add custom policies support (#780)

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

internal/config/config.go

@@ -34,15 +34,16 @@ import (
 
 // Config - configuration for cmd-forwarder-vpp
 type Config struct {
-	Name                  string            `default:"forwarder" desc:"Name of Endpoint"`
-	Labels                map[string]string `default:"p2p:true" desc:"Labels related to this forwarder-vpp instance"`
-	NSName                string            `default:"forwarder" desc:"Name of Network Service to Register with Registry"`
-	ConnectTo             url.URL           `default:"unix:///connect.to.socket" desc:"url to connect to" split_words:"true"`
-	ListenOn              url.URL           `default:"unix:///listen.on.socket" desc:"url to listen on" split_words:"true"`
-	MaxTokenLifetime      time.Duration     `default:"10m" desc:"maximum lifetime of tokens" split_words:"true"`
-	LogLevel              string            `default:"INFO" desc:"Log level" split_words:"true"`
-	DialTimeout           time.Duration     `default:"100ms" desc:"Timeout for the dial the next endpoint" split_words:"true"`
-	OpenTelemetryEndpoint string            `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint"`
+	Name                   string            `default:"forwarder" desc:"Name of Endpoint"`
+	Labels                 map[string]string `default:"p2p:true" desc:"Labels related to this forwarder-vpp instance"`
+	NSName                 string            `default:"forwarder" desc:"Name of Network Service to Register with Registry"`
+	ConnectTo              url.URL           `default:"unix:///connect.to.socket" desc:"url to connect to" split_words:"true"`
+	ListenOn               url.URL           `default:"unix:///listen.on.socket" desc:"url to listen on" split_words:"true"`
+	MaxTokenLifetime       time.Duration     `default:"10m" desc:"maximum lifetime of tokens" split_words:"true"`
+	RegistryClientPolicies []string          `default:"etc/nsm/opa/common/.*.rego,etc/nsm/opa/registry/.*.rego,etc/nsm/opa/client/.*.rego" desc:"paths to files and directories that contain registry client policies" split_words:"true"`
+	LogLevel               string            `default:"INFO" desc:"Log level" split_words:"true"`
+	DialTimeout            time.Duration     `default:"100ms" desc:"Timeout for the dial the next endpoint" split_words:"true"`
+	OpenTelemetryEndpoint  string            `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint"`
 
 	TunnelIP     net.IP       `desc:"IP to use for tunnels" split_words:"true"`
 	VxlanPort    uint16       `default:"0" desc:"VXLAN port to use" split_words:"true"`

main.go

@@ -301,7 +301,8 @@ func main() {
 		registryclient.WithNSEAdditionalFunctionality(
 			sendfd.NewNetworkServiceEndpointRegistryClient(),
 		),
-		registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient()),
+		registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient(
+			registryauthorize.WithPolicies(cfg.RegistryClientPolicies...))),
 	)
 	_, err = registryClient.Register(ctx, &registryapi.NetworkServiceEndpoint{
 		Name: cfg.Name,