Watcher: Validate email adresses when storing a watch (#34042)

Right now, watches fail on runtime, when invalid email addresses are
used.

All those fields can be checked on parsing, if no mustache is used in
any email address template. In that case we can return immediate
feedback, that invalid email addresses should not be specified when
trying to store a watch.

Author: spinscale

x-pack/docs/en/watcher/actions/email.asciidoc

@@ -28,7 +28,7 @@ the watch payload in the email body:
 "actions" : {
   "send_email" : { <1>
     "email" : { <2>
-      "to" : "<username>@<domainname>", <3>
+      "to" : "username@example.org", <3>
       "subject" : "Watcher Notification", <4>
       "body" : "{{ctx.payload.hits.total}} error logs found" <5>
     }

x-pack/docs/en/watcher/customizing-watches.asciidoc

@@ -219,7 +219,7 @@ attaches the payload data to the message:
 "actions" : {
   "send_email" : { <1>
     "email" : { <2>
-      "to" : "<username>@<domainname>",
+      "to" : "email@example.org",
       "subject" : "Watcher Notification",
       "body" : "{{ctx.payload.hits.total}} error logs found",
       "attachments" : {

x-pack/docs/en/watcher/example-watches/example-watch-clusterstatus.asciidoc

@@ -213,7 +213,7 @@ PUT _xpack/watcher/watch/cluster_health_watch
   "actions" : {
     "send_email" : {
       "email" : {
-        "to" : "<username>@<domainname>",
+        "to" : "username@example.org",
         "subject" : "Cluster Status Warning",
         "body" : "Cluster status is RED"
       }

x-pack/docs/en/watcher/example-watches/example-watch-meetupdata.asciidoc

@@ -277,8 +277,8 @@ PUT _xpack/watcher/watch/meetup
     "email_me": {
       "throttle_period": "10m",
       "email": {
-        "from": "<username>@<domainname>",  <2>
-        "to": "<username@<domainname>",     <3>
+        "from": "username@example.org",  <2>
+        "to": "recipient@example.org",   <3>
         "subject": "Open Source events",
         "body": {
           "html": "Found events matching Open Source: <ul>{{#ctx.payload.aggregations.group_by_city.buckets}}<li>{{key}} ({{doc_count}})<ul>{{#group_by_event.buckets}}<li><a href=\"{{key}}\">{{get_latest.buckets.0.group_by_event_name.buckets.0.key}}</a> ({{doc_count}})</li>{{/group_by_event.buckets}}</ul></li>{{/ctx.payload.aggregations.group_by_city.buckets}}</ul>"

x-pack/docs/en/watcher/example-watches/watching-time-series-data.asciidoc

@@ -133,7 +133,7 @@ you can then reference it by name in the watch condition.
 "actions" : {
   "send_email" : {
     "email" : {
-      "to" : "<username>@<domainname>",
+      "to" : "username@example.org",
       "subject" : "Somebody needs help with the Elastic Stack",
       "body" : "The attached Stack Overflow posts were tagged with Elasticsearch, Logstash, Beats or Kibana and mentioned an error or problem.",
       "attachments" : {
@@ -190,7 +190,7 @@ PUT _xpack/watcher/watch/rss_watch
   "actions" : {
     "send_email" : {
       "email" : {
-        "to" : "<username>@<domainname>",  <1>
+        "to" : "username@example.org",  <1>
         "subject" : "Somebody needs help with the Elastic Stack",
         "body" : "The attached Stack Overflow posts were tagged with Elasticsearch, Logstash, Beats or Kibana and mentioned an error or problem.",
         "attachments" : {
@@ -205,7 +205,7 @@ PUT _xpack/watcher/watch/rss_watch
 --------------------------------------------------
 // CONSOLE
 // TEST[s/"id" : "threshold_hits"/"source": "return ctx.payload.hits.total > params.threshold"/]
-<1> Replace `<username>@<domainname>` with your email address to receive
+<1> Replace `username@example.org` with your email address to receive
     notifications.
 
 [TIP]

x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/common/text/TextTemplate.java

@@ -29,10 +29,12 @@ public class TextTemplate implements ToXContent {
 
     private final Script script;
     private final String inlineTemplate;
+    private final boolean isUsingMustache;
 
     public TextTemplate(String template) {
         this.script = null;
         this.inlineTemplate = template;
+        this.isUsingMustache = template.contains("{{");
     }
 
     public TextTemplate(String template, @Nullable XContentType contentType, ScriptType type,
@@ -48,12 +50,14 @@ public TextTemplate(String template, @Nullable XContentType contentType, ScriptT
             params = new HashMap<>();
         }
         this.script = new Script(type, type == ScriptType.STORED ? null : Script.DEFAULT_TEMPLATE_LANG, template, options, params);
+        this.isUsingMustache = template.contains("{{");
         this.inlineTemplate = null;
     }
 
     public TextTemplate(Script script) {
         this.script = script;
         this.inlineTemplate = null;
+        this.isUsingMustache = script.getIdOrCode().contains("{{");
     }
 
     public Script getScript() {
@@ -64,6 +68,10 @@ public String getTemplate() {
         return script != null ? script.getIdOrCode() : inlineTemplate;
     }
 
