[bug] Enforce authorization on RpcConnectRemote authorities #346
Description
Affected component
imagod
Summary
currently accepts any remote authority as long as the caller presents a valid . Unlike / , it does not enforce or any equivalent authority allowlist.
Steps to reproduce
- Start a service/runner that is registered with the manager.
- Send with a valid and .
- Use an arbitrary such as that is not covered by any binding.
- Observe that the manager probes the authority and records the connection.
Expected behavior
The manager should reject remote connection attempts unless the source service is explicitly allowed to reach that remote authority.
Actual behavior
validates manager auth, then immediately probes and inserts the remote connection without checking service bindings or any remote authority allowlist.
Version
Environment
other
Resource impact (optional)
unknown
Additional context
Evidence:
Comparison point:
- enforces for service-to-service resolution.
Suggested direction:
- Require binding-based authorization or an explicit remote authority allowlist at connect time.
- Keep the behavior fail-closed before probing or persisting the remote connection.