Merge pull request #150 from denis-tingaikin/fix-registry-url

qfix: Add missed NewPerRPCCredentials to prevent OPA issues
networkservicemesh · Jun 6, 2021 · b18fea6 · b18fea6
2 parents df218af + 9bd8229
commit b18fea6
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go
@@ -19,6 +19,7 @@ import (
 	_ "github.com/networkservicemesh/sdk/pkg/tools/opentracing"
 	_ "github.com/networkservicemesh/sdk/pkg/tools/spiffejwt"
 	_ "github.com/networkservicemesh/sdk/pkg/tools/spire"
+	_ "github.com/networkservicemesh/sdk/pkg/tools/token"
 	_ "github.com/sirupsen/logrus"
 	_ "github.com/spiffe/go-spiffe/v2/bundle/x509bundle"
 	_ "github.com/spiffe/go-spiffe/v2/spiffetls/tlsconfig"

diff --git a/main.go b/main.go
@@ -31,6 +31,7 @@ import (
 	"github.com/edwarnicke/grpcfd"
 
 	"github.com/networkservicemesh/sdk/pkg/tools/opentracing"
+	"github.com/networkservicemesh/sdk/pkg/tools/token"
 
 	registryconnect "github.com/networkservicemesh/sdk/pkg/registry/common/connect"
 
@@ -122,22 +123,32 @@ func main() {
 	dialOptions := append(
 		opentracing.WithTracingDial(),
 		grpc.WithBlock(),
-		grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
+		grpc.WithDefaultCallOptions(
+			grpc.WaitForReady(true),
+			grpc.PerRPCCredentials(token.NewPerRPCCredentials(spiffejwt.TokenGeneratorFunc(source, config.MaxTokenLifetime))),
+		),
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
 					tlsconfig.MTLSClientConfig(source, source, tlsconfig.AuthorizeAny()),
 				),
 			),
 		),
+		grpcfd.WithChainStreamInterceptor(),
+		grpcfd.WithChainUnaryInterceptor(),
 	)
+
+	listenURL := getPublicURL(defaultURL(config))
+
+	log.FromContext(ctx).Infof("Listening url: %v", listenURL)
+
 	nsmgrproxy.NewServer(
 		ctx,
-		config.RegistryProxyURL,
 		config.RegistryURL,
+		config.RegistryProxyURL,
 		spiffejwt.TokenGeneratorFunc(source, config.MaxTokenLifetime),
 		nsmgrproxy.WithName(config.Name),
-		nsmgrproxy.WithListenOn(getPublicURL(defaultURL(config))),
+		nsmgrproxy.WithListenOn(listenURL),
 		nsmgrproxy.WithRegistryConnectOptions(registryconnect.WithDialOptions(dialOptions...)),
 		nsmgrproxy.WithConnectOptions(connect.WithDialOptions(dialOptions...)),
 		nsmgrproxy.WithMapIPFilePath(config.MapIPFilePath),