Skip to content

Commit

Permalink
add client registry authorization to registry-k8s
Browse files Browse the repository at this point in the history
Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
  • Loading branch information
NikitaSkrynnik committed Dec 7, 2022
1 parent 9016e92 commit d8f2a94
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 4 deletions.
32 changes: 29 additions & 3 deletions pkg/registry/chains/registryk8s/registry-k8s.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,9 @@ type Config struct {

type serverOptions struct {
authorizeNSRegistryServer registry.NetworkServiceRegistryServer
authorizeNSRegistryClient registry.NetworkServiceRegistryClient
authorizeNSERegistryServer registry.NetworkServiceEndpointRegistryServer
authorizeNSERegistryClient registry.NetworkServiceEndpointRegistryClient
dialOptions []grpc.DialOption
}

Expand All @@ -73,7 +75,7 @@ func WithDialOptions(dialOptions ...grpc.DialOption) Option {
}
}

// WithAuthorizeNSRegistryServer sets authorization NetworkServiceRegistry chain element
// WithAuthorizeNSRegistryServer sets server authorization NetworkServiceRegistry chain element
func WithAuthorizeNSRegistryServer(authorizeNSRegistryServer registry.NetworkServiceRegistryServer) Option {
if authorizeNSRegistryServer == nil {
panic("authorizeNSRegistryServer cannot be nil")
Expand All @@ -83,7 +85,7 @@ func WithAuthorizeNSRegistryServer(authorizeNSRegistryServer registry.NetworkSer
}
}

// WithAuthorizeNSERegistryServer sets authorization NetworkServiceEndpointRegistry chain element
// WithAuthorizeNSERegistryServer sets server authorization NetworkServiceEndpointRegistry chain element
func WithAuthorizeNSERegistryServer(authorizeNSERegistryServer registry.NetworkServiceEndpointRegistryServer) Option {
if authorizeNSERegistryServer == nil {
panic("authorizeNSERegistryServer cannot be nil")
Expand All @@ -93,20 +95,42 @@ func WithAuthorizeNSERegistryServer(authorizeNSERegistryServer registry.NetworkS
}
}

// WithAuthorizeNSRegistryClient sets client authorization NetworkServiceRegistry chain element
func WithAuthorizeNSRegistryClient(authorizeNSRegistryClient registry.NetworkServiceRegistryClient) Option {
if authorizeNSRegistryClient == nil {
panic("authorizeNSRegistryClient cannot be nil")
}
return func(o *serverOptions) {
o.authorizeNSRegistryClient = authorizeNSRegistryClient
}
}

// WithAuthorizeNSERegistryClient sets client authorization NetworkServiceEndpointRegistry chain element
func WithAuthorizeNSERegistryClient(authorizeNSERegistryClient registry.NetworkServiceEndpointRegistryClient) Option {
if authorizeNSERegistryClient == nil {
panic("authorizeNSERegistryClient cannot be nil")
}
return func(o *serverOptions) {
o.authorizeNSERegistryClient = authorizeNSERegistryClient
}
}

// NewServer creates new registry server based on k8s etcd db storage
func NewServer(config *Config, tokenGenerator token.GeneratorFunc, options ...Option) registryserver.Registry {
opts := &serverOptions{
authorizeNSRegistryServer: registryauthorize.NewNetworkServiceRegistryServer(registryauthorize.Any()),
authorizeNSERegistryServer: registryauthorize.NewNetworkServiceEndpointRegistryServer(registryauthorize.Any()),
authorizeNSRegistryClient: registryauthorize.NewNetworkServiceRegistryClient(registryauthorize.Any()),
authorizeNSERegistryClient: registryauthorize.NewNetworkServiceEndpointRegistryClient(registryauthorize.Any()),
}
for _, opt := range options {
opt(opts)
}

nseChain := chain.NewNetworkServiceEndpointRegistryServer(
grpcmetadata.NewNetworkServiceEndpointRegistryServer(),
updatepath.NewNetworkServiceEndpointRegistryServer(tokenGenerator),
begin.NewNetworkServiceEndpointRegistryServer(),
updatepath.NewNetworkServiceEndpointRegistryServer(tokenGenerator),
opts.authorizeNSERegistryServer,
switchcase.NewNetworkServiceEndpointRegistryServer(switchcase.NSEServerCase{
Condition: func(c context.Context, nse *registry.NetworkServiceEndpoint) bool {
Expand All @@ -126,6 +150,7 @@ func NewServer(config *Config, tokenGenerator token.GeneratorFunc, options ...Op
begin.NewNetworkServiceEndpointRegistryClient(),
clienturl.NewNetworkServiceEndpointRegistryClient(config.ProxyRegistryURL),
clientconn.NewNetworkServiceEndpointRegistryClient(),
opts.authorizeNSERegistryClient,
grpcmetadata.NewNetworkServiceEndpointRegistryClient(),
dial.NewNetworkServiceEndpointRegistryClient(config.ChainCtx,
dial.WithDialOptions(opts.dialOptions...),
Expand Down Expand Up @@ -160,6 +185,7 @@ func NewServer(config *Config, tokenGenerator token.GeneratorFunc, options ...Op
clienturl.NewNetworkServiceRegistryClient(config.ProxyRegistryURL),
begin.NewNetworkServiceRegistryClient(),
clientconn.NewNetworkServiceRegistryClient(),
opts.authorizeNSRegistryClient,
grpcmetadata.NewNetworkServiceRegistryClient(),
dial.NewNetworkServiceRegistryClient(config.ChainCtx,
dial.WithDialOptions(opts.dialOptions...),
Expand Down
2 changes: 1 addition & 1 deletion pkg/registry/chains/registryk8s/registry-k8s_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ func TestNSMGR_RemoteUsecase(t *testing.T) {
func TestNSMGR_InterdomainUseCase(t *testing.T) {
t.Cleanup(func() { goleak.VerifyNone(t, ignoreKLogDaemon) })

ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5000)
defer cancel()

var dnsServer = sandbox.NewFakeResolver()
Expand Down

0 comments on commit d8f2a94

Please sign in to comment.