From 2e38f5a7059eb9ac13e3bf89eb726cab5bda5349 Mon Sep 17 00:00:00 2001 From: Kerry Gallagher Date: Wed, 12 Aug 2020 15:22:00 +0100 Subject: [PATCH] [Logs UI] Return 403s rather than 500s for ML privilege errors (#74506) * Add ML privileges error checks to all routes --- .../infra/server/lib/log_analysis/errors.ts | 14 ++++++++++++++ .../server/lib/log_analysis/log_entry_anomalies.ts | 11 +++++++++-- .../log_analysis/results/log_entry_anomalies.ts | 10 ++++++++++ .../results/log_entry_anomalies_datasets.ts | 10 ++++++++++ .../log_analysis/results/log_entry_categories.ts | 10 ++++++++++ .../results/log_entry_category_datasets.ts | 10 ++++++++++ .../results/log_entry_category_examples.ts | 10 ++++++++++ .../log_analysis/results/log_entry_examples.ts | 10 ++++++++++ .../routes/log_analysis/results/log_entry_rate.ts | 10 ++++++++++ 9 files changed, 93 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/infra/server/lib/log_analysis/errors.ts b/x-pack/plugins/infra/server/lib/log_analysis/errors.ts index a6d0db25084e..ad46ebf71026 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/errors.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/errors.ts @@ -6,6 +6,12 @@ /* eslint-disable max-classes-per-file */ +import { + UnknownMLCapabilitiesError, + InsufficientMLCapabilities, + MLPrivilegesUninitialized, +} from '../../../../ml/server'; + export class NoLogAnalysisMlJobError extends Error { constructor(message?: string) { super(message); @@ -33,3 +39,11 @@ export class InsufficientAnomalyMlJobsConfigured extends Error { Object.setPrototypeOf(this, new.target.prototype); } } + +export const isMlPrivilegesError = (error: any) => { + return ( + error instanceof UnknownMLCapabilitiesError || + error instanceof InsufficientMLCapabilities || + error instanceof MLPrivilegesUninitialized + ); +}; diff --git a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts index a55958aee128..f6d8a4a807e9 100644 --- a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts +++ b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts @@ -25,6 +25,7 @@ import { InsufficientAnomalyMlJobsConfigured, InsufficientLogAnalysisMlJobConfigurationError, UnknownCategoryError, + isMlPrivilegesError, } from './errors'; import { decodeOrThrow } from '../../../common/runtime_types'; import { @@ -65,7 +66,10 @@ async function getCompatibleAnomaliesJobIds( jobIds.push(logRateJobId); jobSpans = [...jobSpans, ...spans]; } catch (e) { - // Job wasn't found + if (isMlPrivilegesError(e)) { + throw e; + } + // An error is also thrown when no jobs are found } try { @@ -75,7 +79,10 @@ async function getCompatibleAnomaliesJobIds( jobIds.push(logCategoriesJobId); jobSpans = [...jobSpans, ...spans]; } catch (e) { - // Job wasn't found + if (isMlPrivilegesError(e)) { + throw e; + } + // An error is also thrown when no jobs are found } return { diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies.ts index d79c9b9dd2c7..559609ebc7fb 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies.ts @@ -17,6 +17,7 @@ import { import { createValidationFunction } from '../../../../common/runtime_types'; import { assertHasInfraMlPlugins } from '../../../utils/request_context'; import { getLogEntryAnomalies } from '../../../lib/log_analysis'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; export const initGetLogEntryAnomaliesRoute = ({ framework }: InfraBackendLibs) => { framework.registerRoute( @@ -73,6 +74,15 @@ export const initGetLogEntryAnomaliesRoute = ({ framework }: InfraBackendLibs) = throw error; } + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + return response.customError({ statusCode: error.statusCode ?? 500, body: { diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts index f1f1a1681a90..8b36f32f318a 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_anomalies_datasets.ts @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types'; import type { InfraBackendLibs } from '../../../lib/infra_types'; import { getLogEntryAnomaliesDatasets } from '../../../lib/log_analysis'; import { assertHasInfraMlPlugins } from '../../../utils/request_context'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; export const initGetLogEntryAnomaliesDatasetsRoute = ({ framework }: InfraBackendLibs) => { framework.registerRoute( @@ -55,6 +56,15 @@ export const initGetLogEntryAnomaliesDatasetsRoute = ({ framework }: InfraBacken throw error; } + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + return response.customError({ statusCode: error.statusCode ?? 