Add validation where tokens and token cannot coexist in config

bchen528 · bchen528 · commit 5c42e010e9e5 · 2025-02-26T15:02:18.000Z
diff --git a/extension/bearertokenauthextension/README.md b/extension/bearertokenauthextension/README.md
@@ -25,7 +25,7 @@ The authenticator type has to be set to `bearertokenauth`.
 
 - `token`: Static authorization token that needs to be sent on every gRPC client call as metadata.
 
-- `tokens`: A list of static authorization tokens that needs to be sent on every gRPC client call as metadata.
+- `tokens`: A list of static authorization tokens, one of which needs to be sent on every gRPC client call as metadata.
 
 - `filename`: Name of file that contains a authorization token that needs to be sent in every client call.
 
diff --git a/extension/bearertokenauthextension/config.go b/extension/bearertokenauthextension/config.go
@@ -28,12 +28,16 @@ type Config struct {
 var (
 	_                  component.Config = (*Config)(nil)
 	errNoTokenProvided                  = errors.New("no bearer token provided")
+	errTokensAndTokenProvided           = errors.New("either tokens or token should be provided, not both")
 )
 
 // Validate checks if the extension configuration is valid
 func (cfg *Config) Validate() error {
 	if cfg.BearerToken == "" && len(cfg.Tokens) == 0 && cfg.Filename == "" {
 		return errNoTokenProvided
 	}
+	if cfg.BearerToken != "" && len(cfg.Tokens) > 0 {
+		return errTokensAndTokenProvided
+	}
 	return nil
 }
diff --git a/extension/bearertokenauthextension/config_test.go b/extension/bearertokenauthextension/config_test.go
@@ -65,6 +65,23 @@ func TestLoadConfig(t *testing.T) {
                 Filename:    "file-containing.token",
             },
         },
+        {
+            id: component.NewIDWithName(metadata.Type, "tokensandtoken"),
+            expected: &Config{
+                Scheme:      "Bearer",
+                BearerToken: "sometoken",
+                Tokens:      []configopaque.String{"token1", "thistokenalsoworks"},
+            },
+            expectedErr: true,
+        },
+        {
+            id: component.NewIDWithName(metadata.Type, "withtokensandfilename"),
+            expected: &Config{
+                Scheme:   "Bearer",
+                Tokens:   []configopaque.String{"ignoredtoken1", "ignoredtoken2"},
+                Filename: "file-containing.token",
+            },
+        },
 	}
 	for _, tt := range tests {
 		t.Run(tt.id.String(), func(t *testing.T) {
diff --git a/extension/bearertokenauthextension/testdata/config.yaml b/extension/bearertokenauthextension/testdata/config.yaml
@@ -16,3 +16,15 @@ bearertokenauth/both:
   scheme: "Bearer"
   token: "ignoredtoken"
   filename: "file-containing.token"
+bearertokenauth/withtokensandfilename:
+  scheme: "Bearer"
+  tokens:
+    - "ignoredtoken1"
+    - "ignoredtoken2"
+  filename: "file-containing.token"
+bearertokenauth/tokensandtoken:
+  scheme: "Bearer"
+  tokens:
+    - "token1"
+    - "thistokenalsoworks"
+  token: "my-token"

Original file line number	Diff line number	Diff line change
`@@ -28,12 +28,16 @@ type Config struct {`
`28`	`28`	`var (`
`29`	`29`	`_ component.Config = (*Config)(nil)`
`30`	`30`	`errNoTokenProvided = errors.New("no bearer token provided")`
	`31`	`+ errTokensAndTokenProvided = errors.New("either tokens or token should be provided, not both")`
`31`	`32`	`)`
`32`	`33`
`33`	`34`	`// Validate checks if the extension configuration is valid`
`34`	`35`	`func (cfg *Config) Validate() error {`
`35`	`36`	`if cfg.BearerToken == "" && len(cfg.Tokens) == 0 && cfg.Filename == "" {`
`36`	`37`	`return errNoTokenProvided`
`37`	`38`	`}`
	`39`	`+ if cfg.BearerToken != "" && len(cfg.Tokens) > 0 {`
	`40`	`+ return errTokensAndTokenProvided`
	`41`	`+ }`
`38`	`42`	`return nil`
`39`	`43`	`}`