From a61c97d50bb33a83e3d75666b7d156301fdbe33d Mon Sep 17 00:00:00 2001
From: Nikita Skrynnik <nikita.skrynnik@xored.com>
Date: Fri, 16 Dec 2022 18:48:45 +1100
Subject: [PATCH 1/3] add custom policies support

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
---
 go.mod  |  4 ++--
 go.sum  |  8 ++++----
 main.go | 27 +++++++++++++++------------
 3 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/go.mod b/go.mod
index ecbf586..bb34ad5 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/networkservicemesh/api v1.6.2-0.20221205183940-84c7ff837cdd
 	github.com/networkservicemesh/sdk v0.5.1-0.20221215123931-9709ed4b3fb8
-	github.com/networkservicemesh/sdk-vpp v0.0.0-20221215124653-c0502623c00f
+	github.com/networkservicemesh/sdk-vpp v0.0.0-20221208100446-ef0d5f51a8c6
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spiffe/go-spiffe/v2 v2.0.0
@@ -39,7 +39,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/lunixbochs/struc v0.0.0-20200521075829-a4cb8d33dbbe // indirect
-	github.com/networkservicemesh/sdk-kernel v0.0.0-20221215124237-1eaaf7823d6c // indirect
+	github.com/networkservicemesh/sdk-kernel v0.0.0-20221208094618-209d8778ca27 // indirect
 	github.com/open-policy-agent/opa v0.44.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
diff --git a/go.sum b/go.sum
index 4b3c1ef..3677695 100644
--- a/go.sum
+++ b/go.sum
@@ -224,10 +224,10 @@ github.com/networkservicemesh/api v1.6.2-0.20221205183940-84c7ff837cdd h1:26HR90
 github.com/networkservicemesh/api v1.6.2-0.20221205183940-84c7ff837cdd/go.mod h1:hOF2844BSstH1311oDMDgqqXS+kdc77htZNPRKl9mf8=
 github.com/networkservicemesh/sdk v0.5.1-0.20221215123931-9709ed4b3fb8 h1:E6YXsYdfzTMgiwdl99pZI8HdUeAM7VrOSwFxCzdfA6E=
 github.com/networkservicemesh/sdk v0.5.1-0.20221215123931-9709ed4b3fb8/go.mod h1:zEYFbCVXGlTT5f0x6sx8XtL2GazkYBpCoEpooxkz2vE=
-github.com/networkservicemesh/sdk-kernel v0.0.0-20221215124237-1eaaf7823d6c h1:u6Q4YVhcBLe3qyyz1R28zCpWf5x6/c3rSDi0ti5Ubfw=
-github.com/networkservicemesh/sdk-kernel v0.0.0-20221215124237-1eaaf7823d6c/go.mod h1:oPjEsbBMYtI4YvJm7GtNSCXDOcBjDO73fC+cvs7yZig=
-github.com/networkservicemesh/sdk-vpp v0.0.0-20221215124653-c0502623c00f h1:VCUSLidlhElfB/fdUXabUVlYAS/2rrvMDB/x5Ckivgc=
-github.com/networkservicemesh/sdk-vpp v0.0.0-20221215124653-c0502623c00f/go.mod h1:jRy/rEDU7bdFV2k6txL+rJSmyyBBinAPCbgMCZlbotY=
+github.com/networkservicemesh/sdk-kernel v0.0.0-20221208094618-209d8778ca27 h1:cSVR/AyUSCdN4Nr73/V/Sxl/LIaKZ3S7uKCLgtMfMq8=
+github.com/networkservicemesh/sdk-kernel v0.0.0-20221208094618-209d8778ca27/go.mod h1:quXsY2SSH4qHekxyDN8IsY+1OHZRXDxlnJgYfrm8ncw=
+github.com/networkservicemesh/sdk-vpp v0.0.0-20221208100446-ef0d5f51a8c6 h1:n8Ryys5vdR5ERiM88XhgwDsDmZbbEfrcewrV9bpCWZA=
+github.com/networkservicemesh/sdk-vpp v0.0.0-20221208100446-ef0d5f51a8c6/go.mod h1:ukC3TmpBTVQ7zcdVz4ALTyAF0Kih9JJS9ytxBKAwHX8=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.1.0 h1:e3YP4dN/HYPpGh29X1ZkcxcEICsOls9huyVCRBaxjq8=
 github.com/onsi/gomega v1.1.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
diff --git a/main.go b/main.go
index b9c129a..c0bd9b5 100644
--- a/main.go
+++ b/main.go
@@ -80,16 +80,17 @@ import (
 
