diff --git a/direct-query-core/src/main/java/org/opensearch/sql/prometheus/client/PrometheusClientImpl.java b/direct-query-core/src/main/java/org/opensearch/sql/prometheus/client/PrometheusClientImpl.java index 687274fab38..bb5eaf153f7 100644 --- a/direct-query-core/src/main/java/org/opensearch/sql/prometheus/client/PrometheusClientImpl.java +++ b/direct-query-core/src/main/java/org/opensearch/sql/prometheus/client/PrometheusClientImpl.java @@ -26,6 +26,7 @@ import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; +import org.opensearch.secure_sm.AccessController; import org.opensearch.sql.prometheus.exception.PrometheusClientException; import org.opensearch.sql.prometheus.model.MetricMetadata; @@ -91,7 +92,7 @@ public JSONObject queryRange( Request request = new Request.Builder().url(queryUrl).build(); logger.debug("Executing Prometheus request with headers: {}", request.headers().toString()); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); logger.debug("Received Prometheus response for query_range: code={}", response); @@ -126,7 +127,7 @@ public JSONObject query(String query, Long time, Integer limit, Integer timeout) Request request = new Request.Builder().url(queryUrl).build(); logger.info("Executing Prometheus request with headers: {}", request.headers().toString()); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); logger.info("Received Prometheus response for instant query: code={}", response); // Return the full response object, not just the data field @@ -146,7 +147,7 @@ public List getLabels(Map queryParams) throws IOExceptio "%s/api/v1/labels%s", prometheusUri.toString().replaceAll("/$", ""), queryString); logger.debug("queryUrl: " + queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); JSONObject jsonObject = readResponse(response); return toListOfLabels(jsonObject.getJSONArray("data")); } @@ -161,7 +162,7 @@ public List getLabel(String labelName, Map queryParams) prometheusUri.toString().replaceAll("/$", ""), labelName, queryString); logger.debug("queryUrl: " + queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); JSONObject jsonObject = readResponse(response); return toListOfLabels(jsonObject.getJSONArray("data")); } @@ -175,7 +176,7 @@ public Map> getAllMetrics(Map query "%s/api/v1/metadata%s", prometheusUri.toString().replaceAll("/$", ""), queryString); logger.debug("queryUrl: " + queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); JSONObject jsonObject = readResponse(response); TypeReference>> typeRef = new TypeReference<>() {}; return new ObjectMapper().readValue(jsonObject.getJSONObject("data").toString(), typeRef); @@ -194,7 +195,7 @@ public List> getSeries(Map queryParams) thro "%s/api/v1/series%s", prometheusUri.toString().replaceAll("/$", ""), queryString); logger.debug("queryUrl: " + queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); JSONObject jsonObject = readResponse(response); JSONArray dataArray = jsonObject.getJSONArray("data"); return toListOfSeries(dataArray); @@ -211,7 +212,7 @@ public JSONArray queryExemplars(String query, Long start, Long end) throws IOExc end); logger.debug("queryUrl: " + queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); JSONObject jsonObject = readResponse(response); return jsonObject.getJSONArray("data"); } @@ -222,7 +223,7 @@ public JSONObject getAlerts() throws IOException { String.format("%s/api/v1/alerts", prometheusUri.toString().replaceAll("/$", "")); logger.debug("Making Prometheus alerts request: {}", queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); JSONObject jsonObject = readResponse(response); return jsonObject.getJSONObject("data"); } @@ -235,7 +236,7 @@ public JSONObject getRules(Map queryParams) throws IOException { "%s/api/v1/rules%s", prometheusUri.toString().replaceAll("/$", ""), queryString); logger.debug("Making Prometheus rules request: {}", queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.prometheusHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.prometheusHttpClient.newCall(request).execute()); JSONObject jsonObject = readResponse(response); return jsonObject.getJSONObject("data"); } @@ -248,7 +249,7 @@ public JSONArray getAlertmanagerAlerts(Map queryParams) throws I logger.debug("Making Alertmanager alerts request: {}", queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.alertmanagerHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.alertmanagerHttpClient.newCall(request).execute()); return readAlertmanagerResponse(response); } @@ -261,7 +262,7 @@ public JSONArray getAlertmanagerAlertGroups(Map queryParams) thr logger.debug("Making Alertmanager alert groups request: {}", queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.alertmanagerHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.alertmanagerHttpClient.newCall(request).execute()); return readAlertmanagerResponse(response); } @@ -273,7 +274,7 @@ public JSONArray getAlertmanagerReceivers() throws IOException { logger.debug("Making Alertmanager receivers request: {}", queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.alertmanagerHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.alertmanagerHttpClient.newCall(request).execute()); return readAlertmanagerResponse(response); } @@ -285,7 +286,7 @@ public JSONArray getAlertmanagerSilences() throws IOException { logger.debug("Making Get Alertmanager silences request: {}", queryUrl); Request request = new Request.Builder().url(queryUrl).build(); - Response response = this.alertmanagerHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.alertmanagerHttpClient.newCall(request).execute()); return readAlertmanagerResponse(response); } @@ -301,7 +302,7 @@ public String createAlertmanagerSilences(String silenceJson) throws IOException .header("Content-Type", "application/json") .post(RequestBody.create(silenceJson.getBytes(StandardCharsets.UTF_8))) .build(); - Response response = this.alertmanagerHttpClient.newCall(request).execute(); + Response response = AccessController.doPrivilegedChecked(() -> this.alertmanagerHttpClient.newCall(request).execute()); if (response.isSuccessful()) { return Objects.requireNonNull(response.body()).string();