* (M) authz/authz.proto
- Where a gNSI server supporting the authz service is running on
a target that supports multiple downstream gRPC services, it is
currently required that the same authz policy is applied to all
of them. Particularly, if the downstream gRPC servers MAY expose
the same service, it is not possible to have different policies
for each server. This PR adds a `profile` field that allows
such endpoints to be disambiguated, similarly to the `profile`
that is provided by certz.
We have a use case where a target exposes a single gNSI server instance for a
set of downstream binaries (in this case, containers running on a device). In
such cases, it is desirable that we can expose common services per container for
common operations, but would like to have distinct authz policies for each.
The profile field allows each container to have its own authz profile that is
mapped to by the gNSI.Authz server.
We have a use case where a target exposes a single gNSI server instance for a set of downstream binaries (in this case, containers running on a device). In such cases, it is desirable that we can expose common services per container for common operations, but would like to have distinct authz policies for each. The
profilefield allows each container to have its own authz profile that is mapped to by the gNSI.Authz server.