diff --git a/async-query-core/src/main/java/org/opensearch/sql/spark/client/EMRServerlessClientFactoryImpl.java b/async-query-core/src/main/java/org/opensearch/sql/spark/client/EMRServerlessClientFactoryImpl.java index 72973b3bbb3..c7175a36c56 100644 --- a/async-query-core/src/main/java/org/opensearch/sql/spark/client/EMRServerlessClientFactoryImpl.java +++ b/async-query-core/src/main/java/org/opensearch/sql/spark/client/EMRServerlessClientFactoryImpl.java @@ -10,8 +10,6 @@ import com.amazonaws.auth.DefaultAWSCredentialsProviderChain; import com.amazonaws.services.emrserverless.AWSEMRServerless; import com.amazonaws.services.emrserverless.AWSEMRServerlessClientBuilder; -import java.security.AccessController; -import java.security.PrivilegedAction; import lombok.RequiredArgsConstructor; import org.opensearch.sql.spark.asyncquery.model.NullAsyncQueryRequestContext; import org.opensearch.sql.spark.config.SparkExecutionEngineConfig; @@ -56,15 +54,11 @@ private void validateSparkExecutionEngineConfig( private EMRServerlessClient createEMRServerlessClient(String awsRegion) { // TODO: It does not handle accountId for now. (it creates client for same account) - return AccessController.doPrivileged( - (PrivilegedAction) - () -> { - AWSEMRServerless awsemrServerless = - AWSEMRServerlessClientBuilder.standard() - .withRegion(awsRegion) - .withCredentials(new DefaultAWSCredentialsProviderChain()) - .build(); - return new EmrServerlessClientImpl(awsemrServerless, metricsService); - }); + AWSEMRServerless awsemrServerless = + AWSEMRServerlessClientBuilder.standard() + .withRegion(awsRegion) + .withCredentials(new DefaultAWSCredentialsProviderChain()) + .build(); + return new EmrServerlessClientImpl(awsemrServerless, metricsService); } } diff --git a/async-query-core/src/main/java/org/opensearch/sql/spark/client/EmrServerlessClientImpl.java b/async-query-core/src/main/java/org/opensearch/sql/spark/client/EmrServerlessClientImpl.java index f6f3633bc7e..9ed8219e147 100644 --- a/async-query-core/src/main/java/org/opensearch/sql/spark/client/EmrServerlessClientImpl.java +++ b/async-query-core/src/main/java/org/opensearch/sql/spark/client/EmrServerlessClientImpl.java @@ -21,8 +21,6 @@ import com.amazonaws.services.emrserverless.model.StartJobRunRequest; import com.amazonaws.services.emrserverless.model.StartJobRunResult; import com.amazonaws.services.emrserverless.model.ValidationException; -import java.security.AccessController; -import java.security.PrivilegedAction; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.StringUtils; import org.apache.logging.log4j.LogManager; @@ -61,23 +59,18 @@ public String startJobRun(StartJobRequest startJobRequest) { .withEntryPointArguments(resultIndex) .withSparkSubmitParameters(startJobRequest.getSparkSubmitParams()))); - StartJobRunResult startJobRunResult = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - return emrServerless.startJobRun(request); - } catch (Throwable t) { - logger.error("Error while making start job request to emr:", t); - metricsService.incrementNumericalMetric(EMR_START_JOB_REQUEST_FAILURE_COUNT); - if (t instanceof ValidationException) { - throw new IllegalArgumentException( - "The input fails to satisfy the constraints specified by AWS EMR" - + " Serverless."); - } - throw new RuntimeException(GENERIC_INTERNAL_SERVER_ERROR_MESSAGE); - } - }); + StartJobRunResult startJobRunResult; + try { + startJobRunResult = emrServerless.startJobRun(request); + } catch (Throwable t) { + logger.error("Error while making start job request to emr:", t); + metricsService.incrementNumericalMetric(EMR_START_JOB_REQUEST_FAILURE_COUNT); + if (t instanceof ValidationException) { + throw new IllegalArgumentException( + "The input fails to satisfy the constraints specified by AWS EMR" + " Serverless."); + } + throw new RuntimeException(GENERIC_INTERNAL_SERVER_ERROR_MESSAGE); + } logger.info("Job Run ID: " + startJobRunResult.getJobRunId()); return startJobRunResult.getJobRunId(); } @@ -86,18 +79,14 @@ public String startJobRun(StartJobRequest startJobRequest) { public GetJobRunResult getJobRunResult(String applicationId, String jobId) { GetJobRunRequest request = new GetJobRunRequest().withApplicationId(applicationId).withJobRunId(jobId); - GetJobRunResult getJobRunResult = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - return emrServerless.getJobRun(request); - } catch (Throwable t) { - logger.error("Error while making get job run request to emr:", t); - metricsService.incrementNumericalMetric(EMR_GET_JOB_RESULT_FAILURE_COUNT); - throw new RuntimeException(GENERIC_INTERNAL_SERVER_ERROR_MESSAGE); - } - }); + GetJobRunResult getJobRunResult; + try { + getJobRunResult = emrServerless.getJobRun(request); + } catch (Throwable t) { + logger.error("Error while making get job run request to emr:", t); + metricsService.incrementNumericalMetric(EMR_GET_JOB_RESULT_FAILURE_COUNT); + throw new RuntimeException(GENERIC_INTERNAL_SERVER_ERROR_MESSAGE); + } logger.info("Job Run state: " + getJobRunResult.getJobRun().getState()); return getJobRunResult; } @@ -107,27 +96,22 @@ public CancelJobRunResult cancelJobRun( String applicationId, String jobId, boolean allowExceptionPropagation) { CancelJobRunRequest cancelJobRunRequest = new CancelJobRunRequest().withJobRunId(jobId).withApplicationId(applicationId); - CancelJobRunResult cancelJobRunResult = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - return emrServerless.cancelJobRun(cancelJobRunRequest); - } catch (Throwable t) { - if (allowExceptionPropagation) { - throw t; - } + CancelJobRunResult cancelJobRunResult; + try { + cancelJobRunResult = emrServerless.cancelJobRun(cancelJobRunRequest); + } catch (Throwable t) { + if (allowExceptionPropagation) { + throw t; + } - logger.error("Error while making cancel job request to emr: jobId=" + jobId, t); - metricsService.incrementNumericalMetric(EMR_CANCEL_JOB_REQUEST_FAILURE_COUNT); - if (t instanceof ValidationException) { - throw new IllegalArgumentException( - "The input fails to satisfy the constraints specified by AWS EMR" - + " Serverless."); - } - throw new RuntimeException(GENERIC_INTERNAL_SERVER_ERROR_MESSAGE); - } - }); + logger.error("Error while making cancel job request to emr: jobId=" + jobId, t); + metricsService.incrementNumericalMetric(EMR_CANCEL_JOB_REQUEST_FAILURE_COUNT); + if (t instanceof ValidationException) { + throw new IllegalArgumentException( + "The input fails to satisfy the constraints specified by AWS EMR" + " Serverless."); + } + throw new RuntimeException(GENERIC_INTERNAL_SERVER_ERROR_MESSAGE); + } logger.info(String.format("Job : %s cancelled", cancelJobRunResult.getJobRunId())); return cancelJobRunResult; } diff --git a/async-query/src/main/java/org/opensearch/sql/spark/config/SparkExecutionEngineConfigClusterSettingLoader.java b/async-query/src/main/java/org/opensearch/sql/spark/config/SparkExecutionEngineConfigClusterSettingLoader.java