Merge pull request #72 from cisco-open/feature/master/add-oauth-support

Add support for OAuth authentication

Author: preet-dev

src/main/java/io/opentelemetry/contrib/generator/telemetry/cli/CLIProcessor.java

@@ -24,6 +24,7 @@
 import io.opentelemetry.contrib.generator.telemetry.transport.auth.AuthHandler;
 import io.opentelemetry.contrib.generator.telemetry.transport.auth.BasicAuthHandler;
 import io.opentelemetry.contrib.generator.telemetry.transport.auth.NoAuthHandler;
+import io.opentelemetry.contrib.generator.telemetry.transport.auth.OAuthHandler;
 import io.opentelemetry.contrib.generator.telemetry.transport.implementations.grpc.GRPCPayloadHandler;
 import io.opentelemetry.contrib.generator.telemetry.transport.implementations.rest.RESTPayloadHandler;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -138,25 +139,36 @@ private static PayloadHandler getPayloadHandler(String targetEnvYAML) {
             throw new GeneratorException("Either restURL (for REST endpoint) or gRPCHost & gRPCPort (for gRPC endpoint) " +
                     "must be provided in environment target YAML");
         }
-        AuthHandler authHandler;
-        if (targetEnvironmentDetails.getAuthMode() == null) {
-            throw new GeneratorException("Missing authMode in environment target YAML");
-        }
-        if (!(targetEnvironmentDetails.getAuthMode().equalsIgnoreCase("NONE") ||
-                targetEnvironmentDetails.getAuthMode().equalsIgnoreCase("BASIC"))) {
-            throw new GeneratorException("Invalid authMode in environment target YAML. Allowed - NONE, BASIC");
+        String authMode = StringUtils.defaultString(targetEnvironmentDetails.getAuthMode()).toUpperCase();
+        if (authMode.isBlank() || (!authMode.equals("NONE") && !authMode.equals("BASIC") && !authMode.equals("OAUTH"))) {
+            log.warn("authMode not provided or invalid value provided in environment target YAML. Valid values are - none/basic/oauth." +
+                    "Will use none authentication for data posting.");
+            authMode = "NONE";
         }
-        if (targetEnvironmentDetails.getAuthMode().equalsIgnoreCase("NONE")) {
+        AuthHandler authHandler;
+        if (authMode.equals("NONE")) {
             authHandler = new NoAuthHandler();
-        } else {
+        } else if (authMode.equals("BASIC")) {
             if (StringUtils.defaultString(targetEnvironmentDetails.getUsername()).isBlank()) {
-                throw new GeneratorException("Missing username in environment target YAML");
+                throw new GeneratorException("Select auth mode is Basic but username not provided");
             }
             if (StringUtils.defaultString(targetEnvironmentDetails.getPassword()).isBlank()) {
-                throw new GeneratorException("Missing password in environment target YAML");
+                throw new GeneratorException("Select auth mode is Basic but password not provided");
             }
             authHandler = new BasicAuthHandler(targetEnvironmentDetails.getUsername(),
                     targetEnvironmentDetails.getPassword());
+        } else {
+            if (StringUtils.defaultString(targetEnvironmentDetails.getTokenURL()).isBlank()) {
+                throw new GeneratorException("Select auth mode is OAuth but tokenURL not provided");
+            }
+            if (StringUtils.defaultString(targetEnvironmentDetails.getClientId()).isBlank()) {
+                throw new GeneratorException("Select auth mode is Basic but clientId not provided");
+            }
+            if (StringUtils.defaultString(targetEnvironmentDetails.getClientSecret()).isBlank()) {
+                throw new GeneratorException("Select auth mode is Basic but clientSecret not provided");
+            }
+            authHandler = new OAuthHandler(targetEnvironmentDetails.getTokenURL(), targetEnvironmentDetails.getClientId(),
+                    targetEnvironmentDetails.getClientSecret(), targetEnvironmentDetails.getScope());
         }
         if (restURLProvided) {
             String restBaseURL = targetEnvironmentDetails.getRestURL().getBaseURL();

src/main/java/io/opentelemetry/contrib/generator/telemetry/cli/dto/TargetEnvironmentDetails.java

