Add ClientIdentifier header

Summary: What? - ClientIdentifier = Hash string of primary (non-host) tls client identities - *Previous diffs* added and set ClientIdentifier field/value in RequestCommon - **This diff** will set the value in thrift header in codegen - This code path is ONLY for proxies and will be executed during shadow testing ONLY WHY? - SAP and uCache are working on securing look-aside cache called "Key Client Binding" feature where we bind keys in uCache with ClientIdentities. This ensures that cached data is restricted to the specific client who has access to the backed service. - Design doc: https://fburl.com/gdoc/psjwp58j Reviewed By: stuclar Differential Revision: D62453803 fbshipit-source-id: 29f017a28a415cbe39fb3e76aaeec73131be75eb
facebook · Sep 30, 2024 · c6ebd37 · c6ebd37
1 parent 2f32271
commit c6ebd37
Show file tree

Hide file tree

Showing 9 changed files with 148 additions and 2 deletions.
diff --git a/mcrouter/lib/carbon/MessageCommon.h b/mcrouter/lib/carbon/MessageCommon.h
@@ -37,6 +37,9 @@ class MessageCommon {
   static constexpr std::string_view kCryptoAuthTokenHeader =
       "crypto_auth_tokens";
 
+  static constexpr std::string_view kClientIdentifierHeader =
+      "client_identifier";
+
  protected:
   std::string traceContext_;
 };

diff --git a/mcrouter/lib/carbon/RequestCommon.h b/mcrouter/lib/carbon/RequestCommon.h
@@ -24,11 +24,13 @@ class RequestCommon : public MessageCommon {
   RequestCommon(const RequestCommon& other) {
     traceContext_ = other.traceContext_;
     cryptoAuthToken_ = other.cryptoAuthToken_;
+    clientIdentifier_ = other.clientIdentifier_;
   }
   RequestCommon& operator=(const RequestCommon& other) {
     if (this != &other) {
       traceContext_ = other.traceContext_;
       cryptoAuthToken_ = other.cryptoAuthToken_;
+      clientIdentifier_ = other.clientIdentifier_;
     }
     return *this;
   }
@@ -83,7 +85,7 @@ class RequestCommon : public MessageCommon {
     return cryptoAuthToken_;
   }
 
-  const std::string& getClientIdentifier() const noexcept {
+  const std::optional<std::string>& getClientIdentifier() const noexcept {
     return clientIdentifier_;
   }
 
@@ -101,7 +103,7 @@ class RequestCommon : public MessageCommon {
   // cat token(s) in string serialzed format
   std::optional<std::string> cryptoAuthToken_;
   // Hash string of primary (non-host) tls client identities
-  std::string clientIdentifier_;
+  std::optional<std::string> clientIdentifier_;
 };
 
 } // namespace carbon
diff --git a/mcrouter/lib/carbon/example/gen/HelloGoodbyeThriftTransport.h b/mcrouter/lib/carbon/example/gen/HelloGoodbyeThriftTransport.h
@@ -50,6 +50,10 @@ folly::Try<apache::thrift::RpcResponseComplete<hellogoodbye::GoodbyeReply>> send
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -86,6 +90,10 @@ folly::Try<apache::thrift::RpcResponseComplete<hellogoodbye::HelloReply>> sendSy
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -125,6 +133,10 @@ folly::Try<apache::thrift::RpcResponseComplete<McVersionReply>> sendSyncHelper(
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE

diff --git a/mcrouter/lib/carbon/example/main.cpp b/mcrouter/lib/carbon/example/main.cpp
@@ -82,6 +82,11 @@ class ThriftHandler : virtual public hellogoodbye::thrift::HelloGoodbyeSvIf {
         LOG(INFO) << "Got optional header props " << it->second
                   << " from thrift header.";
       }
+      it = headers.find("client_identifier");
+      if (it != headers.end()) {
+        LOG(INFO) << "Got client_identifier " << it->second
+                  << " from thrift header.";
+      }
     } else {
       LOG(ERROR) << "Cannot get context.";
     }

diff --git a/mcrouter/lib/carbon/test/gen/AThriftTransport.h b/mcrouter/lib/carbon/test/gen/AThriftTransport.h
@@ -50,6 +50,10 @@ folly::Try<apache::thrift::RpcResponseComplete<carbon::test::A::TestAReply>> sen
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -86,6 +90,10 @@ folly::Try<apache::thrift::RpcResponseComplete<McVersionReply>> sendSyncHelper(
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE

diff --git a/mcrouter/lib/carbon/test/gen/BThriftTransport.h b/mcrouter/lib/carbon/test/gen/BThriftTransport.h
@@ -50,6 +50,10 @@ folly::Try<apache::thrift::RpcResponseComplete<carbon::test::B::TestBReply>> sen
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -86,6 +90,10 @@ folly::Try<apache::thrift::RpcResponseComplete<McVersionReply>> sendSyncHelper(
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE

diff --git a/mcrouter/lib/carbon/test/gen/CarbonTestThriftTransport.h b/mcrouter/lib/carbon/test/gen/CarbonTestThriftTransport.h
@@ -50,6 +50,10 @@ folly::Try<apache::thrift::RpcResponseComplete<carbon::test::TestReply>> sendSyn
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -86,6 +90,10 @@ folly::Try<apache::thrift::RpcResponseComplete<carbon::test::TestReplyStringKey>
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -122,6 +130,10 @@ folly::Try<apache::thrift::RpcResponseComplete<McVersionReply>> sendSyncHelper(
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE

diff --git a/mcrouter/lib/carbon/test/gen/CarbonThriftTestThriftTransport.h b/mcrouter/lib/carbon/test/gen/CarbonThriftTestThriftTransport.h
@@ -50,6 +50,10 @@ folly::Try<apache::thrift::RpcResponseComplete<carbon::test::CustomReply>> sendS
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -86,6 +90,10 @@ folly::Try<apache::thrift::RpcResponseComplete<carbon::test::DummyThriftReply>>
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -122,6 +130,10 @@ folly::Try<apache::thrift::RpcResponseComplete<carbon::test::ThriftTestReply>> s
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE
@@ -158,6 +170,10 @@ folly::Try<apache::thrift::RpcResponseComplete<McVersionReply>> sendSyncHelper(
     rpcOptions.setWriteHeader(
         std::string{carbon::MessageCommon::kCryptoAuthTokenHeader}, request.getCryptoAuthToken().value());
   }
+  if (FOLLY_UNLIKELY(request.getClientIdentifier().has_value())) {
+    rpcOptions.setWriteHeader(
+        std::string{carbon::MessageCommon::kClientIdentifierHeader}, request.getClientIdentifier().value());
+  }
   rpcOptions.setContextPropMask(0);
 
 #ifndef LIBMC_FBTRACE_DISABLE