index 73b057ca5cb..7d67fe1988c 100644 --- a/async-query/src/main/java/org/opensearch/sql/spark/config/SparkExecutionEngineConfigClusterSettingLoader.java +++ b/async-query/src/main/java/org/opensearch/sql/spark/config/SparkExecutionEngineConfigClusterSettingLoader.java @@ -7,8 +7,6 @@ import static org.opensearch.sql.common.setting.Settings.Key.SPARK_EXECUTION_ENGINE_CONFIG; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Optional; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.StringUtils; @@ -24,11 +22,8 @@ public Optional load() { this.settings.getSettingValue(SPARK_EXECUTION_ENGINE_CONFIG); if (!StringUtils.isBlank(sparkExecutionEngineConfigSettingString)) { return Optional.of( - AccessController.doPrivileged( - (PrivilegedAction) - () -> - SparkExecutionEngineConfigClusterSetting.toSparkExecutionEngineConfig( - sparkExecutionEngineConfigSettingString))); + SparkExecutionEngineConfigClusterSetting.toSparkExecutionEngineConfig( + sparkExecutionEngineConfigSettingString)); } else { return Optional.empty(); } diff --git a/core/src/main/java/org/opensearch/sql/executor/QueryService.java b/core/src/main/java/org/opensearch/sql/executor/QueryService.java index d23430e7c4a..c85849df725 100644 --- a/core/src/main/java/org/opensearch/sql/executor/QueryService.java +++ b/core/src/main/java/org/opensearch/sql/executor/QueryService.java @@ -5,8 +5,6 @@ package org.opensearch.sql.executor; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.List; import java.util.Optional; import javax.annotation.Nullable; @@ -100,19 +98,14 @@ public void executeWithCalcite( CalcitePlanContext.run( () -> { try { - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - CalcitePlanContext context = - CalcitePlanContext.create( - buildFrameworkConfig(), SysLimit.fromSettings(settings), queryType); - RelNode relNode = analyze(plan, context); - relNode = mergeAdjacentFilters(relNode); - RelNode optimized = optimize(relNode, context); - RelNode calcitePlan = convertToCalcitePlan(optimized); - executionEngine.execute(calcitePlan, context, listener); - return null; - }); + CalcitePlanContext context = + CalcitePlanContext.create( + buildFrameworkConfig(), SysLimit.fromSettings(settings), queryType); + RelNode relNode = analyze(plan, context); + relNode = mergeAdjacentFilters(relNode); + RelNode optimized = optimize(relNode, context); + RelNode calcitePlan = convertToCalcitePlan(optimized); + executionEngine.execute(calcitePlan, context, listener); } catch (Throwable t) { if (isCalciteFallbackAllowed(t) && !(t instanceof NonFallbackCalciteException)) { log.warn("Fallback to V2 query engine since got exception", t); @@ -144,23 +137,18 @@ public void explainWithCalcite( CalcitePlanContext.run( () -> { try { - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - CalcitePlanContext context = - CalcitePlanContext.create( - buildFrameworkConfig(), SysLimit.fromSettings(settings), queryType); - context.run( - () -> { - RelNode relNode = analyze(plan, context); - relNode = mergeAdjacentFilters(relNode); - RelNode optimized = optimize(relNode, context); - RelNode calcitePlan = convertToCalcitePlan(optimized); - executionEngine.explain(calcitePlan, format, context, listener); - }, - settings); - return null; - }); + CalcitePlanContext context = + CalcitePlanContext.create( + buildFrameworkConfig(), SysLimit.fromSettings(settings), queryType); + context.run( + () -> { + RelNode relNode = analyze(plan, context); + relNode = mergeAdjacentFilters(relNode); + RelNode optimized = optimize(relNode, context); + RelNode calcitePlan = convertToCalcitePlan(optimized); + executionEngine.explain(calcitePlan, format, context, listener); + }, + settings); } catch (Throwable t) { if (isCalciteFallbackAllowed(t)) { log.warn("Fallback to V2 query engine since got exception", t); diff --git a/direct-query-core/src/main/java/org/opensearch/sql/prometheus/query/PrometheusQueryHandler.java b/direct-query-core/src/main/java/org/opensearch/sql/prometheus/query/PrometheusQueryHandler.java index 9e73f6888fa..5c8642a7ff2 100644 --- a/direct-query-core/src/main/java/org/opensearch/sql/prometheus/query/PrometheusQueryHandler.java +++ b/direct-query-core/src/main/java/org/opensearch/sql/prometheus/query/PrometheusQueryHandler.java @@ -6,8 +6,6 @@ package org.opensearch.sql.prometheus.query; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.List; import java.util.Map; import org.apache.logging.log4j.LogManager; @@ -52,64 +50,60 @@ public Class getClientClass() { @Override public String executeQuery(PrometheusClient client, ExecuteDirectQueryRequest request) throws IOException { - return AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - PrometheusOptions options = request.getPrometheusOptions(); - PrometheusQueryType queryType = options.getQueryType(); - if (queryType == null) { - return createErrorJson("Query type is required for Prometheus queries"); - } + try { + PrometheusOptions options = request.getPrometheusOptions(); + PrometheusQueryType queryType = options.getQueryType(); + if (queryType == null) { + return createErrorJson("Query type is required for Prometheus queries"); + } - String startTimeStr = options.getStart(); - String endTimeStr = options.getEnd(); - Integer limit = request.getMaxResults(); - Integer timeout = request.getTimeout(); + String startTimeStr = options.getStart(); + String endTimeStr = options.getEnd(); + Integer limit = request.getMaxResults(); + Integer timeout = request.getTimeout(); - if (queryType == PrometheusQueryType.RANGE - && (startTimeStr == null || endTimeStr == null)) { - return createErrorJson("Start and end times are required for Prometheus queries"); - } else if (queryType == PrometheusQueryType.INSTANT && options.getTime() == null) { - return createErrorJson("Time is required for instant Prometheus queries"); - } + if (queryType == PrometheusQueryType.RANGE + && (startTimeStr == null || endTimeStr == null)) { + return createErrorJson("Start and end times are required for Prometheus queries"); + } else if (queryType == PrometheusQueryType.INSTANT && options.getTime() == null) { + return createErrorJson("Time is required for instant Prometheus queries"); + } - switch (queryType) { - case RANGE: - { - JSONObject metricData = - client.queryRange( - request.getQuery(), - Long.parseLong(startTimeStr), - Long.parseLong(endTimeStr), - options.getStep(), - limit, - timeout); - return metricData.toString(); - } + switch (queryType) { + case RANGE: + { + JSONObject metricData = + client.queryRange( + request.getQuery(), + Long.parseLong(startTimeStr), + Long.parseLong(endTimeStr), + options.getStep(), + limit, + timeout); + return metricData.toString(); + } - case INSTANT: - default: - { - JSONObject metricData = - client.query( - request.getQuery(), - Long.parseLong(options.getTime()), - limit, - timeout); - return metricData.toString(); - } - } - } catch (NumberFormatException