internal/gomote: add authenticate endpoint implementation

This change adds the authenticate implementation for the gomote
service. The endpoint will be used to verify that the user is
authenticated and authorized to use the service.

Updates golang/go#48742

Change-Id: Ic6ab4cfa7eeccc37c12c6c0d002464053f1708dc
Reviewed-on: https://go-review.googlesource.com/c/build/+/371719
Trust: Carlos Amedee <[email protected]>
Run-TryBot: Carlos Amedee <[email protected]>
Reviewed-by: Alex Rakoczy <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>

Author: cagedmantis

internal/gomote/gomote.go

@@ -49,6 +49,17 @@ func New(rsp *remote.SessionPool, sched *schedule.Scheduler) *Server {
 	}
 }
 
+// Authenticate will allow the caller to verify that they are properly authenticated and authorized to interact with the
+// Service.
+func (s *Server) Authenticate(ctx context.Context, req *protos.AuthenticateRequest) (*protos.AuthenticateResponse, error) {
+	_, err := access.IAPFromContext(ctx)
+	if err != nil {
+		log.Printf("Authenticate access.IAPFromContext(ctx) = nil, %s", err)
+		return nil, status.Errorf(codes.Unauthenticated, "request does not contain the required authentication")
+	}
+	return &protos.AuthenticateResponse{}, nil
+}
+
 // CreateInstance will create a gomote instance for the authenticated user.
 func (s *Server) CreateInstance(req *protos.CreateInstanceRequest, stream protos.GomoteService_CreateInstanceServer) error {
 	ctx, cancel := context.WithTimeout(stream.Context(), 5*time.Minute)
@@ -131,7 +142,7 @@ func (s *Server) CreateInstance(req *protos.CreateInstanceRequest, stream protos
 	}
 }
 
-// isPrivilegedUser returns true if the user is using a Google account.
+// isPrivilagedUser returns true if the user is using a Google account.
 // The user has to be a part of the appropriate IAM group.
 func isPrivilegedUser(email string) bool {
 	if strings.HasSuffix(email, "@google.com") {

internal/gomote/gomote_test.go

@@ -61,6 +61,24 @@ func setupGomoteTest(t *testing.T, ctx context.Context) protos.GomoteServiceClie
 	return gc
 }
 
+func TestAuthenticate(t *testing.T) {
+	ctx := access.FakeContextWithOutgoingIAPAuth(context.Background(), fakeIAP())
+	client := setupGomoteTest(t, context.Background())
+	got, err := client.Authenticate(ctx, &protos.AuthenticateRequest{})
+	if err != nil {
+		t.Fatalf("client.Authenticate(ctx, request) = %v,  %s; want no error", got, err)
+	}
+}
+
+func TestAuthenticateError(t *testing.T) {
+	wantCode := codes.Unauthenticated
+	client := setupGomoteTest(t, context.Background())
+	_, err := client.Authenticate(context.Background(), &protos.AuthenticateRequest{})
+	if status.Code(err) != wantCode {
+		t.Fatalf("client.Authenticate(ctx, request) = _, %s; want %s", status.Code(err), wantCode)
+	}
+}
+
 func TestCreateInstance(t *testing.T) {
 	ctx := access.FakeContextWithOutgoingIAPAuth(context.Background(), fakeIAP())
 	req := &protos.CreateInstanceRequest{BuilderType: "linux-amd64"}