fix: formalize tenant header

parmesant · parmesant · commit 3c29c985d4cd · 2026-02-23T17:38:55.000+05:30
diff --git a/src/connectors/kafka/mod.rs b/src/connectors/kafka/mod.rs
@@ -17,6 +17,7 @@
  */
 
 use crate::connectors::kafka::config::KafkaConfig;
+use crate::handlers::TENANT_ID;
 use derive_more::Constructor;
 use rdkafka::client::OAuthToken;
 use rdkafka::consumer::{ConsumerContext, Rebalance};
@@ -151,7 +152,7 @@ pub struct ConsumerRecord {
 impl ConsumerRecord {
     pub fn from_borrowed_msg(msg: BorrowedMessage) -> Self {
         let tenant_id = if let Some(headers) = extract_headers(&msg)
-            && let Some(tenant_id) = headers.get("tenant")
+            && let Some(tenant_id) = headers.get(TENANT_ID)
         {
             tenant_id.clone()
         } else {
diff --git a/src/handlers/http/middleware.rs b/src/handlers/http/middleware.rs
@@ -31,7 +31,7 @@ use futures_util::future::LocalBoxFuture;
 use crate::{
     handlers::{
         AUTHORIZATION_KEY, KINESIS_COMMON_ATTRIBUTES_KEY, LOG_SOURCE_KEY, LOG_SOURCE_KINESIS,
-        STREAM_NAME_HEADER_KEY,
+        STREAM_NAME_HEADER_KEY, TENANT_ID,
         http::{ingest::PostError, modal::OIDC_CLIENT, rbac::RBACError},
     },
     option::Mode,
@@ -237,7 +237,7 @@ fn get_user_and_tenant(
     if PARSEABLE.options.is_multi_tenant() {
         // if ingestion then tenant MUST be present and should not be DEFAULT_TENANT
         let tenant = if action.eq(&Action::Ingest) {
-            if let Some(tenant) = request.headers().get("tenant")
+            if let Some(tenant) = request.headers().get(TENANT_ID)
                 && let Ok(tenant) = tenant.to_str()
             {
                 if tenant.eq(DEFAULT_TENANT) {
@@ -262,23 +262,23 @@ fn get_user_and_tenant(
                 && let Some(tid) = tenant.as_ref()
             {
                 request.headers_mut().insert(
-                    HeaderName::from_static("tenant"),
+                    HeaderName::from_static(TENANT_ID),
                     HeaderValue::from_str(tid).unwrap(),
                 );
                 t = tenant;
             } else {
                 // remove the header if already present
-                request.headers_mut().remove("tenant");
+                request.headers_mut().remove(TENANT_ID);
             }
             t
         };
         let userid = get_user_from_request(request.request());
         Ok((userid, tenant))
     } else {
         // not multi-tenant, tenant header should NOT be present
-        if request.headers().get("tenant").is_some() {
+        if request.headers().get(TENANT_ID).is_some() {
             *header_error = Some(actix_web::Error::from(PostError::Header(
-                crate::utils::header_parsing::ParseHeaderError::UnexpectedHeader("tenant".into()),
+                crate::utils::header_parsing::ParseHeaderError::UnexpectedHeader(TENANT_ID.into()),
             )));
         }
         let userid = get_user_from_request(request.request());
@@ -381,7 +381,7 @@ pub async fn refresh_token(
 
 #[inline(always)]
 pub fn check_suspension(req: &HttpRequest, action: Action) -> rbac::Response {
-    if let Some(tenant) = req.headers().get("tenant")
+    if let Some(tenant) = req.headers().get(TENANT_ID)
         && let Ok(tenant) = tenant.to_str()
     {
         if let Ok(Some(suspension)) = TENANT_METADATA.is_action_suspended(tenant, &action) {
diff --git a/src/handlers/http/modal/query/querier_role.rs b/src/handlers/http/modal/query/querier_role.rs
@@ -59,7 +59,7 @@ pub async fn put(
             return Err(RoleError::ProtectedRole);
         } else {
             // role exists and is not internal, can proceed with modification
-            role.append_privileges(body.privileges());
+            *role = body;
             role.clone()
         }
     } else {
diff --git a/src/handlers/mod.rs b/src/handlers/mod.rs
@@ -36,6 +36,7 @@ pub const UPDATE_STREAM_KEY: &str = "x-p-update-stream";
 pub const STREAM_TYPE_KEY: &str = "x-p-stream-type";
 pub const TELEMETRY_TYPE_KEY: &str = "x-p-telemetry-type";
 pub const DATASET_TAG_KEY: &str = "x-p-dataset-tag";
+pub const TENANT_ID: &str = "x-p-tenant";
 const COOKIE_AGE_DAYS: usize = 7;
 const SESSION_COOKIE_NAME: &str = "session";
 const USER_COOKIE_NAME: &str = "username";
diff --git a/src/rbac/map.rs b/src/rbac/map.rs
@@ -16,6 +16,7 @@
  *
  */
 
