Verify Maxmind database types in the geoip processor (#114527) (#114532)

Author: joegallo

docs/changelog/114527.yaml

@@ -0,0 +1,5 @@
+pr: 114527
+summary: Verify Maxmind database types in the geoip processor
+area: Ingest Node
+type: enhancement
+issues: []

modules/ingest-geoip/src/internalClusterTest/java/org/elasticsearch/ingest/geoip/ReloadingDatabasesWhilePerformingGeoLookupsIT.java

@@ -32,6 +32,7 @@
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.concurrent.atomic.AtomicReference;
 
+import static org.elasticsearch.ingest.geoip.GeoIpProcessor.GEOIP_TYPE;
 import static org.elasticsearch.ingest.geoip.GeoIpTestUtils.copyDatabase;
 import static org.elasticsearch.ingest.geoip.GeoIpTestUtils.copyDefaultDatabases;
 import static org.hamcrest.Matchers.equalTo;
@@ -66,7 +67,7 @@ public void test() throws Exception {
         ClusterService clusterService = mock(ClusterService.class);
         when(clusterService.state()).thenReturn(ClusterState.EMPTY_STATE);
         DatabaseNodeService databaseNodeService = createRegistry(geoIpConfigDir, geoIpTmpDir, clusterService);
-        GeoIpProcessor.Factory factory = new GeoIpProcessor.Factory(databaseNodeService);
+        GeoIpProcessor.Factory factory = new GeoIpProcessor.Factory(GEOIP_TYPE, databaseNodeService);
         copyDatabase("GeoLite2-City-Test.mmdb", geoIpTmpDir.resolve("GeoLite2-City.mmdb"));
         copyDatabase("GeoLite2-City-Test.mmdb", geoIpTmpDir.resolve("GeoLite2-City-Test.mmdb"));
         databaseNodeService.updateDatabase("GeoLite2-City.mmdb", "md5", geoIpTmpDir.resolve("GeoLite2-City.mmdb"));

modules/ingest-geoip/src/main/java/org/elasticsearch/ingest/geoip/GeoIpDownloaderTaskExecutor.java

@@ -54,6 +54,7 @@
 import static org.elasticsearch.ingest.geoip.GeoIpDownloader.DATABASES_INDEX;
 import static org.elasticsearch.ingest.geoip.GeoIpDownloader.GEOIP_DOWNLOADER;
 import static org.elasticsearch.ingest.geoip.GeoIpProcessor.Factory.downloadDatabaseOnPipelineCreation;
+import static org.elasticsearch.ingest.geoip.GeoIpProcessor.GEOIP_TYPE;
 
 /**
  * Persistent task executor that is responsible for starting {@link GeoIpDownloader} after task is allocated by master node.
@@ -296,9 +297,9 @@ private static boolean hasAtLeastOneGeoipProcessor(Map<String, Object> processor
             return false;
         }
 
-        if (processor.containsKey(GeoIpProcessor.TYPE)) {
-            Map<String, Object> processorConfig = (Map<String, Object>) processor.get(GeoIpProcessor.TYPE);
-            return downloadDatabaseOnPipelineCreation(processorConfig) == downloadDatabaseOnPipelineCreation;
+        final Map<String, Object> processorConfig = (Map<String, Object>) processor.get(GEOIP_TYPE);
+        if (processorConfig != null) {
+            return downloadDatabaseOnPipelineCreation(GEOIP_TYPE, processorConfig, null) == downloadDatabaseOnPipelineCreation;
         }
 
         return isProcessorWithOnFailureGeoIpProcessor(processor, downloadDatabaseOnPipelineCreation)
@@ -336,11 +337,9 @@ && hasAtLeastOneGeoipProcessor(
      */
     @SuppressWarnings("unchecked")
     private static boolean isForeachProcessorWithGeoipProcessor(Map<String, Object> processor, boolean downloadDatabaseOnPipelineCreation) {
-        return processor.containsKey("foreach")
-            && hasAtLeastOneGeoipProcessor(
-                ((Map<String, Map<String, Object>>) processor.get("foreach")).get("processor"),
-                downloadDatabaseOnPipelineCreation
-            );
+        final Map<String, Object> processorConfig = (Map<String, Object>) processor.get("foreach");
+        return processorConfig != null
+            && hasAtLeastOneGeoipProcessor((Map<String, Object>) processorConfig.get("processor"), downloadDatabaseOnPipelineCreation);
     }
 