 // Config holds configuration parameters from environment variables
 type Config struct {
-	Name                  string              `default:"firewall-server" desc:"Name of Firewall Server"`
-	ListenOn              string              `default:"listen.on.sock" desc:"listen on socket" split_words:"true"`
-	ConnectTo             url.URL             `default:"unix:///var/lib/networkservicemesh/nsm.io.sock" desc:"url to connect to" split_words:"true"`
-	MaxTokenLifetime      time.Duration       `default:"10m" desc:"maximum lifetime of tokens" split_words:"true"`
-	ServiceName           string              `default:"" desc:"Name of providing service" split_words:"true"`
-	Labels                map[string]string   `default:"" desc:"Endpoint labels"`
-	ACLConfigPath         string              `default:"/etc/vppagent-firewall/config.yaml" desc:"Path to ACL config file" split_words:"true"`
-	ACLConfig             []acl_types.ACLRule `default:"" desc:"configured acl rules"`
-	LogLevel              string              `default:"INFO" desc:"Log level" split_words:"true"`
-	OpenTelemetryEndpoint string              `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint"`
+	Name                   string              `default:"firewall-server" desc:"Name of Firewall Server"`
+	ListenOn               string              `default:"listen.on.sock" desc:"listen on socket" split_words:"true"`
+	ConnectTo              url.URL             `default:"unix:///var/lib/networkservicemesh/nsm.io.sock" desc:"url to connect to" split_words:"true"`
+	MaxTokenLifetime       time.Duration       `default:"10m" desc:"maximum lifetime of tokens" split_words:"true"`
+	RegistryClientPolicies []string            `default:"etc/nsm/opa/common/.*.rego,etc/nsm/opa/registry/.*.rego,etc/nsm/opa/client/.*.rego" desc:"paths to files and directories that contain registry client policies" split_words:"true"`
+	ServiceName            string              `default:"" desc:"Name of providing service" split_words:"true"`
+	Labels                 map[string]string   `default:"" desc:"Endpoint labels"`
+	ACLConfigPath          string              `default:"/etc/vppagent-firewall/config.yaml" desc:"Path to ACL config file" split_words:"true"`
+	ACLConfig              []acl_types.ACLRule `default:"" desc:"configured acl rules"`
+	LogLevel               string              `default:"INFO" desc:"Log level" split_words:"true"`
+	OpenTelemetryEndpoint  string              `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint"`
 }
 
 // Process prints and processes env to config
@@ -235,7 +236,7 @@ func main() {
 						passthrough.NewClient(config.Labels),
 						up.NewClient(ctx, vppConn),
 						xconnect.NewClient(vppConn),
-						memif.NewClient(ctx, vppConn),
+						memif.NewClient(vppConn),
 						sendfd.NewClient(),
 						recvfd.NewClient(),
 					)),
@@ -279,7 +280,9 @@ func main() {
 			clientinfo.NewNetworkServiceEndpointRegistryClient(),
 			registrysendfd.NewNetworkServiceEndpointRegistryClient(),
 		),
-		registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient()),
+		registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient(
+			registryauthorize.WithPolicies(config.RegistryClientPolicies...),
+		)),
 	)
 	nse, err := nseRegistryClient.Register(ctx, &registryapi.NetworkServiceEndpoint{
 		Name:                config.Name,

From ff1eddec11dfd17717a7d07d3d3f8d6b43de0063 Mon Sep 17 00:00:00 2001
From: Nikita Skrynnik <nikita.skrynnik@xored.com>
Date: Fri, 16 Dec 2022 20:25:03 +1100
Subject: [PATCH 2/3] fix linter

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
---
 main.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/main.go b/main.go
index c0bd9b5..0f9e197 100644
--- a/main.go
+++ b/main.go
@@ -278,11 +278,9 @@ func main() {
 		registryclient.WithDialOptions(clientOptions...),
 		registryclient.WithNSEAdditionalFunctionality(
 			clientinfo.NewNetworkServiceEndpointRegistryClient(),
-			registrysendfd.NewNetworkServiceEndpointRegistryClient(),
-		),
+			registrysendfd.NewNetworkServiceEndpointRegistryClient()),
 		registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient(
-			registryauthorize.WithPolicies(config.RegistryClientPolicies...),
-		)),
+			registryauthorize.WithPolicies(config.RegistryClientPolicies...))),
 	)
 	nse, err := nseRegistryClient.Register(ctx, &registryapi.NetworkServiceEndpoint{
 		Name:                config.Name,

From b78b7f9491538b4c7c363e0fd0db8b3aff9bbbc7 Mon Sep 17 00:00:00 2001
From: Nikita Skrynnik <nikita.skrynnik@xored.com>
Date: Fri, 16 Dec 2022 21:00:12 +1100
Subject: [PATCH 3/3] update sdk-vpp refs

