From a3f4b3256301721e2af698a6f6483a8dd6ed9f58 Mon Sep 17 00:00:00 2001
From: bugslayer-332 <ayashwanth9503@gmail.com>
Date: Sat, 15 Jul 2023 12:51:47 +0530
Subject: [PATCH] added a new pkg,corscfg to enable cors on OTLP and Zipkin

Signed-off-by: bugslayer-332 <ayashwanth9503@gmail.com>
---
 cmd/collector/app/flags/flags.go   | 49 ++++++++++++++++--------------
 cmd/collector/app/server/zipkin.go | 12 +++-----
 pkg/config/corscfg/flags.go        | 43 ++++++++++++++++++++++++++
 pkg/config/corscfg/settings.go     | 20 ++++++++++++
 4 files changed, 93 insertions(+), 31 deletions(-)
 create mode 100644 pkg/config/corscfg/flags.go
 create mode 100644 pkg/config/corscfg/settings.go

diff --git a/cmd/collector/app/flags/flags.go b/cmd/collector/app/flags/flags.go
index 6ccf2720bbc..d18a79bd000 100644
--- a/cmd/collector/app/flags/flags.go
+++ b/cmd/collector/app/flags/flags.go
@@ -21,10 +21,10 @@ import (
 	"time"
 
 	"github.com/spf13/viper"
-	"go.opentelemetry.io/collector/config/confighttp"
 	"go.uber.org/zap"
 
 	"github.com/jaegertracing/jaeger/cmd/flags"
+	"github.com/jaegertracing/jaeger/pkg/config/corscfg"
 	"github.com/jaegertracing/jaeger/pkg/config/tlscfg"
 	"github.com/jaegertracing/jaeger/pkg/tenancy"
 	"github.com/jaegertracing/jaeger/ports"
@@ -39,12 +39,9 @@ const (
 
 	flagSuffixHostPort = "host-port"
 
-	flagSuffixHTTPReadTimeout       = "read-timeout"
-	flagSuffixHTTPReadHeaderTimeout = "read-header-timeout"
-	flagSuffixHTTPIdleTimeout       = "idle-timeout"
-	flagSuffixHTTPAllowedHeaders    = "allowed-headers"
-	flagSuffixHTTPAllowedOrigins    = "allowed-origins"
-
+	flagSuffixHTTPReadTimeout             = "read-timeout"
+	flagSuffixHTTPReadHeaderTimeout       = "read-header-timeout"
+	flagSuffixHTTPIdleTimeout             = "idle-timeout"
 	flagSuffixGRPCMaxReceiveMessageLength = "max-message-size"
 	flagSuffixGRPCMaxConnectionAge        = "max-connection-age"
 	flagSuffixGRPCMaxConnectionAgeGrace   = "max-connection-age-grace"
@@ -52,8 +49,6 @@ const (
 	flagCollectorOTLPEnabled = "collector.otlp.enabled"
 
 	flagZipkinHTTPHostPort     = "collector.zipkin.host-port"
-	flagZipkinAllowedHeaders   = "collector.zipkin.allowed-headers"
-	flagZipkinAllowedOrigins   = "collector.zipkin.allowed-origins"
 	flagZipkinKeepAliveEnabled = "collector.zipkin.keep-alive"
 
 	// DefaultNumWorkers is the default number of workers consuming from the processor queue
@@ -101,6 +96,12 @@ var otlpServerFlagsCfg = struct {
 var tlsZipkinFlagsConfig = tlscfg.ServerFlagsConfig{
 	Prefix: "collector.zipkin",
 }
+var corsZipkinFlagsConfig = corscfg.CorsFlagsConfig{
+	Prefix: "collector.zipkin",
+}
+var corsOTLPHTTPFlagsConfig = corscfg.CorsFlagsConfig{
+	Prefix: "collector.otlp.http",
+}
 
 // CollectorOptions holds configuration for collector
 type CollectorOptions struct {
@@ -124,12 +125,10 @@ type CollectorOptions struct {
 	Zipkin struct {
 		// HTTPHostPort is the host:port address that the Zipkin collector service listens in on for http requests
 		HTTPHostPort string
-		// ZipkinAllowedOrigins is a list of origins a cross-domain request to the Zipkin collector service can be executed from
-		AllowedOrigins string
-		// ZipkinAllowedHeaders is a list of headers that the Zipkin collector service allowes the client to use with cross-domain requests
-		AllowedHeaders string
 		// TLS configures secure transport for Zipkin endpoint to collect spans
 		TLS tlscfg.Options
+		// CORSSettings allows CORS requests , sets the values for Allowed Headers and Allowed Origins.
+		CORSSettings corscfg.Settings
 		// KeepAlive configures allow Keep-Alive for Zipkin HTTP server
 		KeepAlive bool
 	}
@@ -156,8 +155,8 @@ type HTTPOptions struct {
 	ReadHeaderTimeout time.Duration
 	// IdleTimeout sets the respective parameter of http.Server
 	IdleTimeout time.Duration
-	// Allowed Origins
-	CORSSettings *confighttp.CORSSettings
+	// CORSSettings allows CORS requests , sets the values for Allowed Headers and Allowed Origins.
+	CORSSettings corscfg.Settings
 }
 