     @UpdateForV9 // use MINUS_ONE once that means no timeout

modules/ingest-geoip/src/main/java/org/elasticsearch/ingest/geoip/GeoIpProcessor.java

@@ -13,6 +13,7 @@
 import org.elasticsearch.common.logging.DeprecationCategory;
 import org.elasticsearch.common.logging.DeprecationLogger;
 import org.elasticsearch.core.Assertions;
+import org.elasticsearch.core.Strings;
 import org.elasticsearch.ingest.AbstractProcessor;
 import org.elasticsearch.ingest.IngestDocument;
 import org.elasticsearch.ingest.Processor;
@@ -22,6 +23,7 @@
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.function.Supplier;
@@ -36,9 +38,12 @@ public final class GeoIpProcessor extends AbstractProcessor {
     private static final DeprecationLogger deprecationLogger = DeprecationLogger.getLogger(GeoIpProcessor.class);
     static final String DEFAULT_DATABASES_DEPRECATION_MESSAGE = "the [fallback_to_default_databases] has been deprecated, because "
         + "Elasticsearch no longer includes the default Maxmind geoip databases. This setting will be removed in Elasticsearch 9.0";
+    static final String UNSUPPORTED_DATABASE_DEPRECATION_MESSAGE = "the geoip processor will no longer support database type [{}] "
+        + "in a future version of Elasticsearch"; // TODO add a message about migration?
 
-    public static final String TYPE = "geoip";
+    public static final String GEOIP_TYPE = "geoip";
 
+    private final String type;
     private final String field;
     private final Supplier<Boolean> isValid;
     private final String targetField;
@@ -62,6 +67,7 @@ public final class GeoIpProcessor extends AbstractProcessor {
      * @param databaseFile  the name of the database file being queried; used only for tagging documents if the database is unavailable
      */
     GeoIpProcessor(
+        final String type,
         final String tag,
         final String description,
         final String field,
@@ -74,6 +80,7 @@ public final class GeoIpProcessor extends AbstractProcessor {
         final String databaseFile
     ) {
         super(tag, description);
+        this.type = type;
         this.field = field;
         this.isValid = isValid;
         this.targetField = targetField;
@@ -93,7 +100,7 @@ public IngestDocument execute(IngestDocument document) throws IOException {
         Object ip = document.getFieldValue(field, Object.class, ignoreMissing);
 
         if (isValid.get() == false) {
-            document.appendFieldValue("tags", "_geoip_expired_database", false);
+            document.appendFieldValue("tags", "_" + type + "_expired_database", false);
             return document;
         } else if (ip == null && ignoreMissing) {
             return document;
@@ -104,7 +111,7 @@ public IngestDocument execute(IngestDocument document) throws IOException {
         try (IpDatabase ipDatabase = this.supplier.get()) {
             if (ipDatabase == null) {
                 if (ignoreMissing == false) {
-                    tag(document, databaseFile);
+                    tag(document, type, databaseFile);
                 }
                 return document;
             }
@@ -146,7 +153,7 @@ public IngestDocument execute(IngestDocument document) throws IOException {
 
     @Override
     public String getType() {
-        return TYPE;
+        return type;
     }
 
     String getField() {
@@ -202,9 +209,11 @@ public IpDatabase get() throws IOException {
 
     public static final class Factory implements Processor.Factory {
 
+        private final String type; // currently always just "geoip"
         private final IpDatabaseProvider ipDatabaseProvider;
 
-        public Factory(IpDatabaseProvider ipDatabaseProvider) {
+        public Factory(String type, IpDatabaseProvider ipDatabaseProvider) {
+            this.type = type;
             this.ipDatabaseProvider = ipDatabaseProvider;
         }
 
