Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Prometheus connector does not accept ips as host name #2106

Closed
Spcemarine opened this issue Sep 16, 2023 · 5 comments · Fixed by #2130
Closed

[BUG] Prometheus connector does not accept ips as host name #2106

Spcemarine opened this issue Sep 16, 2023 · 5 comments · Fixed by #2130
Assignees
@vmmusings
Labels
bug Something isn't working

Comments

@Spcemarine
Copy link

What is the bug?
The creation of a prometheus datasource will fail if you supply any ip as the hostname for the URI saying that the hostname is invalid.

How can one reproduce the bug?
Create a prometheus datasource with an ip as hostname in the uri property. E.g.

POST _plugins/_query/_datasources 
  {
    "name": "my_prometheus",
    "connector": "prometheus",
    "properties": {
      "prometheus.uri": "http://172.25.0.3:9090"
    }
  }

What is the expected behavior?
The creation of prometheus datasources based on IPs is allowed.

What is your host/environment?
Running the latest docker image with a prometheus running on docker too, so ideally I wanted to use docker's dns but (something like http://prometheus) that was also denied by the hostname validation and then even plain ips did not work. :(

Do you have any screenshots?

No, but a stacktrace, even better right? 🤓

java.lang.IllegalArgumentException: Invalid hostname in the uri: http://172.25.0.3:9090
	at org.opensearch.sql.prometheus.storage.PrometheusStorageFactory.validateURI(PrometheusStorageFactory.java:154) ~[prometheus-2.9.0.0.jar:?]
	at org.opensearch.sql.prometheus.storage.PrometheusStorageFactory.validateDataSourceConfigProperties(PrometheusStorageFactory.java:80) ~[prometheus-2.9.0.0.jar:?]
	at org.opensearch.sql.prometheus.storage.PrometheusStorageFactory.lambda$getStorageEngine$0(PrometheusStorageFactory.java:88) ~[prometheus-2.9.0.0.jar:?]
	at java.security.AccessController.doPrivileged(AccessController.java:318) ~[?:?]
	at org.opensearch.sql.prometheus.storage.PrometheusStorageFactory.getStorageEngine(PrometheusStorageFactory.java:86) ~[prometheus-2.9.0.0.jar:?]
	at org.opensearch.sql.prometheus.storage.PrometheusStorageFactory.createDataSource(PrometheusStorageFactory.java:61) ~[prometheus-2.9.0.0.jar:?]
	at org.opensearch.sql.datasources.service.DataSourceLoaderCacheImpl.getOrLoadDataSource(DataSourceLoaderCacheImpl.java:43) ~[datasources-2.9.0.0.jar:?]
	at org.opensearch.sql.datasources.service.DataSourceServiceImpl.createDataSource(DataSourceServiceImpl.java:100) ~[datasources-2.9.0.0.jar:?]
	at org.opensearch.sql.datasources.transport.TransportCreateDataSourceAction.doExecute(TransportCreateDataSourceAction.java:52) [datasources-2.9.0.0.jar:?]
	at org.opensearch.sql.datasources.transport.TransportCreateDataSourceAction.doExecute(TransportCreateDataSourceAction.java:23) [datasources-2.9.0.0.jar:?]
	at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:218) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.indexmanagement.rollup.actionfilter.FieldCapsFilter.apply(FieldCapsFilter.kt:118) [opensearch-index-management-2.9.0.0.jar:2.9.0.0]
	at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.indexmanagement.controlcenter.notification.filter.IndexOperationActionFilter.apply(IndexOperationActionFilter.kt:39) [opensearch-index-management-2.9.0.0.jar:2.9.0.0]
	at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.performanceanalyzer.action.PerformanceAnalyzerActionFilter.apply(PerformanceAnalyzerActionFilter.java:78) [opensearch-performance-analyzer-2.9.0.0.jar:2.9.0.0]
	at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.security.filter.SecurityFilter.apply0(SecurityFilter.java:391) [opensearch-security-2.9.0.0.jar:2.9.0.0]
	at org.opensearch.security.filter.SecurityFilter.apply(SecurityFilter.java:165) [opensearch-security-2.9.0.0.jar:2.9.0.0]
	at org.opensearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:216) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.action.support.TransportAction.execute(TransportAction.java:188) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.action.support.TransportAction.execute(TransportAction.java:107) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.client.node.NodeClient.executeLocally(NodeClient.java:110) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.client.node.NodeClient.doExecute(NodeClient.java:97) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.client.support.AbstractClient.execute(AbstractClient.java:476) [opensearch-2.9.0.jar:2.9.0]
	at org.opensearch.sql.datasources.rest.RestDataSourceQueryAction.lambda$executePostRequest$1(RestDataSourceQueryAction.java:140) [datasources-2.9.0.0.jar:?]
	at org.opensearch.sql.datasources.utils.Scheduler.lambda$withCurrentContext$0(Scheduler.java:30) [datasources-2.9.0.0.jar:?]
	at org.opensearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:849) [opensearch-2.9.0.jar:2.9.0]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
	at java.lang.Thread.run(Thread.java:833) [?:?]

Would be nice to be able to use docker's dns feature directly since I actually did not want to use ips but I'm not sure if that's a feature request or bug report. If it's the former I can open a new issue for that. Also, I do not quite understand why it is required to do exessive domain validation and would challenge that entirely but I might be missing the bigger picture here.
@Spcemarine Spcemarine added bug Something isn't working untriaged labels Sep 16, 2023
@Spcemarine Spcemarine changed the title [BUG] Prometheus connector does not accept Ips as host name [BUG] Prometheus connector does not accept ips as host name Sep 16, 2023
@dai-chen
Copy link
Collaborator

@vamsi-amazon any idea?

@vmmusings
Copy link
Member

Thanks for the issue. This is due to the validation on the host provided here:

sql/datasources/src/main/java/org/opensearch/sql/datasources/utils/DatasourceValidationUtils.java

Line 62 in 61d1eb7

|| (!(DomainValidator.getInstance().isValid(host)

We could get away with the above code as we really don't need to validate the domain for SSRF issue.

@vmmusings vmmusings linked a pull request Sep 22, 2023 that will close this issue
Removed Domain Validation #2130
Merged
6 tasks
@vmmusings vmmusings self-assigned this Sep 22, 2023
@ghost
Copy link

ghost commented Sep 22, 2023
edited by ghost
Loading

Currently it is also not possible to pass prometheus uri's with ".local" or ".lan" TLDs and many more TLDs. Would your PR solve that also? And can we expect that this fix is available in OS 2.10?

@ghost
Copy link

ghost commented Sep 23, 2023

Or is it already available after merging? How does that work?

@ghost
Copy link

ghost commented Oct 7, 2023

@Spcemarine does it work now?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vmmusings vmmusings

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Removed Domain Validation vmmusings/sql
3 participants
@Spcemarine @dai-chen @vmmusings