Adds validation to allow only flint queries and sql SELECT queries to security lake type datasource #2959
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eirsep
requested review from
ps48,
kavithacm,
derek-ho,
joshuali925,
dai-chen,
YANG-DB,
rupal-bq,
mengweieric,
vamsi-amazon,
Swiddis,
penghuo,
seankao-az,
MaxKsyunz,
Yury-Fridlyand,
anirudha,
forestmvey,
acarbonetto,
GumpacG,
ykmr1224 and
LantaoJin
as code owners
This comment was marked as resolved.
This comment was marked as resolved.
eirsep
force-pushed
the
validate_security_lake_queries
branch
2 times, most recently
from
88861bf
to
6302f62
Compare
ykmr1224
reviewed
Sep 4, 2024
Comment on lines
+97
to
+100
| logger.error( | ||
| String.format( | ||
| "Failed to parse sql statement context while validating sql query %s", sqlQuery), | ||
| e); |
There was a problem hiding this comment.
Why do we add this error log?
There was a problem hiding this comment.
for better debuggability if there is a syntax error?
There was a problem hiding this comment.
As normal flow go through here, the log level should be info or debug.
There was a problem hiding this comment.
I am not sure if this is an info or debug level log
Imagine a bad sql query we are debugging in a log deep dive. It would be easier to trace it correctly if we throw error logs and user can also keep an eye on them.
this is an error level log because we have caught an exception from a user input or from another system. I strongly feel this should be retained as error level log
There was a problem hiding this comment.
I thought this skips SyntaxCheckException intentionally. @vamsi-amazon any thoughts?
There was a problem hiding this comment.
Yeah, I was little apprehensive to add error logs because..sometimes g4 files are not updated to the latest one from spark repo and this can result in syntax errors for valid queries. So, in case of syntax exceptions, I have decided to forward the query to spark in case of validation errors.
Now since we are clear on which spark version we are going to support, we should take g4 files from that branch and throw validation error in case of exception. what do you think @ykmr1224 ?
async-query-core/src/main/java/org/opensearch/sql/spark/utils/SQLQueryUtils.java
Outdated
Show resolved
Hide resolved
async-query-core/src/main/java/org/opensearch/sql/spark/utils/SQLQueryUtils.java
Show resolved
Hide resolved
async-query-core/src/test/java/org/opensearch/sql/spark/utils/SQLQueryUtilsTest.java
Outdated
Show resolved
Hide resolved
async-query-core/src/test/java/org/opensearch/sql/spark/utils/SQLQueryUtilsTest.java
Show resolved
Hide resolved
async-query-core/src/test/java/org/opensearch/sql/spark/utils/SQLQueryUtilsTest.java
Show resolved
Hide resolved
async-query-core/src/test/java/org/opensearch/sql/spark/utils/SQLQueryUtilsTest.java
Outdated
Show resolved
Hide resolved
async-query-core/src/main/java/org/opensearch/sql/spark/utils/SQLQueryUtils.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/opensearch/sql/datasource/model/DataSourceType.java
Outdated
Show resolved
Hide resolved
ykmr1224
previously approved these changes
Sep 4, 2024
vamsi-amazon
reviewed
Sep 4, 2024
…asource Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
…y class Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
…ests Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
eirsep
force-pushed
the
validate_security_lake_queries
branch
from
6b781d0
to
b8fc8c0
Compare
Signed-off-by: Surya Sashank Nistala <snistala@amazon.com>
vamsi-amazon
approved these changes
Sep 4, 2024
ykmr1224
approved these changes
Sep 4, 2024
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Sep 4, 2024
… security lake type datasource (#2959) * allows only flint queries and select sql queries to security lake datasource Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add sql validator for security lake and refactor validateSparkSqlQuery class Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * spotless fixes Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address review comments. Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address comment to extract validate logic into a separate method in tests Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add more tests to get more code coverage Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> (cherry picked from commit 6c5c685) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Sep 4, 2024
… security lake type datasource (#2959) * allows only flint queries and select sql queries to security lake datasource Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add sql validator for security lake and refactor validateSparkSqlQuery class Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * spotless fixes Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address review comments. Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * address comment to extract validate logic into a separate method in tests Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> * add more tests to get more code coverage Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> --------- Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> (cherry picked from commit 6c5c685) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ykmr1224
pushed a commit
that referenced
this pull request
Sep 5, 2024
… security lake type datasource (#2959) (#2977) * allows only flint queries and select sql queries to security lake datasource * add sql validator for security lake and refactor validateSparkSqlQuery class * spotless fixes * address review comments. * address comment to extract validate logic into a separate method in tests * add more tests to get more code coverage --------- (cherry picked from commit 6c5c685) Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
ykmr1224
pushed a commit
that referenced
this pull request
Sep 5, 2024
… security lake type datasource (#2959) (#2976) * allows only flint queries and select sql queries to security lake datasource * add sql validator for security lake and refactor validateSparkSqlQuery class * spotless fixes * address review comments. * address comment to extract validate logic into a separate method in tests * add more tests to get more code coverage --------- (cherry picked from commit 6c5c685) Signed-off-by: Surya Sashank Nistala <snistala@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adds validation to allow only flint queries and sql select queries to security lake type datasource
Related Issues
Resolves #2907
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.