Skip to content

Commit

Permalink
Add ClientIdentifier in RequestCommon
Browse files Browse the repository at this point in the history
Summary:
What?
- ClientIdentifier = Hash string of primary (non-host) tls client identities
- **This diff** adds ClientIdentifier field in RequestCommon which will be extracted in codegen (next diffs) to pass the ClientIdentifier in header to memcache server
- This change is ONLY for proxies and will be executed during shadow testing ONLY

WHY?
- SAP and uCache are working on securing look-aside cache called "Key Client Binding" feature where we bind keys in uCache with ClientIdentities. This ensures that cached data is restricted to the specific client who has access to the backed service.

- Design doc: https://fburl.com/gdoc/psjwp58j

Reviewed By: lenar-f

Differential Revision: D62452894

fbshipit-source-id: 4dfb17a4b3d3389b610879304ce1c304838aa034
  • Loading branch information
Hiral Singadia authored and facebook-github-bot committed Sep 12, 2024
1 parent 1f8a445 commit 87158a1
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions mcrouter/lib/carbon/RequestCommon.h
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,14 @@ class RequestCommon : public MessageCommon {
return cryptoAuthToken_;
}

const std::string& getClientIdentifier() const noexcept {
return clientIdentifier_;
}

void setClientIdentifier(folly::StringPiece clientIdentifier) noexcept {
clientIdentifier_ = clientIdentifier.str();
}

protected:
void markBufferAsDirty() {
serializedBuffer_ = nullptr;
Expand All @@ -92,6 +100,8 @@ class RequestCommon : public MessageCommon {
const folly::IOBuf* serializedBuffer_{nullptr};
// cat token(s) in string serialzed format
std::optional<std::string> cryptoAuthToken_;
// Hash string of primary (non-host) tls client identities
std::string clientIdentifier_;
};

} // namespace carbon

0 comments on commit 87158a1

Please sign in to comment.