@@ -215,16 +224,16 @@ public Processor create(
             final String description,
             final Map<String, Object> config
         ) throws IOException {
-            String ipField = readStringProperty(TYPE, processorTag, config, "field");
-            String targetField = readStringProperty(TYPE, processorTag, config, "target_field", "geoip");
-            String databaseFile = readStringProperty(TYPE, processorTag, config, "database_file", "GeoLite2-City.mmdb");
-            List<String> propertyNames = readOptionalList(TYPE, processorTag, config, "properties");
-            boolean ignoreMissing = readBooleanProperty(TYPE, processorTag, config, "ignore_missing", false);
-            boolean firstOnly = readBooleanProperty(TYPE, processorTag, config, "first_only", true);
+            String ipField = readStringProperty(type, processorTag, config, "field");
+            String targetField = readStringProperty(type, processorTag, config, "target_field", "geoip");
+            String databaseFile = readStringProperty(type, processorTag, config, "database_file", "GeoLite2-City.mmdb");
+            List<String> propertyNames = readOptionalList(type, processorTag, config, "properties");
+            boolean ignoreMissing = readBooleanProperty(type, processorTag, config, "ignore_missing", false);
+            boolean firstOnly = readBooleanProperty(type, processorTag, config, "first_only", true);
 
             // Validating the download_database_on_pipeline_creation even if the result
             // is not used directly by the factory.
-            downloadDatabaseOnPipelineCreation(config, processorTag);
+            downloadDatabaseOnPipelineCreation(type, config, processorTag);
 
             // noop, should be removed in 9.0
             Object value = config.remove("fallback_to_default_databases");
@@ -239,7 +248,7 @@ public Processor create(
                     // at a later moment, so a processor impl is returned that tags documents instead. If a database cannot be sourced
                     // then the processor will continue to tag documents with a warning until it is remediated by providing a database
                     // or changing the pipeline.
-                    return new DatabaseUnavailableProcessor(processorTag, description, databaseFile);
+                    return new DatabaseUnavailableProcessor(type, processorTag, description, databaseFile);
                 }
                 databaseType = ipDatabase.getDatabaseType();
             }
@@ -248,17 +257,48 @@ public Processor create(
             try {
                 factory = IpDataLookupFactories.get(databaseType, databaseFile);
             } catch (IllegalArgumentException e) {
-                throw newConfigurationException(TYPE, processorTag, "database_file", e.getMessage());
+                throw newConfigurationException(type, processorTag, "database_file", e.getMessage());
+            }
+
+            // the "geoip" processor type does additional validation of the database_type
+            if (GEOIP_TYPE.equals(type)) {
+                // type sniffing is done with the lowercased type
+                final String lowerCaseDatabaseType = databaseType.toLowerCase(Locale.ROOT);
+
+                // start with a strict positive rejection check -- as we support addition database providers,
+                // we should expand these checks when possible
+                if (lowerCaseDatabaseType.startsWith(IpinfoIpDataLookups.IPINFO_PREFIX)) {
+                    throw newConfigurationException(
+                        type,
+                        processorTag,
+                        "database_file",
+                        Strings.format("Unsupported database type [%s] for file [%s]", databaseType, databaseFile)
+                    );
+                }
+
+                // end with a lax negative rejection check -- if we aren't *certain* it's a maxmind database, then we'll warn --
+                // it's possible for example that somebody cooked up a custom database of their own that happened to work with
+                // our preexisting code, they should migrate to the new processor, but we're not going to break them right now
+                if (lowerCaseDatabaseType.startsWith(MaxmindIpDataLookups.GEOIP2_PREFIX) == false
+                    && lowerCaseDatabaseType.startsWith(MaxmindIpDataLookups.GEOLITE2_PREFIX) == false) {
+                    deprecationLogger.warn(
+                        DeprecationCategory.OTHER,
+                        "unsupported_database_type",
+                        UNSUPPORTED_DATABASE_DEPRECATION_MESSAGE,
+                        databaseType
+                    );
+                }
             }
 
             final IpDataLookup ipDataLookup;
             try {
                 ipDataLookup = factory.create(propertyNames);
             } catch (IllegalArgumentException e) {
-                throw newConfigurationException(TYPE, processorTag, "properties", e.getMessage());
+                throw newConfigurationException(type, processorTag, "properties", e.getMessage());
             }
 
             return new GeoIpProcessor(
+                type,
                 processorTag,
                 description,
                 ipField,
@@ -272,42 +312,39 @@ public Processor create(
             );
         }
 