 // GRPCOptions defines options for a gRPC server
@@ -191,13 +190,13 @@ func AddFlags(flags *flag.FlagSet) {
 
 	flags.Bool(flagCollectorOTLPEnabled, true, "Enables OpenTelemetry OTLP receiver on dedicated HTTP and gRPC ports")
 	addHTTPFlags(flags, otlpServerFlagsCfg.HTTP, "")
+	corsOTLPHTTPFlagsConfig.AddFlags(flags)
 	addGRPCFlags(flags, otlpServerFlagsCfg.GRPC, "")
 
-	flags.String(flagZipkinAllowedHeaders, "content-type", "Comma separated list of allowed headers for the Zipkin collector service, default content-type")
-	flags.String(flagZipkinAllowedOrigins, "*", "Comma separated list of allowed origins for the Zipkin collector service, default accepts all")
 	flags.String(flagZipkinHTTPHostPort, "", "The host:port (e.g. 127.0.0.1:9411 or :9411) of the collector's Zipkin server (disabled by default)")
 	flags.Bool(flagZipkinKeepAliveEnabled, true, "KeepAlive configures allow Keep-Alive for Zipkin HTTP server (enabled by default)")
 	tlsZipkinFlagsConfig.AddFlags(flags)
+	corsZipkinFlagsConfig.AddFlags(flags)
 
 	tenancy.AddFlags(flags)
 }
@@ -207,8 +206,6 @@ func addHTTPFlags(flags *flag.FlagSet, cfg serverFlagsConfig, defaultHostPort st
 	flags.Duration(cfg.prefix+"."+flagSuffixHTTPIdleTimeout, 0, "See https://pkg.go.dev/net/http#Server")
 	flags.Duration(cfg.prefix+"."+flagSuffixHTTPReadTimeout, 0, "See https://pkg.go.dev/net/http#Server")
 	flags.Duration(cfg.prefix+"."+flagSuffixHTTPReadHeaderTimeout, 2*time.Second, "See https://pkg.go.dev/net/http#Server")
-	flags.String(cfg.prefix+"."+flagSuffixHTTPAllowedHeaders, "content-type", "Allowed headers for the OTLP HTTP port , default content-type")
-	flags.String(cfg.prefix+"."+flagSuffixHTTPAllowedOrigins, "*", "Allowed origins for the OTLP HTTP port , default accepts all")
 	cfg.tls.AddFlags(flags)
 }
 
@@ -242,8 +239,6 @@ func (opts *HTTPOptions) initFromViper(v *viper.Viper, logger *zap.Logger, cfg s
 	} else {
 		return fmt.Errorf("failed to parse HTTP TLS options: %w", err)
 	}
-	opts.CORSSettings.AllowedHeaders = v.GetStringSlice(cfg.prefix + "." + flagSuffixHTTPAllowedHeaders)
-	opts.CORSSettings.AllowedOrigins = v.GetStringSlice(cfg.prefix + "." + flagSuffixHTTPAllowedOrigins)
 	return nil
 }
 
@@ -282,12 +277,15 @@ func (cOpts *CollectorOptions) InitFromViper(v *viper.Viper, logger *zap.Logger)
 	if err := cOpts.OTLP.HTTP.initFromViper(v, logger, otlpServerFlagsCfg.HTTP); err != nil {
 		return cOpts, fmt.Errorf("failed to parse OTLP/HTTP server options: %w", err)
 	}
+	if corsOTLPSettings, err := corsOTLPHTTPFlagsConfig.InitFromViper(v); err == nil {
+		cOpts.OTLP.HTTP.CORSSettings = corsOTLPSettings
+	} else {
+		return cOpts, fmt.Errorf("failed to parse OTLP HTTP CORS settings : %w", err)
+	}
 	if err := cOpts.OTLP.GRPC.initFromViper(v, logger, otlpServerFlagsCfg.GRPC); err != nil {
 		return cOpts, fmt.Errorf("failed to parse OTLP/gRPC server options: %w", err)
 	}
 
