Hello,
I have a grpc endpoint that multiple identities can access. I’m trying to limit the services by identity.. e.g. RBAC. I’ve managed to get the identity name passed to the grpc service by wrapping the listener and using ‘zitiConn.SourceIdentifier()’. I’m planning to use the name for RBAC. Am I going down the right path here or is there a better solution?
-rja
The source identifier returns a value that can be optionally provided by the dialing sdk. If you control the dialing sdk, you can rely on it, but it's not bullet proof. This has been a long-standing gap, where we should be providing the dialing identity in a way that's consistent and enforced by the routers or controllers, as opposed to the source SDK.
I think it's a relatively quick fix, thanks to some new infrastructure providing more information to the routers, so I'm going to take a stab at implementing it this week.
Cheers,
Paul
I added support for this. See
So when the next sdk-golang and ziti releases are, this should work for you.
Cheers,
Paul
Awesome! Thank you. I’ll keep an eye out for the next release and give it a spin.
-rja