From 6b85ee1184e2aba7e0d3c6913f8b0168987b6b57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juraci=20Paix=C3=A3o=20Kr=C3=B6hling?= Date: Thu, 25 Jun 2020 14:47:34 +0200 Subject: [PATCH 1/4] Added PerRPCCredentials for gRPC settings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Juraci Paixão Kröhling --- config/configgrpc/bearer_token.go | 63 +++++++++++++++++++++ config/configgrpc/bearer_token_test.go | 65 ++++++++++++++++++++++ config/configgrpc/configgrpc.go | 29 ++++++++++ config/configgrpc/configgrpc_test.go | 62 +++++++++++++++++++++ exporter/otlpexporter/config_test.go | 4 ++ exporter/otlpexporter/testdata/config.yaml | 3 + 6 files changed, 226 insertions(+) create mode 100644 config/configgrpc/bearer_token.go create mode 100644 config/configgrpc/bearer_token_test.go diff --git a/config/configgrpc/bearer_token.go b/config/configgrpc/bearer_token.go new file mode 100644 index 00000000000..850baefe247 --- /dev/null +++ b/config/configgrpc/bearer_token.go @@ -0,0 +1,63 @@ +// Copyright 2020 The OpenTelemetry Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package configgrpc + +import ( + "context" + "fmt" + "io/ioutil" + "regexp" + + "google.golang.org/grpc/credentials" +) + +var _ credentials.PerRPCCredentials = (*PerRPCAuth)(nil) + +// PerRPCAuth is a gRPC credentials.PerRPCCredentials implementation that returns an 'authorization' header +type PerRPCAuth struct { + metadata map[string]string +} + +// BearerTokenFromFile builds a new PerRPCAuth with bearer token authentication, reading the token from the specified file +func BearerTokenFromFile(file string) (*PerRPCAuth, error) { + token, err := ioutil.ReadFile(file) + if err != nil { + return nil, fmt.Errorf("couldn't obtain token from file: %w", err) + } + + re := regexp.MustCompile(`[\s\n]`) + token = re.ReplaceAll(token, []byte("")) + + return &PerRPCAuth{ + metadata: map[string]string{"authorization": fmt.Sprintf("Bearer %s", token)}, + }, nil +} + +// BearerToken returns a new PerRPCAuth based on the given token +func BearerToken(t string) *PerRPCAuth { + return &PerRPCAuth{ + metadata: map[string]string{"authorization": fmt.Sprintf("Bearer %s", t)}, + } +} + +// GetRequestMetadata returns the request metadata to be used with the RPC +func (c *PerRPCAuth) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { + return c.metadata, nil +} + +// RequireTransportSecurity always returns true for this implementation. Passing bearer tokens in plain-text connections is a bad idea. +func (c *PerRPCAuth) RequireTransportSecurity() bool { + return true +} diff --git a/config/configgrpc/bearer_token_test.go b/config/configgrpc/bearer_token_test.go new file mode 100644 index 00000000000..b7ca07da4cc --- /dev/null +++ b/config/configgrpc/bearer_token_test.go @@ -0,0 +1,65 @@ +// Copyright The OpenTelemetry Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package configgrpc + +import ( + "context" + "io/ioutil" + "os" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestBearerToken(t *testing.T) { + // test + result := BearerToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...") + metadata, err := result.GetRequestMetadata(context.Background()) + require.NoError(t, err) + + // verify + assert.Equal(t, "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", metadata["authorization"]) +} + +func TestBearerTokenFileReaderRemoveSpaces(t *testing.T) { + // prepare + token := []byte("a\nbc def\n") + file, err := ioutil.TempFile("", "") + require.NoError(t, err) + defer os.Remove(file.Name()) + + _, err = file.Write(token) + require.NoError(t, err) + require.NoError(t, file.Close()) + + // test + result, err := BearerTokenFromFile(file.Name()) + require.NoError(t, err) + + metadata, err := result.GetRequestMetadata(context.Background()) + require.NoError(t, err) + + // verify + assert.Equal(t, "Bearer abcdef", metadata["authorization"]) +} + +func TestBearerTokenRequiresSecureTransport(t *testing.T) { + // test + token := BearerToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...") + + // verify + assert.True(t, token.RequireTransportSecurity()) +} diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index b18e861427c..780a14d8851 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -34,6 +34,8 @@ import ( const ( CompressionUnsupported = "" CompressionGzip = "gzip" + + PerRPCAuthTypeBearer = "bearer" ) var ( @@ -84,6 +86,9 @@ type GRPCClientSettings struct { // The headers associated with gRPC requests. Headers map[string]string `mapstructure:"headers"` + + // PerRPCAuth parameter configures the client to send authentication data on a per-RPC basis + PerRPCAuth *PerRPCAuthConfig `mapstructure:"per_rpc_auth"` } type KeepaliveServerConfig struct { @@ -91,6 +96,15 @@ type KeepaliveServerConfig struct { EnforcementPolicy *KeepaliveEnforcementPolicy `mapstructure:"enforcement_policy,omitempty"` } +// PerRPCAuthConfig specifies how the Per-RPC authentication data should be obtained +type PerRPCAuthConfig struct { + // AuthType represents the authentication type to use. Currently, only 'bearer' is supported. + AuthType string `mapstructure:"type,omitempty"` + + // BearerToken specifies the bearer token to use for every RPC. If the value starts with `file://`, reads the token from the specified file. + BearerToken string `mapstructure:"bearer_token,omitempty"` +} + // KeepaliveServerParameters allow configuration of the keepalive.ServerParameters. // The same default values as keepalive.ServerParameters are applicable and get applied by the server. // See https://godoc.org/google.golang.org/grpc/keepalive#ServerParameters for details. @@ -176,6 +190,21 @@ func (gcs *GRPCClientSettings) ToDialOptions() ([]grpc.DialOption, error) { opts = append(opts, keepAliveOption) } + if gcs.PerRPCAuth != nil { + if strings.EqualFold(gcs.PerRPCAuth.AuthType, PerRPCAuthTypeBearer) { + sToken := gcs.PerRPCAuth.BearerToken + token := BearerToken(sToken) + if strings.HasPrefix(sToken, "file://") { + token, err = BearerTokenFromFile(sToken[7:]) + if err != nil { + return nil, err + } + } + + opts = append(opts, grpc.WithPerRPCCredentials(token)) + } + } + return opts, nil } diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index e39aee43408..4e9141ab9dc 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -16,12 +16,16 @@ package configgrpc import ( "context" + "fmt" + "io/ioutil" + "os" "path" "runtime" "testing" "time" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/grpc" "go.opentelemetry.io/collector/config/confignet" @@ -59,6 +63,7 @@ func TestAllGrpcClientSettings(t *testing.T) { ReadBufferSize: 1024, WriteBufferSize: 1024, WaitForReady: true, + PerRPCAuth: nil, } opts, err := gcs.ToDialOptions() assert.NoError(t, err) @@ -158,6 +163,7 @@ func TestUseSecure(t *testing.T) { Compression: "", TLSSetting: configtls.TLSClientSetting{}, Keepalive: nil, + PerRPCAuth: nil, } dialOpts, err := gcs.ToDialOptions() assert.NoError(t, err) @@ -443,3 +449,59 @@ type grpcTraceServer struct{} func (gts *grpcTraceServer) Export(context.Context, *otelcol.ExportTraceServiceRequest) (*otelcol.ExportTraceServiceResponse, error) { return &otelcol.ExportTraceServiceResponse{}, nil } + +func TestWithPerRPCAuthBearerToken(t *testing.T) { + // prepare + // test + gcs := &GRPCClientSettings{ + PerRPCAuth: &PerRPCAuthConfig{ + AuthType: "bearer", + BearerToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", + }, + } + dialOpts, err := gcs.ToDialOptions() + + // verify + assert.NoError(t, err) + assert.Len(t, dialOpts, 2) // WithInsecure and WithPerRPCCredentials +} + +func TestWithPerRPCAuthBearerTokenFile(t *testing.T) { + // prepare + token := []byte("the-bearer-token") + file, err := ioutil.TempFile("", "") + require.NoError(t, err) + defer os.Remove(file.Name()) + + _, err = file.Write(token) + require.NoError(t, err) + require.NoError(t, file.Close()) + + // test + gcs := &GRPCClientSettings{ + PerRPCAuth: &PerRPCAuthConfig{ + AuthType: "bearer", + BearerToken: fmt.Sprintf("file://%s", file.Name()), + }, + } + dialOpts, err := gcs.ToDialOptions() + + // verify + assert.NoError(t, err) + assert.Len(t, dialOpts, 2) // WithInsecure and WithPerRPCCredentials +} + +func TestWithPerRPCAuthBearerTokenFileInvalidFile(t *testing.T) { + // test + gcs := &GRPCClientSettings{ + PerRPCAuth: &PerRPCAuthConfig{ + AuthType: "bearer", + BearerToken: fmt.Sprintf("file://%s", "a-token-file"), + }, + } + dialOpts, err := gcs.ToDialOptions() + + // verify + assert.Error(t, err) + assert.Nil(t, dialOpts) +} diff --git a/exporter/otlpexporter/config_test.go b/exporter/otlpexporter/config_test.go index 25cb98a4b19..3c3f6edf86c 100644 --- a/exporter/otlpexporter/config_test.go +++ b/exporter/otlpexporter/config_test.go @@ -69,6 +69,10 @@ func TestLoadConfig(t *testing.T) { Timeout: 30 * time.Second, }, WriteBufferSize: 512 * 1024, + PerRPCAuth: &configgrpc.PerRPCAuthConfig{ + AuthType: "bearer", + BearerToken: "file:///var/run/secrets/kubernetes.io/serviceaccount/token", + }, }, }) } diff --git a/exporter/otlpexporter/testdata/config.yaml b/exporter/otlpexporter/testdata/config.yaml index 062fcfc9eab..a7b4ea430f4 100644 --- a/exporter/otlpexporter/testdata/config.yaml +++ b/exporter/otlpexporter/testdata/config.yaml @@ -10,6 +10,9 @@ exporters: endpoint: "1.2.3.4:1234" compression: "on" ca_file: /var/lib/mycert.pem + per_rpc_auth: + type: bearer + bearer_token: file:///var/run/secrets/kubernetes.io/serviceaccount/token headers: "can you have a . here?": "F0000000-0000-0000-0000-000000000000" header1: 234 From 9d53946eeddf8818c4958efbe5961bb0e7fe10fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juraci=20Paix=C3=A3o=20Kr=C3=B6hling?= Date: Fri, 10 Jul 2020 10:35:47 +0200 Subject: [PATCH 2/4] Changes based on the reviews MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Juraci Paixão Kröhling --- config/configgrpc/bearer_token.go | 15 ++++++++------- config/configgrpc/configgrpc.go | 6 ++++-- config/configgrpc/configgrpc_test.go | 14 ++++++++++++++ 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/config/configgrpc/bearer_token.go b/config/configgrpc/bearer_token.go index 850baefe247..1b9aa62de23 100644 --- a/config/configgrpc/bearer_token.go +++ b/config/configgrpc/bearer_token.go @@ -15,44 +15,45 @@ package configgrpc import ( + "bytes" "context" "fmt" "io/ioutil" - "regexp" "google.golang.org/grpc/credentials" ) var _ credentials.PerRPCCredentials = (*PerRPCAuth)(nil) -// PerRPCAuth is a gRPC credentials.PerRPCCredentials implementation that returns an 'authorization' header +// PerRPCAuth is a gRPC credentials.PerRPCCredentials implementation that returns an 'authorization' header. type PerRPCAuth struct { metadata map[string]string } -// BearerTokenFromFile builds a new PerRPCAuth with bearer token authentication, reading the token from the specified file +// BearerTokenFromFile builds a new PerRPCAuth with bearer token authentication, reading the token from the specified file. func BearerTokenFromFile(file string) (*PerRPCAuth, error) { token, err := ioutil.ReadFile(file) if err != nil { return nil, fmt.Errorf("couldn't obtain token from file: %w", err) } - re := regexp.MustCompile(`[\s\n]`) - token = re.ReplaceAll(token, []byte("")) + // Replace all white space. + token = bytes.ReplaceAll(token, []byte(" "), []byte("")) + token = bytes.ReplaceAll(token, []byte("\n"), []byte("")) return &PerRPCAuth{ metadata: map[string]string{"authorization": fmt.Sprintf("Bearer %s", token)}, }, nil } -// BearerToken returns a new PerRPCAuth based on the given token +// BearerToken returns a new PerRPCAuth based on the given token. func BearerToken(t string) *PerRPCAuth { return &PerRPCAuth{ metadata: map[string]string{"authorization": fmt.Sprintf("Bearer %s", t)}, } } -// GetRequestMetadata returns the request metadata to be used with the RPC +// GetRequestMetadata returns the request metadata to be used with the RPC. func (c *PerRPCAuth) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error) { return c.metadata, nil } diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index 780a14d8851..afa8fecf11a 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -87,7 +87,7 @@ type GRPCClientSettings struct { // The headers associated with gRPC requests. Headers map[string]string `mapstructure:"headers"` - // PerRPCAuth parameter configures the client to send authentication data on a per-RPC basis + // PerRPCAuth parameter configures the client to send authentication data on a per-RPC basis. PerRPCAuth *PerRPCAuthConfig `mapstructure:"per_rpc_auth"` } @@ -96,7 +96,7 @@ type KeepaliveServerConfig struct { EnforcementPolicy *KeepaliveEnforcementPolicy `mapstructure:"enforcement_policy,omitempty"` } -// PerRPCAuthConfig specifies how the Per-RPC authentication data should be obtained +// PerRPCAuthConfig specifies how the Per-RPC authentication data should be obtained. type PerRPCAuthConfig struct { // AuthType represents the authentication type to use. Currently, only 'bearer' is supported. AuthType string `mapstructure:"type,omitempty"` @@ -202,6 +202,8 @@ func (gcs *GRPCClientSettings) ToDialOptions() ([]grpc.DialOption, error) { } opts = append(opts, grpc.WithPerRPCCredentials(token)) + } else { + return nil, fmt.Errorf("unsupported per-RPC auth type %q", gcs.Compression) } } diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index 4e9141ab9dc..f8a2680d1ab 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -505,3 +505,17 @@ func TestWithPerRPCAuthBearerTokenFileInvalidFile(t *testing.T) { assert.Error(t, err) assert.Nil(t, dialOpts) } + +func TestWithPerRPCAuthInvalidAuthType(t *testing.T) { + // test + gcs := &GRPCClientSettings{ + PerRPCAuth: &PerRPCAuthConfig{ + AuthType: "non-existing", + }, + } + dialOpts, err := gcs.ToDialOptions() + + // verify + assert.Error(t, err) + assert.Nil(t, dialOpts) +} From 3e8d84f0ddfebd9b106e577ea1cae9344975e622 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juraci=20Paix=C3=A3o=20Kr=C3=B6hling?