Add OPA policies for NSM registries #1334

NikitaSkrynnik · 2022-08-01T03:29:24Z

Description

Issue link

#269

How Has This Been Tested?

Added unit testing to cover
Tested manually
Tested by integration testing
Have not tested

Types of changes

denis-tingaikin

Other things looks fine to me.

@edwarnicke Could you have a look?

denis-tingaikin · 2022-09-12T01:17:47Z

pkg/registry/common/authorize/options.go

+func WithRegisterPolicies(p ...Policy) Option {
+	return func(o *options) {
+		o.registerPolicies = p
+	}
+}
+
+// WithUnregisterPolicies sets custom policies for unregister check
+func WithUnregisterPolicies(p ...Policy) Option {
+	return func(o *options) {
+		o.unregisterPolicies = p
+	}
+}


Could you remind why do we need different setters?

First one sets policies for Register case
Second one sets policies for Unregister case

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

…k@main PR link: networkservicemesh/sdk#1334 Commit: a546f3c Author: Nikita Skrynnik Date: 2022-09-13 18:11:13 +0700 Message: - Add OPA policies for NSM registries (#1334) * add auth registy chain element Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * add unit test + add test policy Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix test policy and policy input Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * rework spiffieIDNSEMap Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * rename and move nse register validation policy to opa folder Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * add register and unregister policies to authorizeNSEServer Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * cleanup Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * add policy for NSE unregister case + cleanup Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * start adding ns_server Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * finish ns_server Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * cleanup Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix linter Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix linter Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix tests Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix tests Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * add StringSet type Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix linter Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix linter Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * cleanup Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * add authorize registry servers to nsmgr opts Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * add default policies to opa registry Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * use the same registry for register and unregister cases Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix linter Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * run goimports Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> * fix linter issue Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> Signed-off-by: NSMBot <nsmbot@networkservicmesh.io>

NikitaSkrynnik marked this pull request as ready for review August 2, 2022 08:55

denis-tingaikin requested review from fkautz, glazychev-art, anastasia-malysheva, denis-tingaikin, edwarnicke and ThetaDR August 2, 2022 14:46

denis-tingaikin reviewed Sep 12, 2022

View reviewed changes

NikitaSkrynnik force-pushed the issue-269 branch from 96cb941 to fc4b97b Compare September 12, 2022 11:05

NikitaSkrynnik added 21 commits September 13, 2022 16:38

add auth registy chain element

2ef1ea3

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

add unit test + add test policy

a85fb44

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix test policy and policy input

7693dea

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

rework spiffieIDNSEMap

88a283f

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

rename and move nse register validation policy to opa folder

bbe3633

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

add register and unregister policies to authorizeNSEServer

0c7117c

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

cleanup

b4e7c9c

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

add policy for NSE unregister case + cleanup

1206955

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

start adding ns_server

42cde37

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

finish ns_server

ae4f6e0

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

cleanup

c99db6e

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix linter

64b4f6f

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix linter

483a1a4

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix tests

90f89df

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix tests

e71392b

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

add StringSet type

bcf7543

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix linter

d9675ea

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix linter

8ee5984

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

cleanup

ceb3a60

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

add authorize registry servers to nsmgr opts

0cc90fe

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

add default policies to opa registry

843396d

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

NikitaSkrynnik added 3 commits September 13, 2022 16:38

use the same registry for register and unregister cases

2752b1f

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

fix linter

8760a79

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

run goimports

a558750

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

NikitaSkrynnik force-pushed the issue-269 branch from 10ef63d to a558750 Compare September 13, 2022 09:38

fix linter issue

f7f4ca3

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>

denis-tingaikin approved these changes Sep 13, 2022

View reviewed changes

denis-tingaikin merged commit a546f3c into networkservicemesh:main Sep 13, 2022

nsmbot mentioned this pull request Sep 13, 2022

Update from update/networkservicemesh/sdk networkservicemesh/cmd-nsmgr#536

Merged

NikitaSkrynnik deleted the issue-269 branch August 7, 2023 07:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add OPA policies for NSM registries #1334

Add OPA policies for NSM registries #1334

NikitaSkrynnik commented Aug 1, 2022

denis-tingaikin left a comment

denis-tingaikin Sep 12, 2022

NikitaSkrynnik Sep 12, 2022

Add OPA policies for NSM registries #1334

Add OPA policies for NSM registries #1334

Conversation

NikitaSkrynnik commented Aug 1, 2022

Description

Issue link

How Has This Been Tested?

Types of changes

denis-tingaikin left a comment

Choose a reason for hiding this comment

denis-tingaikin Sep 12, 2022

Choose a reason for hiding this comment

NikitaSkrynnik Sep 12, 2022

Choose a reason for hiding this comment