login

Author: OmCheeLin

src/main/java/org/apache/skywalking/banyandb/v1/client/BanyanDBClient.java

@@ -23,6 +23,7 @@
 import com.google.common.base.Strings;
 import com.google.protobuf.Timestamp;
 import io.grpc.Channel;
+import io.grpc.ClientInterceptors;
 import io.grpc.ManagedChannel;
 import io.grpc.Status;
 import io.grpc.stub.StreamObserver;
@@ -51,6 +52,7 @@
 import org.apache.skywalking.banyandb.measure.v1.MeasureServiceGrpc;
 import org.apache.skywalking.banyandb.stream.v1.BanyandbStream;
 import org.apache.skywalking.banyandb.stream.v1.StreamServiceGrpc;
+import org.apache.skywalking.banyandb.v1.client.auth.AuthInterceptor;
 import org.apache.skywalking.banyandb.v1.client.grpc.HandleExceptionsWith;
 import org.apache.skywalking.banyandb.v1.client.grpc.channel.ChannelManager;
 import org.apache.skywalking.banyandb.v1.client.grpc.channel.DefaultChannelFactory;
@@ -183,8 +185,18 @@ public void connect() throws IOException {
                 for (int i = 0; i < this.targets.length; i++) {
                         addresses[i] = URI.create("//" + this.targets[i]);
                 }
-                this.channel = ChannelManager.create(this.options.buildChannelManagerSettings(),
+                Channel rawChannel = ChannelManager.create(this.options.buildChannelManagerSettings(),
                         new DefaultChannelFactory(addresses, this.options));
+                Channel interceptedChannel = rawChannel;
+                // register auth interceptor
+                String username = options.getUsername();
+                String password = options.getPassword();
+                if (!"".equals(username) && !"".equals(password)) {
+                    interceptedChannel = ClientInterceptors.intercept(rawChannel,
+                            new AuthInterceptor(options.getUsername(), options.getPassword()));
+                }
+                // Ensure this.channel is assigned only once.
+                this.channel = interceptedChannel;
                 streamServiceBlockingStub = StreamServiceGrpc.newBlockingStub(this.channel);
                 measureServiceBlockingStub = MeasureServiceGrpc.newBlockingStub(this.channel);
                 streamServiceStub = StreamServiceGrpc.newStub(this.channel);

src/main/java/org/apache/skywalking/banyandb/v1/client/Options.java

@@ -63,6 +63,14 @@ public class Options {
      * SSL: Cert Key Path, BanyanDB server not support mTLS yet
      */
     private String sslKeyPath = "";
+    /**
+     * Basic Auth: username of BanyanDB server
+     */
+    private String username = "";
+    /**
+     * Basic Auth: password of BanyanDB server
+     */
+    private String password = "";
 
     public Options() {
     }

src/main/java/org/apache/skywalking/banyandb/v1/client/auth/AuthInterceptor.java

@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.skywalking.banyandb.v1.client.auth;
+
+import io.grpc.CallOptions;
+import io.grpc.Channel;
+import io.grpc.ClientCall;
+import io.grpc.ClientInterceptor;
+import io.grpc.ForwardingClientCall;
+import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
+
+public class AuthInterceptor implements ClientInterceptor {
+    private final String username;
+    private final String password;
+
+    public AuthInterceptor(String username, String password) {
+        this.username = username;
+        this.password = password;
+    }
+
+    @Override
+    public <REQ_T, RESP_T> ClientCall<REQ_T, RESP_T> interceptCall(
+            MethodDescriptor<REQ_T, RESP_T> method,
+            CallOptions callOptions,
+            Channel next) {
+
+        return new ForwardingClientCall.SimpleForwardingClientCall<REQ_T, RESP_T>(
+                next.newCall(method, callOptions)) {
+            @Override
+            public void start(Listener<RESP_T> responseListener, Metadata headers) {
+                Metadata.Key<String> usernameKey = Metadata.Key.of("username", Metadata.ASCII_STRING_MARSHALLER);
+                Metadata.Key<String> passwordKey = Metadata.Key.of("password", Metadata.ASCII_STRING_MARSHALLER);
+
+                headers.put(usernameKey, username);
+                headers.put(passwordKey, password);
+
+                super.start(responseListener, headers);
+            }
+        };
+    }
+}

src/test/java/org/apache/skywalking/banyandb/v1/client/BanyanDBAuthTest.java

@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.skywalking.banyandb.v1.client;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.skywalking.banyandb.common.v1.BanyandbCommon;
+import org.apache.skywalking.banyandb.v1.client.grpc.exception.BanyanDBException;
+import org.apache.skywalking.banyandb.v1.client.grpc.exception.UnauthenticatedException;
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.wait.strategy.Wait;
+import org.testcontainers.utility.DockerImageName;
+import org.testcontainers.utility.MountableFile;
+
+import java.io.IOException;
+import java.util.List;
+
+import static org.junit.Assert.assertThrows;
+
+@Slf4j
+public class BanyanDBAuthTest {
+    private static final String REGISTRY = "ghcr.io";
+    private static final String IMAGE_NAME = "apache/skywalking-banyandb";
+    private static final String TAG = "42ec9df7457868926eb80157b36355d94fcd6bba";
+
+    private static final String IMAGE = REGISTRY + "/" + IMAGE_NAME + ":" + TAG;
+
+    protected static final int GRPC_PORT = 17912;
+    protected static final int HTTP_PORT = 17913;
+
+    @Rule
+    public GenericContainer<?> banyanDB = new GenericContainer<>(DockerImageName.parse(IMAGE))
+            .withCopyFileToContainer(
+                    MountableFile.forClasspathResource("config.yaml"),
+                    "/tmp/bydb_server_config.yaml"
+            )
+            .withCommand("standalone",
+                    "--auth-config-file", "/tmp/bydb_server_config.yaml",
+                    "--enable-health-auth", "true"
+            )
+            .withExposedPorts(GRPC_PORT, HTTP_PORT)
+            .waitingFor(Wait.forLogMessage(".*\"message\":\"Listening to\".*", 1));
+
+    @Test
+    public void testAuthWithCorrect() throws BanyanDBException, IOException {
+        BanyanDBClient client = createClient("admin", "123456");
+        client.connect();
+        // list all groups
+        List<BanyandbCommon.Group> groupList = client.findGroups();
+        Assert.assertEquals(1, groupList.size());
+        Assert.assertEquals("_monitoring", groupList.get(0).getMetadata().getName());
+        client.close();
+    }
+
+    @Test
+    public void testAuthWithWrong() throws IOException {
+        BanyanDBClient client = createClient("admin", "123456" + "wrong");
+        client.connect();
+        assertThrows(UnauthenticatedException.class, client::getAPIVersion);
+        client.close();
+    }
+
+    private BanyanDBClient createClient(String username, String password) {
+        Options options = new Options();
+        options.setUsername(username);
+        options.setPassword(password);
+        String url = String.format("%s:%d", banyanDB.getHost(), banyanDB.getMappedPort(GRPC_PORT));
+        return new BanyanDBClient(new String[]{url}, options);
+    }
+}

src/test/resources/config.yaml

@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+users:
+  - username: admin
+    password: 123456
+  - username: test
+    password: 123456