Add integration smoke test

Author: psx95

gcp-auth-extension/build.gradle.kts

@@ -2,11 +2,17 @@ plugins {
   id("otel.java-conventions")
   id("otel.publish-conventions")
   id("com.github.johnrengelman.shadow")
+  id("org.springframework.boot") version "2.7.18"
 }
 
 description = "OpenTelemetry Java Agent Extension that enables authentication support for OTLP exporters"
 otelJava.moduleName.set("io.opentelemetry.contrib.gcp.auth")
 
+val agent: Configuration by configurations.creating {
+  isCanBeResolved = true
+  isCanBeConsumed = false
+}
+
 dependencies {
   annotationProcessor("com.google.auto.service:auto-service")
   compileOnly("com.google.auto.service:auto-service-annotations")
@@ -29,12 +35,81 @@ dependencies {
   testImplementation("io.opentelemetry:opentelemetry-exporter-otlp")
   testImplementation("io.opentelemetry:opentelemetry-sdk-testing")
   testImplementation("io.opentelemetry:opentelemetry-sdk-extension-autoconfigure")
+  testImplementation("io.opentelemetry.instrumentation:opentelemetry-instrumentation-annotations")
 
   testImplementation("org.awaitility:awaitility")
   testImplementation("org.mockito:mockito-inline")
   testImplementation("org.mockito:mockito-junit-jupiter")
+  testImplementation("org.mock-server:mockserver-netty:5.15.0")
+  testImplementation("io.opentelemetry.proto:opentelemetry-proto:1.4.0-alpha")
+  testImplementation("org.springframework.boot:spring-boot-starter-web:2.7.18")
+  testImplementation("org.springframework.boot:spring-boot-starter:2.7.18")
+  testImplementation("org.springframework.boot:spring-boot-starter-test:2.7.18")
+
+  agent("io.opentelemetry.javaagent:opentelemetry-javaagent")
 }
 
-tasks.test {
+tasks {
+  test {
+    useJUnitPlatform()
+    // exclude integration test
+    exclude("io/opentelemetry/contrib/gcp/auth/GcpAuthExtensionEndToEndTest.class")
+  }
+
+  shadowJar {
+    archiveFileName.set("gcp-auth-extension.jar")
+  }
+
+  jar {
+    // Disable standard jar
+    enabled = false
+  }
+
+  assemble {
+    dependsOn(shadowJar)
+  }
+
+  bootJar {
+    // disable bootJar in build since it only runs as part of test
+    enabled = false
+  }
+}
+
+val builtLibsDir = layout.buildDirectory.dir("libs").get().asFile.absolutePath
+val javaAgentJarPath = "$builtLibsDir/otel-agent.jar"
+val authExtensionJarPath = "$builtLibsDir/gcp-auth-extension.jar"
+
+tasks.register<Copy>("copyAgent") {
+  into(layout.buildDirectory.dir("libs"))
+  from(configurations.named("agent") {
+    rename("opentelemetry-javaagent(.*).jar", "otel-agent.jar")
+  })
+}
+
+tasks.register<Test>("IntegrationTest") {
+  dependsOn(tasks.shadowJar)
+  dependsOn(tasks.named("copyAgent"))
+
   useJUnitPlatform()
+  // include only the integration test file
+  include("io/opentelemetry/contrib/gcp/auth/GcpAuthExtensionEndToEndTest.class")
+
+  val fakeCredsFilePath = project.file("src/test/resources/fakecreds.json").absolutePath
+
+  environment("GOOGLE_CLOUD_QUOTA_PROJECT", "quota-project-id")
+  environment("GOOGLE_APPLICATION_CREDENTIALS", fakeCredsFilePath)
+  jvmArgs = listOf(
+    "-javaagent:$javaAgentJarPath",
+    "-Dotel.javaagent.extensions=$authExtensionJarPath",
+    "-Dgoogle.cloud.project=my-gcp-project",
+    "-Dotel.java.global-autoconfigure.enabled=true",
+    "-Dotel.exporter.otlp.endpoint=http://localhost:4318",
+    "-Dotel.resource.providers.gcp.enabled=true",
+    "-Dotel.traces.exporter=otlp",
+    "-Dotel.bsp.schedule.delay=2000",
+    "-Dotel.metrics.exporter=none",
+    "-Dotel.logs.exporter=none",
+    "-Dotel.exporter.otlp.protocol=http/protobuf",
+    "-Dmockserver.logLevel=off"
+  )
 }

gcp-auth-extension/src/test/java/io/opentelemetry/contrib/gcp/auth/GcpAuthExtensionEndToEndTest.java

