Add OPA to registry-memory server

pkg/registry/chains/memory/server.go

@@ -27,6 +27,8 @@ import (
 	"github.com/networkservicemesh/api/pkg/api/registry"
 
 	registryserver "github.com/networkservicemesh/sdk/pkg/registry"
+	registryauthorize "github.com/networkservicemesh/sdk/pkg/registry/common/authorize"
+
 	"github.com/networkservicemesh/sdk/pkg/registry/common/begin"
 	"github.com/networkservicemesh/sdk/pkg/registry/common/clientconn"
 	"github.com/networkservicemesh/sdk/pkg/registry/common/clienturl"
@@ -41,10 +43,73 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/tools/interdomain"
 )
 
+type serverOptions struct {
+	authorizeNSRegistryServer  registry.NetworkServiceRegistryServer
+	authorizeNSERegistryServer registry.NetworkServiceEndpointRegistryServer
+	expireDuration             time.Duration
+	proxyRegistryURL           *url.URL
+	dialOptions                []grpc.DialOption
+}
+
+// Option modifies server option value
+type Option func(o *serverOptions)
+
+// WithAuthorizeNSRegistryServer sets authorization NetworkServiceRegistry chain element
+func WithAuthorizeNSRegistryServer(authorizeNSRegistryServer registry.NetworkServiceRegistryServer) Option {
+	if authorizeNSRegistryServer == nil {
+		panic("authorizeNSRegistryServer cannot be nil")
+	}
+	return func(o *serverOptions) {
+		o.authorizeNSRegistryServer = authorizeNSRegistryServer
+	}
+}
+
+// WithAuthorizeNSERegistryServer sets authorization NetworkServiceEndpointRegistry chain element
+func WithAuthorizeNSERegistryServer(authorizeNSERegistryServer registry.NetworkServiceEndpointRegistryServer) Option {
+	if authorizeNSERegistryServer == nil {
+		panic("authorizeNSERegistryServer cannot be nil")
+	}
+	return func(o *serverOptions) {
+		o.authorizeNSERegistryServer = authorizeNSERegistryServer
+	}
+}
+
+// WithExpireDuration sets expire duration for the server
+func WithExpireDuration(expireDuration time.Duration) Option {
+	return func(o *serverOptions) {
+		o.expireDuration = expireDuration
+	}
+}
+
+// WithProxyRegistryURL sets URL to reach the proxy registry
+func WithProxyRegistryURL(proxyRegistryURL *url.URL) Option {
+	return func(o *serverOptions) {
+		o.proxyRegistryURL = proxyRegistryURL
+	}
+}
+
+// WithDialOptions sets grpc.DialOptions for the server
+func WithDialOptions(dialOptions ...grpc.DialOption) Option {
+	return func(o *serverOptions) {
+		o.dialOptions = dialOptions
+	}
+}
+
 // NewServer creates new registry server based on memory storage
-func NewServer(ctx context.Context, expiryDuration time.Duration, proxyRegistryURL *url.URL, dialOptions ...grpc.DialOption) registryserver.Registry {
+func NewServer(ctx context.Context, options ...Option) registryserver.Registry {
+	opts := &serverOptions{
+		authorizeNSRegistryServer:  registryauthorize.NewNetworkServiceRegistryServer(registryauthorize.Any()),
+		authorizeNSERegistryServer: registryauthorize.NewNetworkServiceEndpointRegistryServer(registryauthorize.Any()),
+		expireDuration:             time.Minute,
+		proxyRegistryURL:           nil,
+	}
+	for _, opt := range options {
+		opt(opts)
+	}
+
 	nseChain := chain.NewNetworkServiceEndpointRegistryServer(
 		begin.NewNetworkServiceEndpointRegistryServer(),
+		opts.authorizeNSERegistryServer,
 		switchcase.NewNetworkServiceEndpointRegistryServer(switchcase.NSEServerCase{
 			Condition: func(c context.Context, nse *registry.NetworkServiceEndpoint) bool {
 				if interdomain.Is(nse.GetName()) {
@@ -61,10 +126,10 @@ func NewServer(ctx context.Context, expiryDuration time.Duration, proxyRegistryU
 				connect.NewNetworkServiceEndpointRegistryServer(
 					chain.NewNetworkServiceEndpointRegistryClient(
 						begin.NewNetworkServiceEndpointRegistryClient(),
-						clienturl.NewNetworkServiceEndpointRegistryClient(proxyRegistryURL),
+						clienturl.NewNetworkServiceEndpointRegistryClient(opts.proxyRegistryURL),
 						clientconn.NewNetworkServiceEndpointRegistryClient(),
 						dial.NewNetworkServiceEndpointRegistryClient(ctx,
-							dial.WithDialOptions(dialOptions...),
+							dial.WithDialOptions(opts.dialOptions...),
 						),
 						connect.NewNetworkServiceEndpointRegistryClient(),
 					),
@@ -75,13 +140,14 @@ func NewServer(ctx context.Context, expiryDuration time.Duration, proxyRegistryU
 				Condition: func(c context.Context, nse *registry.NetworkServiceEndpoint) bool { return true },
 				Action: chain.NewNetworkServiceEndpointRegistryServer(
 					setregistrationtime.NewNetworkServiceEndpointRegistryServer(),
-					expire.NewNetworkServiceEndpointRegistryServer(ctx, expiryDuration),
+					expire.NewNetworkServiceEndpointRegistryServer(ctx, opts.expireDuration),
 					memory.NewNetworkServiceEndpointRegistryServer(),
 				),
 			},
 		),
 	)
 	nsChain := chain.NewNetworkServiceRegistryServer(
+		opts.authorizeNSRegistryServer,
 		setpayload.NewNetworkServiceRegistryServer(),
 		switchcase.NewNetworkServiceRegistryServer(
 			switchcase.NSServerCase{
@@ -90,11 +156,11 @@ func NewServer(ctx context.Context, expiryDuration time.Duration, proxyRegistryU
 				},
 				Action: connect.NewNetworkServiceRegistryServer(
 					chain.NewNetworkServiceRegistryClient(
-						clienturl.NewNetworkServiceRegistryClient(proxyRegistryURL),
+						clienturl.NewNetworkServiceRegistryClient(opts.proxyRegistryURL),
 						begin.NewNetworkServiceRegistryClient(),
 						clientconn.NewNetworkServiceRegistryClient(),
 						dial.NewNetworkServiceRegistryClient(ctx,
-							dial.WithDialOptions(dialOptions...),
+							dial.WithDialOptions(opts.dialOptions...),
 						),
 						connect.NewNetworkServiceRegistryClient(),
 					),

