networkservicemesh · anastasia-malysheva · Jul 5, 2022 · Jul 5, 2022 · Jul 5, 2022 · Jul 8, 2022
diff --git a/.github/workflows/update-dependent-repositories-gomod.yaml b/.github/workflows/update-dependent-repositories-gomod.yaml
@@ -26,6 +26,7 @@ jobs:
         "cmd-nsc-init",
         "cmd-ipam-vl3",
         "cmd-map-ip-k8s",
-        "cmd-admission-webhook-k8s"]
+        "cmd-admission-webhook-k8s",
+        "cmd-cluster-info-k8s"]
     secrets:
       token: ${{ secrets.NSM_BOT_GITHUB_TOKEN }}
diff --git a/go.mod b/go.mod
@@ -18,7 +18,7 @@ require (
 	github.com/miekg/dns v1.1.49
 	github.com/nats-io/nats-streaming-server v0.24.3
 	github.com/nats-io/stan.go v0.10.2
-	github.com/networkservicemesh/api v1.3.2-0.20220516230921-edaa6f46d6ab
+	github.com/networkservicemesh/api v1.4.1-0.20220711153918-a59689088578
 	github.com/open-policy-agent/opa v0.16.1
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1
@@ -38,6 +38,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.3.0
 	go.uber.org/atomic v1.7.0
 	go.uber.org/goleak v1.1.12
+	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2
 	gonum.org/v1/gonum v0.6.2
 	google.golang.org/grpc v1.42.0
 	google.golang.org/protobuf v1.27.1
@@ -85,7 +86,6 @@ require (
 	go.opentelemetry.io/proto/otlp v0.11.0 // indirect
 	golang.org/x/crypto v0.0.0-20220307211146-efcb8507fb70 // indirect
 	golang.org/x/mod v0.4.2 // indirect
-	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
 	golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect

diff --git a/go.sum b/go.sum
@@ -193,8 +193,8 @@ github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/nats-io/stan.go v0.10.2 h1:gQLd05LhzmhFkHm3/qP/klYHfM/hys45GyHa1Uly/kI=
 github.com/nats-io/stan.go v0.10.2/go.mod h1:vo2ax8K2IxaR3JtEMLZRFKIdoK/3o1/PKueapB7ezX0=
-github.com/networkservicemesh/api v1.3.2-0.20220516230921-edaa6f46d6ab h1:hV6T7Kvze0qQphqi6g5ZKFoJ0m08OKdWETUINo3tuaA=
-github.com/networkservicemesh/api v1.3.2-0.20220516230921-edaa6f46d6ab/go.mod h1:hOF2844BSstH1311oDMDgqqXS+kdc77htZNPRKl9mf8=
+github.com/networkservicemesh/api v1.4.1-0.20220711153918-a59689088578 h1:2MZD6SGFULqTgMKA8BFy7F+ldRErAyxsWht7oCwCVRM=
+github.com/networkservicemesh/api v1.4.1-0.20220711153918-a59689088578/go.mod h1:hOF2844BSstH1311oDMDgqqXS+kdc77htZNPRKl9mf8=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=

diff --git a/pkg/networkservice/chains/endpoint/server.go b/pkg/networkservice/chains/endpoint/server.go
@@ -1,6 +1,6 @@
-// Copyright (c) 2020-2021 Cisco Systems, Inc.
+// Copyright (c) 2020-2022 Cisco Systems, Inc.
 //
-// Copyright (c) 2020-2021 Doc.ai and/or its affiliates.
+// Copyright (c) 2020-2022 Doc.ai and/or its affiliates.
 //
 // SPDX-License-Identifier: Apache-2.0
 //
@@ -41,6 +41,8 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/networkservice/common/updatetoken"
 	"github.com/networkservicemesh/sdk/pkg/networkservice/core/chain"
 	"github.com/networkservicemesh/sdk/pkg/tools/grpcutils"
+	authmonitor "github.com/networkservicemesh/sdk/pkg/tools/monitorconnection/authorize"
+	"github.com/networkservicemesh/sdk/pkg/tools/monitorconnection/next"
 	"github.com/networkservicemesh/sdk/pkg/tools/token"
 )
 
