Introducing ClientRequestFilter.java: A New Plugin for Applying Request Headers in the Authentication Filter Class

[SthuthiGhosh9400]

Description

1. Created an interface (RequestModifier.java) in Presto to add additional headers in request.
2. Setting extra credential in request header is a use case.

Motivation and Context

Impact

Test Plan

Contributor checklist

• Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
• PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• If release notes are required, they follow the release notes guidelines.
• Adequate tests were added if applicable.
• CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

General Changes

* Add  `RequestModifier.java` interface in Presto-spi :pr:`23380`
* Improve Request Headers in the Authentication Filter Class :pr:`23380`

[tdcmeehan]

This PR needs some test cases.

[steveburnett]

Nit rephrasing of release note entries following the Order of changes in the Release Notes Guidelines.

== RELEASE NOTES ==

General Changes

* Add  `RequestModifier.java` interface in Presto-spi :pr:`23380`
* Improve Request Headers in the Authentication Filter Class :pr:`23380`

[SthuthiGhosh9400]

@tdcmeehan

I have added a test case to verify setting values in the request header and committed it.
Could you have a check and confirm ?
Thanks.

[tdcmeehan]

We do not use Mockito in this project. Can you please refactor your code to avoid its use?

[SthuthiGhosh9400]

@tdcmeehan
Instead of using Mockito to create mock objects and define their behavior, can I manually write simple classes (stubs) that simulate the behavior of the actual classes?

Do you have any suggestion here in order to verify the codebase if value correctly passed to request header?

[tdcmeehan]

Yes, that is how we go about this.

[SthuthiGhosh9400]

@tdcmeehan
I have refactored the code that was added for the test case.

[tdcmeehan]

There's already a MockHttpServletRequest, can you use that?

[SthuthiGhosh9400]

@tdcmeehan
I have refactored the code to use MockHttpServletRequest. Could you check it?
Thanks.

[tdcmeehan]

While we don't use Mockito, the stubs in the test are a little out of control. We need to reduce the size of this simple test. I have a couple of suggestions that you can research to make the testing simpler.

• Can you look at TestHttpRemoteTask and examine how they implemented an in-memory endpoint for the purposes of testing? Perhaps you can build something similar.
• TestingPrestoServer has all sorts of helper methods to retrieve individual classes from Presto. Perhaps you can add a new getter to retrieve the RequestModifierManager, register a simple new request modifier that just adds a dummy header, and make a client call that proves the header is added.

[SthuthiGhosh9400]

• TestingPrestoServer has all sorts of helper methods to retrieve individual classes from Presto. Perhaps you can add a new getter to retrieve the RequestModifierManager, register a simple new request modifier that just adds a dummy header, and make a client call that proves the header is added.

@tdcmeehan
I have attempted to improve the test case based on the suggestion. Could you have a check?
Thanks.

[tdcmeehan]

Please, just add a method to return the RequestModifierManager, and let users inject whatever custom modifier they wish.

[tdcmeehan]

This needs to be thread safe. I recommend using a CopyOnWriteArrayList.

[tdcmeehan]

Instead of modifying the authentication filter, this should just go in its own filter that is applied after the authentication filter.

[tdcmeehan]

Unused

[tdcmeehan]

Please use a concurrent map

[tdcmeehan]

Let's call this something more descriptive, such as ClientRequestFilter.

[SthuthiGhosh9400]

@tdcmeehan
I have incorporated the review comments. Could you please verify them?
Thanks.

[tdcmeehan]

Suggested change

	private final CopyOnWriteArrayList<ClientRequestFilter> clientRequestFilters;
	private final List<ClientRequestFilter> clientRequestFilters;

[tdcmeehan]

Suggested change

	private final CopyOnWriteArrayList<ClientRequestFilter> clientRequestFilters;
	public ClientRequestFilterManager()
	{
	this.clientRequestFilters = new CopyOnWriteArrayList<>();
	}
	private final List<ClientRequestFilter> clientRequestFilters = new CopyOnWriteArrayList<>();

[tdcmeehan]

Suggested change

	return Collections.unmodifiableList(clientRequestFilters);
	return ImmutableList.copyOf(clientRequestFilters);

[tdcmeehan]

I don't think we should silently not put the header if there's an existing header. I think we should consider the following:

1. The SPI contract mandates that any potential header is known upfront.
2. The runtime will validate that the headers that are requested to be modified match with what is actually returned.
3. There is a blocklist of headers that the plugin should not modify (such as query ID).
4. The runtime will validate that all registered filters only return a disjoint set of headers being added. If there is a conflict, this is a fatal error that will require an administrator to fix (but un-registering one of these plugins).
5. If there is a conflict here, then an exception is thrown.

[SthuthiGhosh9400]

@tdcmeehan
I have gone through your comments and added a few validations in the current implementation. I can verify that with you. However, I have to know about the headers in the blocklist that should not be modified.
Could you help?

[tdcmeehan]

Let's start with the query ID, trace ID and transaction ID in PrestoHeaders.java.

[SthuthiGhosh9400]

I have incorporated the changes mentioned in your comment. Could you please review them and share your suggestions?

[tdcmeehan]

Suggested change

	private final Map<String, String> customHeaders;
	public CustomHttpServletRequestWrapper(HttpServletRequest request)
	{
	super(request);
	this.customHeaders = new ConcurrentHashMap<>();
	}
	private final Map<String, String> customHeaders = new ConcurrentHashMap<>();

[tdcmeehan]

Some feedback is still unadressed.

[tdcmeehan]

Please throw a PrestoException and introduce a new error code for this. It should be a system error.

[tdcmeehan]

Please use Immutable collections.

[SthuthiGhosh9400]

Some feedback is still unadressed.

@tdcmeehan Could you help me identify which feedback is still pending? I believe I have addressed feedback items 2, 3, 4, and 5 from the list above.

[tdcmeehan]

Some feedback is still unadressed.

@tdcmeehan Could you help me identify which feedback is still pending? I believe I have addressed feedback items 2, 3, 4, and 5 from the list above.

Please scroll up in this PR and examine feedback on the code that is still remaining.

[SthuthiGhosh9400]

Please scroll up in this PR and examine feedback on the code that is still remaining.

Yeah. @tdcmeehan I have incorporated all feedback items now. Kindly review them and share your suggestions?

Thanks.

[tdcmeehan]

Please reduce duplicate code. Consider an inner helper class.

[tdcmeehan]

Why not modify MockHttpServletRequest directly?

[SthuthiGhosh9400]

In ConcreteHttpServletRequest, I am storing additional headers in the customHeaders map and overriding the getHeaders method to manage them. This functionality isn't natively provided by MockHttpServletRequest, so extending it makes sense.

[SthuthiGhosh9400]

@tdcmeehan
I have incorporated the review comments. Kindly review them.
If it looks good, I can squash the commits and edit the commit message according to the guidelines.

[tdcmeehan]

Please refactor tests to use the code under test.

[tdcmeehan]

Instead of mentioning a "blocked headers list", just list out the headers that are not allowed to be modified.

[tdcmeehan]

Do not throw RuntimeException, throw PrestoException.

[tdcmeehan]

Why are we duplicating code here? I am very confused about how this test works.

[SthuthiGhosh9400]

@tdcmeehan
I have refactored the test cases and used a separate method for adding headers to the request in the Authentication filter.
Could you review it and share your suggestions?