e) { - return createErrorJson("Invalid time format: " + e.getMessage()); - } catch (PrometheusClientException e) { - LOG.error("Prometheus client error executing query", e); - return createErrorJson(e.getMessage()); - } catch (IOException e) { - LOG.error("Error executing query", e); - return createErrorJson(e.getMessage()); - } - }); + case INSTANT: + default: + { + JSONObject metricData = + client.query( + request.getQuery(), + Long.parseLong(options.getTime()), + limit, + timeout); + return metricData.toString(); + } + } + } catch (NumberFormatException e) { + return createErrorJson("Invalid time format: " + e.getMessage()); + } catch (PrometheusClientException e) { + LOG.error("Prometheus client error executing query", e); + return createErrorJson(e.getMessage()); + } catch (IOException e) { + LOG.error("Error executing query", e); + return createErrorJson(e.getMessage()); + } } private String createErrorJson(String message) { @@ -119,109 +113,101 @@ private String createErrorJson(String message) { @Override public GetDirectQueryResourcesResponse getResources( PrometheusClient client, GetDirectQueryResourcesRequest request) { - return AccessController.doPrivileged( - (PrivilegedAction>) - () -> { - try { - if (request.getResourceType() == null) { - throw new IllegalArgumentException("Resource type cannot be null"); - } + try { + if (request.getResourceType() == null) { + throw new IllegalArgumentException("Resource type cannot be null"); + } - switch (request.getResourceType()) { - case LABELS: - { - List labels = client.getLabels(request.getQueryParams()); - return GetDirectQueryResourcesResponse.withStringList(labels); - } - case LABEL: - { - List labelValues = - client.getLabel(request.getResourceName(), request.getQueryParams()); - return GetDirectQueryResourcesResponse.withStringList(labelValues); - } - case METADATA: - { - Map> metadata = - client.getAllMetrics(request.getQueryParams()); - return GetDirectQueryResourcesResponse.withMap(metadata); - } - case SERIES: - { - List> series = client.getSeries(request.getQueryParams()); - return GetDirectQueryResourcesResponse.withList(series); - } - case ALERTS: - { - JSONObject alerts = client.getAlerts(); - return GetDirectQueryResourcesResponse.withMap(alerts.toMap()); - } - case RULES: - { - JSONObject rules = client.getRules(request.getQueryParams()); - return GetDirectQueryResourcesResponse.withMap(rules.toMap()); - } - case ALERTMANAGER_ALERTS: - { - JSONArray alerts = client.getAlertmanagerAlerts(request.getQueryParams()); - return GetDirectQueryResourcesResponse.withList(alerts.toList()); - } - case ALERTMANAGER_ALERT_GROUPS: - { - JSONArray alertGroups = - client.getAlertmanagerAlertGroups(request.getQueryParams()); - return GetDirectQueryResourcesResponse.withList(alertGroups.toList()); - } - case ALERTMANAGER_RECEIVERS: - { - JSONArray receivers = client.getAlertmanagerReceivers(); - return GetDirectQueryResourcesResponse.withList(receivers.toList()); - } - case ALERTMANAGER_SILENCES: - { - JSONArray silences = client.getAlertmanagerSilences(); - return GetDirectQueryResourcesResponse.withList(silences.toList()); - } - default: - throw new IllegalArgumentException( - "Invalid prometheus resource type: " + request.getResourceType()); - } - } catch (IOException e) { - LOG.error("Error getting resources", e); - throw new PrometheusClientException( - String.format( - "Error while getting resources for %s: %s", - request.getResourceType(), e.getMessage())); - } - }); + switch (request.getResourceType()) { + case LABELS: + { + List labels = client.getLabels(request.getQueryParams()); + return GetDirectQueryResourcesResponse.withStringList(labels); + } + case LABEL: + { + List labelValues = + client.getLabel(request.getResourceName(), request.getQueryParams()); + return GetDirectQueryResourcesResponse.withStringList(labelValues); + } + case METADATA: + { + Map> metadata = + client.getAllMetrics(request.getQueryParams()); + return GetDirectQueryResourcesResponse.withMap(metadata); + } + case SERIES: + { + List> series = client.getSeries(request.getQueryParams()); + return GetDirectQueryResourcesResponse.withList(series); + } + case ALERTS: + { + JSONObject alerts = client.getAlerts(); + return GetDirectQueryResourcesResponse.withMap(alerts.toMap()); + } + case RULES: + { + JSONObject rules = client.getRules(request.getQueryParams()); + return GetDirectQueryResourcesResponse.withMap(rules.toMap()); + } + case ALERTMANAGER_ALERTS: + { + JSONArray alerts = client.getAlertmanagerAlerts(request.getQueryParams()); + return GetDirectQueryResourcesResponse.withList(alerts.toList()); + } + case ALERTMANAGER_ALERT_GROUPS: + { + JSONArray alertGroups = + client.getAlertmanagerAlertGroups(request.getQueryParams()); + return GetDirectQueryResourcesResponse.withList(alertGroups.toList()); + } + case ALERTMANAGER_RECEIVERS: + { + JSONArray receivers = client.getAlertmanagerReceivers(); + return GetDirectQueryResourcesResponse.withList(receivers.toList()); + } + case ALERTMANAGER_SILENCES: + { + JSONArray silences = client.getAlertmanagerSilences(); + return GetDirectQueryResourcesResponse.withList(silences.toList()); + } + default: + throw new IllegalArgumentException( + "Invalid prometheus resource type: " + request.getResourceType()); + } + } catch (IOException e) { + LOG.error("Error getting resources", e); + throw new PrometheusClientException( + String.format( + "Error while getting resources for %s: %s", + request.getResourceType(), e.getMessage())); + } } @Override public WriteDirectQueryResourcesResponse writeResources( PrometheusClient client, WriteDirectQueryResourcesRequest request) { - return AccessController.doPrivileged( - (PrivilegedAction>) - () -> { - try { - if (request.getResourceType() == null) { - throw new IllegalArgumentException("Resource type cannot be null"); - } + try { + if (request.getResourceType() == null) { + throw new IllegalArgumentException("Resource type cannot be null"); + } - switch (request.getResourceType()) { - case ALERTMANAGER_SILENCES: - { - String createdSilence = client.createAlertmanagerSilences(request.getRequest()); - return WriteDirectQueryResourcesResponse.withList(List.of(createdSilence)); - } - default: - throw new IllegalArgumentException( - "Invalid prometheus resource type: " + request.getResourceType()); - } - } catch (IOException e) { - LOG.error("Error getting resources", e); - throw new PrometheusClientException( - String.format( - "Error while getting resources for %s: %s", - request.getResourceType(), e.getMessage())); - } - }); + switch (request.getResourceType()) { + case ALERTMANAGER_SILENCES: + { + String createdSilence = client.createAlertmanagerSilences(request.getRequest()); + return WriteDirectQueryResourcesResponse.withList(List.of(createdSilence)); + } + default: + throw new IllegalArgumentException( + "Invalid prometheus resource type: " + request.getResourceType()); + } + } catch (IOException e) { + LOG.error("Error getting resources", e); + throw new PrometheusClientException( + String.format( + "Error while getting resources for %s: %s", + request.getResourceType(), e.getMessage())); + } } } diff --git a/direct-query-core/src/main/java/org/opensearch/sql/prometheus/utils/PrometheusClientUtils.java b/direct-query-core/src/main/java/org/opensearch/sql/prometheus/utils/PrometheusClientUtils.java index 1a95eda190c..1d0ffa0fa1c 100644 --- a/direct-query-core/src/main/java/org/opensearch/sql/prometheus/utils/PrometheusClientUtils.java +++ b/direct-query-core/src/main/java/org/opensearch/sql/prometheus/utils/PrometheusClientUtils.java @@ -8,8 +8,6 @@ import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.auth.BasicAWSCredentials; import java.net.URI; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.HashMap; import java.util.Map; import java.util.Objects; @@ -52,40 +50,36 @@ private PrometheusClientUtils() {} public static final String ALERTMANAGER_SECRET_KEY = "alertmanager.auth.secret_key"; public static OkHttpClient getHttpClient(Map config, Settings settings) { - return AccessController.doPrivileged( - (PrivilegedAction) - () -> { - OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder(); - okHttpClient.callTimeout(1, TimeUnit.MINUTES); - okHttpClient.connectTimeout(30, TimeUnit.SECONDS); - okHttpClient.followRedirects(false); - okHttpClient.addInterceptor( - new URIValidatorInterceptor( - settings.getSettingValue(Settings.Key.DATASOURCES_URI_HOSTS_DENY_LIST))); - if (config.get(AUTH_TYPE) != null) { - AuthenticationType authenticationType = - AuthenticationType.get(config.get(AUTH_TYPE)); - if (AuthenticationType.BASICAUTH.equals(authenticationType)) { - okHttpClient.addInterceptor( - new BasicAuthenticationInterceptor( - config.get(USERNAME), config.get(PASSWORD))); - } else if (AuthenticationType.AWSSIGV4AUTH.equals(authenticationType)) { - okHttpClient.addInterceptor( - new AwsSigningInterceptor( - new AWSStaticCredentialsProvider( - new BasicAWSCredentials( - config.get(ACCESS_KEY), config.get(SECRET_KEY))), - config.get(REGION), - "aps")); - } else { - throw new IllegalArgumentException( - String.format( - "AUTH Type : %s is not supported with Prometheus Connector", - config.get(AUTH_TYPE))); - } - } - return okHttpClient.build(); - }); + OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder(); + okHttpClient.callTimeout(1, TimeUnit.MINUTES); + okHttpClient.connectTimeout(30, TimeUnit.SECONDS); + okHttpClient.followRedirects(false); + okHttpClient.addInterceptor( + new URIValidatorInterceptor( + settings.getSettingValue(Settings.Key.DATASOURCES_URI_HOSTS_DENY_LIST))); + if (config.get(AUTH_TYPE) != null) { + AuthenticationType authenticationType = + AuthenticationType.get(config.get(AUTH_TYPE)); + if (AuthenticationType.BASICAUTH.equals(authenticationType)) { + okHttpClient.addInterceptor( + new BasicAuthenticationInterceptor( + config.get(USERNAME), config.get(PASSWORD))); + } else if (AuthenticationType.AWSSIGV4AUTH.equals(authenticationType)) { + okHttpClient.addInterceptor( + new AwsSigningInterceptor( + new AWSStaticCredentialsProvider( + new BasicAWSCredentials( + config.get(ACCESS_KEY), config.get(SECRET_KEY))), + config.get(REGION), + "aps")); + } else { + throw new IllegalArgumentException( + String.format( + "AUTH Type : %s is not supported with Prometheus Connector", + config.get(AUTH_TYPE))); + } + } + return okHttpClient.build(); } /** diff --git a/direct-query/src/main/java/org/opensearch/sql/directquery/transport/model/ExecuteDirectQueryActionResponse.java b/direct-query/src/main/java/org/opensearch/sql/directquery/transport/model/ExecuteDirectQueryActionResponse.java index 3393a80b511..0b573e162fc 100644 --- a/direct-query/src/main/java/org/opensearch/sql/directquery/transport/model/ExecuteDirectQueryActionResponse.java +++ b/direct-query/src/main/java/org/opensearch/sql/directquery/transport/model/ExecuteDirectQueryActionResponse.java @@ -8,8 +8,6 @@ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.HashMap; import java.util.Map; import lombok.Getter; @@ -64,20 +62,15 @@ public ExecuteDirectQueryActionResponse(StreamInput in) throws IOException { String dataSourceType = in.readString(); String resultJson = in.readString(); - // Create appropriate DataSourceResult based on type - using privileged action + // Create appropriate DataSourceResult based on type DataSourceResult result; switch (dataSourceType) { case "prometheus": - result = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - return OBJECT_MAPPER.readValue(resultJson, PrometheusResult.class); - } catch (IOException e) { - throw new RuntimeException("Failed to deserialize Prometheus result", e); - } - }); + try { + result = OBJECT_MAPPER.readValue(resultJson, PrometheusResult.class); + } catch (IOException e) { + throw new RuntimeException("Failed to deserialize Prometheus result", e); + } break; // Add cases for other data source types as they're implemented default: @@ -110,17 +103,13 @@ public void writeTo(StreamOutput streamOutput) throws IOException { throw new IOException("Unsupported DataSourceResult type: " + result.getClass().getName()); } - // Serialize the data source result to JSON - using privileged action - final String serializedResult = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - return OBJECT_MAPPER.writeValueAsString(result); - } catch (IOException e) { - throw new RuntimeException("Failed to serialize result", e); - } - }); + // Serialize the data source result to JSON + final String serializedResult; + try { + serializedResult = OBJECT_MAPPER.writeValueAsString(result); + } catch (IOException e) { + throw new RuntimeException("Failed to serialize result", e); + } streamOutput.writeString(serializedResult); } @@ -150,25 +139,16 @@ private Map parseResult( resultWithType = rawResult; } - // Use AccessController.doPrivileged() to handle reflection security restrictions - DataSourceResult result = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - // Parse based on the determined data source type - switch (dataSourceType.toLowerCase()) { - case "prometheus": - return OBJECT_MAPPER.readValue(resultWithType, PrometheusResult.class); - // Add cases for other data source types as they're implemented - default: - throw new IOException("Unsupported data source type: " + dataSourceType); - } - } catch (IOException e) { - throw new RuntimeException( - "Failed to parse result for data source type: " + dataSourceType, e); - } - }); + DataSourceResult result; + // Parse based on the determined data source type + switch (dataSourceType.toLowerCase()) { + case "prometheus": + result = OBJECT_MAPPER.readValue(resultWithType, PrometheusResult.class); + break; + // Add cases for other data source types as they're implemented + default: + throw new IOException("Unsupported data source type: " + dataSourceType); + } parsedResults.put(dataSourceName, result); } catch (RuntimeException e) { diff --git a/integ-test/src/test/java/org/opensearch/sql/calcite/standalone/CalcitePPLIntegTestCase.java b/integ-test/src/test/java/org/opensearch/sql/calcite/standalone/CalcitePPLIntegTestCase.java index 29c84a947aa..d47656471b0 100644 --- a/integ-test/src/test/java/org/opensearch/sql/calcite/standalone/CalcitePPLIntegTestCase.java +++ b/integ-test/src/test/java/org/opensearch/sql/calcite/standalone/CalcitePPLIntegTestCase.java @@ -53,7 +53,6 @@ import org.opensearch.sql.opensearch.executor.OpenSearchExecutionEngine; import org.opensearch.sql.opensearch.executor.protector.ExecutionProtector; import org.opensearch.sql.opensearch.executor.protector.OpenSearchExecutionProtector; -import org.opensearch.sql.opensearch.security.SecurityAccess; import org.opensearch.sql.opensearch.storage.OpenSearchDataSourceFactory; import org.opensearch.sql.opensearch.storage.OpenSearchStorageEngine; import org.opensearch.sql.planner.Planner; @@ -99,7 +98,7 @@ public void init() throws IOException { getSettings(), dataSourceService)); Injector injector = modules.createInjector(); - pplService = SecurityAccess.doPrivileged(() -> injector.getInstance(PPLService.class)); + pplService = injector.getInstance(PPLService.class); } protected Settings getSettings() { diff --git a/integ-test/src/test/java/org/opensearch/sql/ppl/StandaloneIT.java b/integ-test/src/test/java/org/opensearch/sql/ppl/StandaloneIT.java index 2d120ffc1e5..6e1266764cf 100644 --- a/integ-test/src/test/java/org/opensearch/sql/ppl/StandaloneIT.java +++ b/integ-test/src/test/java/org/opensearch/sql/ppl/StandaloneIT.java @@ -50,7 +50,6 @@ import org.opensearch.sql.opensearch.executor.OpenSearchExecutionEngine; import org.opensearch.sql.opensearch.executor.protector.ExecutionProtector; import org.opensearch.sql.opensearch.executor.protector.OpenSearchExecutionProtector; -import org.opensearch.sql.opensearch.security.SecurityAccess; import org.opensearch.sql.opensearch.storage.OpenSearchDataSourceFactory; import org.opensearch.sql.opensearch.storage.OpenSearchStorageEngine; import org.opensearch.sql.planner.Planner; @@ -93,7 +92,7 @@ public void init() throws Exception { new StandaloneModule( new InternalRestHighLevelClient(client()), defaultSettings(), dataSourceService)); Injector injector = modules.createInjector(); - pplService = SecurityAccess.doPrivileged(() -> injector.getInstance(PPLService.class)); + pplService = injector.getInstance(PPLService.class); } @Test diff --git a/legacy/src/main/java/org/opensearch/sql/legacy/cursor/DefaultCursor.java b/legacy/src/main/java/org/opensearch/sql/legacy/cursor/DefaultCursor.java index e7955289561..166266ca79a 100644 --- a/legacy/src/main/java/org/opensearch/sql/legacy/cursor/DefaultCursor.java +++ b/legacy/src/main/java/org/opensearch/sql/legacy/cursor/DefaultCursor.java @@ -13,8 +13,6 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Base64; import java.util.Collections; import java.util.HashMap; @@ -132,16 +130,12 @@ public String generateCursorId() { json.put(SCHEMA_COLUMNS, getSchemaAsJson()); json.put(FIELD_ALIAS_MAP, fieldAliasMap); json.put(PIT_ID, pitId); - String sortFieldValue = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - return objectMapper.writeValueAsString(sortFields); - } catch (JsonProcessingException e) { - throw new RuntimeException("Failed to parse sort fields from JSON string.", e); - } - }); + String sortFieldValue; + try { + sortFieldValue = objectMapper.writeValueAsString(sortFields); + } catch (JsonProcessingException e) { + throw new RuntimeException("Failed to serialize sort fields to JSON string.", e); + } json.put(SORT_FIELDS, sortFieldValue); setSearchRequestString(json, searchSourceBuilder); @@ -205,15 +199,11 @@ private static void populateCursorForPit(JSONObject json, DefaultCursor cursor) } private static Object[] getSortFieldsFromJson(JSONObject json) { - return AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - return objectMapper.readValue(json.getString(SORT_FIELDS), Object[].class); - } catch (JsonProcessingException e) { - throw new RuntimeException("Failed to parse sort fields from JSON string.", e); - } - }); + try { + return objectMapper.readValue(json.getString(SORT_FIELDS), Object[].class); + } catch (JsonProcessingException e) { + throw new RuntimeException("Failed to parse sort fields from JSON string.", e); + } } private JSONArray getSchemaAsJson() { diff --git a/legacy/src/main/java/org/opensearch/sql/legacy/plugin/RestSQLQueryAction.java b/legacy/src/main/java/org/opensearch/sql/legacy/plugin/RestSQLQueryAction.java index 0df812c038f..21badf79412 100644 --- a/legacy/src/main/java/org/opensearch/sql/legacy/plugin/RestSQLQueryAction.java +++ b/legacy/src/main/java/org/opensearch/sql/legacy/plugin/RestSQLQueryAction.java @@ -26,7 +26,6 @@ import org.opensearch.sql.executor.ExecutionEngine.ExplainResponse; import org.opensearch.sql.legacy.metrics.MetricName; import org.opensearch.sql.legacy.metrics.Metrics; -import org.opensearch.sql.opensearch.security.SecurityAccess; import org.opensearch.sql.protocol.response.QueryResult; import org.opensearch.sql.protocol.response.format.CommandResponseFormatter; import org.opensearch.sql.protocol.response.format.CsvResponseFormatter; @@ -92,8 +91,7 @@ public RestChannelConsumer prepareRequest( return channel -> fallbackHandler.accept(channel, new IllegalStateException("not supported")); } - SQLService sqlService = - SecurityAccess.doPrivileged(() -> injector.getInstance(SQLService.class)); + SQLService sqlService = injector.getInstance(SQLService.class); if (request.isExplainRequest()) { return channel -> diff --git a/opensearch/src/main/java/org/opensearch/sql/opensearch/executor/OpenSearchExecutionEngine.java b/opensearch/src/main/java/org/opensearch/sql/opensearch/executor/OpenSearchExecutionEngine.java index 07f0683acad..71f0c8667ff 100644 --- a/opensearch/src/main/java/org/opensearch/sql/opensearch/executor/OpenSearchExecutionEngine.java +++ b/opensearch/src/main/java/org/opensearch/sql/opensearch/executor/OpenSearchExecutionEngine.java @@ -6,8 +6,6 @@ package org.opensearch.sql.opensearch.executor; import com.google.common.base.Suppliers; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.ResultSetMetaData; @@ -186,9 +184,7 @@ public void explain( CalcitePlanContext.skipEncoding.set(true); } // triggers the hook - AccessController.doPrivileged( - (PrivilegedAction) - () -> OpenSearchRelRunners.run(context, rel)); + OpenSearchRelRunners.run(context, rel); } listener.onResponse( new ExplainResponse( @@ -206,19 +202,14 @@ public void explain( public void execute( RelNode rel, CalcitePlanContext context, ResponseListener listener) { client.schedule( - () -> - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try (PreparedStatement statement = OpenSearchRelRunners.run(context, rel)) { - ResultSet result = statement.executeQuery(); - buildResultSet( - result, rel.getRowType(), context.sysLimit.querySizeLimit(), listener); - } catch (SQLException e) { - throw new RuntimeException(e); - } - return null; - })); + () -> { + try (PreparedStatement statement = OpenSearchRelRunners.run(context, rel)) { + ResultSet result = statement.executeQuery(); + buildResultSet(result, rel.getRowType(), context.sysLimit.querySizeLimit(), listener); + } catch (SQLException e) { + throw new RuntimeException(e); + } + }); } private void buildResultSet( diff --git a/opensearch/src/main/java/org/opensearch/sql/opensearch/security/SecurityAccess.java b/opensearch/src/main/java/org/opensearch/sql/opensearch/security/SecurityAccess.java deleted file mode 100644 index 95c52ea2757..00000000000 --- a/opensearch/src/main/java/org/opensearch/sql/opensearch/security/SecurityAccess.