-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add in getHttpAuthenticationService to GrpcAuthenticationProvider #1529
Add in getHttpAuthenticationService to GrpcAuthenticationProvider #1529
Conversation
Signed-off-by: David Powers <ddpowers@amazon.com>
Signed-off-by: David Powers <ddpowers@amazon.com>
@@ -102,7 +104,10 @@ public void start(Buffer<Record<Object>> buffer) { | |||
|
|||
final ServerBuilder sb = Server.builder(); | |||
sb.disableServerHeader(); | |||
sb.service(grpcServiceBuilder.build()); | |||
|
|||
final Function<? super HttpService, ? extends HttpService> httpAuthenticationService = authenticationProvider.getHttpAuthenticationService().get(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will throw an exception when the Optional
is empty. This code should be refactored to check that the Optional
is present. And only if it is add it to the service builder.
@@ -102,7 +104,10 @@ public void start(Buffer<Record<Object>> buffer) { | |||
|
|||
final ServerBuilder sb = Server.builder(); | |||
sb.disableServerHeader(); | |||
sb.service(grpcServiceBuilder.build()); | |||
|
|||
final Function<? super HttpService, ? extends HttpService> httpAuthenticationService = authenticationProvider.getHttpAuthenticationService().get(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add tests for this code?
* Returns an optional service for HTTP authentication | ||
* @since 1.5 | ||
*/ | ||
default Optional<Function<? super HttpService, ? extends HttpService>> getHttpAuthenticationService() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a simple unit test to verify the default behavior.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be sure to include the unit test here. You can use a mock which calls actual methods to verify the behavior.
@@ -27,4 +31,12 @@ public interface GrpcAuthenticationProvider { | |||
* @since 1.2 | |||
*/ | |||
ServerInterceptor getAuthenticationInterceptor(); | |||
|
|||
/** | |||
* Returns an optional service for HTTP authentication |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may wish to clarify this. This service is to intercept the HTTP request as part of performing gRPC authentication. Perhaps:
Allows implementors to provide an {@link HttpService} to either intercept the HTTP request prior to validation, or to perform validation on the HTTP request. This may be optional, in which case it is not used.
@@ -102,7 +104,10 @@ public void start(Buffer<Record<Object>> buffer) { | |||
|
|||
final ServerBuilder sb = Server.builder(); | |||
sb.disableServerHeader(); | |||
sb.service(grpcServiceBuilder.build()); | |||
|
|||
final Function<? super HttpService, ? extends HttpService> httpAuthenticationService = authenticationProvider.getHttpAuthenticationService().get(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please make a similar change in the otel_metrics_source
.
Signed-off-by: David Powers <ddpowers@amazon.com>
Signed-off-by: David Powers <ddpowers@amazon.com>
Codecov Report
@@ Coverage Diff @@
## main #1529 +/- ##
=========================================
Coverage 94.18% 94.18%
Complexity 1181 1181
=========================================
Files 165 165
Lines 3386 3386
Branches 277 277
=========================================
Hits 3189 3189
Misses 141 141
Partials 56 56 Continue to review full report at Codecov.
|
@@ -453,6 +455,19 @@ void start_without_Health_configured_does_not_include_HealthCheck_service() thro | |||
verify(grpcServiceBuilder, never()).addService(isA(HealthGrpcService.class)); | |||
} | |||
|
|||
@Test | |||
public void testOptionalHttpAuthServiceNotInPlace() { | |||
try (MockedStatic<Server> armeriaServerMock = Mockito.mockStatic(Server.class)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This try-catch block only needs to be around the SOURCE.start(buffer)
call. It will make it more understand if you tighten it to only be there.
when(server.stop()).thenReturn(completableFuture);
try(MockedStatic<Server> armeriaServerMock = ...) {
armeriaServerMock.when(Server::builder).thenReturn(serverBuilder);
SOURCE.start(buffer);
}
verify(serverBuilder, never()).service(isA(GrpcService.class), isA(Function.class));
verify(serverBuilder).service(isA(GrpcService.class));
@@ -453,6 +455,19 @@ void start_without_Health_configured_does_not_include_HealthCheck_service() thro | |||
verify(grpcServiceBuilder, never()).addService(isA(HealthGrpcService.class)); | |||
} | |||
|
|||
@Test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good test. Please also add one that verifies the opposite when the Optional
is not empty.
verify(serverBuilder).service(isA(GrpcService.class), isA(Function.class));
verify(serverBuilder, never()).service(isA(GrpcService.class));
* Returns an optional service for HTTP authentication | ||
* @since 1.5 | ||
*/ | ||
default Optional<Function<? super HttpService, ? extends HttpService>> getHttpAuthenticationService() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be sure to include the unit test here. You can use a mock which calls actual methods to verify the behavior.
Signed-off-by: David Powers <ddpowers@amazon.com>
Signed-off-by: David Powers <ddpowers@amazon.com>
public void confirmDefaultBehavior() { | ||
when(provider.getHttpAuthenticationService()).thenCallRealMethod(); | ||
|
||
Assertions.assertNotNull(provider.getHttpAuthenticationService()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are generally preferring Hamcrest matchers. But, I'm fine with this.
e.g.
assertThat(provider.getHttpAuthenticationService(), notNullValue());
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noted going forward ✅
public void confirmDefaultBehavior() { | ||
when(provider.getHttpAuthenticationService()).thenCallRealMethod(); | ||
|
||
Assertions.assertNotNull(provider.getHttpAuthenticationService()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be extracted into a variable and re-used. Otherwise you are "testing" twice.
Optional<Function<? super HttpService, ? extends HttpService>> actualHttpService = provider.getHttpAuthenticationService());
Personally I'm also fine using var
here. But, I know that can be contentious.
var actualHttpService = provider.getHttpAuthenticationService());
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm all for var
!
Signed-off-by: David Powers <ddpowers@amazon.com>
Thanks for making these improvements to the authentication support and the code! |
…ensearch-project#1529) * Add in getHttpAuthenticationService to GrpcAuthenticationProvider Signed-off-by: David Powers <ddpowers@amazon.com> Signed-off-by: Finn Roblin <finnrobl@amazon.com>
Signed-off-by: David Powers ddpowers@amazon.com
Description
Create an optional plugin to get an HTTP Auth service for the GRPC Auth Provider
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.