Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OPA policies for NSM registries #269

Closed
denis-tingaikin opened this issue Jun 2, 2020 · 0 comments
Closed

Add OPA policies for NSM registries #269

denis-tingaikin opened this issue Jun 2, 2020 · 0 comments
Projects
Issue/PR tracking

Comments

@denis-tingaikin
Copy link
Member

denis-tingaikin commented Jun 2, 2020
edited

Motivation

Probably we need to add authorization policies for NSM registries to cover scenarios such as

  1. NSE/NSMgr/xconnNSE should be able to unregister only itself. NSE/NSMgr/xconn NSE should not be able to unregister another NSE/NSMgr/xconn NSE.
  2. Only NSMgr/vl3 NSE should be able to search NSE in the registry.
  3. Only NSMgr and other registries can use Bulk API.

Problem of implementation

We need to somehow pass Path data or other authorization data to registries.

Potential solution

We can use pkg grpc/metadata for passing authorization data for registries.

import "google.golang.org/grpc/metadata"
...  
ctx = metadata.NewContext( 
    ctx, 
    metadata.Pairs("path-data", "data"), 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Issue/PR tracking
  
Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@denis-tingaikin