Skip to content

Commit

Permalink
Throw OpensearchSecurityException incase of datasource authorization …
Browse files Browse the repository at this point in the history
…error (opensearch-project#2626)

Signed-off-by: Vamsi Manohar <[email protected]>
  • Loading branch information
vmmusings authored Apr 22, 2024
1 parent 7f8fbe9 commit 5464bfc
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,11 @@

import java.util.List;
import lombok.AllArgsConstructor;
import org.opensearch.OpenSearchSecurityException;
import org.opensearch.client.Client;
import org.opensearch.commons.ConfigConstants;
import org.opensearch.commons.authuser.User;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.sql.datasource.model.DataSourceMetadata;

@AllArgsConstructor
Expand Down Expand Up @@ -49,11 +51,12 @@ public void authorizeDataSource(DataSourceMetadata dataSourceMetadata) {
}
}
if (!isAuthorized) {
throw new SecurityException(
throw new OpenSearchSecurityException(
String.format(
"User is not authorized to access datasource %s. "
+ "User should be mapped to any of the roles in %s for access.",
dataSourceMetadata.getName(), dataSourceMetadata.getAllowedRoles().toString()));
dataSourceMetadata.getName(), dataSourceMetadata.getAllowedRoles().toString()),
RestStatus.UNAUTHORIZED);
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,17 @@

import java.util.List;
import org.junit.Assert;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Answers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.junit.jupiter.MockitoExtension;
import org.opensearch.OpenSearchSecurityException;
import org.opensearch.client.Client;
import org.opensearch.core.rest.RestStatus;
import org.opensearch.sql.datasource.model.DataSourceMetadata;
import org.opensearch.sql.datasource.model.DataSourceType;

Expand Down Expand Up @@ -90,14 +93,15 @@ public void testAuthorizeDataSourceWithException() {
.getTransient(OPENSEARCH_SECURITY_USER_INFO_THREAD_CONTEXT))
.thenReturn(userString);
DataSourceMetadata dataSourceMetadata = dataSourceMetadata();
SecurityException securityException =
OpenSearchSecurityException openSearchSecurityException =
Assert.assertThrows(
SecurityException.class,
OpenSearchSecurityException.class,
() -> this.dataSourceUserAuthorizationHelper.authorizeDataSource(dataSourceMetadata));
Assert.assertEquals(
Assertions.assertEquals(
"User is not authorized to access datasource test. "
+ "User should be mapped to any of the roles in [prometheus_access] for access.",
securityException.getMessage());
openSearchSecurityException.getMessage());
Assertions.assertEquals(RestStatus.UNAUTHORIZED, openSearchSecurityException.status());
}

private DataSourceMetadata dataSourceMetadata() {
Expand Down

0 comments on commit 5464bfc

Please sign in to comment.