@@ -0,0 +1,213 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.contrib.gcp.auth;
+
+import static io.opentelemetry.contrib.gcp.auth.GcpAuthAutoConfigurationCustomizerProvider.GCP_USER_PROJECT_ID_KEY;
+import static io.opentelemetry.contrib.gcp.auth.GcpAuthAutoConfigurationCustomizerProvider.QUOTA_USER_PROJECT_HEADER;
+import static org.awaitility.Awaitility.await;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockserver.model.HttpRequest.request;
+import static org.mockserver.model.HttpResponse.response;
+import static org.mockserver.stop.Stop.stopQuietly;
+
+import com.google.protobuf.InvalidProtocolBufferException;
+import io.opentelemetry.contrib.gcp.auth.springapp.Application;
+import io.opentelemetry.proto.collector.trace.v1.ExportTraceServiceRequest;
+import io.opentelemetry.proto.common.v1.AnyValue;
+import io.opentelemetry.proto.common.v1.KeyValue;
+import io.opentelemetry.proto.trace.v1.ResourceSpans;
+import java.net.URI;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.time.Duration;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.mockserver.client.MockServerClient;
+import org.mockserver.integration.ClientAndServer;
+import org.mockserver.model.Body;
+import org.mockserver.model.Headers;
+import org.mockserver.model.HttpRequest;
+import org.mockserver.model.JsonBody;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.boot.test.web.server.LocalServerPort;
+
+@SpringBootTest(
+    classes = {Application.class},
+    webEnvironment = WebEnvironment.RANDOM_PORT)
+public class GcpAuthExtensionEndToEndTest {
+
+  @LocalServerPort private int testApplicationPort; // port at which the spring app is running
+
+  @Autowired private TestRestTemplate template;
+
+  // The port at which the backend server will receive telemetry
+  private static final int EXPORTER_ENDPOINT_PORT = 4318;
+  // The port at which the mock GCP OAuth 2.0 server will run
+  private static final int MOCK_GCP_OAUTH2_PORT = 8090;
+
+  // Backend server to which the application under test will export traces
+  // the export config is specified in the build.gradle file.
+  private static ClientAndServer backendServer;
+
+  // Mock server to intercept calls to the GCP OAuth 2.0 server and provide fake credentials
+  private static ClientAndServer mockGcpOAuth2Server;
+
+  private static final String DUMMY_GCP_QUOTA_PROJECT = System.getenv("GOOGLE_CLOUD_QUOTA_PROJECT");
+  private static final String DUMMY_GCP_PROJECT = System.getProperty("google.cloud.project");
+
+  @BeforeAll
+  public static void setup() throws NoSuchAlgorithmException, KeyManagementException {
+    // Setup proxy host(s)
+    System.setProperty("http.proxyHost", "localhost");
+    System.setProperty("http.proxyPort", MOCK_GCP_OAUTH2_PORT + "");
+    System.setProperty("https.proxyHost", "localhost");
+    System.setProperty("https.proxyPort", MOCK_GCP_OAUTH2_PORT + "");
+    System.setProperty("http.nonProxyHost", "localhost");
+    System.setProperty("https.nonProxyHost", "localhost");
+
+    // Disable SSL validation for integration test
+    // The OAuth2 token validation requires SSL validation
+    disableSSLValidation();
+
+    // Set up mock OTLP backend server to which traces will be exported
+    backendServer = ClientAndServer.startClientAndServer(EXPORTER_ENDPOINT_PORT);
+    backendServer.when(request()).respond(response().withStatusCode(200));
+
+    // Set up the mock gcp metadata server to provide fake credentials
+    String accessTokenResponse =
+        "{\"access_token\": \"fake.access_token\",\"expires_in\": 3600, \"token_type\": \"Bearer\"}";
+    mockGcpOAuth2Server = ClientAndServer.startClientAndServer(MOCK_GCP_OAUTH2_PORT);
+
+    MockServerClient mockServerClient =
+        new MockServerClient("localhost", MOCK_GCP_OAUTH2_PORT).withSecure(true);
+
+    // mock the token refresh - always respond with 200
+    mockServerClient
+        .when(request().withMethod("POST").withPath("/token"))
+        .respond(
+            response()
+                .withStatusCode(200)
