Enable auth MonitorConnectionServer

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/networkservicemesh/api v1.4.1-0.20220711153918-a59689088578
 	github.com/networkservicemesh/sdk v0.5.1-0.20220728125347-990b34144761
 	github.com/networkservicemesh/sdk-k8s v0.0.0-20220727115050-973a1270e9b2
-	github.com/networkservicemesh/sdk-sriov v0.0.0-20220727115858-ac8284407b5a
+	github.com/networkservicemesh/sdk-sriov v0.0.0-20220729123117-6e6ba322cdf3
 	github.com/networkservicemesh/sdk-vpp v0.0.0-20220729123121-3d899cbe9348
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1

go.sum

@@ -330,8 +330,8 @@ github.com/networkservicemesh/sdk-k8s v0.0.0-20220727115050-973a1270e9b2 h1:kPid
 github.com/networkservicemesh/sdk-k8s v0.0.0-20220727115050-973a1270e9b2/go.mod h1:eTDM/Wh3LGeIOziO8LfiJ0ZeKP/lvAtOwOp5N4h/J+k=
 github.com/networkservicemesh/sdk-kernel v0.0.0-20220728125711-2cca96db15dd h1:uXKpMHCRRQy2Aal39xr4pxAzPVLIIhOSI8i/rAwJSLI=
 github.com/networkservicemesh/sdk-kernel v0.0.0-20220728125711-2cca96db15dd/go.mod h1:Ut82Iu6JDq14ZFGZ2ykU5V3qp2YirGPOH+VuVKx+QSs=
-github.com/networkservicemesh/sdk-sriov v0.0.0-20220727115858-ac8284407b5a h1:cMDrMPWpnKuuEomClqtD3wE/kso2xs0c4AETrBz2MzI=
-github.com/networkservicemesh/sdk-sriov v0.0.0-20220727115858-ac8284407b5a/go.mod h1:DVOOV9Ki5eBGj+J+w/KC+ZswoVgZxsW/XCWRrtQlkMc=
+github.com/networkservicemesh/sdk-sriov v0.0.0-20220729123117-6e6ba322cdf3 h1:LBj7yqMo81Pz7iWXw8e0reufeDikTeTDW8Z2yoM9Dpc=
+github.com/networkservicemesh/sdk-sriov v0.0.0-20220729123117-6e6ba322cdf3/go.mod h1:vZ69kHXaNP67jA5OhgBXCWpDUxXlfY6kQcOxv30R4oU=
 github.com/networkservicemesh/sdk-vpp v0.0.0-20220729123121-3d899cbe9348 h1:fnmBfMJqfPCDBH/FGorldGDolfRT5pH4qk9cUehZXJI=
 github.com/networkservicemesh/sdk-vpp v0.0.0-20220729123121-3d899cbe9348/go.mod h1:TbVpHrkMDiS5bIpdmFPsqQuinfVcy/zEYL3NGGGTyIw=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=

internal/xconnectns/options.go

@@ -25,22 +25,22 @@ import (
 	"google.golang.org/grpc"
 
 	"github.com/networkservicemesh/api/pkg/api/networkservice"
-	"github.com/networkservicemesh/sdk/pkg/networkservice/common/cleanup"
-
 	"github.com/networkservicemesh/sdk-vpp/pkg/networkservice/mechanisms/vxlan"
 	"github.com/networkservicemesh/sdk-vpp/pkg/networkservice/stats"
+	"github.com/networkservicemesh/sdk/pkg/networkservice/common/cleanup"
 )
 
 type xconnOptions struct {
-	name            string
-	authorizeServer networkservice.NetworkServiceServer
-	clientURL       *url.URL
-	dialTimeout     time.Duration
-	domain2Device   map[string]string
-	statsOpts       []stats.Option
-	cleanupOpts     []cleanup.Option
-	vxlanOpts       []vxlan.Option
-	dialOpts        []grpc.DialOption
+	name                             string
+	authorizeServer                  networkservice.NetworkServiceServer
+	authorizeMonitorConnectionServer networkservice.MonitorConnectionServer
+	clientURL                        *url.URL
+	dialTimeout                      time.Duration
+	domain2Device                    map[string]string
+	statsOpts                        []stats.Option
+	cleanupOpts                      []cleanup.Option
+	vxlanOpts                        []vxlan.Option
+	dialOpts                         []grpc.DialOption
 }
 
 // Option is an option pattern for forwarder
@@ -63,6 +63,16 @@ func WithAuthorizeServer(authorizeServer networkservice.NetworkServiceServer) Op
 	}
 }
 