@@ -27,4 +27,8 @@ public class TargetEnvironmentDetails {
     private String authMode;
     private String username;
     private String password;
+    private String tokenURL;
+    private String clientId;
+    private String clientSecret;
+    private String scope;
 }

src/main/java/io/opentelemetry/contrib/generator/telemetry/transport/auth/OAuthHandler.java

@@ -0,0 +1,116 @@
+/*
+ * Copyright 2022 AppDynamics Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.opentelemetry.contrib.generator.telemetry.transport.auth;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.opentelemetry.contrib.generator.telemetry.transport.implementations.HTTPClient;
+import lombok.extern.slf4j.Slf4j;
+
+import javax.ws.rs.core.HttpHeaders;
+import java.util.Base64;
+import java.util.Optional;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Class to handle OAuth client credentials workflow which will generate the access token to be used with every request.
+ * See <a href="https://www.rfc-editor.org/rfc/rfc6749#section-4.4">OAuth2 Client Credentials specification</a>
+ * In case of a different implementation of the OAuth, please use a custom implementation.
+ */
+@Slf4j
+public class OAuthHandler implements AuthHandler {
+
+    private final String GET_TOKEN_URL;
+    private final String CLIENT_ID;
+    private final String CLIENT_SECRET;
+    //Provide null for scope if not required
+    private final String SCOPE;
+    private final HTTPClient httpClient;
+    private String accessToken;
+    private long expirySeconds;
+
+    public OAuthHandler(String GET_TOKEN_URL, String CLIENT_ID, String CLIENT_SECRET, String SCOPE) {
+        this.GET_TOKEN_URL = GET_TOKEN_URL;
+        this.CLIENT_ID = CLIENT_ID;
+        this.CLIENT_SECRET = CLIENT_SECRET;
+        this.SCOPE = SCOPE;
+        httpClient = new HTTPClient();
+        accessToken = "";
+        expirySeconds = -1;
+    }
+
+    @Override
+    public String getAuthString() {
+        if (expirySeconds < TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis())) {
+            setAccessToken();
+        }
+        return "Bearer " + accessToken;
+    }
+
+    private void setAccessToken() {
+        var body = "grant_type=client_credentials";
+        if (SCOPE != null)
+        {
+            body = body + "&scope=" + SCOPE;
+        }
+        Optional<String> responseBody = httpClient.postBytes(GET_TOKEN_URL, getHeadersToken(CLIENT_ID, CLIENT_SECRET), body.getBytes());
+        if (responseBody.isEmpty()) {
+            log.error("Failed to get fresh token. Post data requests may fail.");
+            return;
+        }
+        extractAndSetToken(responseBody.get());
+    }
+
+    private void extractAndSetToken(String tokenSecretResponse) {
+        var responseMapper = new ObjectMapper();
+        boolean failure = false;
+        JsonNode responseBody = null;
+        try {
+            responseBody = responseMapper.readTree(tokenSecretResponse);
+        } catch (JsonProcessingException e) {
+            log.error("Failed to parse json out of token secret response: " + tokenSecretResponse);
+            failure = true;
+        }
+        if (responseBody == null || !responseBody.has("access_token")) {
+            log.error("access_token not found in get access token response body: " + tokenSecretResponse);
+            failure = true;
+        } else {
+            accessToken = responseBody.get("access_token").asText();
+        }
+        if (responseBody == null || !responseBody.has("expires_in")) {
+            log.warn("expires_in field not found in get access token response body: " + tokenSecretResponse);
+            log.warn("Will use default expiry time of 60 minutes.");
+        } else {
+            expirySeconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) + responseBody.get("expires_in").asLong();
+        }
+        if (failure) {
+            log.error("Failed to get fresh token. Post data requests may fail.");
+        }
+    }
+
+    private String[] getHeadersToken(String id, String secret) {
+        return new String[] {HttpHeaders.CONTENT_TYPE, "application/x-www-form-urlencoded; charset=utf-8",
+                HttpHeaders.AUTHORIZATION, "Basic " + getEncodedBasicAuth(id, secret)};
+    }
+
+    private String getEncodedBasicAuth(String id, String secret) {
+        String authStr = id + ":" + secret;
+        return Base64.getEncoder().encodeToString(authStr.getBytes());
+    }
+
+}

