abcxyz · raserva · Feb 9, 2022 · Feb 9, 2022 · Feb 9, 2022 · Feb 9, 2022
@@ -34,7 +34,6 @@ import (
 	"github.com/abcxyz/lumberjack/clients/go/pkg/remote"
 	"github.com/abcxyz/lumberjack/clients/go/pkg/security"
 	"github.com/sethvargo/go-envconfig"
-	"google.golang.org/grpc"
 	"gopkg.in/yaml.v2"
 
 	alpb "github.com/abcxyz/lumberjack/clients/go/apis/v1alpha1"
@@ -102,20 +101,20 @@ func FromConfigFile(path string) audit.Option {
 // s := grpc.NewServer(opt)
 // ```
 // TODO(#109): add streaming interceptor.
-func WithInterceptorFromConfigFile(path string) (grpc.ServerOption, *audit.Client, error) {
+func WithInterceptorFromConfigFile(path string) (*audit.Interceptor, error) {
 	fc, err := ioutil.ReadFile(path)
 	if err != nil {
-		return nil, nil, err
+		return nil, fmt.Errorf("failed to read config file: %w", err)
 	}
 	cfg := &alpb.Config{}
 	if err := yaml.Unmarshal(fc, cfg); err != nil {
-		return nil, nil, err
+		return nil, fmt.Errorf("failed to unmarshall file to yaml: %w", err)
 	}
 	if err := cfg.ValidateSecurityContext(); err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 	if err := setAndValidate(cfg); err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	interceptor := &audit.Interceptor{}
@@ -127,7 +126,7 @@ func WithInterceptorFromConfigFile(path string) (grpc.ServerOption, *audit.Clien
 		}
 		interceptor.SecurityContext = fromRawJWT
 	default:
-		return nil, nil, fmt.Errorf("no supported security context configured in config %+v", cfg)
+		return nil, fmt.Errorf("no supported security context configured in config %+v", cfg)
 	}
 
 	// Add audit rules to interceptor.
@@ -139,11 +138,11 @@ func WithInterceptorFromConfigFile(path string) (grpc.ServerOption, *audit.Clien
 	}
 	auditClient, err := audit.NewClient(auditOpt)
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to create audit client from config %+v: %w", cfg, err)
+		return nil, fmt.Errorf("failed to create audit client from config %+v: %w", cfg, err)
 	}
 	interceptor.Client = auditClient
 
-	return grpc.UnaryInterceptor(interceptor.UnaryInterceptor), auditClient, nil
+	return interceptor, nil
 }
 
 func clientFromConfig(c *audit.Client, cfg *alpb.Config) error {

@@ -570,7 +570,7 @@ rules:
 				t.Fatal(err)
 			}
 
-			_, _, err := WithInterceptorFromConfigFile(path)
+			_, err := WithInterceptorFromConfigFile(path)
 			if diff := errutil.DiffSubstring(err, tc.wantErrSubstr); diff != "" {
 				t.Errorf("WithInterceptorFromConfigFile(path) got unexpected error substring: %v", diff)
 			}

@@ -38,21 +38,23 @@ func main() {
 	if err != nil {
 		log.Fatalf("failed to listen: %v", err)
 	}
-	opt, c, err := auditopt.WithInterceptorFromConfigFile(auditopt.DefaultConfigFilePath)
+	interceptor, err := auditopt.WithInterceptorFromConfigFile(auditopt.DefaultConfigFilePath)
+	defer func() {
+		if err := interceptor.Stop(); err != nil {
+			log.Fatalf("failed to stop interceptor: %v", err)
+		}
+	}()
 	if err != nil {
 		log.Fatalf("failed to setup audit interceptor: %v", err)
 	}
-	s := grpc.NewServer(opt)
+	s := grpc.NewServer(grpc.UnaryInterceptor(interceptor.UnaryInterceptor))
 	talkerpb.RegisterTalkerServer(s, &server{})
 	// Register the reflection service makes it easier for some clients.
 	reflection.Register(s)
 	log.Printf("server listening at %v", lis.Addr())
 	if err := s.Serve(lis); err != nil {
 		log.Fatalf("failed to serve: %v", err)
 	}
-	if err := c.Stop(); err != nil {
-		log.Fatalf("failed to stop audit client: %v", err)
-	}
 }
 
 type server struct {