Retain user details in the processing of subsequent chunks

cdapio · Jan 24, 2025 · 1876ae8 · 1876ae8
1 parent 5730f51
commit 1876ae8
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/...-fabric/src/main/java/io/cdap/cdap/internal/app/services/ApplicationLifecycleService.java b/...-fabric/src/main/java/io/cdap/cdap/internal/app/services/ApplicationLifecycleService.java
@@ -777,7 +777,6 @@ private ApplicationId updateApplicationInternal(ApplicationId appId,
       ApplicationUpdateResult<?> updateResult = app.updateConfig(updateContext);
       updatedAppConfig = GSON.toJson(updateResult.getNewConfig(), configType);
     }
-    Principal requestingUser = authenticationContext.getPrincipal();
 
     String versionId = appId.getVersion();
     // If LCM flow is enabled - we generate specific versions of the app.
@@ -796,8 +795,8 @@ private ApplicationId updateApplicationInternal(ApplicationId appId,
         .setConfigString(updatedAppConfig)
         .setOwnerPrincipal(ownerPrincipal)
         .setUpdateSchedules(false)
-        .setChangeDetail(new ChangeDetail(null, appId.getVersion(), requestingUser == null ? null :
-            requestingUser.getName(), System.currentTimeMillis()))
+        .setChangeDetail(new ChangeDetail(null, appId.getVersion(),
+            decodeUserId(authenticationContext), System.currentTimeMillis()))
         .setDeployedApplicationSpec(appSpec)
         .setIsUpgrade(true)
         .build();
@@ -1102,7 +1101,7 @@ private ApplicationWithPrograms deployApp(NamespaceId namespaceId, @Nullable Str
     ChangeDetail change = new ChangeDetail(
         changeSummary == null ? null : changeSummary.getDescription(),
         changeSummary == null ? null : changeSummary.getParentVersion(),
-        requestingUser == null ? null : requestingUser.getName(),
+        decodeUserId(authenticationContext),
         System.currentTimeMillis());
     // deploy application with newly added artifact
     AppDeploymentInfo deploymentInfo = AppDeploymentInfo.builder()

diff --git a/cdap-common/src/main/java/io/cdap/cdap/common/http/AuthenticationChannelHandler.java b/cdap-common/src/main/java/io/cdap/cdap/common/http/AuthenticationChannelHandler.java
@@ -56,6 +56,8 @@ public class AuthenticationChannelHandler extends ChannelDuplexHandler {
   private static final String EMPTY_USER_IP = "CDAP-empty-user-ip";
   static final String AUDIT_LOG_REQ_BUILDER_ATTR = "AUDIT_LOG_REQ_BUILDER";
   static final String AUDIT_LOG_USER_IP_ATTR = "AUDIT_LOG_USER_IP";
+  static final String USER_ID_ATTR = "USER_ID";
+  static final String USER_CREDENTIAL_ATTR = "USER_CREDENTIAL";
   static final String AUDIT_LOG_CONTEXT_QUEUE_ATTR = "AUDIT_LOG_CONTEXT_QUEUE";
 
   private final boolean internalAuthEnabled;
@@ -135,6 +137,20 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception
       SecurityRequestContext.setUserIp(currentUserIp);
       //Also set userIp in ATTR , to be used in audit logging incase it was replaced at a later stage
       ctx.channel().attr(AttributeKey.valueOf(AUDIT_LOG_USER_IP_ATTR)).set(currentUserIp);
+      ctx.channel().attr(AttributeKey.valueOf(USER_ID_ATTR)).set(currentUserId);
+      ctx.channel().attr(AttributeKey.valueOf(USER_CREDENTIAL_ATTR)).set(currentUserCredential);
+    } else {
+      Object userIpObj = ctx.channel().attr(AttributeKey.valueOf(AUDIT_LOG_USER_IP_ATTR)).get();
+      Object userIdObj = ctx.channel().attr(AttributeKey.valueOf(USER_ID_ATTR)).get();
+      Object userCredentialObj =
+          ctx.channel().attr(AttributeKey.valueOf(USER_CREDENTIAL_ATTR)).get();
+      if (userIpObj != null) {
+        SecurityRequestContext.setUserIp((String) userIpObj);
+      }
+      if (userIdObj != null & userCredentialObj != null) {
+        SecurityRequestContext.setUserId((String) userIdObj);
+        SecurityRequestContext.setUserCredential((Credential) userCredentialObj);
+      }
     }
 
     try {

diff --git a/cdap-common/src/test/java/io/cdap/cdap/common/http/AuthenticationChannelHandlerTest.java b/cdap-common/src/test/java/io/cdap/cdap/common/http/AuthenticationChannelHandlerTest.java
@@ -137,6 +137,12 @@ public void testCallOrderCreateNamespaceForAuditLog() throws Exception {
       times(1)).set(any());
     verify(ctx.channel().attr(AttributeKey.valueOf(AuthenticationChannelHandler.AUDIT_LOG_REQ_BUILDER_ATTR)),
           times(1)).set(any());
+    verify(ctx.channel().attr(AttributeKey.valueOf(
+        AuthenticationChannelHandler.AUDIT_LOG_USER_IP_ATTR)), times(1)).set(any());
+    verify(ctx.channel().attr(AttributeKey.valueOf(
+        AuthenticationChannelHandler.USER_ID_ATTR)), times(1)).set(any());
+    verify(ctx.channel().attr(AttributeKey.valueOf(
+        AuthenticationChannelHandler.USER_CREDENTIAL_ATTR)), times(1)).set(any());
 
     // Now in Write and getAuditLogRequest , should create AuditLogRequest properly from ATTRs
     Mockito.when(ctx.channel().attr(AttributeKey.valueOf(AuthenticationChannelHandler.AUDIT_LOG_CONTEXT_QUEUE_ATTR))