+                .withHeader("Content-Type", "application/json")
+                .withBody(new JsonBody(accessTokenResponse)));
+  }
+
+  @AfterAll
+  public static void teardown() {
+    // Stop the backend server
+    stopQuietly(backendServer);
+    stopQuietly(mockGcpOAuth2Server);
+  }
+
+  @Test
+  public void authExtensionSmokeTest() {
+    template.getForEntity(
+        URI.create("http://localhost:" + testApplicationPort + "/ping"), String.class);
+
+    await()
+        .atMost(Duration.ofSeconds(10))
+        .untilAsserted(
+            () -> {
+              HttpRequest[] requests = backendServer.retrieveRecordedRequests(request());
+              List<Headers> extractedHeaders = extractHeadersFromRequests(requests);
+              verifyRequestHeaders(extractedHeaders);
+
+              List<ResourceSpans> extractedResourceSpans =
+                  extractResourceSpansFromRequests(requests);
+              verifyResourceAttributes(extractedResourceSpans);
+            });
+  }
+
+  // Helper methods
+
+  private static void disableSSLValidation()
+      throws NoSuchAlgorithmException, KeyManagementException {
+    TrustManager[] trustAllCerts =
+        new TrustManager[] {
+          new X509TrustManager() {
+            @Override
+            public void checkClientTrusted(X509Certificate[] chain, String authType) {}
+
+            @Override
+            public void checkServerTrusted(X509Certificate[] chain, String authType) {}
+
+            @Override
+            public X509Certificate[] getAcceptedIssuers() {
+              return null;
+            }
+          }
+        };
+    SSLContext sc = SSLContext.getInstance("SSL");
+    sc.init(null, trustAllCerts, new java.security.SecureRandom());
+    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+  }
+
+  private static void verifyResourceAttributes(List<ResourceSpans> extractedResourceSpans) {
+    extractedResourceSpans.forEach(
+        resourceSpan ->
+            assertTrue(
+                resourceSpan
+                    .getResource()
+                    .getAttributesList()
+                    .contains(
+                        KeyValue.newBuilder()
+                            .setKey(GCP_USER_PROJECT_ID_KEY)
+                            .setValue(AnyValue.newBuilder().setStringValue(DUMMY_GCP_PROJECT))
+                            .build())));
+  }
+
+  private static void verifyRequestHeaders(List<Headers> extractedHeaders) {
+    assertFalse(extractedHeaders.isEmpty());
+    // verify if extension added the required headers
+    extractedHeaders.forEach(
+        headers -> {
+          assertTrue(headers.containsEntry(QUOTA_USER_PROJECT_HEADER, DUMMY_GCP_QUOTA_PROJECT));
+          assertTrue(headers.containsEntry("Authorization", "Bearer fake.access_token"));
+        });
+  }
+
+  private static List<Headers> extractHeadersFromRequests(HttpRequest[] requests) {
+    return Arrays.stream(requests).map(HttpRequest::getHeaders).collect(Collectors.toList());
+  }
+
+  /**
+   * Extract resource spans from http requests received by a telemetry collector.
+   *
+   * @param requests Request received by a http server trace collector
+   * @return spans extracted from the request body
+   */
+  private static List<ResourceSpans> extractResourceSpansFromRequests(HttpRequest[] requests) {
+    return Arrays.stream(requests)
+        .map(HttpRequest::getBody)
+        .map(GcpAuthExtensionEndToEndTest::getExportTraceServiceRequest)
+        .filter(Optional::isPresent)
+        .map(Optional::get)
+        .flatMap(
+            exportTraceServiceRequest -> exportTraceServiceRequest.getResourceSpansList().stream())
+        .collect(Collectors.toList());
+  }
+
+  private static Optional<ExportTraceServiceRequest> getExportTraceServiceRequest(Body<?> body) {
+    try {
+      return Optional.ofNullable(ExportTraceServiceRequest.parseFrom(body.getRawBytes()));
+    } catch (InvalidProtocolBufferException e) {
+      return Optional.empty();
+    }
+  }
+}