-        public static boolean downloadDatabaseOnPipelineCreation(Map<String, Object> config) {
-            return downloadDatabaseOnPipelineCreation(config, null);
-        }
-
-        public static boolean downloadDatabaseOnPipelineCreation(Map<String, Object> config, String processorTag) {
-            return readBooleanProperty(GeoIpProcessor.TYPE, processorTag, config, "download_database_on_pipeline_creation", true);
+        public static boolean downloadDatabaseOnPipelineCreation(String type, Map<String, Object> config, String processorTag) {
+            return readBooleanProperty(type, processorTag, config, "download_database_on_pipeline_creation", true);
         }
-
     }
 
     static class DatabaseUnavailableProcessor extends AbstractProcessor {
 
+        private final String type;
         private final String databaseName;
 
-        DatabaseUnavailableProcessor(String tag, String description, String databaseName) {
+        DatabaseUnavailableProcessor(String type, String tag, String description, String databaseName) {
             super(tag, description);
+            this.type = type;
             this.databaseName = databaseName;
         }
 
         @Override
         public IngestDocument execute(IngestDocument ingestDocument) throws Exception {
-            tag(ingestDocument, databaseName);
+            tag(ingestDocument, this.type, databaseName);
             return ingestDocument;
         }
 
         @Override
         public String getType() {
-            return TYPE;
+            return type;
         }
 
         public String getDatabaseName() {
             return databaseName;
         }
     }
 
-    private static void tag(IngestDocument ingestDocument, String databaseName) {
-        ingestDocument.appendFieldValue("tags", "_geoip_database_unavailable_" + databaseName, true);
+    private static void tag(IngestDocument ingestDocument, String type, String databaseName) {
+        ingestDocument.appendFieldValue("tags", "_" + type + "_database_unavailable_" + databaseName, true);
     }
 }

modules/ingest-geoip/src/main/java/org/elasticsearch/ingest/geoip/IngestGeoIpPlugin.java

@@ -129,7 +129,7 @@ public Map<String, Processor.Factory> getProcessors(Processor.Parameters paramet
             parameters.ingestService.getClusterService()
         );
         databaseRegistry.set(registry);
-        return Map.of(GeoIpProcessor.TYPE, new GeoIpProcessor.Factory(registry));
+        return Map.of(GeoIpProcessor.GEOIP_TYPE, new GeoIpProcessor.Factory(GeoIpProcessor.GEOIP_TYPE, registry));
     }
 
     @Override

modules/ingest-geoip/src/main/java/org/elasticsearch/ingest/geoip/IpinfoIpDataLookups.java

@@ -39,6 +39,10 @@ private IpinfoIpDataLookups() {
 
     private static final Logger logger = LogManager.getLogger(IpinfoIpDataLookups.class);
 
+    // the actual prefix from the metadata is cased like the literal string, and
+    // prefix dispatch and checks case-insensitive, so that works out nicely
+    static final String IPINFO_PREFIX = "ipinfo";
+
     /**
      * Lax-ly parses a string that (ideally) looks like 'AS123' into a Long like 123L (or null, if such parsing isn't possible).
      * @param asn a potentially empty (or null) ASN string that is expected to contain 'AS' and then a parsable long

modules/ingest-geoip/src/main/java/org/elasticsearch/ingest/geoip/MaxmindIpDataLookups.java

@@ -34,6 +34,7 @@
 import java.net.InetAddress;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 
@@ -46,6 +47,11 @@ private MaxmindIpDataLookups() {
         // utility class
     }
 
+    // the actual prefixes from the metadata are cased like the literal strings, but
+    // prefix dispatch and checks case-insensitive, so the actual constants are lowercase
+    static final String GEOIP2_PREFIX = "GeoIP2".toLowerCase(Locale.ROOT);
+    static final String GEOLITE2_PREFIX = "GeoLite2".toLowerCase(Locale.ROOT);
+
     static class AnonymousIp extends AbstractBase<AnonymousIpResponse> {
         AnonymousIp(final Set<Database.Property> properties) {
             super(