Validate Accept and Content-Type header for compatible API #54103
Conversation
1226 tests, 227 failures, 16ignored
23 / 2 failled in index/*
failing
CompatRestIT. test {yaml=index/70_mix_typeless_typeful/Index call that
introduces new field mappings}
CompatRestIT. test {yaml=index/70_mix_typeless_typeful/Index with
typeless API on an index that has types}
Introduce module for compat code
code review follow up
This reverts commit a0fce89.
When a request to a compatible api contains a body it will require a content-type header to also contain a compatible media-type - in a form application/vnd.elasticsearch+json;compatible-with=7 When there is no body - it will not be required. Accept header is always required for compatible API
pgomulka
changed the title
| @@ -80,6 +80,7 @@ | |||
| public static final Version V_7_8_0 = new Version(7080099, org.apache.lucene.util.Version.LUCENE_8_5_0); | |||
| public static final Version V_8_0_0 = new Version(8000099, org.apache.lucene.util.Version.LUCENE_8_5_0); | |||
| public static final Version CURRENT = V_8_0_0; | |||
| public static final Version PREVIOUS = V_7_0_0; | |||
There was a problem hiding this comment.
This is a bit ambiguous, and probably not a necessary as a static constant.
Can we add in a method like minimumRestCompatibilityVersion ?
There was a problem hiding this comment.
In doing so, can you please make the method static? It should only apply to the CURRENT version. The fact the other compatibility methods are on Version instances makes testing and modifying the rules difficult, even though in practice the CURRENT version's compatibility is all we need, and the others are just artificial for testing.
There was a problem hiding this comment.
agree, the method should be static
| badRequestCause = ExceptionsHelper.useOrSuppress(badRequestCause, e); | ||
| //todo // tempting to just rethrow. removing content type is just making this less obvious | ||
| throw e; | ||
| // innerRestRequest = requestWithoutContentTypeHeader(httpRequest, httpChannel, badRequestCause); |
There was a problem hiding this comment.
can you clean up the this todo abit ? Not sure I follow.
There was a problem hiding this comment.
just throwing an exception was helping checking the logs, but indeed was breaking the channel creation and there was no response sent back..
will fix
| return Version.CURRENT; | ||
| } | ||
| // both headers are versioned but set to incorrect version | ||
| throw new CompatibleApiHeadersCombinationException( |
There was a problem hiding this comment.
Throwing the exception here results in an abrupt termination of the connection (no error code or proper response). Not sure the fix, but we should add a REST test to ensure the error code.
There was a problem hiding this comment.
I think that we allow RestRequest to be in an incorrect state. When creating a request and it fails due to Content-Type validation https://github.com/elastic/elasticsearch/blob/master/server/src/main/java/org/elasticsearch/rest/RestRequest.java#L93 or parameter validation https://github.com/elastic/elasticsearch/blob/master/server/src/main/java/org/elasticsearch/rest/RestRequest.java#L145
we try create again without either content-type or without parameters.
This makes it harder to create a validation of headers.. we would need to allow to have an incorrect state that would be used for channel creation in order to response back..
| private boolean isRequestCompatible() { | ||
| return isHeaderCompatible(header(CompatibleConstants.COMPATIBLE_HEADER)); | ||
| } | ||
| private Version compatibleWithVersion() { |
There was a problem hiding this comment.
I think this can be greatly simplified and read easier if this returns a boolean and only concerns itself with the version (not the supported media types (that can happen later if need be)).
I think something like this below the same level of validation.
private void addCompatibleParameter() {
if (isRequestingCompatibility()) {
params().put(CompatibleConstants.COMPATIBLE_PARAMS_KEY, String.valueOf(Version.CURRENT.major - 1));
param(CompatibleConstants.COMPATIBLE_PARAMS_KEY);
}
}
private boolean isRequestingCompatibility() {
String acceptHeader = header(CompatibleConstants.COMPATIBLE_ACCEPT_HEADER);
String aVersion = XContentType.parseVersion(acceptHeader);
byte acceptVersion = aVersion == null ? Version.CURRENT.major : Integer.valueOf(aVersion).byteValue();
String contentTypeHeader = header(CompatibleConstants.COMPATIBLE_CONTENT_TYPE_HEADER);
String cVersion = XContentType.parseVersion(contentTypeHeader);
byte contentTypeVersion = cVersion == null ? Version.CURRENT.major : Integer.valueOf(cVersion).byteValue();
if(Version.CURRENT.major < acceptVersion || Version.CURRENT.major - acceptVersion > 1 ){
throw new IllegalStateException("something about only 1 major version support");
}
if (hasContent()) {
if(Version.CURRENT.major < contentTypeVersion || Version.CURRENT.major - contentTypeVersion > 1 ){
throw new IllegalStateException("something about only 1 major version support");
}
if (contentTypeVersion != acceptVersion) {
throw new IllegalStateException("something about needing to match");
}
}
return contentTypeVersion < Version.CURRENT.major || acceptVersion < Version.CURRENT.major;
}
| final ObjectPath objectPath = ObjectPath.createFromResponse(response); | ||
| final Map<String, Object> map = objectPath.evaluate("error"); | ||
| assertThat(map.get("type"), equalTo("compatible_api_headers_combination_exception")); | ||
| assertThat(map.get("reason"), equalTo("Content-Type and Accept headers have to match when content is present. " + |
There was a problem hiding this comment.
how much details do we want on this exception?
at the moment it helped debugging tests when seeing which failed validation
There was a problem hiding this comment.
I think this is a good level of detail.
| )); | ||
| }); | ||
| // for cat apis accept headers would break tests which expect txt response | ||
| if (doSection.getApiCallSection().getApi().startsWith("cat") == false) { |
There was a problem hiding this comment.
we have tests that need Accept header to be empty - expecting text response
maybe we should extend XContentType to text
but then again, we don't expect content-type to be text, and adding text there would allow this
There was a problem hiding this comment.
I think we can punt on the cat api's for now, and this is sufficient for now. this code is temporary and i can address this later.
| @@ -121,4 +121,21 @@ public void testVersionParsing() { | |||
| assertThat(XContentType.parseVersion("APPLICATION/JSON"), | |||
| nullValue()); | |||
| } | |||
|
|
|||
| public void testVersionParsingOnText() { | |||
There was a problem hiding this comment.
as per my comment https://github.com/elastic/elasticsearch/pull/54103/files#r409392721
maybe we should also extend parsing media types that are text? Should we unify this with SQL?
see RestSqlQueryAction at the moment sql has to use format parameter
cc @astefan
There was a problem hiding this comment.
Can we postpone that decision for now and work and in future work ensure that text based APIs are good ?
Adding validation of Accept And Content-Type headers. The idea is to verify combinations of presence and values of both headers depending if a request has a content, headers are versioned (type/vnd.elasticsearch+subtype;compatible-with) .
It also changes the way media type is parsed (previously always assuming application as a type i.e application/json) It should expect different types like text - used in SQL
Not adding a compatible headers for _cat api. These in order to return a default text do not expect Accept header (Content-type is not needed as content is not present)
See #53228 (comment) for more context