= Date: Mon, 13 Jul 2020 13:31:45 +0200 Subject: [PATCH 3/4] Fixed per-RPC auth type in error message Co-authored-by: Paulo Janotti --- config/configgrpc/configgrpc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index afa8fecf11a..6b57588e7a1 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -203,7 +203,7 @@ func (gcs *GRPCClientSettings) ToDialOptions() ([]grpc.DialOption, error) { opts = append(opts, grpc.WithPerRPCCredentials(token)) } else { - return nil, fmt.Errorf("unsupported per-RPC auth type %q", gcs.Compression) + return nil, fmt.Errorf("unsupported per-RPC auth type %q", gcs.PerRPCAuth.AuthType) } } From 6c780d16b2ce8a9b5fe5563b6b0b4e0458cffc43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juraci=20Paix=C3=A3o=20Kr=C3=B6hling?= Date: Mon, 13 Jul 2020 13:38:26 +0200 Subject: [PATCH 4/4] Removed support for reading bearer token from file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Juraci Paixão Kröhling --- config/configgrpc/bearer_token.go | 18 --------- config/configgrpc/bearer_token_test.go | 24 ------------ config/configgrpc/configgrpc.go | 9 +---- config/configgrpc/configgrpc_test.go | 44 ---------------------- exporter/otlpexporter/config_test.go | 2 +- exporter/otlpexporter/testdata/config.yaml | 2 +- 6 files changed, 3 insertions(+), 96 deletions(-) diff --git a/config/configgrpc/bearer_token.go b/config/configgrpc/bearer_token.go index 1b9aa62de23..a79433d0fe9 100644 --- a/config/configgrpc/bearer_token.go +++ b/config/configgrpc/bearer_token.go @@ -15,10 +15,8 @@ package configgrpc import ( - "bytes" "context" "fmt" - "io/ioutil" "google.golang.org/grpc/credentials" ) @@ -30,22 +28,6 @@ type PerRPCAuth struct { metadata map[string]string } -// BearerTokenFromFile builds a new PerRPCAuth with bearer token authentication, reading the token from the specified file. -func BearerTokenFromFile(file string) (*PerRPCAuth, error) { - token, err := ioutil.ReadFile(file) - if err != nil { - return nil, fmt.Errorf("couldn't obtain token from file: %w", err) - } - - // Replace all white space. - token = bytes.ReplaceAll(token, []byte(" "), []byte("")) - token = bytes.ReplaceAll(token, []byte("\n"), []byte("")) - - return &PerRPCAuth{ - metadata: map[string]string{"authorization": fmt.Sprintf("Bearer %s", token)}, - }, nil -} - // BearerToken returns a new PerRPCAuth based on the given token. func BearerToken(t string) *PerRPCAuth { return &PerRPCAuth{ diff --git a/config/configgrpc/bearer_token_test.go b/config/configgrpc/bearer_token_test.go index b7ca07da4cc..b2921494fbe 100644 --- a/config/configgrpc/bearer_token_test.go +++ b/config/configgrpc/bearer_token_test.go @@ -16,8 +16,6 @@ package configgrpc import ( "context" - "io/ioutil" - "os" "testing" "github.com/stretchr/testify/assert" @@ -34,28 +32,6 @@ func TestBearerToken(t *testing.T) { assert.Equal(t, "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", metadata["authorization"]) } -func TestBearerTokenFileReaderRemoveSpaces(t *testing.T) { - // prepare - token := []byte("a\nbc def\n") - file, err := ioutil.TempFile("", "") - require.NoError(t, err) - defer os.Remove(file.Name()) - - _, err = file.Write(token) - require.NoError(t, err) - require.NoError(t, file.Close()) - - // test - result, err := BearerTokenFromFile(file.Name()) - require.NoError(t, err) - - metadata, err := result.GetRequestMetadata(context.Background()) - require.NoError(t, err) - - // verify - assert.Equal(t, "Bearer abcdef", metadata["authorization"]) -} - func TestBearerTokenRequiresSecureTransport(t *testing.T) { // test token := BearerToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...") diff --git a/config/configgrpc/configgrpc.go b/config/configgrpc/configgrpc.go index 6b57588e7a1..746d3855004 100644 --- a/config/configgrpc/configgrpc.go +++ b/config/configgrpc/configgrpc.go @@ -101,7 +101,7 @@ type PerRPCAuthConfig