+// WithAuthorizeMonitorConnectionsServer sets authorization server chain element
+func WithAuthorizeMonitorConnectionsServer(authorizeMonitorConnectionServer networkservice.MonitorConnectionServer) Option {
+	if authorizeMonitorConnectionServer == nil {
+		panic("Authorize monitor connection server cannot be nil")
+	}
+	return func(o *xconnOptions) {
+		o.authorizeMonitorConnectionServer = authorizeMonitorConnectionServer
+	}
+}
+
 // WithClientURL sets clientURL.
 func WithClientURL(clientURL *url.URL) Option {
 	return func(c *xconnOptions) {

internal/xconnectns/server.go

@@ -45,6 +45,7 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/networkservice/common/authorize"
 	"github.com/networkservicemesh/sdk/pkg/networkservice/common/mechanisms"
 	"github.com/networkservicemesh/sdk/pkg/networkservice/common/switchcase"
+	authmonitor "github.com/networkservicemesh/sdk/pkg/tools/monitorconnection/authorize"
 	"github.com/networkservicemesh/sdk/pkg/tools/token"
 )
 
@@ -61,11 +62,12 @@ func NewServer(
 	options ...Option,
 ) endpoint.Endpoint {
 	xconnOpts := &xconnOptions{
-		name:            "forwarder-" + uuid.New().String(),
-		authorizeServer: authorize.NewServer(authorize.Any()),
-		clientURL:       &url.URL{Scheme: "unix", Host: "connect.to.socket"},
-		dialTimeout:     time.Millisecond * 200,
-		domain2Device:   make(map[string]string),
+		name:                             "forwarder-" + uuid.New().String(),
+		authorizeServer:                  authorize.NewServer(authorize.Any()),
+		authorizeMonitorConnectionServer: authmonitor.NewMonitorConnectionServer(authmonitor.Any()),
+		clientURL:                        &url.URL{Scheme: "unix", Host: "connect.to.socket"},
+		dialTimeout:                      time.Millisecond * 200,
+		domain2Device:                    make(map[string]string),
 	}
 	for _, opt := range options {
 		opt(xconnOpts)
@@ -74,6 +76,7 @@ func NewServer(
 	vppForwarder := vppforwarder.NewServer(ctx, tokenGenerator, vppConn, tunnelIP,
 		vppforwarder.WithName(xconnOpts.name),
 		vppforwarder.WithAuthorizeServer(xconnOpts.authorizeServer),
+		vppforwarder.WithAuthorizeMonitorConnectionServer(xconnOpts.authorizeMonitorConnectionServer),
 		vppforwarder.WithClientURL(xconnOpts.clientURL),
 		vppforwarder.WithDialTimeout(xconnOpts.dialTimeout),
 		vppforwarder.WithVlanDomain2Device(xconnOpts.domain2Device),
@@ -112,6 +115,7 @@ func NewServer(
 		sriovforwarder.NewServer(ctx,
 			xconnOpts.name,
 			xconnOpts.authorizeServer,
+			xconnOpts.authorizeMonitorConnectionServer,
 			tokenGenerator,
 			pciPool,
 			resourcePool,

main.go

@@ -53,8 +53,10 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/tools/grpcutils"
 	"github.com/networkservicemesh/sdk/pkg/tools/log"
 	"github.com/networkservicemesh/sdk/pkg/tools/log/logruslogger"
+	authmonitor "github.com/networkservicemesh/sdk/pkg/tools/monitorconnection/authorize"
 	"github.com/networkservicemesh/sdk/pkg/tools/opentelemetry"
 	"github.com/networkservicemesh/sdk/pkg/tools/spiffejwt"
+	"github.com/networkservicemesh/sdk/pkg/tools/spire"
 	"github.com/networkservicemesh/sdk/pkg/tools/token"
 	"github.com/networkservicemesh/sdk/pkg/tools/tracing"
 
@@ -231,7 +233,7 @@ func main() {
 		grpcfd.WithChainStreamInterceptor(),
 		grpcfd.WithChainUnaryInterceptor(),
 	}
-
+	spiffeIDConnMap := spire.SpiffeIDConnectionMap{}
 	endpoint := xconnectns.NewServer(
 		ctx,
 		spiffejwt.TokenGeneratorFunc(source, cfg.MaxTokenLifetime),
@@ -242,7 +244,8 @@ func main() {
 		sriovConfig,
 		cfg.VFIOPath, cfg.CgroupPath,
 		xconnectns.WithName(cfg.Name),
-		xconnectns.WithAuthorizeServer(authorize.NewServer()),
+		xconnectns.WithAuthorizeServer(authorize.NewServer(authorize.WithSpiffeIDConnectionMap(&spiffeIDConnMap))),
+		xconnectns.WithAuthorizeMonitorConnectionsServer(authmonitor.NewMonitorConnectionServer(authmonitor.WithSpiffeIDConnectionMap(&spiffeIDConnMap))),
 		xconnectns.WithVlanDomain2Device(deviceMap),
 		xconnectns.WithClientURL(&cfg.ConnectTo),
 		xconnectns.WithDialTimeout(cfg.DialTimeout),