[extension/basicauth] Implement configauth.ClientAuthenticator
#8847
Conversation
|
cc @gouthamve |
| @@ -27,16 +27,17 @@ receivers: | |||
| processors: | |||
|
|
|||
| exporters: | |||
| logging: | |||
| logLevel: debug | |||
| otlphttp: | |||
There was a problem hiding this comment.
How about otlp? It should be used whenever possible instead of otlphttp, from what I understand.
There was a problem hiding this comment.
currently the intention is to support only http client
There was a problem hiding this comment.
This should then be clearly stated in the readme then. I'm sure I'm missing something obvious, but why can't this be used with gRPC? It would be similar to the bearer token auth, like this:
| if err != nil { | ||
| return fmt.Errorf("read htpasswd content: %w", err) | ||
| } | ||
|
|
||
| ba.userPassPair = buff.String() |
There was a problem hiding this comment.
Am I right to assume that this is getting the username and password from the htpasswd file? If so, that's not right.
There was a problem hiding this comment.
It was my bad. I assumed something else. I have reverted this block.
| } | ||
|
|
||
| func (ba *basicAuth) PerRPCCredentials() (creds.PerRPCCredentials, error) { | ||
| return nil, nil |
There was a problem hiding this comment.
Why are you not implementing this?
| Inline: creds, | ||
| }, | ||
| }) | ||
| assert.NotNil(t, ext) |
There was a problem hiding this comment.
This should be a require: everything that is required for setting up the stage of the test should use require. When you are exercising the test subject, use assert.
There was a problem hiding this comment.
Thanks for the tip. Reworked.
| } | ||
|
|
||
| func newExtension(cfg *Config) (configauth.ServerAuthenticator, error) { | ||
| func newExtension(cfg *Config) (*basicAuth, error) { |
There was a problem hiding this comment.
I think I would prefer the factory to determine whether it needs a client authenticator or a server authenticator (see createExtension in the factory.go).
I also think this extension has two different sets of configuration options:
- username and password for the client authenticator, with only one subject
- htpasswd for the server authenticator, with potentially multiple subjects
So, if both the username and password are set, this takes the shape of a client authenticator, otherwise it's a server authenticator. The extension cannot be both at the same time. As an operator, I would find it confusing to have one extension instance with the two facets at the same time.
There was a problem hiding this comment.
Good points. I have incorporated that logic. I have also enforced that this extention will only act as either a client auth or server auth. If a user needs both, there should be two. Kindly review.
Co-authored-by: Stepan Rakitin <stepanr@mailbox.org>
|
@jpkrohling can you give it a one more glance at this. Thanks |
| @@ -27,16 +27,17 @@ receivers: | |||
| processors: | |||
|
|
|||
| exporters: | |||
| logging: | |||
| logLevel: debug | |||
| otlphttp: | |||
There was a problem hiding this comment.
This should then be clearly stated in the readme then. I'm sure I'm missing something obvious, but why can't this be used with gRPC? It would be similar to the bearer token auth, like this:
| } | ||
|
|
||
| func (ba *basicAuth) PerRPCCredentials() (creds.PerRPCCredentials, error) { | ||
| return nil, nil |
Co-authored-by: Juraci Paixão Kröhling <juraci.github@kroehling.de>
You are correct. It is indeed similar to bearer auth. The only reason I did not implement it was because it was written HTTP Basic Auth in the readme before. But sure it works for gRPC as well. I have removed HTTP from the readme now and also implemented it for gRPC. Thank you for reviewing it. |
jpkrohling
changed the title
configauth.ClientAuthenticator to authenticate outgoing http requests using basicauthconfigauth.ClientAuthenticator
* Add support for client basic auth * Change Readme * Add changelog entry * separate out client and server authenticator * Fix Readme documentation Co-authored-by: Stepan Rakitin <stepanr@mailbox.org> * Update Readme.md * modify internal components test file * Apply suggestions from code review Co-authored-by: Juraci Paixão Kröhling <juraci.github@kroehling.de> * add rpc support * review comments and minor fixes * address comments and make func signatures private * gofmt lint error fix Co-authored-by: Stepan Rakitin <stepanr@mailbox.org> Co-authored-by: Juraci Paixão Kröhling <juraci.github@kroehling.de> (cherry picked from commit e841b5e)
Description:
Enhancement:
basicauthextension now supports client auth.Testing: Manual and Unit Tests added.