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
---
 go.mod  | 4 ++--
 go.sum  | 8 ++++----
 main.go | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index bb34ad5..ecbf586 100644
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/networkservicemesh/api v1.6.2-0.20221205183940-84c7ff837cdd
 	github.com/networkservicemesh/sdk v0.5.1-0.20221215123931-9709ed4b3fb8
-	github.com/networkservicemesh/sdk-vpp v0.0.0-20221208100446-ef0d5f51a8c6
+	github.com/networkservicemesh/sdk-vpp v0.0.0-20221215124653-c0502623c00f
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spiffe/go-spiffe/v2 v2.0.0
@@ -39,7 +39,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/lunixbochs/struc v0.0.0-20200521075829-a4cb8d33dbbe // indirect
-	github.com/networkservicemesh/sdk-kernel v0.0.0-20221208094618-209d8778ca27 // indirect
+	github.com/networkservicemesh/sdk-kernel v0.0.0-20221215124237-1eaaf7823d6c // indirect
 	github.com/open-policy-agent/opa v0.44.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
diff --git a/go.sum b/go.sum
index 3677695..4b3c1ef 100644
--- a/go.sum
+++ b/go.sum
@@ -224,10 +224,10 @@ github.com/networkservicemesh/api v1.6.2-0.20221205183940-84c7ff837cdd h1:26HR90
 github.com/networkservicemesh/api v1.6.2-0.20221205183940-84c7ff837cdd/go.mod h1:hOF2844BSstH1311oDMDgqqXS+kdc77htZNPRKl9mf8=
 github.com/networkservicemesh/sdk v0.5.1-0.20221215123931-9709ed4b3fb8 h1:E6YXsYdfzTMgiwdl99pZI8HdUeAM7VrOSwFxCzdfA6E=
 github.com/networkservicemesh/sdk v0.5.1-0.20221215123931-9709ed4b3fb8/go.mod h1:zEYFbCVXGlTT5f0x6sx8XtL2GazkYBpCoEpooxkz2vE=
-github.com/networkservicemesh/sdk-kernel v0.0.0-20221208094618-209d8778ca27 h1:cSVR/AyUSCdN4Nr73/V/Sxl/LIaKZ3S7uKCLgtMfMq8=
-github.com/networkservicemesh/sdk-kernel v0.0.0-20221208094618-209d8778ca27/go.mod h1:quXsY2SSH4qHekxyDN8IsY+1OHZRXDxlnJgYfrm8ncw=
-github.com/networkservicemesh/sdk-vpp v0.0.0-20221208100446-ef0d5f51a8c6 h1:n8Ryys5vdR5ERiM88XhgwDsDmZbbEfrcewrV9bpCWZA=
-github.com/networkservicemesh/sdk-vpp v0.0.0-20221208100446-ef0d5f51a8c6/go.mod h1:ukC3TmpBTVQ7zcdVz4ALTyAF0Kih9JJS9ytxBKAwHX8=
+github.com/networkservicemesh/sdk-kernel v0.0.0-20221215124237-1eaaf7823d6c h1:u6Q4YVhcBLe3qyyz1R28zCpWf5x6/c3rSDi0ti5Ubfw=
+github.com/networkservicemesh/sdk-kernel v0.0.0-20221215124237-1eaaf7823d6c/go.mod h1:oPjEsbBMYtI4YvJm7GtNSCXDOcBjDO73fC+cvs7yZig=
+github.com/networkservicemesh/sdk-vpp v0.0.0-20221215124653-c0502623c00f h1:VCUSLidlhElfB/fdUXabUVlYAS/2rrvMDB/x5Ckivgc=
+github.com/networkservicemesh/sdk-vpp v0.0.0-20221215124653-c0502623c00f/go.mod h1:jRy/rEDU7bdFV2k6txL+rJSmyyBBinAPCbgMCZlbotY=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.1.0 h1:e3YP4dN/HYPpGh29X1ZkcxcEICsOls9huyVCRBaxjq8=
 github.com/onsi/gomega v1.1.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
diff --git a/main.go b/main.go
index 0f9e197..323edaf 100644
--- a/main.go
+++ b/main.go
@@ -236,7 +236,7 @@ func main() {
 						passthrough.NewClient(config.Labels),
 						up.NewClient(ctx, vppConn),
 						xconnect.NewClient(vppConn),
-						memif.NewClient(vppConn),
+						memif.NewClient(ctx, vppConn),
 						sendfd.NewClient(),
 						recvfd.NewClient(),
 					)),