-	cOpts.Zipkin.AllowedHeaders = v.GetString(flagZipkinAllowedHeaders)
-	cOpts.Zipkin.AllowedOrigins = v.GetString(flagZipkinAllowedOrigins)
 	cOpts.Zipkin.KeepAlive = v.GetBool(flagZipkinKeepAliveEnabled)
 	cOpts.Zipkin.HTTPHostPort = ports.FormatHostPort(v.GetString(flagZipkinHTTPHostPort))
 	if tlsZipkin, err := tlsZipkinFlagsConfig.InitFromViper(v); err == nil {
@@ -295,6 +293,11 @@ func (cOpts *CollectorOptions) InitFromViper(v *viper.Viper, logger *zap.Logger)
 	} else {
 		return cOpts, fmt.Errorf("failed to parse Zipkin TLS options: %w", err)
 	}
+	if corsZipkinSettings, err := corsZipkinFlagsConfig.InitFromViper(v); err == nil {
+		cOpts.Zipkin.CORSSettings = corsZipkinSettings
+	} else {
+		return cOpts, fmt.Errorf("failed to parse Zipkin CORS settings : %w", err)
+	}
 
 	return cOpts, nil
 }
diff --git a/cmd/collector/app/server/zipkin.go b/cmd/collector/app/server/zipkin.go
index 44ba865c85d..e0ab5689bba 100644
--- a/cmd/collector/app/server/zipkin.go
+++ b/cmd/collector/app/server/zipkin.go
@@ -17,7 +17,6 @@ package server
 import (
 	"net"
 	"net/http"
-	"strings"
 	"time"
 
 	"github.com/gorilla/mux"
@@ -27,6 +26,7 @@ import (
 
 	"github.com/jaegertracing/jaeger/cmd/collector/app/handler"
 	"github.com/jaegertracing/jaeger/cmd/collector/app/zipkin"
+	"github.com/jaegertracing/jaeger/pkg/config/corscfg"
 	"github.com/jaegertracing/jaeger/pkg/config/tlscfg"
 	"github.com/jaegertracing/jaeger/pkg/healthcheck"
 	"github.com/jaegertracing/jaeger/pkg/httpmetrics"
@@ -39,8 +39,7 @@ type ZipkinServerParams struct {
 	TLSConfig      tlscfg.Options
 	HostPort       string
 	Handler        handler.ZipkinSpansHandler
-	AllowedOrigins string
-	AllowedHeaders string
+	CORSSettings   corscfg.Settings
 	HealthCheck    *healthcheck.HealthCheck
 	Logger         *zap.Logger
 	MetricsFactory metrics.Factory
@@ -86,13 +85,10 @@ func serveZipkin(server *http.Server, listener net.Listener, params *ZipkinServe
 	zHandler := zipkin.NewAPIHandler(params.Handler)
 	zHandler.RegisterRoutes(r)
 
-	origins := strings.Split(strings.ReplaceAll(params.AllowedOrigins, " ", ""), ",")
-	headers := strings.Split(strings.ReplaceAll(params.AllowedHeaders, " ", ""), ",")
-
 	cors := cors.New(cors.Options{
-		AllowedOrigins: origins,
+		AllowedOrigins: params.CORSSettings.AllowedOrigins,
 		AllowedMethods: []string{"POST"}, // Allowing only POST, because that's the only handled one
-		AllowedHeaders: headers,
+		AllowedHeaders: params.CORSSettings.AllowedHeaders,
 	})
 
 	recoveryHandler := recoveryhandler.NewRecoveryHandler(params.Logger, true)
diff --git a/pkg/config/corscfg/flags.go b/pkg/config/corscfg/flags.go
new file mode 100644
index 00000000000..b04392d3c29
--- /dev/null
+++ b/pkg/config/corscfg/flags.go
@@ -0,0 +1,43 @@
+// Copyright (c) 2019 The Jaeger Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package corscfg
+
+import (
+	"flag"
+
+	"github.com/spf13/viper"
+)
+
+const (
+	corsPrefix         = ".cors"
+	corsAllowedHeaders = corsPrefix + ".allowed-headers"
+	corsAllowedOrigins = corsPrefix + ".allowed-origins"
+)
+
+type CorsFlagsConfig struct {
+	Prefix string
+}
+
+func (c CorsFlagsConfig) AddFlags(flags *flag.FlagSet) {
+	flags.String(c.Prefix+corsAllowedHeaders, "content-type", "Allowed headers for the HTTP port , default content-type")
+	flags.String(c.Prefix+corsAllowedOrigins, "*", "Allowed origins for the HTTP port , default accepts all")
+}
+
+func (c CorsFlagsConfig) InitFromViper(v *viper.Viper) (Settings, error) {
+	var p Settings
+	p.AllowedHeaders = v.GetStringSlice(c.Prefix + corsAllowedHeaders)
+	p.AllowedOrigins = v.GetStringSlice(c.Prefix + corsAllowedOrigins)
+	return p, nil
+}
diff --git a/pkg/config/corscfg/settings.go b/pkg/config/corscfg/settings.go
new file mode 100644
index 00000000000..37b9eb0d035
--- /dev/null
+++ b/pkg/config/corscfg/settings.go
@@ -0,0 +1,20 @@
+// Copyright (c) 2019 The Jaeger Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package corscfg
+
+type Settings struct {
+	AllowedOrigins []string `mapstructure:"allowed_origins"`
+	AllowedHeaders []string `mapstructure:"allowed_headers"`
+}