src/main/java/io/opentelemetry/contrib/generator/telemetry/transport/implementations/grpc/GRPCPayloadHandler.java

@@ -52,7 +52,7 @@ public GRPCPayloadHandler(String host, int gRPCPort, AuthHandler authHandler) {
         this.HOST = host;
         this.gRPCPORT = gRPCPort;
         this.authHandler = authHandler;
-        isAuthEnabled = authHandler instanceof NoAuthHandler;
+        isAuthEnabled = !(authHandler instanceof NoAuthHandler);
     }
 
     @Override

src/main/java/io/opentelemetry/contrib/generator/telemetry/transport/implementations/rest/RESTPayloadHandler.java

@@ -55,7 +55,7 @@ public RESTPayloadHandler(String endpointURL, AuthHandler authHandler) {
         this.ENDPOINT_URL = endpointURL;
         httpClient = new HTTPClient();
         this.authHandler = authHandler;
-        isAuthEnabled = authHandler instanceof NoAuthHandler;
+        isAuthEnabled = !(authHandler instanceof NoAuthHandler);
     }
 
     @Override

src/test/java/io/opentelemetry/contrib/generator/telemetry/TestCLIProcessor.java

@@ -52,6 +52,15 @@ public void testMetricsTracesBasicAuthGRPC() throws ParseException {
         CLIProcessor.main(cliArgs);
     }
 
+    @Test
+    public void testAllGeneratorsOAuthGRPC() throws ParseException {
+        String oauthTargetYAML = Paths.get(cliResourcesPath, "target-oauth.yaml").toString();
+        String[] cliArgs = new String[] {
+                "-r", RESOURCES_YAML, "-m", METRICS_YAML, "-l", LOGS_YAML, "-s", TRACES_YAML, "-t", oauthTargetYAML
+        };
+        CLIProcessor.main(cliArgs);
+    }
+
     @Test
     public void testWithJSONFormatInputs() throws ParseException {
         String cliResourcesPath = Paths.get(System.getProperty("user.dir"), "src", "test", "resources",
@@ -88,7 +97,7 @@ public void testWithoutTargetAuthYAML() throws ParseException {
         CLIProcessor.main(cliArgs);
     }
 
-    @Test(expectedExceptions = GeneratorException.class)
+    @Test
     public void testWithoutAuthMode() throws ParseException {
         String noAuthModeYAML = Paths.get(cliResourcesPath, "negative", "no-auth-mode.yaml").toString();
         String[] cliArgs = new String[] {
@@ -97,7 +106,7 @@ public void testWithoutAuthMode() throws ParseException {
         CLIProcessor.main(cliArgs);
     }
 
-    @Test(expectedExceptions = GeneratorException.class)
+    @Test
     public void testWithInvalidAuthMode() throws ParseException {
         String invalidAuthModeYAML = Paths.get(cliResourcesPath, "negative", "invalid-auth-mode.yaml").toString();
         String[] cliArgs = new String[] {

src/test/resources/test-definitions/cli/target-oauth.yaml

@@ -0,0 +1,6 @@
+authMode: "oauth"
+clientId: "clientId"
+clientSecret: "clientSecret"
+grpchost: "localhost"
+grpcport: "3387"
+tokenURL: "http://localhost:8888/dummy"