[Client] Adds product validation

picandocodigo · picandocodigo · commit 2c0fc1cbb35c · 2021-10-29T16:59:29.000+01:00
diff --git a/elasticsearch/elasticsearch.gemspec b/elasticsearch/elasticsearch.gemspec
@@ -56,6 +56,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'rspec'
   s.add_development_dependency 'ruby-prof' unless defined?(JRUBY_VERSION) || defined?(Rubinius)
   s.add_development_dependency 'simplecov'
+  s.add_development_dependency 'webmock'
   s.add_development_dependency 'yard'
 
   s.description = <<-DESC.gsub(/^    /, '')
diff --git a/elasticsearch/lib/elasticsearch.rb b/elasticsearch/lib/elasticsearch.rb
@@ -20,6 +20,9 @@
 require 'elasticsearch/api'
 
 module Elasticsearch
+  NOT_ELASTICSEARCH_WARNING = 'The client noticed that the server is not Elasticsearch and we do not support this unknown product.'.freeze
+  SECURITY_PRIVILEGES_VALIDATION_WARNING = 'The client is unable to verify that the server is Elasticsearch due to security privileges on the server side. Some functionality may not be compatible if the server is running an unsupported product.'.freeze
+
   # This is the stateful Elasticsearch::Client, using an instance of elastic-transport.
   class Client
     include Elasticsearch::API
@@ -38,6 +41,7 @@ class Client
     #                                                     This will be prepended to the id you set before each request
     #                                                     if you're using X-Opaque-Id
     def initialize(arguments = {}, &block)
+      @verified = false
       @opaque_id_prefix = arguments[:opaque_id_prefix] || nil
       api_key(arguments) if arguments[:api_key]
       if arguments[:cloud_id]
@@ -62,7 +66,10 @@ def method_missing(name, *args, &block)
           opaque_id = @opaque_id_prefix ? "#{@opaque_id_prefix}#{opaque_id}" : opaque_id
           args[4] = headers.merge('X-Opaque-Id' => opaque_id)
         end
-        @transport.send(name, *args, &block)
+        if name == :perform_request
+          verify_elasticsearch unless @verified
+          @transport.perform_request(*args, &block)
+        end
       else
         @transport.send(name, *args, &block)
       end
@@ -74,6 +81,37 @@ def respond_to_missing?(method_name, *args)
 
     private
 
+    def verify_elasticsearch
+      begin
+        response = elasticsearch_validation_request
+      rescue Elastic::Transport::Transport::Errors::Unauthorized,
+             Elastic::Transport::Transport::Errors::Forbidden
+        @verified = true
+        warn(SECURITY_PRIVILEGES_VALIDATION_WARNING)
+        return
+      end
+
+      body = if response.headers['content-type'] == 'application/yaml'
+               require 'yaml'
+               YAML.load(response.body)
+             else
+               response.body
+             end
+      version = body.dig('version', 'number')
+      verify_with_version_or_header(version, response.headers)
+    end
+
+    def verify_with_version_or_header(version, headers)
+      if version.nil? ||
+         Gem::Version.new(version) < Gem::Version.new('8.0.0.pre') && version != '8.0.0-SNAPSHOT' ||
+         headers['x-elastic-product'] != 'Elasticsearch'
+
+        raise Elasticsearch::UnsupportedProductError
+      end
+
+      @verified = true
+    end
+
     def setup_cloud_host(cloud_id, user, password, port)
       name = cloud_id.split(':')[0]
       cloud_url, elasticsearch_instance = Base64.decode64(cloud_id.gsub("#{name}:", '')).split('$')
@@ -112,6 +150,17 @@ def api_key(arguments)
     def encode(api_key)
       Base64.strict_encode64([api_key[:id], api_key[:api_key]].join(':'))
     end
+
+    def elasticsearch_validation_request
+      @transport.perform_request('GET', '/')
+    end
+  end
+
+  # Error class for when we detect an unsupported version of Elasticsearch
+  class UnsupportedProductError < StandardError
+    def initialize(message = NOT_ELASTICSEARCH_WARNING)
+      super(message)
+    end
   end
 end
 
