Forbid all kinds of ARN subfield

Signed-off-by: Sicheng Song <[email protected]>
opensearch-project · Apr 15, 2024 · 87f513b · 87f513b
1 parent d655ca5
commit 87f513b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/...on/src/main/java/org/opensearch/ml/common/transport/connector/MLCreateConnectorInput.java b/...on/src/main/java/org/opensearch/ml/common/transport/connector/MLCreateConnectorInput.java
@@ -25,6 +25,8 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import static org.opensearch.core.xcontent.XContentParserUtils.ensureExpectedToken;
 import static org.opensearch.ml.common.utils.StringUtils.getParameterMap;
@@ -151,8 +153,11 @@ public static MLCreateConnectorInput parse(XContentParser parser, boolean update
                     // We need to filter out any key string that is trying to imitate the subfield of the secretArn of the credential map
                     credential = new HashMap<>();
                     Map<String, String> credentialKeyToAdd = parser.mapStrings();
+                    Pattern pattern = Pattern.compile("[a-zA-Z]+Arn\\.");
                     for (String key : credentialKeyToAdd.keySet()) {
-                        if (!key.startsWith("secretArn.")) {
+                        Matcher matcher = pattern.matcher(key);
+                        boolean matchFound = matcher.find();
+                        if (!matchFound) {
                             credential.put(key, credentialKeyToAdd.get(key));
                         }
                     }

diff --git a/...c/test/java/org/opensearch/ml/common/transport/connector/MLCreateConnectorInputTests.java b/...c/test/java/org/opensearch/ml/common/transport/connector/MLCreateConnectorInputTests.java
@@ -196,18 +196,21 @@ public void testParse_ArrayParameter() throws Exception {
     public void testParse_SecretArnPrefix() throws Exception {
         String expectedInputStr = "{\"name\":\"test_connector_name\"," +
                 "\"description\":\"this is a test connector\",\"version\":\"1\",\"protocol\":\"http\"," +
-                "\"parameters\":{\"input\":[\"test input value\"]},\"credential\":{\"key\":\"test_key_value\", \"secretArn\":\"test_secretArn_value\", \"secretArn.key\":\"test_key_value\"}," +
+                "\"parameters\":{\"input\":[\"test input value\"]},\"credential\":{\"key\":\"test_key_value\"," +
+                "\"secretArn\":\"test_secretArn_value\", \"secretArn.key\":\"test_key_value\"," +
+                "\"roleArn\":\"test_roleArn_value\", \"roleArn.subfield\":\"test_subfield_value\",\"test_Arn_test\":\"test_value\"}," +
                 "\"actions\":[{\"action_type\":\"PREDICT\",\"method\":\"POST\",\"url\":\"https://test.com\"," +
                 "\"headers\":{\"api_key\":\"${credential.key}\"}," +
                 "\"request_body\":\"{\\\"input\\\": \\\"${parameters.input}\\\"}\"," +
                 "\"pre_process_function\":\"connector.pre_process.openai.embedding\"," +
                 "\"post_process_function\":\"connector.post_process.openai.embedding\"}]," +
                 "\"backend_roles\":[\"role1\",\"role2\"],\"add_all_backend_roles\":false," +
                 "\"access_mode\":\"PUBLIC\"}";
-        HashSet<String> expectedCredentialKeys = new HashSet<>(Arrays.asList("key", "secretArn"));
+        HashSet<String> expectedCredentialKeys = new HashSet<>(Arrays.asList("key", "secretArn", "roleArn","test_Arn_test"));
         testParseFromJsonString(expectedInputStr, parsedInput -> {
             assertEquals(expectedCredentialKeys, parsedInput.getCredential().keySet());
             assertEquals("test_secretArn_value", parsedInput.getCredential().get("secretArn"));
+            assertEquals("test_roleArn_value", parsedInput.getCredential().get("roleArn"));
         });
     }