+use crate::handlers::TENANT_ID;
 use crate::parseable::DEFAULT_TENANT;
 use crate::rbac::role::ParseableResourceType;
 use crate::rbac::role::model::Role;
@@ -429,7 +430,7 @@ impl Sessions {
     pub fn mutate_request_with_tenant(&self, key: &SessionKey, req: &mut ServiceRequest) {
         if let Some((_, tenant, _)) = self.active_sessions.get(key) {
             req.headers_mut().insert(
-                HeaderName::from_static("tenant"),
+                HeaderName::from_static(TENANT_ID),
                 HeaderValue::from_bytes(tenant.as_bytes()).unwrap(),
             );
         }
diff --git a/src/rbac/mod.rs b/src/rbac/mod.rs
@@ -31,6 +31,7 @@ use rayon::iter::{IntoParallelRefIterator, ParallelBridge, ParallelIterator};
 use serde::Serialize;
 use url::Url;
 
+use crate::handlers::TENANT_ID;
 use crate::parseable::DEFAULT_TENANT;
 use crate::rbac::map::{mut_sessions, mut_users, read_user_groups, roles, sessions, users};
 use crate::rbac::role::Action;
@@ -318,7 +319,7 @@ impl Users {
                 .is_some()
         }) {
             req.headers_mut().insert(
-                HeaderName::from_static("tenant"),
+                HeaderName::from_static(TENANT_ID),
                 HeaderValue::from_bytes(tenant.as_bytes()).unwrap(),
             );
         };
diff --git a/src/rbac/role.rs b/src/rbac/role.rs
@@ -256,10 +256,6 @@ pub mod model {
                 .iter()
                 .any(|p| p.eq(&DefaultPrivilege::SuperAdmin))
         }
-
-        pub fn append_privileges(&mut self, new_actions: &[DefaultPrivilege]) {
-            self.actions.extend_from_slice(new_actions);
-        }
     }
 
     impl<'de> Deserialize<'de> for Role {
diff --git a/src/utils/mod.rs b/src/utils/mod.rs
@@ -27,6 +27,7 @@ pub mod uid;
 pub mod update;
 
 use crate::INTRA_CLUSTER_CLIENT;
+use crate::handlers::TENANT_ID;
 use crate::handlers::http::base_path_without_preceding_slash;
 use crate::handlers::http::cluster::for_each_live_node;
 use crate::handlers::http::rbac::RBACError;
@@ -118,7 +119,7 @@ pub fn get_user_and_tenant_from_request(
 
 pub fn get_tenant_id_from_request(req: &HttpRequest) -> Option<String> {
     req.headers()
-        .get("tenant")
+        .get(TENANT_ID)
         .map(|tenant_value| tenant_value.to_str().unwrap().to_owned())
 }
 

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ pub async fn put(`
`59`	`59`	`return Err(RoleError::ProtectedRole);`
`60`	`60`	`} else {`
`61`	`61`	`// role exists and is not internal, can proceed with modification`
`62`		`- role.append_privileges(body.privileges());`
	`62`	`+ *role = body;`
`63`	`63`	`role.clone()`
`64`	`64`	`}`
`65`	`65`	`} else {`
Original file line number	Diff line number	Diff line change
`@@ -256,10 +256,6 @@ pub mod model {`
`256`	`256`	`.iter()`
`257`	`257`	`.any(\|p\| p.eq(&DefaultPrivilege::SuperAdmin))`
`258`	`258`	`}`
`259`		`-`
`260`		`- pub fn append_privileges(&mut self, new_actions: &[DefaultPrivilege]) {`
`261`		`- self.actions.extend_from_slice(new_actions);`
`262`		`- }`
`263`	`259`	`}`
`264`	`260`
`265`	`261`	`impl<'de> Deserialize<'de> for Role {`