Fix S3 validation errors not caught by action listener (#1257)

* catch errors and fail action listener Signed-off-by: Joanne Wang <jowg@amazon.com> * add test to validate behavior Signed-off-by: Joanne Wang <jowg@amazon.com> --------- Signed-off-by: Joanne Wang <jowg@amazon.com>
opensearch-project · Aug 21, 2024 · 2e0ed56 · 2e0ed56
1 parent 890493a
commit 2e0ed56
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 1 deletion.
diff --git a/src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFetchService.java b/src/main/java/org/opensearch/securityanalytics/services/STIX2IOCFetchService.java
@@ -141,7 +141,14 @@ public void onlyIndexIocs(SATIFSourceConfig saTifSourceConfig,
     }
 
     public void downloadAndIndexIOCs(SATIFSourceConfig saTifSourceConfig, ActionListener<STIX2IOCFetchResponse> listener) {
-        S3ConnectorConfig s3ConnectorConfig = constructS3ConnectorConfig(saTifSourceConfig);
+        S3ConnectorConfig s3ConnectorConfig;
+        try {
+            s3ConnectorConfig = constructS3ConnectorConfig(saTifSourceConfig);
+        } catch (SecurityAnalyticsException e) {
+            listener.onFailure(e);
+            return;
+        }
+
         Connector<STIX2> s3Connector = constructS3Connector(s3ConnectorConfig);
         STIX2IOCFeedStore feedStore = new STIX2IOCFeedStore(client, clusterService, saTifSourceConfig, listener);
         STIX2IOCConsumer consumer = new STIX2IOCConsumer(batchSize, feedStore, UpdateType.REPLACE);

diff --git a/src/test/java/org/opensearch/securityanalytics/resthandler/SATIFSourceConfigRestApiIT.java b/src/test/java/org/opensearch/securityanalytics/resthandler/SATIFSourceConfigRestApiIT.java
@@ -788,6 +788,57 @@ public void testWhenBucketObjectDoesNotExist() {
         }
     }
 
+    public void testWhenRoleArnIsEmpty() throws IOException {
+        // Try to create a source config with empty roleArn
+        source = new S3Source("bucketName", "objectKey", "region", "");
+
+        // Create test feed
+        String feedName = "download_test_feed_name";
+        String feedFormat = "STIX2";
+        SourceConfigType sourceConfigType = SourceConfigType.S3_CUSTOM;
+        IntervalSchedule schedule = new IntervalSchedule(Instant.now(), 1, ChronoUnit.MINUTES);
+        List<String> iocTypes = List.of(IOCType.IPV4_TYPE);
+
+        SATIFSourceConfigDto saTifSourceConfigDto = new SATIFSourceConfigDto(
+                null,
+                null,
+                feedName,
+                feedFormat,
+                sourceConfigType,
+                null,
+                null,
+                Instant.now(),
+                source,
+                null,
+                Instant.now(),
+                schedule,
+                null,
+                null,
+                Instant.now(),
+                null,
+                true,
+                iocTypes,
+                true
+        );
+
+        Exception exception = assertThrows(ResponseException.class, () ->
+                makeRequest(client(), "POST", SecurityAnalyticsPlugin.THREAT_INTEL_SOURCE_URI, Collections.emptyMap(), toHttpEntity(saTifSourceConfigDto))
+        );
+
+        String expectedError = "Role arn is empty or malformed";
+        assertTrue("Exception contains unexpected message: " + exception.getMessage(), exception.getMessage().contains(expectedError));
+
+        // ensure that source config is not created
+        String request = "{\n" +
+                "   \"query\" : {\n" +
+                "     \"match_all\":{\n" +
+                "     }\n" +
+                "   }\n" +
+                "}";
+        List<SearchHit> hits = executeSearch(JOB_INDEX_NAME, request);
+        Assert.assertEquals(0, hits.size());
+    }
+
     /**
      * Calls the get source config api and checks if the last updated time is different from the time that was passed in
      * @param createdId