feat(auth): add partial per service auth override

interceptors/auth/auth.go

@@ -5,11 +5,18 @@ package auth
 
 import (
 	"context"
+	"errors"
 
 	middleware "github.com/grpc-ecosystem/go-grpc-middleware/v2"
 	"google.golang.org/grpc"
 )
 
+// ErrNoAuthOverrideMatch is to support partial AuthFuncOverride implementations.
+// If your service implements AuthFuncOverride and returns this error, we would
+// proceed the authentication using the configured AuthFunc and ignore the error.
+// Any other error would be returned directly by the interceptor.
+var ErrNoAuthOverrideMatch = errors.New("no AuthFuncOverride match")
+
 // AuthFunc is the pluggable function that performs authentication.
 //
 // The passed in `Context` will contain the gRPC metadata.MD object (for header-based authentication) and
@@ -37,11 +44,16 @@ func UnaryServerInterceptor(authFunc AuthFunc) grpc.UnaryServerInterceptor {
 	return func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
 		var newCtx context.Context
 		var err error
-		if overrideSrv, ok := info.Server.(ServiceAuthFuncOverride); ok {
+
+		overrideSrv, ok := info.Server.(ServiceAuthFuncOverride)
+		if ok {
 			newCtx, err = overrideSrv.AuthFuncOverride(ctx, info.FullMethod)
-		} else {
+		}
+
+		if !ok || errors.Is(err, ErrNoAuthOverrideMatch) {
 			newCtx, err = authFunc(ctx)
 		}
+
 		if err != nil {
 			return nil, err
 		}
@@ -55,11 +67,16 @@ func StreamServerInterceptor(authFunc AuthFunc) grpc.StreamServerInterceptor {
 	return func(srv any, stream grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
 		var newCtx context.Context
 		var err error
-		if overrideSrv, ok := srv.(ServiceAuthFuncOverride); ok {
+
+		overrideSrv, ok := srv.(ServiceAuthFuncOverride)
+		if ok {
 			newCtx, err = overrideSrv.AuthFuncOverride(stream.Context(), info.FullMethod)
-		} else {
+		}
+
+		if !ok || errors.Is(err, ErrNoAuthOverrideMatch) {
 			newCtx, err = authFunc(stream.Context())
 		}
+
 		if err != nil {
 			return err
 		}

interceptors/auth/auth_test.go

@@ -147,19 +147,29 @@ func (s *AuthTestSuite) TestStream_PassesWithPerRpcCredentials() {
 
 type authOverrideTestService struct {
 	testpb.TestServiceServer
-	T *testing.T
+	T                       *testing.T
+	OverrideNoMatchingError bool
 }
 
 func (s *authOverrideTestService) AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error) {
 	assert.NotEmpty(s.T, fullMethodName, "method name of caller is passed around")
+
+	if s.OverrideNoMatchingError {
+		return nil, auth.ErrNoAuthOverrideMatch
+	}
+
 	return buildDummyAuthFunction("bearer", overrideAuthToken)(ctx)
 }
 
 func TestAuthOverrideTestSuite(t *testing.T) {
 	authFunc := buildDummyAuthFunction("bearer", commonAuthToken)
 	s := &AuthOverrideTestSuite{
 		InterceptorTestSuite: &testpb.InterceptorTestSuite{
-			TestService: &authOverrideTestService{&assertingPingService{&testpb.TestPingService{}, t}, t},
+			TestService: &authOverrideTestService{
+				&assertingPingService{&testpb.TestPingService{}, t},
+				t,
+				false,
+			},
 			ServerOpts: []grpc.ServerOption{
 				grpc.StreamInterceptor(auth.StreamServerInterceptor(authFunc)),
 				grpc.UnaryInterceptor(auth.UnaryServerInterceptor(authFunc)),
@@ -169,17 +179,46 @@ func TestAuthOverrideTestSuite(t *testing.T) {
 	suite.Run(t, s)
 }
 
