eric/onix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: added network ID allowlist in DeDi registry plugin

Browse Source
This commit is contained in:
Nirmal N R
2026-03-24 11:33:11 +05:30
parent 6d4f45a632
commit 424dc1c64c
5 changed files with 62 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
pkg/plugin/implementation/dediregistry/dediregistry.go
View File

@@ -15,13 +15,13 @@ import (
// Config holds configuration parameters for the DeDi registry client.
type Config struct {
URL string `yaml:"url" json:"url"`
RegistryName string `yaml:"registryName" json:"registryName"`
AllowedParentNamespaces []string `yaml:"allowedParentNamespaces" json:"allowedParentNamespaces"`
Timeout int `yaml:"timeout" json:"timeout"`
RetryMax int `yaml:"retry_max" json:"retry_max"`
RetryWaitMin time.Duration `yaml:"retry_wait_min" json:"retry_wait_min"`
RetryWaitMax time.Duration `yaml:"retry_wait_max" json:"retry_wait_max"`
URL string `yaml:"url" json:"url"`
RegistryName string `yaml:"registryName" json:"registryName"`
AllowedNetworkIDs []string `yaml:"allowedNetworkIDs" json:"allowedNetworkIDs"`
Timeout int `yaml:"timeout" json:"timeout"`
RetryMax int `yaml:"retry_max" json:"retry_max"`
RetryWaitMin time.Duration `yaml:"retry_wait_min" json:"retry_wait_min"`
RetryWaitMax time.Duration `yaml:"retry_wait_max" json:"retry_wait_max"`
}
// DeDiRegistryClient encapsulates the logic for calling the DeDi registry endpoints.
@@ -164,11 +164,11 @@ func (c *DeDiRegistryClient) Lookup(ctx context.Context, req *model.Subscription
detailsDomain, _ := details["domain"].(string)
detailsSubscriberID, _ := details["subscriber_id"].(string)
// Validate parent namespaces if configured
parentNamespaces := extractStringSlice(data["parent_namespaces"])
if len(c.config.AllowedParentNamespaces) > 0 {
if len(parentNamespaces) == 0 || !containsAny(parentNamespaces, c.config.AllowedParentNamespaces) {
return nil, fmt.Errorf("registry entry with subscriber_id '%s' does not belong to any configured parent namespaces (registry.config.allowedParentNamespaces)", detailsSubscriberID)
// Validate network memberships if configured.
networkMemberships := extractStringSlice(data["network_memberships"])
if len(c.config.AllowedNetworkIDs) > 0 {
if len(networkMemberships) == 0 || !containsAny(networkMemberships, c.config.AllowedNetworkIDs) {
return nil, fmt.Errorf("registry entry with subscriber_id '%s' does not belong to any configured network memberships (registry.config.allowedNetworkIDs)", detailsSubscriberID)
}
}