Introducing ClientRequestFilter.java: A New Plugin for Merging Additional Headers into Client Requests in the Authentication Filter

[SthuthiGhosh9400]

Description

1. A new interface, ClientRequestFilter.java, has been introduced in the Presto SPI to customize the headers used by the Presto runtime to process queries. Some example use cases include customized authentication workflows, or enriching query attributes such as the query source.
2. One key use case is setting extra credentials in the request headers.

Motivation and Context

#23997

Impact

This feature enables the merging of headers of any type, offering a versatile solution for header management.

Test Plan

Contributor checklist

• Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
• PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• If release notes are required, they follow the release notes guidelines.
• Adequate tests were added if applicable.
• CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==
General Changes
* Add ``ClientRequestFilter.java`` interface in Presto-spi. :pr:`23380`
* Improve Request Headers in the Authentication Filter Class. :pr:`23380`

[tdcmeehan]

This PR needs some test cases.

[steveburnett]

Nit rephrasing of release note entries following the Order of changes in the Release Notes Guidelines.

== RELEASE NOTES ==

General Changes

* Add  `RequestModifier.java` interface in Presto-spi :pr:`23380`
* Improve Request Headers in the Authentication Filter Class :pr:`23380`

[SthuthiGhosh9400]

@tdcmeehan

I have added a test case to verify setting values in the request header and committed it.
Could you have a check and confirm ?
Thanks.

[tdcmeehan]

There's already a MockHttpServletRequest, can you use that?

[SthuthiGhosh9400]

@tdcmeehan
I have refactored the code to use MockHttpServletRequest. Could you check it?
Thanks.

[tdcmeehan]

While we don't use Mockito, the stubs in the test are a little out of control. We need to reduce the size of this simple test. I have a couple of suggestions that you can research to make the testing simpler.

• Can you look at TestHttpRemoteTask and examine how they implemented an in-memory endpoint for the purposes of testing? Perhaps you can build something similar.
• TestingPrestoServer has all sorts of helper methods to retrieve individual classes from Presto. Perhaps you can add a new getter to retrieve the RequestModifierManager, register a simple new request modifier that just adds a dummy header, and make a client call that proves the header is added.

[SthuthiGhosh9400]

• TestingPrestoServer has all sorts of helper methods to retrieve individual classes from Presto. Perhaps you can add a new getter to retrieve the RequestModifierManager, register a simple new request modifier that just adds a dummy header, and make a client call that proves the header is added.

@tdcmeehan
I have attempted to improve the test case based on the suggestion. Could you have a check?
Thanks.

[tdcmeehan]

Please, just add a method to return the RequestModifierManager, and let users inject whatever custom modifier they wish.

[tdcmeehan]

This needs to be thread safe. I recommend using a CopyOnWriteArrayList.

[tdcmeehan]

Instead of modifying the authentication filter, this should just go in its own filter that is applied after the authentication filter.

[tdcmeehan]

Unused

[tdcmeehan]

Let's call this something more descriptive, such as ClientRequestFilter.

[SthuthiGhosh9400]

@tdcmeehan
I have incorporated the review comments. Could you please verify them?
Thanks.

[tdcmeehan]

Suggested change

	private final CopyOnWriteArrayList<ClientRequestFilter> clientRequestFilters;
	private final List<ClientRequestFilter> clientRequestFilters;

[tdcmeehan]

Suggested change

	private final CopyOnWriteArrayList<ClientRequestFilter> clientRequestFilters;
	public ClientRequestFilterManager()
	{
	this.clientRequestFilters = new CopyOnWriteArrayList<>();
	}
	private final List<ClientRequestFilter> clientRequestFilters = new CopyOnWriteArrayList<>();

[tdcmeehan]

Suggested change

	return Collections.unmodifiableList(clientRequestFilters);
	return ImmutableList.copyOf(clientRequestFilters);

[tdcmeehan]

I don't think we should silently not put the header if there's an existing header. I think we should consider the following:

1. The SPI contract mandates that any potential header is known upfront.
2. The runtime will validate that the headers that are requested to be modified match with what is actually returned.
3. There is a blocklist of headers that the plugin should not modify (such as query ID).
4. The runtime will validate that all registered filters only return a disjoint set of headers being added. If there is a conflict, this is a fatal error that will require an administrator to fix (but un-registering one of these plugins).
5. If there is a conflict here, then an exception is thrown.

[SthuthiGhosh9400]

@tdcmeehan
I have gone through your comments and added a few validations in the current implementation. I can verify that with you. However, I have to know about the headers in the blocklist that should not be modified.
Could you help?

[tdcmeehan]

Let's start with the query ID, trace ID and transaction ID in PrestoHeaders.java.

[SthuthiGhosh9400]

I have incorporated the changes mentioned in your comment. Could you please review them and share your suggestions?

[tdcmeehan]

Suggested change

	private final Map<String, String> customHeaders;
	public CustomHttpServletRequestWrapper(HttpServletRequest request)
	{
	super(request);
	this.customHeaders = new ConcurrentHashMap<>();
	}
	private final Map<String, String> customHeaders = new ConcurrentHashMap<>();

[tdcmeehan]

Some feedback is still unadressed.

[tdcmeehan]

Please throw a PrestoException and introduce a new error code for this. It should be a system error.

[tdcmeehan]

Please use Immutable collections.

[SthuthiGhosh9400]

Some feedback is still unadressed.