@@ -62,6 +64,7 @@ type endpoint struct {
 type serverOptions struct {
 	name                    string
 	authorizeServer         networkservice.NetworkServiceServer
+	authorizeMonitorServer  networkservice.MonitorConnectionServer
 	additionalFunctionality []networkservice.NetworkServiceServer
 }
 
@@ -85,6 +88,16 @@ func WithAuthorizeServer(authorizeServer networkservice.NetworkServiceServer) Op
 	}
 }
 
+// WithAuthorizeMonitorServer sets authorization MonitorConnectionServer chain element
+func WithAuthorizeMonitorServer(authorizeMonitorServer networkservice.MonitorConnectionServer) Option {
+	if authorizeMonitorServer == nil {
+		panic("authorizeMonitorServer cannot be nil")
+	}
+	return func(o *serverOptions) {
+		o.authorizeMonitorServer = authorizeMonitorServer
+	}
+}
+
 // WithAdditionalFunctionality sets additional NetworkServiceServer chain elements to be included in the chain
 func WithAdditionalFunctionality(additionalFunctionality ...networkservice.NetworkServiceServer) Option {
 	return func(o *serverOptions) {
@@ -95,12 +108,14 @@ func WithAdditionalFunctionality(additionalFunctionality ...networkservice.Netwo
 // NewServer - returns a NetworkServiceMesh client as a chain of the standard Client pieces plus whatever
 func NewServer(ctx context.Context, tokenGenerator token.GeneratorFunc, options ...Option) Endpoint {
 	opts := &serverOptions{
-		name:            "endpoint-" + uuid.New().String(),
-		authorizeServer: authorize.NewServer(authorize.Any()),
+		name:                   "endpoint-" + uuid.New().String(),
+		authorizeServer:        authorize.NewServer(authorize.Any()),
+		authorizeMonitorServer: authmonitor.NewMonitorConnectionServer(authmonitor.Any()),
 	}
 	for _, opt := range options {
 		opt(opts)
 	}
+	var mcsPtr networkservice.MonitorConnectionServer
 
 	rv := &endpoint{}
 	rv.NetworkServiceServer = chain.NewNetworkServiceServer(
@@ -111,10 +126,10 @@ func NewServer(ctx context.Context, tokenGenerator token.GeneratorFunc, options
 			opts.authorizeServer,
 			metadata.NewServer(),
 			timeout.NewServer(ctx),
-			monitor.NewServer(ctx, &rv.MonitorConnectionServer),
+			monitor.NewServer(ctx, &mcsPtr),
 			trimpath.NewServer(),
 		}, opts.additionalFunctionality...)...)
-
+	rv.MonitorConnectionServer = next.NewMonitorConnectionServer(opts.authorizeMonitorServer, mcsPtr)
 	return rv
 }
 

