tetrateio · nacx · Feb 9, 2024 · Feb 9, 2024 · Feb 9, 2024
diff --git a/cmd/main.go b/cmd/main.go
@@ -31,7 +31,7 @@ func main() {
 		configFile  = &internal.LocalConfigFile{}
 		logging     = internal.NewLogSystem(log.New(), &configFile.Config)
 		authz       = server.NewExtAuthZFilter(&configFile.Config)
-		authzServer = server.New(authz.Register)
+		authzServer = server.New(&configFile.Config, authz.Register)
 	)
 
 	g := run.Group{Logger: internal.Logger(internal.Default)}

diff --git a/e2e/mock/Makefile b/e2e/mock/Makefile
@@ -12,6 +12,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# Force run of the e2e tests
+E2E_TEST_OPTS ?= -count=1
+
 
 .PHONY: e2e
 e2e: e2e-pre

diff --git a/e2e/mock/authz-config.json b/e2e/mock/authz-config.json
@@ -1,4 +1,6 @@
 {
+  "listen_address": "0.0.0.0",
+  "listen_port": 10004,
   "log_level": "debug",
   "chains": [
     {

diff --git a/e2e/mock/envoy-config.yaml b/e2e/mock/envoy-config.yaml
@@ -12,11 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-bootstrap_extensions:
-  - name: envoy.bootstrap.internal_listener
-    typed_config:
-      "@type": type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener
-
 static_resources:
   listeners:
     - name: http

diff --git a/internal/server/authz.go b/internal/server/authz.go
@@ -112,10 +112,10 @@ func (e *ExtAuthZFilter) Check(ctx context.Context, req *envoy.CheckRequest) (re
 			if !ok {
 				return deny(codes.PermissionDenied, fmt.Sprintf("%s[%d] filter denied the request", c.Name, i)), nil
 			}
-
-			// Use the first filter chain that matches
-			return allow, nil
 		}
+
+		// Return OK if the chain matched and all filters allowed the request
+		return allow, nil
 	}
 
 	if e.cfg.AllowUnmatchedRequests {

diff --git a/internal/server/server.go b/internal/server/server.go
@@ -23,6 +23,7 @@ import (
 	"github.com/tetratelabs/telemetry"
 	"google.golang.org/grpc"
 
+	configv1 "github.com/tetrateio/authservice-go/config/gen/go/v1"
 	"github.com/tetrateio/authservice-go/internal"
 )
 
@@ -33,18 +34,16 @@ type RegisterGrpc interface {
 }
 
 var (
-	_ run.Initializer = (*Server)(nil)
-	_ run.Config      = (*Server)(nil)
-	_ run.PreRunner   = (*Server)(nil)
-	_ run.Service     = (*Server)(nil)
+	_ run.PreRunner = (*Server)(nil)
+	_ run.Service   = (*Server)(nil)
 )
 
 var ErrInvalidAddress = errors.New("invalid address")
 
 // Server that runs as a unit in a run.Group.
 type Server struct {
-	log  telemetry.Logger
-	addr string
+	log telemetry.Logger
+	cfg *configv1.Config
 
 	server           *grpc.Server
 	registerHandlers []func(s *grpc.Server)
@@ -55,42 +54,25 @@ type Server struct {
 }
 
 // New creates a new dual gRPC server.
-func New(registerHandlers ...func(s *grpc.Server)) *Server {
+func New(cfg *configv1.Config, registerHandlers ...func(s *grpc.Server)) *Server {
 	return &Server{
 		log:              internal.Logger(internal.Server),
+		cfg:              cfg,
 		registerHandlers: registerHandlers,
 	}
 }
 
 // Name returns the name of the unit in the run.Group.
 func (s *Server) Name() string { return "gRPC Server" }
 
-// FlagSet returns the flags used to customize the server.
-func (s *Server) FlagSet() *run.FlagSet {
-	flags := run.NewFlagSet("gRPC Server flags")
-	flags.StringVar(&s.addr, "listen-address", ":10004", "listen address")
-	return flags
-}
-
-// Validate the server configuration.
-func (s *Server) Validate() error {
-	if _, _, err := net.SplitHostPort(s.addr); err != nil {
-		return fmt.Errorf("%w: %w", ErrInvalidAddress, err)
-	}
-	return nil
-}
-
-// Initialize the server.
-func (s *Server) Initialize() {
+// PreRun registers the server registerHandlers
+func (s *Server) PreRun() error {
 	if s.Listen == nil {
 		s.Listen = func() (net.Listener, error) {
-			return net.Listen("tcp", s.addr)
+			return net.Listen("tcp", fmt.Sprintf("%s:%d", s.cfg.ListenAddress, s.cfg.ListenPort))
 		}
 	}
-}
 
-// PreRun registers the server registerHandlers
-func (s *Server) PreRun() error {
 	logMiddleware := NewLogMiddleware()
 
 	// Initialize the gRPC server
@@ -112,7 +94,7 @@ func (s *Server) Serve() error {
 	if err != nil {
 		return err
 	}
-	s.log.Info("starting gRPC server", "addr", s.addr)
+	s.log.Info("starting gRPC server", "addr", l.Addr())
 	return s.server.Serve(l)
 }
 

diff --git a/internal/server/server_test.go b/internal/server/server_test.go
@@ -31,34 +31,12 @@ import (
 	"google.golang.org/grpc/test/bufconn"
 )
 
-func TestValidate(t *testing.T) {
-	tests := []struct {
-		name string
-		addr string
-		err  error
-	}{
-		{"empty", "", ErrInvalidAddress},
-		{"no-port", "localhost", ErrInvalidAddress},
-		{"invalid", "::9090", ErrInvalidAddress},
-		{"ipv4", "1.2.3.4:9090", nil},
-		{"ipv6", "[::1]:9090", nil},
-		{"hostname", "localhost:9090", nil},
-		{"any-addr", ":9090", nil},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			require.ErrorIs(t, (&Server{addr: tt.addr}).Validate(), tt.err)
-		})
-	}
-}
-
 func TestServer(t *testing.T) {
 	var (
 		g   = run.Group{Logger: telemetry.NoopLogger()}
 		irq = test.NewIRQService(func() {})
 		l   = bufconn.Listen(1024)
-		s   = New(func(s *grpc.Server) {
+		s   = New(nil, func(s *grpc.Server) {
 			testgrpc.RegisterTestServiceServer(s, interop.NewTestServer())
 		})
 	)