500, body: { diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_categories.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_categories.ts index f57132ef1b50..2e2f2642b4a4 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_categories.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_categories.ts @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types'; import type { InfraBackendLibs } from '../../../lib/infra_types'; import { getTopLogEntryCategories } from '../../../lib/log_analysis'; import { assertHasInfraMlPlugins } from '../../../utils/request_context'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; export const initGetLogEntryCategoriesRoute = ({ framework }: InfraBackendLibs) => { framework.registerRoute( @@ -66,6 +67,15 @@ export const initGetLogEntryCategoriesRoute = ({ framework }: InfraBackendLibs) throw error; } + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + return response.customError({ statusCode: error.statusCode ?? 500, body: { diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts index b99ff920f81e..20d1d919b500 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_datasets.ts @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types'; import type { InfraBackendLibs } from '../../../lib/infra_types'; import { getLogEntryCategoryDatasets } from '../../../lib/log_analysis'; import { assertHasInfraMlPlugins } from '../../../utils/request_context'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; export const initGetLogEntryCategoryDatasetsRoute = ({ framework }: InfraBackendLibs) => { framework.registerRoute( @@ -55,6 +56,15 @@ export const initGetLogEntryCategoryDatasetsRoute = ({ framework }: InfraBackend throw error; } + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + return response.customError({ statusCode: error.statusCode ?? 500, body: { diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts index 11098ebe5c65..0c408b7fc93f 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_category_examples.ts @@ -14,6 +14,7 @@ import { createValidationFunction } from '../../../../common/runtime_types'; import type { InfraBackendLibs } from '../../../lib/infra_types'; import { getLogEntryCategoryExamples } from '../../../lib/log_analysis'; import { assertHasInfraMlPlugins } from '../../../utils/request_context'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; export const initGetLogEntryCategoryExamplesRoute = ({ framework, sources }: InfraBackendLibs) => { framework.registerRoute( @@ -65,6 +66,15 @@ export const initGetLogEntryCategoryExamplesRoute = ({ framework, sources }: Inf throw error; } + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + return response.customError({ statusCode: error.statusCode ?? 500, body: { diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts index 7838a64a6045..678c9f5666fc 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_examples.ts @@ -14,6 +14,7 @@ import { getLogEntryExamplesSuccessReponsePayloadRT, LOG_ANALYSIS_GET_LOG_ENTRY_RATE_EXAMPLES_PATH, } from '../../../../common/http_api/log_analysis'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; export const initGetLogEntryExamplesRoute = ({ framework, sources }: InfraBackendLibs) => { framework.registerRoute( @@ -68,6 +69,15 @@ export const initGetLogEntryExamplesRoute = ({ framework, sources }: InfraBacken throw error; } + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + return response.customError({ statusCode: error.statusCode ?? 500, body: { diff --git a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_rate.ts b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_rate.ts index cd23c0193e29..23d8bd30c659 100644 --- a/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_rate.ts +++ b/x-pack/plugins/infra/server/routes/log_analysis/results/log_entry_rate.ts @@ -15,6 +15,7 @@ import { import { createValidationFunction } from '../../../../common/runtime_types'; import { getLogEntryRateBuckets } from '../../../lib/log_analysis'; import { assertHasInfraMlPlugins } from '../../../utils/request_context'; +import { isMlPrivilegesError } from '../../../lib/log_analysis/errors'; export const initGetLogEntryRateRoute = ({ framework }: InfraBackendLibs) => { framework.registerRoute( @@ -56,6 +57,15 @@ export const initGetLogEntryRateRoute = ({ framework }: InfraBackendLibs) => { throw error; } + if (isMlPrivilegesError(error)) { + return response.customError({ + statusCode: 403, + body: { + message: error.message, + }, + }); + } + return response.customError({ statusCode: error.statusCode ?? 500, body: {