NSE/NS registration support of regsitry authorization

Authorization has been introduced as part of v1.7.0. networkservicemesh/api#148 These changes are then now require to register a NS or NSE if registry policies are enabled
Nordix · Jan 4, 2023 · 22b303d · 22b303d
1 parent e09c7ce
commit 22b303d
Showing 1 changed file with 15 additions and 3 deletions.
diff --git a/pkg/nsm/client.go b/pkg/nsm/client.go
@@ -24,6 +24,8 @@ import (
 	"github.com/networkservicemesh/api/pkg/api/networkservice"
 	"github.com/networkservicemesh/api/pkg/api/registry"
 	registryclient "github.com/networkservicemesh/sdk/pkg/registry/chains/client"
+	registryauthorize "github.com/networkservicemesh/sdk/pkg/registry/common/authorize"
+	"github.com/networkservicemesh/sdk/pkg/registry/common/clientinfo"
 	"github.com/networkservicemesh/sdk/pkg/registry/common/sendfd"
 	"github.com/networkservicemesh/sdk/pkg/tools/grpcutils"
 	"github.com/networkservicemesh/sdk/pkg/tools/spiffejwt"
@@ -57,14 +59,19 @@ func (apiClient *APIClient) GetClientOptions() []grpc.DialOption {
 	return append(
 		tracing.WithTracingDial(),
 		grpc.WithBlock(),
-		grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
+		grpc.WithDefaultCallOptions(
+			grpc.WaitForReady(true),
+			grpc.PerRPCCredentials(token.NewPerRPCCredentials(spiffejwt.TokenGeneratorFunc(apiClient.x509source, apiClient.Config.MaxTokenLifetime))),
+		),
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
 				credentials.NewTLS(
 					tlsconfig.MTLSClientConfig(apiClient.x509source, apiClient.x509source, tlsconfig.AuthorizeAny()),
 				),
 			),
 		),
+		grpcfd.WithChainStreamInterceptor(),
+		grpcfd.WithChainUnaryInterceptor(),
 	)
 }
 
@@ -75,16 +82,21 @@ func (apiClient *APIClient) setNetworkServiceEndpointRegistryClient() {
 		registryclient.WithClientURL(&apiClient.Config.ConnectTo),
 		registryclient.WithDialOptions(clientOptions...),
 		registryclient.WithNSEAdditionalFunctionality(
+			clientinfo.NewNetworkServiceEndpointRegistryClient(),
 			sendfd.NewNetworkServiceEndpointRegistryClient(),
-		))
+		),
+		registryclient.WithAuthorizeNSRegistryClient(registryauthorize.NewNetworkServiceRegistryClient()),
+	)
 }
 
 func (apiClient *APIClient) setNetworkServiceRegistryClient() {
 	clientOptions := apiClient.GetClientOptions()
 	apiClient.NetworkServiceRegistryClient = registryclient.NewNetworkServiceRegistryClient(
 		apiClient.context,
 		registryclient.WithClientURL(&apiClient.Config.ConnectTo),
-		registryclient.WithDialOptions(clientOptions...))
+		registryclient.WithDialOptions(clientOptions...),
+		registryclient.WithAuthorizeNSRegistryClient(registryauthorize.NewNetworkServiceRegistryClient()),
+	)
 }
 
 func (apiClient *APIClient) dial() {