diff --git a/pkg/networkservice/chains/nsmgr/dns_test.go b/pkg/networkservice/chains/nsmgr/dns_test.go
@@ -0,0 +1,145 @@
+// Copyright (c) 2020-2022 Doc.ai and/or its affiliates.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at:
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !windows
+// +build !windows
+
+package nsmgr_test
+
+import (
+	"context"
+	"net"
+	"testing"
+	"time"
+
+	"github.com/networkservicemesh/api/pkg/api/networkservice"
+	"github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/cls"
+	kernelmech "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/kernel"
+	"github.com/stretchr/testify/require"
+	"go.uber.org/goleak"
+
+	"github.com/networkservicemesh/sdk/pkg/networkservice/chains/client"
+	"github.com/networkservicemesh/sdk/pkg/networkservice/connectioncontext/dnscontext"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsconfig"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/cache"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/dnsconfigs"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/fanout"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/memory"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/next"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/noloop"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/norecursion"
+	"github.com/networkservicemesh/sdk/pkg/tools/dnsutils/searches"
+	"github.com/networkservicemesh/sdk/pkg/tools/sandbox"
+)
+
+func requireIPv4Lookup(ctx context.Context, t *testing.T, r *net.Resolver, host, expected string) {
+	addrs, err := r.LookupIP(ctx, "ip4", host)
+	require.NoError(t, err)
+	require.Len(t, addrs, 1)
+	require.Equal(t, expected, addrs[0].String())
+}
+
+func Test_DNSUsecase(t *testing.T) {
+	t.Cleanup(func() { goleak.VerifyNone(t) })
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*200)
+	defer cancel()
+
+	domain := sandbox.NewBuilder(ctx, t).
+		SetNodesCount(1).
+		SetNSMgrProxySupplier(nil).
+		SetRegistryProxySupplier(nil).
+		Build()
+
+	nsRegistryClient := domain.NewNSRegistryClient(ctx, sandbox.GenerateTestToken)
+
+	nsReg, err := nsRegistryClient.Register(ctx, defaultRegistryService(t.Name()))
+	require.NoError(t, err)
+
+	nseReg := defaultRegistryEndpoint(nsReg.Name)
+
+	nse := domain.Nodes[0].NewEndpoint(ctx, nseReg, sandbox.GenerateTestToken)
+
+	dnsConfigsMap := new(dnsconfig.Map)
+	nsc := domain.Nodes[0].NewClient(ctx, sandbox.GenerateTestToken, client.WithAdditionalFunctionality(dnscontext.NewClient(
+		dnscontext.WithChainContext(ctx),
+		dnscontext.WithDNSConfigsMap(dnsConfigsMap),
+	)))
+
+	dnsConfigs := []*networkservice.DNSConfig{
+		{
+			DnsServerIps:  []string{"127.0.0.1:40053"},
+			SearchDomains: []string{"com"},
+		},
+	}
+
+	// DNS server on nse side
+	dnsRecords := new(memory.Map)
+	dnsRecords.Store("my.domain.", []net.IP{net.ParseIP("4.4.4.4")})
+	dnsRecords.Store("my.domain.com.", []net.IP{net.ParseIP("5.5.5.5")})
+	dnsutils.ListenAndServe(ctx, memory.NewDNSHandler(dnsRecords), ":40053")
+
+	// DNS server on nsc side
+	clientDNSHandler := next.NewDNSHandler(
+		dnsconfigs.NewDNSHandler(dnsConfigsMap),
+		searches.NewDNSHandler(),
+		noloop.NewDNSHandler(),
+		norecursion.NewDNSHandler(),
+		cache.NewDNSHandler(),
+		fanout.NewDNSHandler(),
+	)
+	dnsutils.ListenAndServe(ctx, clientDNSHandler, ":50053")
+
+	request := &networkservice.NetworkServiceRequest{
+		MechanismPreferences: []*networkservice.Mechanism{
+			{Cls: cls.LOCAL, Type: kernelmech.MECHANISM},
+		},
+		Connection: &networkservice.Connection{
+			Id:             "1",
+			NetworkService: nsReg.Name,
+			Context: &networkservice.ConnectionContext{
+				DnsContext: &networkservice.DNSContext{
+					Configs: dnsConfigs,
+				},
+			},
+			Labels: make(map[string]string),
+		},
+	}
+
+	resolver := net.Resolver{
+		PreferGo: true,
+		Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
+			var dialer net.Dialer
+			return dialer.DialContext(ctx, network, "127.0.0.1:50053")
+		},
+	}
+
+	_, err = resolver.LookupIP(ctx, "ip4", "my.domain")
+	require.Error(t, err)
+
+	conn, err := nsc.Request(ctx, request)
+	require.NoError(t, err)
+
+	requireIPv4Lookup(ctx, t, &resolver, "my.domain", "4.4.4.4")
+	requireIPv4Lookup(ctx, t, &resolver, "my.domain.com", "5.5.5.5")
+
+	_, err = nsc.Close(ctx, conn)
+	require.NoError(t, err)
+
+	_, err = nse.Unregister(ctx, nseReg)
+	require.NoError(t, err)
+}
diff --git a/pkg/networkservice/chains/nsmgr/server.go b/pkg/networkservice/chains/nsmgr/server.go
@@ -58,6 +58,7 @@ import (
 	registryadapter "github.com/networkservicemesh/sdk/pkg/registry/core/adapters"
 	"github.com/networkservicemesh/sdk/pkg/registry/core/chain"
 	"github.com/networkservicemesh/sdk/pkg/tools/grpcutils"
+	authmonitor "github.com/networkservicemesh/sdk/pkg/tools/monitorconnection/authorize"
 	"github.com/networkservicemesh/sdk/pkg/tools/token"
 )
 
