Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Logs UI] Return 403s rather than 500s for ML privilege errors #74506

Merged
merged 3 commits into from
Aug 12, 2020
Merged

[Logs UI] Return 403s rather than 500s for ML privilege errors #74506

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9be4c25
Add ML privileges helper and amend datasets route
Kerry350 Aug 5, 2020
a09aa3b
Add ML privileges error checks to all routes
Kerry350 Aug 6, 2020
00929bd
Merge branch 'master' into 70414-return-403s-for-ml-routes
elasticmachine Aug 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions x-pack/plugins/infra/server/lib/log_analysis/errors.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@

/* eslint-disable max-classes-per-file */

import {
UnknownMLCapabilitiesError,
InsufficientMLCapabilities,
MLPrivilegesUninitialized,
} from '../../../../ml/server';

export class NoLogAnalysisMlJobError extends Error {
constructor(message?: string) {
super(message);
Expand Down Expand Up @@ -33,3 +39,11 @@ export class InsufficientAnomalyMlJobsConfigured extends Error {
Object.setPrototypeOf(this, new.target.prototype);
}
}

export const isMlPrivilegesError = (error: any) => {
return (
error instanceof UnknownMLCapabilitiesError ||
error instanceof InsufficientMLCapabilities ||
error instanceof MLPrivilegesUninitialized
);
};
11 changes: 9 additions & 2 deletions x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import {
InsufficientAnomalyMlJobsConfigured,
InsufficientLogAnalysisMlJobConfigurationError,
UnknownCategoryError,
isMlPrivilegesError,
} from './errors';
import { decodeOrThrow } from '../../../common/runtime_types';
import {
Expand Down Expand Up @@ -65,7 +66,10 @@ async function getCompatibleAnomaliesJobIds(
jobIds.push(logRateJobId);
jobSpans = [...jobSpans, ...spans];
} catch (e) {
// Job wasn't found
if (isMlPrivilegesError(e)) {
throw e;
}
// An error is also thrown when no jobs are found
}

try {
Expand All @@ -75,7 +79,10 @@ async function getCompatibleAnomaliesJobIds(
jobIds.push(logCategoriesJobId);
jobSpans = [...jobSpans, ...spans];
} catch (e) {
// Job wasn't found
if (isMlPrivilegesError(e)) {
throw e;
}
// An error is also thrown when no jobs are found
}

return {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import {
import { createValidationFunction } from '../../../../common/runtime_types';
import { assertHasInfraMlPlugins } from '../../../utils/request_context';
import { getLogEntryAnomalies } from '../../../lib/log_analysis';
import { isMlPrivilegesError } from '../../../lib/log_analysis/errors';

export const initGetLogEntryAnomaliesRoute = ({ framework }: InfraBackendLibs) => {
framework.registerRoute(
Expand Down Expand Up @@ -73,6 +74,15 @@ export const initGetLogEntryAnomaliesRoute = ({ framework }: InfraBackendLibs) =
throw error;
}

if (isMlPrivilegesError(error)) {
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
Comment on lines +78 to +83
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though it's internally equivalent, did you consider using response.forbidden for the sake of discoverability?

Suggested change
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
return response.forbidden({
body: {
message: error.message,
},
});

}

return response.customError({
statusCode: error.statusCode ?? 500,
body: {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types';
import type { InfraBackendLibs } from '../../../lib/infra_types';
import { getLogEntryAnomaliesDatasets } from '../../../lib/log_analysis';
import { assertHasInfraMlPlugins } from '../../../utils/request_context';
import { isMlPrivilegesError } from '../../../lib/log_analysis/errors';

export const initGetLogEntryAnomaliesDatasetsRoute = ({ framework }: InfraBackendLibs) => {
framework.registerRoute(
Expand Down Expand Up @@ -55,6 +56,15 @@ export const initGetLogEntryAnomaliesDatasetsRoute = ({ framework }: InfraBacken
throw error;
}