diff --git a/elasticsearch/spec/unit/elasticsearch_product_validation_spec.rb b/elasticsearch/spec/unit/elasticsearch_product_validation_spec.rb
@@ -0,0 +1,250 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+require 'spec_helper'
+require 'webmock/rspec'
+
+describe 'Elasticsearch: Validation' do
+  let(:host) { 'http://localhost:9200' }
+  let(:verify_request_stub) do
+    stub_request(:get, host)
+      .to_return(status: status, body: body, headers: headers)
+  end
+  let(:count_request_stub) do
+    stub_request(:post, "#{host}/_count")
+      .to_return(status: 200, body: nil, headers: {})
+  end
+  let(:status) { 200 }
+  let(:body) { {}.to_json }
+  let(:client) { Elasticsearch::Client.new }
+  let(:headers) do
+    { 'content-type' => 'application/json' }
+  end
+
+  def error_requests_and_expectations(message = Elasticsearch::NOT_ELASTICSEARCH_WARNING)
+    expect { client.count }.to raise_error Elasticsearch::UnsupportedProductError, message
+    assert_requested :get, host
+    assert_not_requested :post, "#{host}/_count"
+    expect { client.cluster.health }.to raise_error Elasticsearch::UnsupportedProductError, message
+    expect(client.instance_variable_get('@verified')).to be false
+    expect { client.cluster.health }.to raise_error Elasticsearch::UnsupportedProductError, message
+  end
+
+  def valid_requests_and_expectations
+    expect(client.instance_variable_get('@verified')).to be false
+    assert_not_requested :get, host
+
+    client.count
+    expect(client.instance_variable_get('@verified'))
+    assert_requested :get, host
+    assert_requested :post, "#{host}/_count"
+  end
+
+  context 'When Elasticsearch replies with status 401' do
+    let(:status) { 401 }
+    let(:body) { {}.to_json }
+
+    it 'Verifies the request but shows a warning' do
+      stderr      = $stderr
+      fake_stderr = StringIO.new
+      $stderr     = fake_stderr
+
+      verify_request_stub
+      count_request_stub
+
+      valid_requests_and_expectations
+
+      fake_stderr.rewind
+      expect(fake_stderr.string).to eq("#{Elasticsearch::SECURITY_PRIVILEGES_VALIDATION_WARNING}\n")
+    ensure
+      $stderr = stderr
+    end
+  end
+
+  context 'When Elasticsearch replies with status 403' do
+    let(:status) { 403 }
+    let(:body) { {}.to_json }
+
+    it 'Verifies the request but shows a warning' do
+      stderr      = $stderr
+      fake_stderr = StringIO.new
+      $stderr     = fake_stderr
+
+      verify_request_stub
+      count_request_stub
+
+      valid_requests_and_expectations
+
+      fake_stderr.rewind
+      expect(fake_stderr.string).to eq("#{Elasticsearch::SECURITY_PRIVILEGES_VALIDATION_WARNING}\n")
+    ensure
+      $stderr = stderr
+    end
+  end
+
+  context 'When the Elasticsearch version is >= 8.0.0' do
+    context 'With a valid Elasticsearch response' do
+      let(:body) { { 'version' => { 'number' => '8.0.0' } }.to_json }
+      let(:headers) do
+        {
+          'X-Elastic-Product' => 'Elasticsearch',
+          'content-type' => 'json'
+        }
+      end
+
+      it 'Makes requests and passes validation' do
+        verify_request_stub
+        count_request_stub
+
+        valid_requests_and_expectations
+      end
+    end
+
+    context 'When the header is not present' do
+      it 'Fails validation' do
+        verify_request_stub
+
+        expect(client.instance_variable_get('@verified')).to be false
+        assert_not_requested :get, host
+
+        error_requests_and_expectations
+      end
+    end
+  end
+
+  context 'When the Elasticsearch version is >= 8.1.0' do
+    context 'With a valid Elasticsearch response' do
+      let(:body) { { 'version' => { 'number' => '8.1.0' } }.to_json }
+      let(:headers) do
+        {
+          'X-Elastic-Product' => 'Elasticsearch',
+          'content-type' => 'json'
+        }
+      end
+
+      it 'Makes requests and passes validation' do
+        verify_request_stub
+        count_request_stub
+
+        valid_requests_and_expectations
+      end
+    end
+
+    context 'When the header is not present' do
+      it 'Fails validation' do
+        verify_request_stub
+
+        expect(client.instance_variable_get('@verified')).to be false
+        assert_not_requested :get, host
+
+        error_requests_and_expectations
+      end
+    end
+  end
+
+
+  context 'When the Elasticsearch version is 8.0.0.pre' do
+    context 'With a valid Elasticsearch response' do
+      let(:body) { { 'version' => { 'number' => '8.0.0.pre' } }.to_json }
+      let(:headers) do
+        {
+          'X-Elastic-Product' => 'Elasticsearch',
+          'content-type' => 'json'
+        }
+      end
+
+      it 'Makes requests and passes validation' do
+        verify_request_stub
+        count_request_stub
+
+        valid_requests_and_expectations
+      end
+    end
+
+    context 'When the header is not present' do
+      it 'Fails validation' do
+        verify_request_stub
+
+        expect(client.instance_variable_get('@verified')).to be false
+        assert_not_requested :get, host
+
+        error_requests_and_expectations
+      end
+    end
+  end
+
+  context 'When the version is 8.0.0-SNAPSHOT' do
+    let(:body) { { 'version' => { 'number' => '8.0.0-SNAPSHOT' } }.to_json }
+
+    context 'When the header is not present' do
+      it 'Fails validation' do
+        verify_request_stub
+        count_request_stub
+
+        error_requests_and_expectations
+      end
+    end
+
+    context 'With a valid Elasticsearch response' do
+      let(:headers) do
+        {
+          'X-Elastic-Product' => 'Elasticsearch',
+          'content-type' => 'json'
+        }
+      end
+
+      it 'Makes requests and passes validation' do
+        verify_request_stub
+        count_request_stub
+
+        valid_requests_and_expectations
+      end
+    end
+  end
+
+  context 'When Elasticsearch version is < 8.0.0' do
+    let(:body) { { 'version' => { 'number' => '7.16.0' } }.to_json }
+
+    it 'Raises an exception and client doesnae work' do
+      verify_request_stub
+      error_requests_and_expectations
+    end
+  end
+
+  context 'When there is no version data' do
+    let(:body) { {}.to_json }
+    it 'Raises an exception and client doesnae work' do
+      verify_request_stub
+      error_requests_and_expectations
+    end
+  end
+
+  context 'When doing a yaml content-type request' do
+    let(:client) do
+      Elasticsearch::Client.new(transport_options: {headers: { accept: 'application/yaml', content_type: 'application/yaml' }})
+    end
+
+    let(:headers) { { 'content-type' => 'application/yaml', 'X-Elastic-Product' => 'Elasticsearch' } }
+    let(:body) { "---\nversion:\n  number: \"8.0.0-SNAPSHOT\"\n" }
+
+    it 'validates' do
+      verify_request_stub
+      count_request_stub
+      valid_requests_and_expectations
+    end
+  end
+end