+    public boolean isUsingMustache() {
+        return isUsingMustache;
+    }
+
     public XContentType getContentType() {
         if (script == null || script.getOptions() == null) {
             return null;

x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/common/text/TextTemplateEngine.java

@@ -35,8 +35,7 @@ public String render(TextTemplate textTemplate, Map<String, Object> model) {
         String mediaType = compileParams(detectContentType(template));
         template = trimContentType(textTemplate);
 
-        int indexStartMustacheExpression = template.indexOf("{{");
-        if (indexStartMustacheExpression == -1) {
+        if (textTemplate.isUsingMustache() == false) {
             return template;
         }
 

x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailTemplate.java

@@ -342,6 +342,7 @@ public static class Parser {
         public boolean handle(String fieldName, XContentParser parser) throws IOException {
             if (Email.Field.FROM.match(fieldName, parser.getDeprecationHandler())) {
                 builder.from(TextTemplate.parse(parser));
+                validateEmailAddresses(builder.from);
             } else if (Email.Field.REPLY_TO.match(fieldName, parser.getDeprecationHandler())) {
                 if (parser.currentToken() == XContentParser.Token.START_ARRAY) {
                     List<TextTemplate> templates = new ArrayList<>();
@@ -352,6 +353,7 @@ public boolean handle(String fieldName, XContentParser parser) throws IOExceptio
                 } else {
                     builder.replyTo(TextTemplate.parse(parser));
                 }
+                validateEmailAddresses(builder.replyTo);
             } else if (Email.Field.TO.match(fieldName, parser.getDeprecationHandler())) {
                 if (parser.currentToken() == XContentParser.Token.START_ARRAY) {
                     List<TextTemplate> templates = new ArrayList<>();
@@ -362,6 +364,7 @@ public boolean handle(String fieldName, XContentParser parser) throws IOExceptio
                 } else {
                     builder.to(TextTemplate.parse(parser));
                 }
+                validateEmailAddresses(builder.to);
             } else if (Email.Field.CC.match(fieldName, parser.getDeprecationHandler())) {
                 if (parser.currentToken() == XContentParser.Token.START_ARRAY) {
                     List<TextTemplate> templates = new ArrayList<>();
@@ -372,6 +375,7 @@ public boolean handle(String fieldName, XContentParser parser) throws IOExceptio
                 } else {
                     builder.cc(TextTemplate.parse(parser));
                 }
+                validateEmailAddresses(builder.cc);
             } else if (Email.Field.BCC.match(fieldName, parser.getDeprecationHandler())) {
                 if (parser.currentToken() == XContentParser.Token.START_ARRAY) {
                     List<TextTemplate> templates = new ArrayList<>();
@@ -382,6 +386,7 @@ public boolean handle(String fieldName, XContentParser parser) throws IOExceptio
                 } else {
                     builder.bcc(TextTemplate.parse(parser));
                 }
+                validateEmailAddresses(builder.bcc);
             } else if (Email.Field.PRIORITY.match(fieldName, parser.getDeprecationHandler())) {
                 builder.priority(TextTemplate.parse(parser));
             } else if (Email.Field.SUBJECT.match(fieldName, parser.getDeprecationHandler())) {
@@ -413,6 +418,26 @@ public boolean handle(String fieldName, XContentParser parser) throws IOExceptio
             return true;
         }
 
+        /**
+         * If this is a text template not using mustache
+         * @param emails The list of email addresses to parse
+         */
+        static void validateEmailAddresses(TextTemplate ... emails) {
+            for (TextTemplate emailTemplate : emails) {
+                // no mustache, do validation
+                if (emailTemplate.isUsingMustache() == false) {
+                    String email = emailTemplate.getTemplate();
+                    try {
+                        for (Email.Address address : Email.AddressList.parse(email)) {
+                            address.validate();
+                        }
+                    } catch (AddressException e) {
+                        throw new ElasticsearchParseException("invalid email address [{}]", e, email);
+                    }
+                }
+            }
+        }
+
         public EmailTemplate parsedTemplate() {
             return builder.build();
         }

x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailAttachmentTests.java

@@ -170,7 +170,7 @@ public void testThatEmailAttachmentsAreSent() throws Exception {
         emailAttachments.toXContent(tmpBuilder, ToXContent.EMPTY_PARAMS);
         tmpBuilder.endObject();
 
-        EmailTemplate.Builder emailBuilder = EmailTemplate.builder().from("_from").to("_to").subject("Subject");
+        EmailTemplate.Builder emailBuilder = EmailTemplate.builder().from("from@example.org").to("to@example.org").subject("Subject");
         WatchSourceBuilder watchSourceBuilder = watchBuilder()
                 .trigger(schedule(interval(5, IntervalSchedule.Interval.Unit.SECONDS)))
                 .input(noneInput())

x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/email/EmailSecretsIntegrationTests.java

@@ -88,8 +88,8 @@ public void testEmail() throws Exception {
                         .condition(InternalAlwaysCondition.INSTANCE)
                         .addAction("_email", ActionBuilders.emailAction(
                                 EmailTemplate.builder()
-                                        .from("_from")
-                                        .to("_to")
+                                        .from("from@example.org")
+                                        .to("to@example.org")
                                         .subject("_subject"))
                                 .setAuthentication(EmailServer.USERNAME, EmailServer.PASSWORD.toCharArray())))
                 .get();