From 5fc49c45aa18d0eee1748bc8b72767799dda73e0 Mon Sep 17 00:00:00 2001 From: Nikita Skrynnik <93182827+NikitaSkrynnik@users.noreply.github.com> Date: Sun, 18 Dec 2022 11:03:29 +1100 Subject: [PATCH] add custom policies support (#780) Signed-off-by: Nikita Skrynnik Signed-off-by: Nikita Skrynnik --- internal/config/config.go | 19 ++++++++++--------- main.go | 3 ++- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/internal/config/config.go b/internal/config/config.go index 6d856b54..fd224824 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -34,15 +34,16 @@ import ( // Config - configuration for cmd-forwarder-vpp type Config struct { - Name string `default:"forwarder" desc:"Name of Endpoint"` - Labels map[string]string `default:"p2p:true" desc:"Labels related to this forwarder-vpp instance"` - NSName string `default:"forwarder" desc:"Name of Network Service to Register with Registry"` - ConnectTo url.URL `default:"unix:///connect.to.socket" desc:"url to connect to" split_words:"true"` - ListenOn url.URL `default:"unix:///listen.on.socket" desc:"url to listen on" split_words:"true"` - MaxTokenLifetime time.Duration `default:"10m" desc:"maximum lifetime of tokens" split_words:"true"` - LogLevel string `default:"INFO" desc:"Log level" split_words:"true"` - DialTimeout time.Duration `default:"100ms" desc:"Timeout for the dial the next endpoint" split_words:"true"` - OpenTelemetryEndpoint string `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint"` + Name string `default:"forwarder" desc:"Name of Endpoint"` + Labels map[string]string `default:"p2p:true" desc:"Labels related to this forwarder-vpp instance"` + NSName string `default:"forwarder" desc:"Name of Network Service to Register with Registry"` + ConnectTo url.URL `default:"unix:///connect.to.socket" desc:"url to connect to" split_words:"true"` + ListenOn url.URL `default:"unix:///listen.on.socket" desc:"url to listen on" split_words:"true"` + MaxTokenLifetime time.Duration `default:"10m" desc:"maximum lifetime of tokens" split_words:"true"` + RegistryClientPolicies []string `default:"etc/nsm/opa/common/.*.rego,etc/nsm/opa/registry/.*.rego,etc/nsm/opa/client/.*.rego" desc:"paths to files and directories that contain registry client policies" split_words:"true"` + LogLevel string `default:"INFO" desc:"Log level" split_words:"true"` + DialTimeout time.Duration `default:"100ms" desc:"Timeout for the dial the next endpoint" split_words:"true"` + OpenTelemetryEndpoint string `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint"` TunnelIP net.IP `desc:"IP to use for tunnels" split_words:"true"` VxlanPort uint16 `default:"0" desc:"VXLAN port to use" split_words:"true"` diff --git a/main.go b/main.go index fedbb475..cb45a770 100644 --- a/main.go +++ b/main.go @@ -301,7 +301,8 @@ func main() { registryclient.WithNSEAdditionalFunctionality( sendfd.NewNetworkServiceEndpointRegistryClient(), ), - registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient()), + registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient( + registryauthorize.WithPolicies(cfg.RegistryClientPolicies...))), ) _, err = registryClient.Register(ctx, ®istryapi.NetworkServiceEndpoint{ Name: cfg.Name,