Skip to content

Commit

Permalink
Fixed Security Exceptions For Requests Wihtout PPL Access (#2033) (#2039
Browse files Browse the repository at this point in the history
)

Signed-off-by: Vamsi Manohar <[email protected]>
(cherry picked from commit 56bc7d5)
  • Loading branch information
vamsimanohar authored Aug 30, 2023
1 parent 01e957d commit 3133390
Show file tree
Hide file tree
Showing 9 changed files with 122 additions and 33 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
/*
*
* * Copyright OpenSearch Contributors
* * SPDX-License-Identifier: Apache-2.0
*
*/

package org.opensearch.sql.datasources.exceptions;

/**
* This is the base class for all DataSource Client Exceptions. All datasource connector modules
* will extend this exception for their respective connection clients.
*/
public class DataSourceClientException extends RuntimeException {

public DataSourceClientException(String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import java.util.function.Supplier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchSecurityException;
import org.opensearch.action.ActionListener;
import org.opensearch.client.node.NodeClient;
import org.opensearch.index.IndexNotFoundException;
Expand All @@ -28,6 +29,7 @@
import org.opensearch.rest.RestStatus;
import org.opensearch.sql.common.antlr.SyntaxCheckException;
import org.opensearch.sql.common.setting.Settings;
import org.opensearch.sql.datasources.exceptions.DataSourceClientException;
import org.opensearch.sql.exception.ExpressionEvaluationException;
import org.opensearch.sql.exception.QueryEngineException;
import org.opensearch.sql.exception.SemanticCheckException;
Expand Down Expand Up @@ -67,7 +69,9 @@ private static boolean isClientError(Exception e) {
|| e instanceof SemanticCheckException
|| e instanceof ExpressionEvaluationException
|| e instanceof QueryEngineException
|| e instanceof SyntaxCheckException;
|| e instanceof SyntaxCheckException
|| e instanceof DataSourceClientException
|| e instanceof IllegalAccessException;
}

@Override
Expand Down Expand Up @@ -129,8 +133,9 @@ public void onFailure(Exception e) {
channel,
INTERNAL_SERVER_ERROR,
"Failed to explain the query due to error: " + e.getMessage());
} else if (e instanceof IllegalAccessException) {
reportError(channel, e, BAD_REQUEST);
} else if (e instanceof OpenSearchSecurityException) {
OpenSearchSecurityException exception = (OpenSearchSecurityException) e;
reportError(channel, exception, exception.status());
} else {
LOG.error("Error happened during query handling", e);
if (isClientError(e)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,9 @@
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.opensearch.sql.prometheus.exceptions.PrometheusClientException;
import org.opensearch.sql.prometheus.request.system.model.MetricMetadata;

public class PrometheusClientImpl implements PrometheusClient {
Expand Down Expand Up @@ -98,18 +100,26 @@ private List<String> toListOfLabels(JSONArray array) {

private JSONObject readResponse(Response response) throws IOException {
if (response.isSuccessful()) {
JSONObject jsonObject = new JSONObject(Objects.requireNonNull(response.body()).string());
JSONObject jsonObject;
try {
jsonObject = new JSONObject(Objects.requireNonNull(response.body()).string());
} catch (JSONException jsonException) {
throw new PrometheusClientException(
"Prometheus returned unexpected body, "
+ "please verify your prometheus server setup.");
}
if ("success".equals(jsonObject.getString("status"))) {
return jsonObject;
} else {
throw new RuntimeException(jsonObject.getString("error"));
throw new PrometheusClientException(jsonObject.getString("error"));
}
} else {
throw new RuntimeException(
String.format("Request to Prometheus is Unsuccessful with : %s", Objects.requireNonNull(
response.body(), "Response body can't be null").string()));
throw new PrometheusClientException(
String.format(
"Request to Prometheus is Unsuccessful with : %s",
Objects.requireNonNull(response.body(), "Response body can't be null").string()));
}
}


}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/*
*
* * Copyright OpenSearch Contributors
* * SPDX-License-Identifier: Apache-2.0
*
*/

package org.opensearch.sql.prometheus.exceptions;

import org.opensearch.sql.datasources.exceptions.DataSourceClientException;

/** PrometheusClientException. */
public class PrometheusClientException extends DataSourceClientException {
public PrometheusClientException(String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import org.opensearch.sql.data.type.ExprCoreType;
import org.opensearch.sql.data.type.ExprType;
import org.opensearch.sql.prometheus.client.PrometheusClient;
import org.opensearch.sql.prometheus.exceptions.PrometheusClientException;
import org.opensearch.sql.prometheus.storage.PrometheusMetricDefaultSchema;

