Skip to content

Commit

Permalink
Fixed Security Exceptions For Requests Wihtout PPL Access
Browse files Browse the repository at this point in the history
Signed-off-by: Vamsi Manohar <reddyvam@amazon.com>
  • Loading branch information
vamsi-amazon committed Aug 29, 2023
1 parent 627189b commit 9bc5920
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
import java.util.function.Supplier;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.OpenSearchSecurityException;
import org.opensearch.client.node.NodeClient;
import org.opensearch.core.action.ActionListener;
import org.opensearch.core.rest.RestStatus;
Expand All @@ -38,6 +39,7 @@
import org.opensearch.sql.plugin.transport.PPLQueryAction;
import org.opensearch.sql.plugin.transport.TransportPPLQueryRequest;
import org.opensearch.sql.plugin.transport.TransportPPLQueryResponse;
import org.opensearch.sql.prometheus.exceptions.PrometheusClientException;

public class RestPPLQueryAction extends BaseRestHandler {
public static final String QUERY_API_ENDPOINT = "/_plugins/_ppl";
Expand Down Expand Up @@ -134,6 +136,11 @@ public void onFailure(Exception e) {
"Failed to explain the query due to error: " + e.getMessage());
} else if (e instanceof IllegalAccessException) {
reportError(channel, e, BAD_REQUEST);
} else if (e instanceof PrometheusClientException) {
reportError(channel, e, BAD_REQUEST);
} else if (e instanceof OpenSearchSecurityException) {
OpenSearchSecurityException exception = (OpenSearchSecurityException) e;
reportError(channel, exception, exception.status());
} else {
LOG.error("Error happened during query handling", e);
if (isClientError(e)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.apache.logging.log4j.Logger;
import org.json.JSONArray;
import org.json.JSONObject;
import org.opensearch.sql.prometheus.exceptions.PrometheusClientException;
import org.opensearch.sql.prometheus.request.system.model.MetricMetadata;

public class PrometheusClientImpl implements PrometheusClient {
Expand Down Expand Up @@ -115,10 +116,10 @@ private JSONObject readResponse(Response response) throws IOException {
if ("success".equals(jsonObject.getString("status"))) {
return jsonObject;
} else {
throw new RuntimeException(jsonObject.getString("error"));
throw new PrometheusClientException(jsonObject.getString("error"));
}
} else {
throw new RuntimeException(
throw new PrometheusClientException(
String.format(
"Request to Prometheus is Unsuccessful with : %s",
Objects.requireNonNull(response.body(), "Response body can't be null").string()));
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
/*
*
* * Copyright OpenSearch Contributors
* * SPDX-License-Identifier: Apache-2.0
*
*/
package org.opensearch.sql.prometheus.exceptions;

/** PrometheusClientException */
public class PrometheusClientException extends RuntimeException {
public PrometheusClientException(String message) {
super(message);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.opensearch.sql.data.type.ExprCoreType;
import org.opensearch.sql.data.type.ExprType;
import org.opensearch.sql.prometheus.client.PrometheusClient;
import org.opensearch.sql.prometheus.exceptions.PrometheusClientException;
import org.opensearch.sql.prometheus.storage.PrometheusMetricDefaultSchema;

/**
Expand Down Expand Up @@ -80,7 +81,7 @@ public Map<String, ExprType> getFieldTypes() {
"Error while fetching labels for {} from prometheus: {}",
metricName,
e.getMessage());
throw new RuntimeException(
throw new PrometheusClientException(
String.format(
"Error while fetching labels " + "for %s from prometheus: %s",
metricName, e.getMessage()));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@ private OkHttpClient getHttpClient(Map<String, String> config) {
OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder();
okHttpClient.callTimeout(1, TimeUnit.MINUTES);
okHttpClient.connectTimeout(30, TimeUnit.SECONDS);
okHttpClient.followRedirects(false);
if (config.get(AUTH_TYPE) != null) {
AuthenticationType authenticationType = AuthenticationType.get(config.get(AUTH_TYPE));
if (AuthenticationType.BASICAUTH.equals(authenticationType)) {
Expand Down Expand Up @@ -162,8 +163,8 @@ private void validateURI(Map<String, String> config) throws URISyntaxException {
if (!matcher.matches()) {
throw new IllegalArgumentException(
String.format(
"Disallowed hostname in the uri: %s. Validate with %s config",
config.get(URI), Settings.Key.DATASOURCES_URI_ALLOWHOSTS.getKeyValue()));
"Invalid hostname in the uri. Validate with %s config",
Settings.Key.DATASOURCES_URI_ALLOWHOSTS.getKeyValue()));
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -269,7 +269,7 @@ void createDataSourceWithHostnameNotMatchingWithAllowHostsConfig() {
exception
.getMessage()
.contains(
"Disallowed hostname in the uri: http://localhost.com:9090. "
"Invalid hostname in the uri. "
+ "Validate with plugins.query.datasources.uri.allowhosts config"));
}

Expand Down

0 comments on commit 9bc5920

Please sign in to comment.