+func TestAuthOverrideNotMatchingErrTestSuite(t *testing.T) {
+	authFunc := buildDummyAuthFunction("bearer", commonAuthToken)
+	s := &AuthOverrideTestSuite{
+		InterceptorTestSuite: &testpb.InterceptorTestSuite{
+			TestService: &authOverrideTestService{
+				&assertingPingService{&testpb.TestPingService{}, t},
+				t,
+				true,
+			},
+			ServerOpts: []grpc.ServerOption{
+				grpc.StreamInterceptor(auth.StreamServerInterceptor(authFunc)),
+				grpc.UnaryInterceptor(auth.UnaryServerInterceptor(authFunc)),
+			},
+		},
+		WithOverrideNoMatchError: true,
+	}
+	suite.Run(t, s)
+}
+
 type AuthOverrideTestSuite struct {
 	*testpb.InterceptorTestSuite
+	WithOverrideNoMatchError bool
 }
 
 func (s *AuthOverrideTestSuite) TestUnary_PassesAuth() {
-	_, err := s.Client.Ping(ctxWithToken(s.SimpleCtx(), "bearer", overrideAuthToken), testpb.GoodPing)
+	selectedToken := overrideAuthToken
+	if s.WithOverrideNoMatchError {
+		selectedToken = commonAuthToken
+	}
+	_, err := s.Client.Ping(ctxWithToken(s.SimpleCtx(), "bearer", selectedToken), testpb.GoodPing)
 	require.NoError(s.T(), err, "no error must occur")
 }
 
 func (s *AuthOverrideTestSuite) TestStream_PassesAuth() {
-	stream, err := s.Client.PingList(ctxWithToken(s.SimpleCtx(), "Bearer", overrideAuthToken), testpb.GoodPingList)
+	selectedToken := overrideAuthToken
+	if s.WithOverrideNoMatchError {
+		selectedToken = commonAuthToken
+	}
+
+	stream, err := s.Client.PingList(ctxWithToken(s.SimpleCtx(), "Bearer", selectedToken), testpb.GoodPingList)
 	require.NoError(s.T(), err, "should not fail on establishing the stream")
 	pong, err := stream.Recv()
 	require.NoError(s.T(), err, "no error must occur")

interceptors/auth/doc.go

@@ -15,7 +15,8 @@ The middleware takes a user-customizable `AuthFunc`, which can be customized to
 auth information from the request. The extracted information can be put in the `context.Context` of
 handlers downstream for retrieval.
 
-It also allows for per-service implementation overrides of `AuthFunc`. See `ServiceAuthFuncOverride`.
+It also allows for per-service implementation overrides of `AuthFunc`. See `ServiceAuthFuncOverride`. In addition,
+it supports partial per service override of the `AuthFunc` by using `ErrNoAuthOverrideMatch`.
 
 Please see examples for simple examples of use.
 */

interceptors/logging/examples/go.mod

@@ -11,22 +11,22 @@ require (
 	github.com/sirupsen/logrus v1.9.0
 	go.uber.org/zap v1.24.0
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
-	google.golang.org/grpc v1.53.0
+	google.golang.org/grpc v1.61.1
 	k8s.io/klog/v2 v2.90.1
 )
 
 require (
 	github.com/go-logfmt/logfmt v0.5.1 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/net v0.14.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
-	golang.org/x/text v0.12.0 // indirect
-	google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 )
 
 replace github.com/grpc-ecosystem/go-grpc-middleware/v2 => ../../../

interceptors/logging/examples/go.sum

@@ -14,6 +14,7 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
@@ -48,25 +49,31 @@ golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnL
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f h1:BWUVssLB0HVOSY78gIdvk1dTVYtT1y8SBWtPYuTJ/6w=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
 google.golang.org/grpc v1.53.0 h1:LAv2ds7cmFV/XTS3XG1NneeENYrXGmorPxsBbptIjNc=
 google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw=
+google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=