Ratis GRPC has multiple GRPC services:
* RaftClientProtocolService
* RaftServerProtocolService
* AdminProtocolService
If all of them use the same port / netty server a malicious client/user
may send admin/setConfiguration requests to the servers adding more
groups or re-configuring existing ones.
For example if somebody implements any authentication/authorization on
the StateMachine level, it can be ignored by adding more nodes and
replicating the raw Ratis data.
I suggest to improve the GrpcService.java and add only the configured
services. With this approach mTLS can be turned on for admin and
server2server communication but not for the client.
The only problem is the RaftClientProtocolService.setConfiguration. It's
an un-safe operation and more-like an admin command.
Do you see any problem to move setConfiguration to AdminProtocolService?
(Which is an incompatible change).
Marton