@@ -74,13 +75,14 @@ type nsmgrServer struct {
 }
 
 type serverOptions struct {
-	authorizeServer      networkservice.NetworkServiceServer
-	dialOptions          []grpc.DialOption
-	dialTimeout          time.Duration
-	regURL               *url.URL
-	name                 string
-	url                  string
-	forwarderServiceName string
+	authorizeServer        networkservice.NetworkServiceServer
+	authorizeMonitorServer networkservice.MonitorConnectionServer
+	dialOptions            []grpc.DialOption
+	dialTimeout            time.Duration
+	regURL                 *url.URL
+	name                   string
+	url                    string
+	forwarderServiceName   string
 }
 
 // Option modifies server option value
@@ -118,6 +120,16 @@ func WithAuthorizeServer(authorizeServer networkservice.NetworkServiceServer) Op
 	}
 }
 
+// WithAuthorizeMonitorServer sets authorization MonitorConnectionServer chain element
+func WithAuthorizeMonitorServer(authorizeMonitorServer networkservice.MonitorConnectionServer) Option {
+	if authorizeMonitorServer == nil {
+		panic("authorizeMonitorServer cannot be nil")
+	}
+	return func(o *serverOptions) {
+		o.authorizeMonitorServer = authorizeMonitorServer
+	}
+}
+
 // WithRegistry sets URL and dial options to reach the upstream registry, if not passed memory storage will be used.
 func WithRegistry(regURL *url.URL) Option {
 	return func(o *serverOptions) {
@@ -147,16 +159,16 @@ var _ Nsmgr = (*nsmgrServer)(nil)
 //			 options - a set of Nsmgr options.
 func NewServer(ctx context.Context, tokenGenerator token.GeneratorFunc, options ...Option) Nsmgr {
 	opts := &serverOptions{
-		authorizeServer:      authorize.NewServer(authorize.Any()),
-		name:                 "nsmgr-" + uuid.New().String(),
-		forwarderServiceName: "forwarder",
+		authorizeServer:        authorize.NewServer(authorize.Any()),
+		authorizeMonitorServer: authmonitor.NewMonitorConnectionServer(authmonitor.Any()),
+		name:                   "nsmgr-" + uuid.New().String(),
+		forwarderServiceName:   "forwarder",
 	}
 	for _, opt := range options {
 		opt(opts)
 	}
 
 	rv := &nsmgrServer{}
-
 	var nsRegistry = memory.NewNetworkServiceRegistryServer()
 	if opts.regURL != nil {
 		// Use remote registry
@@ -212,6 +224,7 @@ func NewServer(ctx context.Context, tokenGenerator token.GeneratorFunc, options
 	rv.Endpoint = endpoint.NewServer(ctx, tokenGenerator,
 		endpoint.WithName(opts.name),
 		endpoint.WithAuthorizeServer(opts.authorizeServer),
+		endpoint.WithAuthorizeMonitorServer(opts.authorizeMonitorServer),
 		endpoint.WithAdditionalFunctionality(
 			adapters.NewClientToServer(clientinfo.NewClient()),
 			discoverforwarder.NewServer(