gcp-auth-extension/src/test/java/io/opentelemetry/contrib/gcp/auth/springapp/Application.java

@@ -0,0 +1,17 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.contrib.gcp.auth.springapp;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+@SuppressWarnings("PrivateConstructorForUtilityClass")
+public class Application {
+  public static void main(String[] args) {
+    SpringApplication.run(Application.class, args);
+  }
+}

gcp-auth-extension/src/test/java/io/opentelemetry/contrib/gcp/auth/springapp/Controller.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.contrib.gcp.auth.springapp;
+
+import io.opentelemetry.instrumentation.annotations.WithSpan;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Random;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class Controller {
+
+  private final Random random = new Random();
+
+  @GetMapping("/ping")
+  public String ping() {
+    int busyTime = random.nextInt(200);
+    busyloop(busyTime);
+    return "pong";
+  }
+
+  @WithSpan
+  private static long busyloop(int busyMillis) {
+    Instant start = Instant.now();
+    Instant end;
+    long counter = 0;
+    do {
+      counter++;
+      end = Instant.now();
+    } while (Duration.between(start, end).toMillis() < busyMillis);
+    return counter;
+  }
+}

gcp-auth-extension/src/test/resources/fakecreds.json

@@ -0,0 +1,13 @@
+{
+  "type": "service_account",
+  "project_id": "quota-project-id",
+  "private_key_id": "aljmafmlamlmmasma",
+  "private_key": "-----BEGIN PRIVATE KEY-----\nMIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALX0PQoe1igW12ikv1bN/r9lN749y2ijmbc/mFHPyS3hNTyOCjDvBbXYbDhQJzWVUikh4mvGBA07qTj79Xc3yBDfKP2IeyYQIFe0t0zkd7R9Zdn98Y2rIQC47aAbDfubtkU1U72t4zL11kHvoa0/RuFZjncvlr42X7be7lYh4p3NAgMBAAECgYASk5wDw4Az2ZkmeuN6Fk/y9H+Lcb2pskJIXjrL533vrDWGOC48LrsThMQPv8cxBky8HFSEklPpkfTF95tpD43iVwJRB/GrCtGTw65IfJ4/tI09h6zGc4yqvIo1cHX/LQ+SxKLGyir/dQM925rGt/VojxY5ryJR7GLbCzxPnJm/oQJBANwOCO6D2hy1LQYJhXh7O+RLtA/tSnT1xyMQsGT+uUCMiKS2bSKx2wxo9k7h3OegNJIu1q6nZ6AbxDK8H3+d0dUCQQDTrPSXagBxzp8PecbaCHjzNRSQE2in81qYnrAFNB4o3DpHyMMY6s5ALLeHKscEWnqP8Ur6X4PvzZecCWU9BKAZAkAutLPknAuxSCsUOvUfS1i87ex77Ot+w6POp34pEX+UWb+u5iFn2cQacDTHLV1LtE80L8jVLSbrbrlH43H0DjU5AkEAgidhycxS86dxpEljnOMCw8CKoUBd5I880IUahEiUltk7OLJYS/Ts1wbn3kPOVX3wyJs8WBDtBkFrDHW2ezth2QJADj3e1YhMVdjJW5jqwlD/VNddGjgzyunmiZg0uOXsHXbytYmsA545S8KRQFaJKFXYYFo2kOjqOiC1T2cAzMDjCQ==\n-----END PRIVATE KEY-----\n",
+  "client_email": "[email protected]",
+  "client_id": "100000000000000000221",
+  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+  "token_uri": "https://oauth2.googleapis.com/token",
+  "auth_provider_x509_cert_url": "",
+  "client_x509_cert_url": "",
+  "universe_domain": "googleapis.com"
+}