Insert correlation id if missing or not trusted (!78) · Merge requests · GitLab.org / labkit

Mikhail Mazurskiy requested to merge ash2k/insert-correlation-id into master Oct 23, 2020

Currently server correlation interceptors trust passed ID and do not insert an ID if it was not present. This MR makes it possible to disable trust for situations where gRPC request is coming from an untrusted source. It also changes the behavior to inject a random ID if none was present or if it's not trusted.

~~I'm exporting RandomIDWithFallback() because it's needed outside of LabKit too~~. (replaced with !80 (merged)) In Gitaly:

https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/praefect/coordinator.go#L690-700. It uses a similar/copied piece of code https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/praefect/correlation.go
https://gitlab.com/gitlab-org/gitaly/-/blob/master/internal/gitalyssh/gitalyssh.go#L81-95. This uses a local generator, but does not wrap it in a mutex. It's a data race.

In Shell:

https://gitlab.com/gitlab-org/gitlab-shell/-/blob/master/internal/command/command.go#L52-67. Would be better to use a pseudorandom ID than nothing at all.

@andrewn, this is what we discussed. Please let me know if I misunderstood something.

Edited Nov 03, 2020 by Mikhail Mazurskiy

Insert correlation id if missing or not trusted

Merge request reports