struct { // AuthType represents the authentication type to use. Currently, only 'bearer' is supported. AuthType string `mapstructure:"type,omitempty"` - // BearerToken specifies the bearer token to use for every RPC. If the value starts with `file://`, reads the token from the specified file. + // BearerToken specifies the bearer token to use for every RPC. BearerToken string `mapstructure:"bearer_token,omitempty"` } @@ -194,13 +194,6 @@ func (gcs *GRPCClientSettings) ToDialOptions() ([]grpc.DialOption, error) { if strings.EqualFold(gcs.PerRPCAuth.AuthType, PerRPCAuthTypeBearer) { sToken := gcs.PerRPCAuth.BearerToken token := BearerToken(sToken) - if strings.HasPrefix(sToken, "file://") { - token, err = BearerTokenFromFile(sToken[7:]) - if err != nil { - return nil, err - } - } - opts = append(opts, grpc.WithPerRPCCredentials(token)) } else { return nil, fmt.Errorf("unsupported per-RPC auth type %q", gcs.PerRPCAuth.AuthType) diff --git a/config/configgrpc/configgrpc_test.go b/config/configgrpc/configgrpc_test.go index f8a2680d1ab..d8044a4b33f 100644 --- a/config/configgrpc/configgrpc_test.go +++ b/config/configgrpc/configgrpc_test.go @@ -16,16 +16,12 @@ package configgrpc import ( "context" - "fmt" - "io/ioutil" - "os" "path" "runtime" "testing" "time" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "google.golang.org/grpc" "go.opentelemetry.io/collector/config/confignet" @@ -466,46 +462,6 @@ func TestWithPerRPCAuthBearerToken(t *testing.T) { assert.Len(t, dialOpts, 2) // WithInsecure and WithPerRPCCredentials } -func TestWithPerRPCAuthBearerTokenFile(t *testing.T) { - // prepare - token := []byte("the-bearer-token") - file, err := ioutil.TempFile("", "") - require.NoError(t, err) - defer os.Remove(file.Name()) - - _, err = file.Write(token) - require.NoError(t, err) - require.NoError(t, file.Close()) - - // test - gcs := &GRPCClientSettings{ - PerRPCAuth: &PerRPCAuthConfig{ - AuthType: "bearer", - BearerToken: fmt.Sprintf("file://%s", file.Name()), - }, - } - dialOpts, err := gcs.ToDialOptions() - - // verify - assert.NoError(t, err) - assert.Len(t, dialOpts, 2) // WithInsecure and WithPerRPCCredentials -} - -func TestWithPerRPCAuthBearerTokenFileInvalidFile(t *testing.T) { - // test - gcs := &GRPCClientSettings{ - PerRPCAuth: &PerRPCAuthConfig{ - AuthType: "bearer", - BearerToken: fmt.Sprintf("file://%s", "a-token-file"), - }, - } - dialOpts, err := gcs.ToDialOptions() - - // verify - assert.Error(t, err) - assert.Nil(t, dialOpts) -} - func TestWithPerRPCAuthInvalidAuthType(t *testing.T) { // test gcs := &GRPCClientSettings{ diff --git a/exporter/otlpexporter/config_test.go b/exporter/otlpexporter/config_test.go index 3c3f6edf86c..0e45da3a055 100644 --- a/exporter/otlpexporter/config_test.go +++ b/exporter/otlpexporter/config_test.go @@ -71,7 +71,7 @@ func TestLoadConfig(t *testing.T) { WriteBufferSize: 512 * 1024, PerRPCAuth: &configgrpc.PerRPCAuthConfig{ AuthType: "bearer", - BearerToken: "file:///var/run/secrets/kubernetes.io/serviceaccount/token", + BearerToken: "some-token", }, }, }) diff --git a/exporter/otlpexporter/testdata/config.yaml b/exporter/otlpexporter/testdata/config.yaml index a7b4ea430f4..83ee90af5f4 100644 --- a/exporter/otlpexporter/testdata/config.yaml +++ b/exporter/otlpexporter/testdata/config.yaml @@ -12,7 +12,7 @@ exporters: ca_file: /var/lib/mycert.pem per_rpc_auth: type: bearer - bearer_token: file:///var/run/secrets/kubernetes.io/serviceaccount/token + bearer_token: some-token headers: "can you have a . here?": "F0000000-0000-0000-0000-000000000000" header1: 234