Extract authorization from incoming request (#5)

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/aquasecurity/trivy v0.19.2
 	github.com/brianvoe/gofakeit/v6 v6.4.1
 	github.com/google/uuid v1.3.0
+	github.com/grpc-ecosystem/go-grpc-middleware v1.2.2
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.6.0
 	github.com/onsi/ginkgo v1.16.4
 	github.com/onsi/gomega v1.12.0
@@ -31,7 +32,6 @@ require (
 	github.com/fatih/color v1.10.0 // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/grpc-ecosystem/go-grpc-middleware v1.2.2 // indirect
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/imdario/mergo v0.3.9 // indirect
 	github.com/mattn/go-colorable v0.1.8 // indirect

scanner/trivy/scanner.go

@@ -57,7 +57,7 @@ func (t *trivyImageScanner) Init() error {
 	return nil
 }
 
-func (t *trivyImageScanner) ImageScan(imageUri string) {
+func (t *trivyImageScanner) ImageScan(ctx context.Context, imageUri string) {
 	log := t.logger.Named("ImageScan").With(zap.String("imageUri", imageUri))
 	log.Info("Starting scan")
 
@@ -66,9 +66,7 @@ func (t *trivyImageScanner) ImageScan(imageUri string) {
 		log.Error("Error scanning image", zap.Error(err))
 		return
 	}
-	log.Debug("Scan completed", zap.Duration("scan", results.ScanEnd.Sub(results.ScanStart)))
-
-	ctx := context.Background()
+	log.Info("Scan completed", zap.Duration("scan", results.ScanEnd.Sub(results.ScanStart)))
 	noteName, err := t.createScanNote(ctx, imageUri)
 	if err != nil {
 		log.Error("Error creating scan note", zap.Error(err))

scanner/trivy/scanner_test.go

@@ -15,6 +15,7 @@
 package trivy_test
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
@@ -133,7 +134,7 @@ var _ = Describe("TrivyScanner", func() {
 			trivyCommand.ScanReturns(scanResults, scanError)
 
 			Expect(scanner.Init()).NotTo(HaveOccurred())
-			scanner.ImageScan(imageUri)
+			scanner.ImageScan(context.Background(), imageUri)
 		})
 
 		It("should create a note for the scan", func() {

scanner/types.go

@@ -14,10 +14,12 @@
 
 package scanner
 
+import "context"
+
 //go:generate counterfeiter -generate
 
 //counterfeiter:generate . ImageScanner
 type ImageScanner interface {
-	ImageScan(string)
+	ImageScan(context.Context, string)
 	Init() error
 }

server/server.go

@@ -18,10 +18,12 @@ import (
 	"context"
 	"regexp"
 
+	"github.com/grpc-ecosystem/go-grpc-middleware/util/metautils"
 	"github.com/rode/collector-image-scanner/proto/v1alpha1"
 	"github.com/rode/collector-image-scanner/scanner"
 	"go.uber.org/zap"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/emptypb"
 )
@@ -40,12 +42,21 @@ func NewCollectorImageScannerServer(logger *zap.Logger, scanner scanner.ImageSca
 	}
 }
 
-func (s *collectorImageScannerServer) StartImageScan(_ context.Context, request *v1alpha1.CreateImageScanRequest) (*emptypb.Empty, error) {
+func (s *collectorImageScannerServer) StartImageScan(ctx context.Context, request *v1alpha1.CreateImageScanRequest) (*emptypb.Empty, error) {
 	if !imageUriPattern.MatchString(request.ImageUri) {
 		return nil, status.Errorf(codes.InvalidArgument, "Invalid Image URI")
 	}
-
-	go s.scanner.ImageScan(request.ImageUri)
+	go s.scanner.ImageScan(extractAuthz(ctx), request.ImageUri)
 
 	return &emptypb.Empty{}, nil
 }
+
+func extractAuthz(ctx context.Context) context.Context {
+	authzHeader := metautils.ExtractIncoming(ctx).Get("authorization")
+	meta := metadata.New(map[string]string{})
+	if authzHeader != "" {
+		meta.Set("authorization", authzHeader)
+	}
+
+	return metautils.NiceMD(meta).ToIncoming(context.Background())
+}

server/server_test.go

@@ -19,11 +19,13 @@ import (
 	"fmt"
 	"runtime"
 
+	"github.com/grpc-ecosystem/go-grpc-middleware/util/metautils"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/rode/collector-image-scanner/proto/v1alpha1"
 	"github.com/rode/collector-image-scanner/scanner/scannerfakes"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/types/known/emptypb"
 )
@@ -60,7 +62,12 @@ var _ = Describe("Server", func() {
 		When("the image is valid", func() {
 			It("should initiate a scan in the background", func() {
 				Expect(scanner.ImageScanCallCount()).To(Equal(1))
-				Expect(scanner.ImageScanArgsForCall(0)).To(Equal(imageUri))
+
+				actualCtx, actualUri := scanner.ImageScanArgsForCall(0)
+				actualAuthz := metautils.ExtractIncoming(actualCtx).Get("authorization")
+
+				Expect(actualUri).To(Equal(imageUri))
+				Expect(actualAuthz).To(BeEmpty())
 			})
 
 			It("should not return an error", func() {
@@ -69,6 +76,27 @@ var _ = Describe("Server", func() {
 			})
 		})
 
+		When("the incoming context has an authorization header", func() {
+			var expectedAuthorization string
+
+			BeforeEach(func() {
+				expectedAuthorization = fake.Word()
+				meta := metadata.New(map[string]string{
+					"authorization": expectedAuthorization,
+				})
+				ctx = metautils.NiceMD(meta).ToIncoming(ctx)
+			})
+
+			It("should pass the authorization header along", func() {
+				Expect(scanner.ImageScanCallCount()).To(Equal(1))
+
+				actualCtx, _ := scanner.ImageScanArgsForCall(0)
+				actualAuthz := metautils.ExtractIncoming(actualCtx).Get("authorization")
+
+				Expect(actualAuthz).To(Equal(expectedAuthorization))
+			})
+		})
+
 		When("the image uri is malformed", func() {
 			BeforeEach(func() {
 				request.ImageUri = fake.Word()