote.go index f1b1fca850..e36c5e4674 100644 --- a/pipeline/authz/remote.go +++ b/pipeline/authz/remote.go @@ -16,6 +16,8 @@ import ( "github.com/ory/x/httpx" + "go.opentelemetry.io/otel/trace" + "github.com/ory/oathkeeper/driver/configuration" "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/pipeline" @@ -45,7 +47,7 @@ type AuthorizerRemote struct { } // NewAuthorizerRemote creates a new AuthorizerRemote. -func NewAuthorizerRemote(c configuration.Provider) *AuthorizerRemote { +func NewAuthorizerRemote(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemote { return &AuthorizerRemote{ c: c, client: httpx.NewResilientClient().StandardClient(), @@ -108,6 +110,7 @@ func (a *AuthorizerRemote) Authorize(r *http.Request, session *authn.Authenticat } res, err := a.client.Do(req.WithContext(r.Context())) + if err != nil { return errors.WithStack(err) } diff --git a/pipeline/authz/remote_json.go b/pipeline/authz/remote_json.go index 724f6aeab7..a0d329a598 100644 --- a/pipeline/authz/remote_json.go +++ b/pipeline/authz/remote_json.go @@ -16,6 +16,8 @@ import ( "github.com/ory/x/httpx" + "go.opentelemetry.io/otel/trace" + "github.com/ory/oathkeeper/driver/configuration" "github.com/ory/oathkeeper/helper" "github.com/ory/oathkeeper/pipeline" @@ -50,10 +52,10 @@ type AuthorizerRemoteJSON struct { } // NewAuthorizerRemoteJSON creates a new AuthorizerRemoteJSON. -func NewAuthorizerRemoteJSON(c configuration.Provider) *AuthorizerRemoteJSON { +func NewAuthorizerRemoteJSON(c configuration.Provider, d interface{ Tracer() trace.Tracer }) *AuthorizerRemoteJSON { return &AuthorizerRemoteJSON{ c: c, - client: httpx.NewResilientClient().StandardClient(), + client: httpx.NewResilientClient(httpx.ResilientClientWithTracer(d.Tracer())).StandardClient(), t: x.NewTemplate("remote_json"), } } @@ -101,6 +103,7 @@ func (a *AuthorizerRemoteJSON) Authorize(r *http.Request, session *authn.Authent } res, err := a.client.Do(req.WithContext(r.Context())) + if err != nil { return errors.WithStack(err) } diff --git a/pipeline/authz/remote_json_test.go b/pipeline/authz/remote_json_test.go index e3fff8c12f..15b65b9e2e 100644 --- a/pipeline/authz/remote_json_test.go +++ b/pipeline/authz/remote_json_test.go @@ -23,6 +23,7 @@ import ( "github.com/ory/oathkeeper/pipeline/authn" . "github.com/ory/oathkeeper/pipeline/authz" "github.com/ory/oathkeeper/rule" + "github.com/ory/x/otelx" ) func TestAuthorizerRemoteJSONAuthorize(t *testing.T) { @@ -176,7 +177,7 @@ func TestAuthorizerRemoteJSONAuthorize(t *testing.T) { if err != nil { l.WithError(err).Fatal("Failed to initialize configuration") } - a := NewAuthorizerRemoteJSON(p) + a := NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig())) ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second) defer cancel() r, err := http.NewRequestWithContext(ctx, "", "", nil) @@ -260,7 +261,8 @@ func TestAuthorizerRemoteJSONValidate(t *testing.T) { configx.SkipValidation(), ) require.NoError(t, err) - a := NewAuthorizerRemoteJSON(p) + l := logrusx.New("", "") + a := NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig())) p.SetForTest(t, configuration.AuthorizerRemoteJSONIsEnabled, tt.enabled) if err := a.Validate(tt.config); (err != nil) != tt.wantErr { t.Errorf("Validate() error = %v, wantErr %v", err, tt.wantErr) @@ -312,7 +314,8 @@ func TestAuthorizerRemoteJSONConfig(t *testing.T) { context.Background(), nil, logrusx.New("", ""), ) require.NoError(t, err) - a := NewAuthorizerRemoteJSON(p) + l := logrusx.New("", "") + a := NewAuthorizerRemoteJSON(p, otelx.NewNoop(l, p.TracingConfig())) actual, err := a.Config(tt.raw) assert.NoError(t, err) assert.Equal(t, tt.expected, actual) diff --git a/pipeline/authz/remote_test.go b/pipeline/authz/remote_test.go index aeffa14153..993b5b565a 100644 --- a/pipeline/authz/remote_test.go +++ b/pipeline/authz/remote_test.go @@ -23,6 +23,7 @@ import ( "github.com/ory/oathkeeper/pipeline/authn" . "github.com/ory/oathkeeper/pipeline/authz" "github.com/ory/oathkeeper/rule" + "github.com/ory/x/otelx" ) func TestAuthorizerRemoteAuthorize(t *testing.T) { @@ -177,7 +178,7 @@ func TestAuthorizerRemoteAuthorize(t *testing.T) { if err != nil { l.WithError(err).Fatal("Failed to initialize configuration") } - a := NewAuthorizerRemote(p) + a := NewAuthorizerRemote(p, otelx.NewNoop(l, p.TracingConfig())) r := &http.Request{ Header: map[string][]string{ "Content-Type": {"text/plain"}, @@ -255,7 +256,8 @@ func TestAuthorizerRemoteValidate(t *testing.T) { context.Background(), nil, logrusx.New("", ""), configx.SkipValidation()) require.NoError(t, err) - a := NewAuthorizerRemote(p) + l := logrusx.New("", "") + a := NewAuthorizerRemote(p, otelx.NewNoop(l, p.TracingConfig())) p.SetForTest(t, configuration.AuthorizerRemoteIsEnabled, tt.enabled) if err := a.Validate(tt.config); (err != nil) != tt.wantErr { t.Errorf("Validate() error = %v, wantErr %v", err, tt.wantErr)