Throw OpensearchSecurityException incase of datasource authorization …

…error Signed-off-by: Vamsi Manohar <[email protected]>
vamsi-amazon · Apr 18, 2024 · ede02d2 · ede02d2
1 parent 204c7da
commit ede02d2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/.../main/java/org/opensearch/sql/datasources/auth/DataSourceUserAuthorizationHelperImpl.java b/.../main/java/org/opensearch/sql/datasources/auth/DataSourceUserAuthorizationHelperImpl.java
@@ -9,9 +9,11 @@
 
 import java.util.List;
 import lombok.AllArgsConstructor;
+import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.client.Client;
 import org.opensearch.commons.ConfigConstants;
 import org.opensearch.commons.authuser.User;
+import org.opensearch.core.rest.RestStatus;
 import org.opensearch.sql.datasource.model.DataSourceMetadata;
 
 @AllArgsConstructor
@@ -49,11 +51,12 @@ public void authorizeDataSource(DataSourceMetadata dataSourceMetadata) {
         }
       }
       if (!isAuthorized) {
-        throw new SecurityException(
+        throw new OpenSearchSecurityException(
             String.format(
                 "User is not authorized to access datasource %s. "
                     + "User should be mapped to any of the roles in %s for access.",
-                dataSourceMetadata.getName(), dataSourceMetadata.getAllowedRoles().toString()));
+                dataSourceMetadata.getName(), dataSourceMetadata.getAllowedRoles().toString()),
+            RestStatus.UNAUTHORIZED);
       }
     }
   }

diff --git a/...t/java/org/opensearch/sql/datasources/auth/DataSourceUserAuthorizationHelperImplTest.java b/...t/java/org/opensearch/sql/datasources/auth/DataSourceUserAuthorizationHelperImplTest.java
@@ -9,14 +9,17 @@
 
 import java.util.List;
 import org.junit.Assert;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Answers;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
+import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.client.Client;
+import org.opensearch.core.rest.RestStatus;
 import org.opensearch.sql.datasource.model.DataSourceMetadata;
 import org.opensearch.sql.datasource.model.DataSourceType;
 
@@ -90,14 +93,15 @@ public void testAuthorizeDataSourceWithException() {
                 .getTransient(OPENSEARCH_SECURITY_USER_INFO_THREAD_CONTEXT))
         .thenReturn(userString);
     DataSourceMetadata dataSourceMetadata = dataSourceMetadata();
-    SecurityException securityException =
+    OpenSearchSecurityException openSearchSecurityException =
         Assert.assertThrows(
-            SecurityException.class,
+            OpenSearchSecurityException.class,
             () -> this.dataSourceUserAuthorizationHelper.authorizeDataSource(dataSourceMetadata));
-    Assert.assertEquals(
+    Assertions.assertEquals(
         "User is not authorized to access datasource test. "
             + "User should be mapped to any of the roles in [prometheus_access] for access.",
-        securityException.getMessage());
+        openSearchSecurityException.getMessage());
+    Assertions.assertEquals(RestStatus.UNAUTHORIZED, openSearchSecurityException.status());
   }
 
   private DataSourceMetadata dataSourceMetadata() {