Split Match Logging into enforced and unenforced

Summary: This change is requested from DS for logging enforced and unforced matching events to enable detailed analysis. Reviewed By: AjanthanAsogamoorthy Differential Revision: D66509366 fbshipit-source-id: 4c3ff8ae7359a9abf23f2b3267943e0d70608dfe
facebook · Jan 14, 2025 · 947ac7b · 947ac7b
1 parent b47c451
commit 947ac7b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/third-party/thrift/src/thrift/lib/cpp2/server/LoggingEvent.h b/third-party/thrift/src/thrift/lib/cpp2/server/LoggingEvent.h
@@ -203,7 +203,12 @@ class LoggingEventRegistry {
   virtual ~LoggingEventRegistry() {}
 };
 
-enum class CertIPResult { SKIPPED, MATCHED, MISMATCHED };
+enum class CertIPResult {
+  SKIPPED,
+  MATCHED_ENFORCED,
+  MATCHED_UNENFORCED,
+  MISMATCHED
+};
 
 namespace detail {
 THRIFT_PLUGGABLE_FUNC_DECLARE(

diff --git a/third-party/thrift/src/thrift/lib/cpp2/server/LoggingEventHelper.cpp b/third-party/thrift/src/thrift/lib/cpp2/server/LoggingEventHelper.cpp
@@ -46,8 +46,11 @@ void maybeLogTlsPeerCertEvent(
     case CertIPResult::SKIPPED:
       THRIFT_CONNECTION_EVENT(tls.cert_ip_skipped).log(context);
       return;
-    case CertIPResult::MATCHED:
-      THRIFT_CONNECTION_EVENT(tls.cert_ip_match).log(context);
+    case CertIPResult::MATCHED_ENFORCED:
+      THRIFT_CONNECTION_EVENT(tls.cert_ip_match_enforced).log(context);
+      return;
+    case CertIPResult::MATCHED_UNENFORCED:
+      THRIFT_CONNECTION_EVENT(tls.cert_ip_match_unenforced).log(context);
       return;
     case CertIPResult::MISMATCHED:
       THRIFT_CONNECTION_EVENT(tls.cert_ip_mismatch).log(context);