Dapr: Service invocation blocked in self hosted mode due to empty SPIFFE ID

Created on 25 Sep 2020  路  5Comments  路  Source: dapr/dapr

In what area(s)?

/area runtime

What version of Dapr?

0.11.0-rc.1

Expected Behavior

The hello-world quick start sample works as instructed.

Actual Behavior

The Python app fails to call the Node.js application through service invocation API. The HTTP response received was 500, with the following response body

{"errorCode":"ERR_DIRECT_INVOKE","message":"rpc error: code = PermissionDenied desc = access control policy has denied access to appid:  operation: neworder verb: POST"}'

@vinayada1 @youngbupark root caused to SPIFFE ID being empty/nil when using standalone mode, causing the extracted AppID to be empty/nil.

Steps to Reproduce the Problem

Go through the quick start hello-world sample https://github.com/dapr/quickstarts/tree/master/hello-world .

P0 kinbug

Most helpful comment

cc @mukundansundar @youngbupark @vinayada1 @msfussell

All 5 comments

cc @mukundansundar @youngbupark @vinayada1 @msfussell

@vinayada1 just making sure: if no access policy has been applied through configuration, then all methods should be allowed, correct?

I suspect that a.accessControlList isn't nil here when it should be: https://github.com/dapr/dapr/blob/ce89980eda9cc86efbc11a745e2959b1925236ca/pkg/grpc/api.go#L118

This change needs to be merged into master branch also.

Was this page helpful?
0 / 5 - 0 ratings