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright OpenSearch Contributors - * SPDX-License-Identifier: Apache-2.0 - */ - -package org.opensearch.sql.opensearch.security; - -import java.security.AccessController; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; -import org.opensearch.SpecialPermission; - -/** - * Ref: - * https://www.elastic.co/guide/en/elasticsearch/plugins/current/plugin-authors.html#_java_security_permissions - */ -public class SecurityAccess { - - /** Execute the operation in privileged mode. */ - public static T doPrivileged(final PrivilegedExceptionAction operation) { - SpecialPermission.check(); - try { - return AccessController.doPrivileged(operation); - } catch (final PrivilegedActionException e) { - throw new IllegalStateException("Failed to perform privileged action", e); - } - } -} diff --git a/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java b/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java index 1624b66ec7e..bab448423dd 100644 --- a/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java +++ b/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java @@ -9,8 +9,6 @@ import static org.opensearch.sql.data.type.ExprCoreType.FLOAT; import static org.opensearch.sql.data.type.ExprCoreType.INTEGER; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.time.chrono.ChronoZonedDateTime; import java.util.HashMap; import java.util.HashSet; @@ -50,12 +48,8 @@ public class ExpressionScript { /** Expression constructor. */ public ExpressionScript(Expression expression) { this.expression = expression; - this.fields = - AccessController.doPrivileged( - (PrivilegedAction>) () -> extractFields(expression)); - this.valueFactory = - AccessController.doPrivileged( - (PrivilegedAction) () -> buildValueFactory(fields)); + this.fields = extractFields(expression); + this.valueFactory = buildValueFactory(fields); } /** @@ -68,14 +62,9 @@ public ExpressionScript(Expression expression) { public ExprValue execute( Supplier>> docProvider, BiFunction, ExprValue> evaluator) { - return AccessController.doPrivileged( - (PrivilegedAction) - () -> { - Environment valueEnv = - buildValueEnv(fields, valueFactory, docProvider); - ExprValue result = evaluator.apply(expression, valueEnv); - return result; - }); + Environment valueEnv = buildValueEnv(fields, valueFactory, docProvider); + ExprValue result = evaluator.apply(expression, valueEnv); + return result; } public static Set extractFields(Expression expr) { diff --git a/plugin/src/main/java/org/opensearch/sql/plugin/transport/TransportPPLQueryAction.java b/plugin/src/main/java/org/opensearch/sql/plugin/transport/TransportPPLQueryAction.java index b53e41b0ee4..83a419cca66 100644 --- a/plugin/src/main/java/org/opensearch/sql/plugin/transport/TransportPPLQueryAction.java +++ b/plugin/src/main/java/org/opensearch/sql/plugin/transport/TransportPPLQueryAction.java @@ -30,7 +30,6 @@ import org.opensearch.sql.executor.ExecutionEngine; import org.opensearch.sql.legacy.metrics.MetricName; import org.opensearch.sql.legacy.metrics.Metrics; -import org.opensearch.sql.opensearch.security.SecurityAccess; import org.opensearch.sql.opensearch.setting.OpenSearchSettings; import org.opensearch.sql.plugin.config.OpenSearchPluginModule; import org.opensearch.sql.ppl.PPLService; @@ -105,8 +104,7 @@ protected void doExecute( QueryContext.addRequestId(); - PPLService pplService = - SecurityAccess.doPrivileged(() -> injector.getInstance(PPLService.class)); + PPLService pplService = injector.getInstance(PPLService.class); TransportPPLQueryRequest transportRequest = TransportPPLQueryRequest.fromActionRequest(request); // in order to use PPL service, we need to convert TransportPPLQueryRequest to PPLQueryRequest PPLQueryRequest transformedRequest = transportRequest.toPPLQueryRequest(); diff --git a/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryExemplarsFunctionTableScanOperator.java b/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryExemplarsFunctionTableScanOperator.java index 1a584293286..9d9d5f63d53 100644 --- a/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryExemplarsFunctionTableScanOperator.java +++ b/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryExemplarsFunctionTableScanOperator.java @@ -6,8 +6,6 @@ package org.opensearch.sql.prometheus.functions.scan; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Locale; import lombok.Getter; import lombok.RequiredArgsConstructor; @@ -37,22 +35,17 @@ public class QueryExemplarsFunctionTableScanOperator extends TableScanOperator { @Override public void open() { super.open(); - this.queryExemplarsFunctionResponseHandle = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - JSONArray responseArray = - prometheusClient.queryExemplars( - request.getQuery(), request.getStartTime(), request.getEndTime()); - return new QueryExemplarsFunctionResponseHandle(responseArray); - } catch (IOException e) { - LOG.error(e.getMessage()); - throw new RuntimeException( - String.format( - "Error fetching data from prometheus server: %s", e.getMessage())); - } - }); + try { + JSONArray responseArray = + prometheusClient.queryExemplars( + request.getQuery(), request.getStartTime(), request.getEndTime()); + this.queryExemplarsFunctionResponseHandle = new QueryExemplarsFunctionResponseHandle(responseArray); + } catch (IOException e) { + LOG.error(e.getMessage()); + throw new RuntimeException( + String.format( + "Error fetching data from prometheus server: %s", e.getMessage())); + } } @Override diff --git a/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryRangeFunctionTableScanOperator.java b/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryRangeFunctionTableScanOperator.java index fc3f9f9a9b0..a030a713c08 100644 --- a/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryRangeFunctionTableScanOperator.java +++ b/prometheus/src/main/java/org/opensearch/sql/prometheus/functions/scan/QueryRangeFunctionTableScanOperator.java @@ -8,8 +8,6 @@ package org.opensearch.sql.prometheus.functions.scan; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Locale; import