feat(core): IPC metadata forwarding

[alkalescent]

Proposed Changes

• Forwards gRPC metadata to services via headers for IPC

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[gemini-code-assist]

Summary of Changes

Hello @alkalescent, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the Inter-Process Communication (IPC) mechanism by enabling the transparent forwarding of generic gRPC metadata between services. It achieves this by serializing incoming gRPC context metadata into x-ipc-meta- prefixed HTTP headers on the client side and then deserializing them back into gRPC metadata on the server side. This ensures that custom metadata, beyond standard authentication tokens, can be propagated across service boundaries.

Highlights

• Client-side Metadata Forwarding: Implemented a client interceptor to automatically forward all gRPC incoming context metadata (excluding client ID and access token) as x-ipc-meta- prefixed HTTP headers.
• Server-side Metadata Restoration: Added logic to the server interceptor to reconstruct gRPC metadata from incoming x-ipc-meta- HTTP headers, making it available in the gRPC context.
• Comprehensive Testing: Introduced new unit tests to cover the forwarding and restoration of generic metadata, including a full round-trip test to ensure data integrity across the IPC boundary.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• service/internal/auth/authn.go
  • Added a new constant ipcMetadataHeaderPrefix for x-ipc-meta- headers.
  • Modified IPCMetadataClientInterceptor to forward gRPC metadata to HTTP headers.
  • Modified IPCUnaryServerInterceptor to restore gRPC metadata from HTTP headers.
• service/internal/auth/authn_ipc_metadata_interceptor_test.go
  • Updated an existing test case name to reflect generic forwarding.
  • Added a new assertion for x-ipc-meta-custom-key in an existing test.
  • Added TestIPCMetadataClientInterceptor_ForwardsGenericMetadata to verify client-side forwarding.
  • Added TestIPCMetadataClientInterceptor_SkipsClientIDAndAccessToken to ensure specific headers are not re-forwarded.
  • Added TestIPCUnaryServerInterceptor_RestoresGenericMetadata to validate server-side metadata restoration.
  • Added TestIPCMetadata_RoundTrip to confirm end-to-end metadata propagation.

Activity

• The author indicated that unit tests have been added or updated.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Headers flow unseen, Metadata, context deep, Services now speak.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a mechanism to forward gRPC metadata across Inter-Process Communication (IPC) calls by encoding them as HTTP headers. However, the IPCUnaryServerInterceptor implementation is insecure, as it blindly promotes any HTTP header with the x-ipc-meta- prefix to the request's gRPC metadata context. This poses a significant risk of metadata spoofing, potentially bypassing security controls like tenant isolation. A strict allow-list for forwarded metadata keys is crucial to mitigate this. Additionally, the review suggests improving code clarity, simplifying the server interceptor, and implementing an explicit allow-list for the client interceptor to prevent potential side effects.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	197.180687ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	102.887316ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	373.257949ms
Throughput	267.91 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.626487728s
Average Latency	424.644336ms
Throughput	117.30 requests/second

[github-actions]

X-Test Results

opentdfplatformURA64S.dockerbuild
cukes-report
bats-test-results
✅ js-v0.9.0
test-cases-mapping-report
✅ java-v0.9.0
✅ js-pull-3099
✅ java-pull-3099
✅ go-v0.9.0
✅ go-pull-3099

[github-actions]

X-Test Results

opentdfplatformRETNQU.dockerbuild
cukes-report
✅ js-v0.9.0
✅ js-pull-3099
✅ java-v0.9.0
✅ go-v0.9.0
✅ java-pull-3099
bats-test-results
test-cases-mapping-report
✅ go-pull-3099

[github-actions]

X-Test Results

opentdfplatform5PK8YW.dockerbuild
cukes-report
bats-test-results
test-cases-mapping-report
✅ js-v0.9.0
✅ js-pull-3099
✅ java-v0.9.0
✅ java-pull-3099
✅ go-v0.9.0
✅ go-pull-3099

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	191.911193ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	108.611121ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	365.600307ms
Throughput	273.52 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.760974722s
Average Latency	395.857438ms
Throughput	125.75 requests/second

[github-actions]

X-Test Results

opentdfplatformNO49SQ.dockerbuild
cukes-report
✅ js-v0.9.0
✅ js-pull-3099
✅ java-v0.9.0
✅ java-pull-3099
✅ go-v0.9.0
✅ go-pull-3099

[elizabethhealy]

should we wrap ipcMetadataHeaderPrefix+key with http.CanonicalHeaderKey()? the restore logic below looks like it expects that format

[alkalescent]

Header.add canonicalizes internally