Add `X-Request-Id` to all requests made by our CA clients

2 months ago · c1c2e73475
parent 4213a190d5
commit c1c2e73475
2 changed files with 19 additions and 4 deletions
--- a/ca/acmeClient.go
+++ b/ca/acmeClient.go
@ -48,6 +48,7 @@ func NewACMEClient(endpoint string, contact []string, opts ...ClientOption) (*AC
 		return nil, errors.Wrapf(err, "creating GET request %s failed", endpoint)
 	}
 	req.Header.Set("User-Agent", UserAgent)
+	enforceRequestID(req)
 	resp, err := ac.client.Do(req)
 	if err != nil {
 		return nil, errors.Wrapf(err, "client GET %s failed", endpoint)
@ -109,6 +110,7 @@ func (c *ACMEClient) GetNonce() (string, error) {
 		return "", errors.Wrapf(err, "creating GET request %s failed", c.dir.NewNonce)
 	}
 	req.Header.Set("User-Agent", UserAgent)
+	enforceRequestID(req)
 	resp, err := c.client.Do(req)
 	if err != nil {
 		return "", errors.Wrapf(err, "client GET %s failed", c.dir.NewNonce)
@ -188,6 +190,7 @@ func (c *ACMEClient) post(payload []byte, url string, headerOps ...withHeaderOpt
 	}
 	req.Header.Set("Content-Type", "application/jose+json")
 	req.Header.Set("User-Agent", UserAgent)
+	enforceRequestID(req)
 	resp, err := c.client.Do(req)
 	if err != nil {
 		return nil, errors.Wrapf(err, "client POST %s failed", c.dir.NewOrder)
--- a/ca/client.go
+++ b/ca/client.go
@ -24,6 +24,7 @@ import (
 	"strings"

 	"github.com/pkg/errors"
+	"github.com/rs/xid"
 	"github.com/smallstep/certificates/api"
 	"github.com/smallstep/certificates/authority"
 	"github.com/smallstep/certificates/authority/provisioner"
@ -83,8 +84,7 @@ func (c *uaClient) GetWithContext(ctx context.Context, u string) (*http.Response
 	if err != nil {
 		return nil, errors.Wrapf(err, "create GET %s request failed", u)
 	}
-	req.Header.Set("User-Agent", UserAgent)
-	return c.Client.Do(req)
+	return c.Do(req)
 }

 func (c *uaClient) Post(u, contentType string, body io.Reader) (*http.Response, error) {
@ -97,12 +97,24 @@ func (c *uaClient) PostWithContext(ctx context.Context, u, contentType string, b
 		return nil, errors.Wrapf(err, "create POST %s request failed", u)
 	}
 	req.Header.Set("Content-Type", contentType)
-	req.Header.Set("User-Agent", UserAgent)
-	return c.Client.Do(req)
+	return c.Do(req)
+}
+
+// requestIDHeader is the header name used for propagating request IDs from
+// the CA client to the CA and back again.
+const requestIDHeader = "X-Request-Id"
+
+// enforceRequestID checks if the X-Request-Id HTTP header is filled. If it's
+// empty, it'll generate a new request ID and set the header.
+func enforceRequestID(r *http.Request) {
+	if r.Header.Get(requestIDHeader) == "" {
+		r.Header.Set(requestIDHeader, xid.New().String())
+	}
 }

 func (c *uaClient) Do(req *http.Request) (*http.Response, error) {
 	req.Header.Set("User-Agent", UserAgent)
+	enforceRequestID(req)
 	return c.Client.Do(req)
 }