lombok.RequiredArgsConstructor; import org.apache.logging.log4j.LogManager; @@ -37,25 +35,20 @@ public class QueryRangeFunctionTableScanOperator extends TableScanOperator { @Override public void open() { super.open(); - this.prometheusResponseHandle = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - JSONObject responseObject = - prometheusClient.queryRange( - request.getPromQl(), - request.getStartTime(), - request.getEndTime(), - request.getStep()); - return new QueryRangeFunctionResponseHandle(responseObject); - } catch (IOException e) { - LOG.error(e.getMessage()); - throw new RuntimeException( - String.format( - "Error fetching data from prometheus server: %s", e.getMessage())); - } - }); + try { + JSONObject responseObject = + prometheusClient.queryRange( + request.getPromQl(), + request.getStartTime(), + request.getEndTime(), + request.getStep()); + this.prometheusResponseHandle = new QueryRangeFunctionResponseHandle(responseObject); + } catch (IOException e) { + LOG.error(e.getMessage()); + throw new RuntimeException( + String.format( + "Error fetching data from prometheus server: %s", e.getMessage())); + } } @Override diff --git a/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusDescribeMetricRequest.java b/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusDescribeMetricRequest.java index 6049f8c0c33..9a1019aa611 100644 --- a/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusDescribeMetricRequest.java +++ b/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusDescribeMetricRequest.java @@ -10,8 +10,6 @@ import static org.opensearch.sql.data.model.ExprValueUtils.stringValue; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.HashMap; import java.util.LinkedHashMap; @@ -69,25 +67,20 @@ public PrometheusDescribeMetricRequest( */ public Map getFieldTypes() { Map fieldTypes = new HashMap<>(); - AccessController.doPrivileged( - (PrivilegedAction>) - () -> { - try { - prometheusClient - .getLabels(metricName) - .forEach(label -> fieldTypes.put(label, ExprCoreType.STRING)); - } catch (IOException e) { - LOG.error( - "Error while fetching labels for {} from prometheus: {}", - metricName, - e.getMessage()); - throw new PrometheusClientException( - String.format( - "Error while fetching labels " + "for %s from prometheus: %s", - metricName, e.getMessage())); - } - return null; - }); + try { + prometheusClient + .getLabels(metricName) + .forEach(label -> fieldTypes.put(label, ExprCoreType.STRING)); + } catch (IOException e) { + LOG.error( + "Error while fetching labels for {} from prometheus: {}", + metricName, + e.getMessage()); + throw new PrometheusClientException( + String.format( + "Error while fetching labels " + "for %s from prometheus: %s", + metricName, e.getMessage())); + } fieldTypes.putAll(PrometheusMetricDefaultSchema.DEFAULT_MAPPING.getMapping()); return fieldTypes; } diff --git a/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusListMetricsRequest.java b/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusListMetricsRequest.java index c45f25fad4f..f8d86b7d3be 100644 --- a/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusListMetricsRequest.java +++ b/prometheus/src/main/java/org/opensearch/sql/prometheus/request/system/PrometheusListMetricsRequest.java @@ -10,8 +10,6 @@ import static org.opensearch.sql.data.model.ExprValueUtils.stringValue; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -36,31 +34,27 @@ public class PrometheusListMetricsRequest implements PrometheusSystemRequest { @Override public List search() { - return AccessController.doPrivileged( - (PrivilegedAction>) - () -> { - try { - Map> result = prometheusClient.getAllMetrics(); - return result.keySet().stream() - .map( - x -> { - MetricMetadata metricMetadata = result.get(x).get(0); - return row( - x, - metricMetadata.getType(), - metricMetadata.getUnit(), - metricMetadata.getHelp()); - }) - .collect(Collectors.toList()); - } catch (IOException e) { - LOG.error( - "Error while fetching metric list for from prometheus: {}", e.getMessage()); - throw new RuntimeException( - String.format( - "Error while fetching metric list " + "for from prometheus: %s", - e.getMessage())); - } - }); + try { + Map> result = prometheusClient.getAllMetrics(); + return result.keySet().stream() + .map( + x -> { + MetricMetadata metricMetadata = result.get(x).get(0); + return row( + x, + metricMetadata.getType(), + metricMetadata.getUnit(), + metricMetadata.getHelp()); + }) + .collect(Collectors.toList()); + } catch (IOException e) { + LOG.error( + "Error while fetching metric list for from prometheus: {}", e.getMessage()); + throw new RuntimeException( + String.format( + "Error while fetching metric list " + "for from prometheus: %s", + e.getMessage())); + } } private ExprTupleValue row(String metricName, String tableType, String unit, String help) { diff --git a/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusMetricScan.java b/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusMetricScan.java index 598e3889145..2e386ba4e29 100644 --- a/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusMetricScan.java +++ b/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusMetricScan.java @@ -6,8 +6,6 @@ package org.opensearch.sql.prometheus.storage; import java.io.IOException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Iterator; import lombok.EqualsAndHashCode; import lombok.Getter; @@ -53,25 +51,20 @@ public PrometheusMetricScan(PrometheusClient prometheusClient) { @Override public void open() { super.open(); - this.iterator = - AccessController.doPrivileged( - (PrivilegedAction>) - () -> { - try { - JSONObject responseObject = - prometheusClient.queryRange( - request.getPromQl(), - request.getStartTime(), - request.getEndTime(), - request.getStep()); - return new PrometheusResponse(responseObject, prometheusResponseFieldNames) - .iterator(); - } catch (IOException e) { - LOG.error(e.getMessage()); - throw new RuntimeException( - "Error fetching data from prometheus server. " + e.getMessage()); - } - }); + try { + JSONObject responseObject = + prometheusClient.queryRange( + request.getPromQl(), + request.getStartTime(), + request.getEndTime(), + request.getStep()); + this.iterator = new PrometheusResponse(responseObject, prometheusResponseFieldNames) + .iterator(); + } catch (IOException e) { + LOG.error(e.getMessage()); + throw new RuntimeException( + "Error fetching data from prometheus server. " + e.getMessage()); + } } @Override diff --git a/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactory.java b/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactory.java index 484b897c784..6053a9580d8 100644 --- a/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactory.java +++ b/prometheus/src/main/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactory.java @@ -10,8 +10,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.UnknownHostException; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Map; import java.util.Set; import lombok.RequiredArgsConstructor; @@ -53,20 +51,15 @@ public DataSource createDataSource(DataSourceMetadata metadata) { StorageEngine getStorageEngine(Map requiredConfig) { PrometheusClient prometheusClient; - prometheusClient = - AccessController.doPrivileged( - (PrivilegedAction) - () -> { - try { - validateDataSourceConfigProperties(requiredConfig); - return new PrometheusClientImpl( - PrometheusClientUtils.getHttpClient(requiredConfig, settings), - new URI(requiredConfig.get(URI))); - } catch (URISyntaxException | UnknownHostException e) { - throw new IllegalArgumentException( - String.format("Invalid URI in prometheus properties: %s", e.getMessage())); - } - }); + try { + validateDataSourceConfigProperties(requiredConfig); + prometheusClient = new PrometheusClientImpl( + PrometheusClientUtils.getHttpClient(requiredConfig, settings), + new URI(requiredConfig.get(URI))); + } catch (URISyntaxException | UnknownHostException e) { + throw new IllegalArgumentException( + String.format("Invalid URI in prometheus properties: %s", e.getMessage())); + } return new PrometheusStorageEngine(prometheusClient); } diff --git a/prometheus/src/test/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactoryTest.java b/prometheus/src/test/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactoryTest.java index 7b1e2dec0f7..3f465b96d2b 100644 --- a/prometheus/src/test/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactoryTest.java +++ b/prometheus/src/test/java/org/opensearch/sql/prometheus/storage/PrometheusStorageFactoryTest.java @@ -130,7 +130,7 @@ void testGetStorageEngineWithWrongAuthType() { .thenReturn(Collections.emptyList()); PrometheusStorageFactory prometheusStorageFactory = new PrometheusStorageFactory(settings); HashMap properties = new HashMap<>(); - properties.put("prometheus.uri", "https://test.com"); + properties.put("prometheus.uri", "https://opensearch.org"); properties.put("prometheus.auth.type", "random"); properties.put("prometheus.auth.region", "us-east-1"); properties.put("prometheus.auth.secret_key", "accessKey"); @@ -150,7 +150,7 @@ void testGetStorageEngineWithNONEAuthType() { .thenReturn(Collections.emptyList()); PrometheusStorageFactory prometheusStorageFactory = new PrometheusStorageFactory(settings); HashMap properties = new HashMap<>(); - properties.put("prometheus.uri", "https://test.com"); + properties.put("prometheus.uri", "https://opensearch.org"); StorageEngine storageEngine = prometheusStorageFactory.getStorageEngine(properties); Assertions.assertTrue(storageEngine instanceof PrometheusStorageEngine); } diff --git a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/ErrorFormatter.java b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/ErrorFormatter.java index 2e43cfa6c22..94d24a4265c 100644 --- a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/ErrorFormatter.java +++ b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/ErrorFormatter.java @@ -6,8 +6,6 @@ package org.opensearch.sql.protocol.response.format; import com.google.gson.Gson; -import java.security.AccessController; -import java.security.PrivilegedAction; import lombok.Getter; import lombok.RequiredArgsConstructor; import lombok.experimental.UtilityClass; @@ -17,17 +15,8 @@ public class ErrorFormatter { private static final Gson PRETTY_PRINT_GSON = - AccessController.doPrivileged( - (PrivilegedAction) - () -> - SerializeUtils.getGsonBuilder() - .setPrettyPrinting() - .disableHtmlEscaping() - .create()); - private static final Gson GSON = - AccessController.doPrivileged( - (PrivilegedAction) - () -> SerializeUtils.getGsonBuilder().disableHtmlEscaping().create()); + SerializeUtils.getGsonBuilder().setPrettyPrinting().disableHtmlEscaping().create(); + private static final Gson GSON = SerializeUtils.getGsonBuilder().disableHtmlEscaping().create(); /** Util method to format {@link Throwable} response to JSON string in compact printing. */ public static String compactFormat(Throwable t) { @@ -42,12 +31,11 @@ public static String prettyFormat(Throwable t) { } public static String compactJsonify(Object jsonObject) { - return AccessController.doPrivileged((PrivilegedAction) () -> GSON.toJson(jsonObject)); + return GSON.toJson(jsonObject); } public static String prettyJsonify(Object jsonObject) { - return AccessController.doPrivileged( - (PrivilegedAction) () -> PRETTY_PRINT_GSON.toJson(jsonObject)); + return PRETTY_PRINT_GSON.toJson(jsonObject); } @RequiredArgsConstructor diff --git a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/JsonResponseFormatter.java b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/JsonResponseFormatter.java index 115ee77b2b4..435f2f30395 100644 --- a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/JsonResponseFormatter.java +++ b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/JsonResponseFormatter.java @@ -11,8 +11,6 @@ import static org.opensearch.sql.protocol.response.format.ErrorFormatter.prettyJsonify; import static org.opensearch.sql.protocol.response.format.JsonResponseFormatter.Style.PRETTY; -import java.security.AccessController; -import java.security.PrivilegedAction; import lombok.RequiredArgsConstructor; /** @@ -41,8 +39,7 @@ public String format(R response) { @Override public String format(Throwable t) { - return AccessController.doPrivileged( - (PrivilegedAction) () -> (style == PRETTY) ? prettyFormat(t) : compactFormat(t)); + return (style == PRETTY) ? prettyFormat(t) : compactFormat(t); } public String contentType() { @@ -58,8 +55,6 @@ public String contentType() { protected abstract Object buildJsonObject(R response); protected String jsonify(Object jsonObject) { - return AccessController.doPrivileged( - (PrivilegedAction) - () -> (style == PRETTY) ? prettyJsonify(jsonObject) : compactJsonify(jsonObject)); + return (style == PRETTY) ? prettyJsonify(jsonObject) : compactJsonify(jsonObject); } } diff --git a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/YamlResponseFormatter.java b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/YamlResponseFormatter.java index da3022fbc82..1eec4e045ac 100644 --- a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/YamlResponseFormatter.java +++ b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/YamlResponseFormatter.java @@ -5,8 +5,6 @@ package org.opensearch.sql.protocol.response.format; -import java.security.AccessController; -import java.security.PrivilegedAction; import lombok.RequiredArgsConstructor; import org.opensearch.sql.utils.YamlFormatter; @@ -43,7 +41,6 @@ public String contentType() { protected abstract Object buildYamlObject(R response); protected String yamlify(Object yamlObject) { - return AccessController.doPrivileged( - (PrivilegedAction) () -> YamlFormatter.formatToYaml(yamlObject)); + return YamlFormatter.formatToYaml(yamlObject); } }