From 147bc0b3f357a6c592072b45fdb78b1da7c56a08 Mon Sep 17 00:00:00 2001
From: David Federman <dfederm@microsoft.com>
Date: Mon, 4 Nov 2024 14:09:49 -0800
Subject: [PATCH] Blob: Remove branch from cache universe (#102)

---
 .../MSBuildCacheAzureBlobStoragePlugin.cs     | 19 +++++--------------
 src/Common/SourceControl/Git.cs               | 11 +----------
 2 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/src/AzureBlobStorage/MSBuildCacheAzureBlobStoragePlugin.cs b/src/AzureBlobStorage/MSBuildCacheAzureBlobStoragePlugin.cs
index 6d87659..df66bdf 100644
--- a/src/AzureBlobStorage/MSBuildCacheAzureBlobStoragePlugin.cs
+++ b/src/AzureBlobStorage/MSBuildCacheAzureBlobStoragePlugin.cs
@@ -22,7 +22,6 @@
 using BuildXL.Cache.MemoizationStore.Sessions;
 using Microsoft.Build.Experimental.ProjectCache;
 using Microsoft.MSBuildCache.Caching;
-using Microsoft.MSBuildCache.SourceControl;
 
 namespace Microsoft.MSBuildCache.AzureBlobStorage;
 
@@ -75,25 +74,17 @@ protected override async Task<ICacheClient> CreateCacheClientAsync(PluginLoggerB
 
         ICacheSession localCacheSession = await StartCacheSessionAsync(context, localCache, "local");
 
-        // We want our caches to be secure by default.  For Pipeline Caching, branches are isolated on the server-side.
-        // For Blob L3, we need to isolate the cache namespace on the client-side.  We do this by using the branch name as the cache namespace.
-        // Note: The build still has access to broad access to the underlying Storage account, so this is *not* a true security boundary,
-        // but rather a best effort attempt.
-
-        // The cache universe and namespace are directly applied to the name of the container, so we need to sanitize and summarize with hash.
-        string @namespace = await Git.BranchNameAsync(logger, Settings.RepoRoot);
-        string cacheContainer = $"{Settings.CacheUniverse}-{@namespace}";
-
+        // The cache universe and namespace are directly applied to the name of the container, so we need to sanitize and summarize with lowercase hash.
 #pragma warning disable CA1308 // Azure Storage only supports lowercase
-        string cacheContainerHash = ContentHasher.GetContentHash(Encoding.UTF8.GetBytes(cacheContainer)).ToShortString(includeHashType: false).ToLowerInvariant();
+        string cacheUniverse = ContentHasher.GetContentHash(Encoding.UTF8.GetBytes(Settings.CacheUniverse)).ToShortString(includeHashType: false).ToLowerInvariant();
 #pragma warning restore CA1308 // Azure Storage only supports lowercase
 
-        logger.LogMessage($"Using cache namespace '{cacheContainer}' as '{cacheContainerHash}'.");
+        logger.LogMessage($"Using cache universe '{Settings.CacheUniverse}' as '{cacheUniverse}'.");
 
         IAzureStorageCredentials credentials = CreateAzureStorageCredentials(Settings, cancellationToken);
 
 #pragma warning disable CA2000 // Dispose objects before losing scope. Expected to be disposed by TwoLevelCache
-        ICache remoteCache = CreateRemoteCache(new OperationContext(context, cancellationToken), cacheContainerHash, Settings.RemoteCacheIsReadOnly, credentials);
+        ICache remoteCache = CreateRemoteCache(new OperationContext(context, cancellationToken), cacheUniverse, Settings.RemoteCacheIsReadOnly, credentials);
 #pragma warning restore CA2000 // Dispose objects before losing scope
 
         ICacheSession remoteCacheSession = await StartCacheSessionAsync(context, remoteCache, "remote");
@@ -192,7 +183,7 @@ private static ICache CreateRemoteCache(OperationContext context, string cacheUn
         AzureBlobStorageCacheFactory.Configuration cacheConfig = new(
             ShardingScheme: new ShardingScheme(ShardingAlgorithm.SingleShard, [accountName]),
             Universe: cacheUniverse,
-            Namespace: "0",
+            Namespace: AzureBlobStorageCacheFactory.Configuration.DefaultNamespace,
             RetentionPolicyInDays: null,
             IsReadOnly: isReadOnly);
         return AzureBlobStorageCacheFactory.Create(context, cacheConfig, new StaticBlobCacheSecretsProvider(credentials)).Cache;
diff --git a/src/Common/SourceControl/Git.cs b/src/Common/SourceControl/Git.cs
index 05329c5..c23ba23 100644
--- a/src/Common/SourceControl/Git.cs
+++ b/src/Common/SourceControl/Git.cs
@@ -12,20 +12,11 @@
 
 namespace Microsoft.MSBuildCache.SourceControl;
 
-public static class Git
+internal static class Git
 {
     // UTF8 - NO BOM
     private static readonly Encoding InputEncoding = new UTF8Encoding(encoderShouldEmitUTF8Identifier: false);
 
-    public static async Task<string> BranchNameAsync(PluginLoggerBase logger, string repoRoot)
-    {
-        string branchName = await RunAsync(logger, repoRoot, "rev-parse --abbrev-ref HEAD",
-            (_, stdout) => stdout.ReadToEndAsync(),
-            (exitCode, result) => result,
-            CancellationToken.None);
-        return branchName.Trim();
-    }
-
     public static async Task<T> RunAsync<T>(
         PluginLoggerBase logger,
         string workingDir, string args,