/**
Expand Down Expand Up @@ -73,18 +74,25 @@ public PrometheusDescribeMetricRequest(PrometheusClient prometheusClient,
*/
public Map<String, ExprType> getFieldTypes() {
Map<String, ExprType> fieldTypes = new HashMap<>();
AccessController.doPrivileged((PrivilegedAction<List<Void>>) () -> {
try {
prometheusClient.getLabels(metricName)
.forEach(label -> fieldTypes.put(label, ExprCoreType.STRING));
} catch (IOException e) {
LOG.error("Error while fetching labels for {} from prometheus: {}",
metricName, e.getMessage());
throw new RuntimeException(String.format("Error while fetching labels "
+ "for %s from prometheus: %s", metricName, e.getMessage()));
}
return null;
});
AccessController.doPrivileged(
(PrivilegedAction<List<Void>>)
() -> {
try {
prometheusClient
.getLabels(metricName)
.forEach(label -> fieldTypes.put(label, ExprCoreType.STRING));
} catch (IOException e) {
LOG.error(
"Error while fetching labels for {} from prometheus: {}",
metricName,
e.getMessage());
throw new PrometheusClientException(
String.format(
"Error while fetching labels " + "for %s from prometheus: %s",
metricName, e.getMessage()));
}
return null;
});
fieldTypes.putAll(PrometheusMetricDefaultSchema.DEFAULT_MAPPING.getMapping());
return fieldTypes;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ private OkHttpClient getHttpClient(Map<String, String> config) {
OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder();
okHttpClient.callTimeout(1, TimeUnit.MINUTES);
okHttpClient.connectTimeout(30, TimeUnit.SECONDS);
okHttpClient.followRedirects(false);
if (config.get(AUTH_TYPE) != null) {
AuthenticationType authenticationType = AuthenticationType.get(config.get(AUTH_TYPE));
if (AuthenticationType.BASICAUTH.equals(authenticationType)) {
Expand Down Expand Up @@ -158,8 +159,9 @@ private void validateURI(Map<String, String> config) throws URISyntaxException {
Matcher matcher = allowHostsPattern.matcher(host);
if (!matcher.matches()) {
throw new IllegalArgumentException(
String.format("Disallowed hostname in the uri: %s. Validate with %s config",
config.get(URI), Settings.Key.DATASOURCES_URI_ALLOWHOSTS.getKeyValue()));
String.format(
"Disallowed hostname in the uri. Validate with %s config",
Settings.Key.DATASOURCES_URI_ALLOWHOSTS.getKeyValue()));
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.junit.jupiter.MockitoExtension;
import org.opensearch.sql.prometheus.exceptions.PrometheusClientException;
import org.opensearch.sql.prometheus.request.system.model.MetricMetadata;

@ExtendWith(MockitoExtension.class)
Expand Down Expand Up @@ -72,10 +73,30 @@ void testQueryRangeWith2xxStatusAndError() {
.addHeader("Content-Type", "application/json; charset=utf-8")
.setBody(getJson("error_response.json"));
mockWebServer.enqueue(mockResponse);
RuntimeException runtimeException
= assertThrows(RuntimeException.class,
() -> prometheusClient.queryRange(QUERY, STARTTIME, ENDTIME, STEP));
assertEquals("Error", runtimeException.getMessage());
PrometheusClientException prometheusClientException =
assertThrows(
PrometheusClientException.class,
() -> prometheusClient.queryRange(QUERY, STARTTIME, ENDTIME, STEP));
assertEquals("Error", prometheusClientException.getMessage());
RecordedRequest recordedRequest = mockWebServer.takeRequest();
verifyQueryRangeCall(recordedRequest);
}

@Test
@SneakyThrows
void testQueryRangeWithNonJsonResponse() {
MockResponse mockResponse =
new MockResponse()
.addHeader("Content-Type", "application/json; charset=utf-8")
.setBody(getJson("non_json_response.json"));
mockWebServer.enqueue(mockResponse);
PrometheusClientException prometheusClientException =
assertThrows(
PrometheusClientException.class,
() -> prometheusClient.queryRange(QUERY, STARTTIME, ENDTIME, STEP));
assertEquals(
"Prometheus returned unexpected body, " + "please verify your prometheus server setup.",
prometheusClientException.getMessage());
RecordedRequest recordedRequest = mockWebServer.takeRequest();
verifyQueryRangeCall(recordedRequest);
}
Expand All @@ -87,11 +108,14 @@ void testQueryRangeWithNon2xxError() {
.addHeader("Content-Type", "application/json; charset=utf-8")
.setResponseCode(400);
mockWebServer.enqueue(mockResponse);
RuntimeException runtimeException
= assertThrows(RuntimeException.class,
() -> prometheusClient.queryRange(QUERY, STARTTIME, ENDTIME, STEP));
PrometheusClientException prometheusClientException =
assertThrows(
PrometheusClientException.class,
() -> prometheusClient.queryRange(QUERY, STARTTIME, ENDTIME, STEP));
assertTrue(
runtimeException.getMessage().contains("Request to Prometheus is Unsuccessful with :"));
prometheusClientException
.getMessage()
.contains("Request to Prometheus is Unsuccessful with :"));
RecordedRequest recordedRequest = mockWebServer.takeRequest();
verifyQueryRangeCall(recordedRequest);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -259,8 +259,11 @@ void createDataSourceWithHostnameNotMatchingWithAllowHostsConfig() {
RuntimeException exception = Assertions.assertThrows(RuntimeException.class,
() -> prometheusStorageFactory.createDataSource(metadata));
Assertions.assertTrue(
exception.getMessage().contains("Disallowed hostname in the uri: http://localhost.com:9090. "
+ "Validate with plugins.query.datasources.uri.allowhosts config"));
exception
.getMessage()
.contains(
"Disallowed hostname in the uri. "
+ "Validate with plugins.query.datasources.uri.allowhosts config"));
}

@Test
Expand Down
1 change: 1 addition & 0 deletions prometheus/src/test/resources/non_json_response.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
fadsfadsfasdfasdfadsfasdfadsfadsf

0 comments on commit 3133390

Please sign in to comment.