if (isMlPrivilegesError(error)) {
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
}

return response.customError({
statusCode: error.statusCode ?? 500,
body: {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_categories.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types';
import type { InfraBackendLibs } from '../../../lib/infra_types';
import { getTopLogEntryCategories } from '../../../lib/log_analysis';
import { assertHasInfraMlPlugins } from '../../../utils/request_context';
import { isMlPrivilegesError } from '../../../lib/log_analysis/errors';

export const initGetLogEntryCategoriesRoute = ({ framework }: InfraBackendLibs) => {
framework.registerRoute(
Expand Down Expand Up @@ -66,6 +67,15 @@ export const initGetLogEntryCategoriesRoute = ({ framework }: InfraBackendLibs)
throw error;
}

if (isMlPrivilegesError(error)) {
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
}

return response.customError({
statusCode: error.statusCode ?? 500,
body: {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types';
import type { InfraBackendLibs } from '../../../lib/infra_types';
import { getLogEntryCategoryDatasets } from '../../../lib/log_analysis';
import { assertHasInfraMlPlugins } from '../../../utils/request_context';
import { isMlPrivilegesError } from '../../../lib/log_analysis/errors';

export const initGetLogEntryCategoryDatasetsRoute = ({ framework }: InfraBackendLibs) => {
framework.registerRoute(
Expand Down Expand Up @@ -55,6 +56,15 @@ export const initGetLogEntryCategoryDatasetsRoute = ({ framework }: InfraBackend
throw error;
}

if (isMlPrivilegesError(error)) {
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
}

return response.customError({
statusCode: error.statusCode ?? 500,
body: {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types';
import type { InfraBackendLibs } from '../../../lib/infra_types';
import { getLogEntryCategoryExamples } from '../../../lib/log_analysis';
import { assertHasInfraMlPlugins } from '../../../utils/request_context';
import { isMlPrivilegesError } from '../../../lib/log_analysis/errors';

export const initGetLogEntryCategoryExamplesRoute = ({ framework, sources }: InfraBackendLibs) => {
framework.registerRoute(
Expand Down Expand Up @@ -65,6 +66,15 @@ export const initGetLogEntryCategoryExamplesRoute = ({ framework, sources }: Inf
throw error;
}

if (isMlPrivilegesError(error)) {
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
}

return response.customError({
statusCode: error.statusCode ?? 500,
body: {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
getLogEntryExamplesSuccessReponsePayloadRT,
LOG_ANALYSIS_GET_LOG_ENTRY_RATE_EXAMPLES_PATH,
} from '../../../../common/http_api/log_analysis';
import { isMlPrivilegesError } from '../../../lib/log_analysis/errors';

export const initGetLogEntryExamplesRoute = ({ framework, sources }: InfraBackendLibs) => {
framework.registerRoute(
Expand Down Expand Up @@ -68,6 +69,15 @@ export const initGetLogEntryExamplesRoute = ({ framework, sources }: InfraBacken
throw error;
}

if (isMlPrivilegesError(error)) {
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
}

return response.customError({
statusCode: error.statusCode ?? 500,
body: {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_rate.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import {
import { createValidationFunction } from '../../../../common/runtime_types';
import { getLogEntryRateBuckets } from '../../../lib/log_analysis';
import { assertHasInfraMlPlugins } from '../../../utils/request_context';
import { isMlPrivilegesError } from '../../../lib/log_analysis/errors';

export const initGetLogEntryRateRoute = ({ framework }: InfraBackendLibs) => {
framework.registerRoute(
Expand Down Expand Up @@ -56,6 +57,15 @@ export const initGetLogEntryRateRoute = ({ framework }: InfraBackendLibs) => {
throw error;
}

if (isMlPrivilegesError(error)) {
return response.customError({
statusCode: 403,
body: {
message: error.message,
},
});
}

return response.customError({
statusCode: error.statusCode ?? 500,
body: {
Expand Down