pkg/tools/sandbox/builder.go

@@ -262,9 +262,9 @@ func (b *Builder) newRegistry() *RegistryEntry {
 	entry.restartableServer = newRestartableServer(b.ctx, b.t, entry.URL, func(ctx context.Context) {
 		entry.Registry = b.supplyRegistry(
 			ctx,
-			b.registryExpiryDuration,
-			nsmgrProxyURL,
-			DialOptions(WithTokenGenerator(b.generateTokenFunc))...,
+			memory.WithExpireDuration(b.registryExpiryDuration),
+			memory.WithProxyRegistryURL(nsmgrProxyURL),
+			memory.WithDialOptions(DialOptions(WithTokenGenerator(b.generateTokenFunc))...),
 		)
 		serve(ctx, b.t, entry.URL, entry.Register)
 

pkg/tools/sandbox/types.go

@@ -19,7 +19,6 @@ package sandbox
 import (
 	"context"
 	"net/url"
-	"time"
 
 	registryapi "github.com/networkservicemesh/api/pkg/api/registry"
 	"google.golang.org/grpc"
@@ -29,6 +28,7 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/networkservice/chains/nsmgrproxy"
 	"github.com/networkservicemesh/sdk/pkg/registry"
 	registryclient "github.com/networkservicemesh/sdk/pkg/registry/chains/client"
+	"github.com/networkservicemesh/sdk/pkg/registry/chains/memory"
 	"github.com/networkservicemesh/sdk/pkg/registry/common/dnsresolve"
 	"github.com/networkservicemesh/sdk/pkg/tools/token"
 )
@@ -40,7 +40,7 @@ type SupplyNSMgrProxyFunc func(ctx context.Context, regURL, proxyURL *url.URL, t
 type SupplyNSMgrFunc func(ctx context.Context, tokenGenerator token.GeneratorFunc, options ...nsmgr.Option) nsmgr.Nsmgr
 
 // SupplyRegistryFunc supplies Registry
-type SupplyRegistryFunc func(ctx context.Context, expiryDuration time.Duration, proxyRegistryURL *url.URL, options ...grpc.DialOption) registry.Registry
+type SupplyRegistryFunc func(ctx context.Context, options ...memory.Option) registry.Registry
 
 // SupplyRegistryProxyFunc supplies registry proxy
 type SupplyRegistryProxyFunc func(ctx context.Context, dnsResolver dnsresolve.Resolver, options ...grpc.DialOption) registry.Registry