mononoke: add sampling for redacted accesses

Summary:
Previously we were not logging a redacted access if previous access was logged
less < MIN_REPORT_TIME_DIFFERENCE_NS ago. That doesn't work well with our
tests.

Let's instead add a sampling tunable.

Reviewed By: krallin

Differential Revision: D23595067

fbshipit-source-id: 47f6152945d9fdc2796fd1e74804e8bcf7f34940

eden/mononoke/blobstore/redactedblobstore/Cargo.toml

@@ -13,6 +13,7 @@ mononoke_types = { path = "../../mononoke_types" }
 scuba_ext = { path = "../../common/scuba_ext" }
 sql_construct = { path = "../../common/sql_construct" }
 sql_ext = { path = "../../common/rust/sql_ext" }
+tunables = { path = "../../tunables" }
 cloned = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
 futures_ext = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }
 sql = { git = "https://github.com/facebookexperimental/rust-shed.git", branch = "master" }

eden/mononoke/blobstore/redactedblobstore/src/lib.rs

@@ -24,13 +24,13 @@ use std::{
         Arc,
     },
 };
+use tunables::tunables;
 mod store;
 pub use crate::store::{RedactedMetadata, SqlRedactedContentStore};
 
 pub mod config {
     pub const GET_OPERATION: &str = "GET";
     pub const PUT_OPERATION: &str = "PUT";
-    pub const MIN_REPORT_TIME_DIFFERENCE_NS: i64 = 1_000_000_000;
 }
 
 #[derive(Debug, Clone)]
@@ -143,29 +143,38 @@ impl<T: Blobstore + Clone> RedactedBlobstoreInner<T> {
     pub fn to_scuba_redacted_blob_accessed(&self, ctx: &CoreContext, key: &str, operation: &str) {
         let curr_timestamp = Timestamp::now().timestamp_nanos();
         let last_timestamp = self.timestamp.load(Ordering::Acquire);
-        if config::MIN_REPORT_TIME_DIFFERENCE_NS < curr_timestamp - last_timestamp {
-            let res = &self.timestamp.compare_exchange(
-                last_timestamp,
-                curr_timestamp,
-                Ordering::Acquire,
-                Ordering::Relaxed,
-            );
 
-            if res.is_ok() {
-                let mut scuba_builder = self.config.scuba_builder.clone();
-                let session = &ctx.session_id();
-                scuba_builder
-                    .add("time", curr_timestamp)
-                    .add("operation", operation)
-                    .add("key", key.to_string())
-                    .add("session_uuid", session.to_string());
+        let sampling_rate =
+            core::num::NonZeroU64::new(tunables().get_redacted_logging_sampling_rate() as u64);
 
-                if let Some(unix_username) = ctx.user_unix_name().clone() {
-                    scuba_builder.add("unix_username", unix_username);
-                }
+        let res = &self.timestamp.compare_exchange(
+            last_timestamp,
+            curr_timestamp,
+            Ordering::Acquire,
+            Ordering::Relaxed,
+        );
 
-                scuba_builder.log();
+        if res.is_ok() {
+            let mut scuba_builder = self.config.scuba_builder.clone();
+
+            if let Some(sampling_rate) = sampling_rate {
+                scuba_builder.sampled(sampling_rate);
+            } else {
+                scuba_builder.unsampled();
             }
+
+            let session = &ctx.session_id();
+            scuba_builder
+                .add("time", curr_timestamp)
+                .add("operation", operation)
+                .add("key", key.to_string())
+                .add("session_uuid", session.to_string());
+
+            if let Some(unix_username) = ctx.user_unix_name().clone() {
+                scuba_builder.add("unix_username", unix_username);
+            }
+
+            scuba_builder.log();
         }
     }
 }

eden/mononoke/tunables/src/lib.rs

@@ -86,6 +86,7 @@ pub struct MononokeTunables {
     scs_other_methods_sampling_rate: AtomicI64,
     // When false error logs are never sampled
     scs_error_log_sampling: AtomicBool,
+    redacted_logging_sampling_rate: AtomicI64,
 }
 
 fn log_tunables(tunables: &TunablesStruct) -> String {