From 4926fc121b32f2d13259cb25eadd3d15a5ed4fe3 Mon Sep 17 00:00:00 2001
From: Nikita Skrynnik <nikita.skrynnik@xored.com>
Date: Mon, 5 Dec 2022 20:15:34 +1100
Subject: [PATCH 1/2] add registry authorization

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
---
 main.go | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/main.go b/main.go
index 65a800c..b40b0f3 100644
--- a/main.go
+++ b/main.go
@@ -65,6 +65,7 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/networkservice/core/chain"
 	"github.com/networkservicemesh/sdk/pkg/networkservice/ipam/point2pointipam"
 	registryclient "github.com/networkservicemesh/sdk/pkg/registry/chains/client"
+	registryauthorize "github.com/networkservicemesh/sdk/pkg/registry/common/authorize"
 	registrysendfd "github.com/networkservicemesh/sdk/pkg/registry/common/sendfd"
 	"github.com/networkservicemesh/sdk/pkg/tools/debug"
 	"github.com/networkservicemesh/sdk/pkg/tools/dnsconfig"
@@ -174,25 +175,26 @@ func registerGRPCServer(tlsServerConfig *tls.Config, responderEndpoint *endpoint
 	return server
 }
 
-func registerEndpoint(ctx context.Context, config *Config, tlsClientConfig *tls.Config, urlStr string) error {
+func registerEndpoint(ctx context.Context, config *Config, source *workloadapi.X509Source, tlsClientConfig *tls.Config, urlStr string) error {
 	clientOptions := append(
 		tracing.WithTracingDial(),
 		grpc.WithBlock(),
-		grpc.WithDefaultCallOptions(grpc.WaitForReady(true)),
+		grpc.WithDefaultCallOptions(
+			grpc.WaitForReady(true),
+			grpc.PerRPCCredentials(token.NewPerRPCCredentials(spiffejwt.TokenGeneratorFunc(source, config.MaxTokenLifetime)))),
 		grpc.WithTransportCredentials(
 			grpcfd.TransportCredentials(
-				credentials.NewTLS(
-					tlsClientConfig,
-				),
-			),
-		),
+				credentials.NewTLS(tlsClientConfig))),
+		grpcfd.WithChainStreamInterceptor(),
+		grpcfd.WithChainUnaryInterceptor(),
 	)
 
 	if config.RegisterService {
 		for _, serviceName := range config.ServiceNames {
 			nsRegistryClient := registryclient.NewNetworkServiceRegistryClient(ctx,
 				registryclient.WithClientURL(&config.ConnectTo),
-				registryclient.WithDialOptions(clientOptions...))
+				registryclient.WithDialOptions(clientOptions...),
+				registryclient.WithAuthorizeNSRegistryClient(registryauthorize.NewNetworkServiceRegistryClient()))
 			_, err := nsRegistryClient.Register(ctx, &registryapi.NetworkService{
 				Name:    serviceName,
 				Payload: config.Payload,
@@ -211,6 +213,7 @@ func registerEndpoint(ctx context.Context, config *Config, tlsClientConfig *tls.
 		registryclient.WithNSEAdditionalFunctionality(
 			registrysendfd.NewNetworkServiceEndpointRegistryClient(),
 		),
+		registryclient.WithAuthorizeNSERegistryClient(registryauthorize.NewNetworkServiceEndpointRegistryClient()),
 	)
 	nse := &registryapi.NetworkServiceEndpoint{
 		Name:                 config.Name,
@@ -341,7 +344,7 @@ func main() {
 	// ********************************************************************************
 	log.FromContext(ctx).Infof("executing phase 7: register nse with nsm")
 	// ********************************************************************************
-	err = registerEndpoint(ctx, config, tlsClientConfig, listenOn.String())
+	err = registerEndpoint(ctx, config, source, tlsClientConfig, listenOn.String())
 	if err != nil {
 		log.FromContext(ctx).Fatalf("failed to connect to registry: %+v", err)
 	}

From 994a30e8beda7f62c445ddd19f25bec3d3c331a6 Mon Sep 17 00:00:00 2001
From: Nikita Skrynnik <nikita.skrynnik@xored.com>
Date: Mon, 5 Dec 2022 22:18:38 +1100
Subject: [PATCH 2/2] fix linter

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
---
 main.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main.go b/main.go
index b40b0f3..7a1e4c2 100644
--- a/main.go
+++ b/main.go
@@ -51,7 +51,7 @@ import (
 	"github.com/networkservicemesh/api/pkg/api/networkservice"
 	kernelmech "github.com/networkservicemesh/api/pkg/api/networkservice/mechanisms/kernel"
 	registryapi "github.com/networkservicemesh/api/pkg/api/registry"
-	"github.com/networkservicemesh/sdk-sriov/pkg/networkservice/common/token"
+	sriovtoken "github.com/networkservicemesh/sdk-sriov/pkg/networkservice/common/token"
 	"github.com/networkservicemesh/sdk-sriov/pkg/tools/tokens"
 	"github.com/networkservicemesh/sdk/pkg/networkservice/chains/endpoint"
 	"github.com/networkservicemesh/sdk/pkg/networkservice/common/authorize"
@@ -74,6 +74,7 @@ import (
 	"github.com/networkservicemesh/sdk/pkg/tools/log/logruslogger"
 	"github.com/networkservicemesh/sdk/pkg/tools/opentelemetry"
 	"github.com/networkservicemesh/sdk/pkg/tools/spiffejwt"
+	"github.com/networkservicemesh/sdk/pkg/tools/token"
 	"github.com/networkservicemesh/sdk/pkg/tools/tracing"
 
 	"github.com/networkservicemesh/cmd-nse-vlan-vpp/pkg/networkservice/ifconfig"
@@ -365,7 +366,7 @@ func getSriovTokenVlanServerChainElement(tokenKey string) (tokenServer networkse
 	} else {
 		tokenServer = chain.NewNetworkServiceServer(
 			vlan.NewServer(),
-			token.NewServer(tokenKey))
+			sriovtoken.NewServer(tokenKey))
 	}
 	return
 }