@tdcmeehan Could you help me identify which feedback is still pending? I believe I have addressed feedback items 2, 3, 4, and 5 from the list above.

[tdcmeehan]

Some feedback is still unadressed.

@tdcmeehan Could you help me identify which feedback is still pending? I believe I have addressed feedback items 2, 3, 4, and 5 from the list above.

Please scroll up in this PR and examine feedback on the code that is still remaining.

[SthuthiGhosh9400]

Please scroll up in this PR and examine feedback on the code that is still remaining.

Yeah. @tdcmeehan I have incorporated all feedback items now. Kindly review them and share your suggestions?

Thanks.

[tdcmeehan]

Please reduce duplicate code. Consider an inner helper class.

[tdcmeehan]

Why not modify MockHttpServletRequest directly?

[SthuthiGhosh9400]

In ConcreteHttpServletRequest, I am storing additional headers in the customHeaders map and overriding the getHeaders method to manage them. This functionality isn't natively provided by MockHttpServletRequest, so extending it makes sense.

[tdcmeehan]

Just add a new constructor to MockHttpServletRequest that overrides the headers.

[SthuthiGhosh9400]

@tdcmeehan
I have incorporated the review comments. Kindly review them.
If it looks good, I can squash the commits and edit the commit message according to the guidelines.

[tdcmeehan]

Please refactor tests to use the code under test.

[tdcmeehan]

Instead of mentioning a "blocked headers list", just list out the headers that are not allowed to be modified.

[tdcmeehan]

Do not throw RuntimeException, throw PrestoException.

[tdcmeehan]

Why are we duplicating code here? I am very confused about how this test works.

[SthuthiGhosh9400]

@tdcmeehan
I have refactored the test cases and used a separate method for adding headers to the request in the Authentication filter.
Could you review it and share your suggestions?

[tdcmeehan]

Please squash commits and ensure the commit format follows our guidelines in contributing.md.

[tdcmeehan]

Almost there. Please also add documentation for this plugin to https://github.com/prestodb/presto/tree/master/presto-docs/src/main/sphinx/develop

[tdcmeehan]

Sorry, I realize now that the principal is per request. Context objects typically are used to create the plugin. So please revert this, and just add the principal as a plain old parameter to getExtraHeaders, no need for fancy parameterization.

[tdcmeehan]

Suggested change

	Map<String, String> extraHeadersMap = extraHeadersMapBuilder.build();
	return new ModifiedHttpServletRequest(request, extraHeadersMapBuilder.build());
	return new ModifiedHttpServletRequest(request, extraHeadersMapBuilder.build());

Remove duplicate build.

[tdcmeehan]

Make this an inner class.

[tdcmeehan]

This sounds AI generated. Please keep the documentation factual and concise. Example, instead of"Efficient and dynamic header management", say, "allowing operators of Presto to customize the headers used for query processing by the Presto runtime." "Presto facilitates the seamless integration of additional headers" is another example. "Seamless" has no meaning in this context.

Just say something like "Presto allows operators to customize the headers used by the Presto runtime to process queries. Some example use cases include customized authentication workflows, or enriching query attributes such as the query source." Please use original wording, think about it, and avoid tools to write this.

[SthuthiGhosh9400]

Sure.

[tdcmeehan]

Is this true? The name of the filter is the header name in the client request?

[SthuthiGhosh9400]

Corrected.

[tdcmeehan]

What blocklist? Mention the headers which are not allowed to be overidden. Link to the Java source of headers that may be overidden.

[SthuthiGhosh9400]

Added.

[tdcmeehan]

Suggested change

	List<String> getHeaderNames();
	Set<String> getExtraHeaderKeys();

[tdcmeehan]

Can it just return empty map and we don't return optional?

[tdcmeehan]

I imagine getExtraHeaders is used for the runtime to quickly check if it needs to apply a more expensive call to enrich the headers. If so, add this context to the documentation.

[SthuthiGhosh9400]

Added.

[tdcmeehan]

Just one more thing, otherwise looks good.

[tdcmeehan]

Let's make this a map.

1. The key of the map should be the name of the factory.
2. We should not allow duplicate names.

[tdcmeehan]

This construct is strange. See above comment.

[tdcmeehan]

What I meant was, please don't pass in factory.getName() into the create method, there is no need because it can just internally call getName().

[SthuthiGhosh9400]

@tdcmeehan I have made the changes. Could you please take a look?

[tdcmeehan]

What I meant was, please don't pass in factory.getName() into the create method, there is no need because it can just internally call getName().

[steveburnett]

Thanks for the doc! A few suggestions.

Also, to have this new doc page be visible in the Developer Guide index page, you must edit presto-docs/src/main/sphinx/develop.rst
and add
develop/client-request-filter.

[SthuthiGhosh9400]

@steveburnett I have incorporated the changes requested. Thanks.

[steveburnett]

LGTM! (docs)

Pull updated branch, new local doc build, looks good. Thanks!

[SthuthiGhosh9400]

@tdcmeehan Could you take a look and approve?

[tdcmeehan]

Please fix rebase conflicts.

[SthuthiGhosh9400]

@tdcmeehan
I have resolved the conflicts during the rebase. Could you help?

[SthuthiGhosh9400]

If it looks good, can we merge this PR? @tdcmeehan

[tdcmeehan]

@SthuthiGhosh9400 the CI is read. Please investigate. If you find it's not related, rebase to rerun the test.

[SthuthiGhosh9400]

@tdcmeehan I reran the test, and it looks good now.