feat(core): allow reading file from any namespaces

loicmathieu · loicmathieu · commit 4bb2de219dce · 2025-03-06T15:59:40.000+01:00
Fixes kestra-io/kestra-ee#1934
diff --git a/core/src/main/java/io/kestra/core/runners/pebble/functions/AbstractFileFunction.java b/core/src/main/java/io/kestra/core/runners/pebble/functions/AbstractFileFunction.java
@@ -0,0 +1,107 @@
+package io.kestra.core.runners.pebble.functions;
+
+import io.kestra.core.services.FlowService;
+import io.kestra.core.utils.Slugify;
+import io.pebbletemplates.pebble.error.PebbleException;
+import io.pebbletemplates.pebble.extension.Function;
+import io.pebbletemplates.pebble.template.EvaluationContext;
+import io.pebbletemplates.pebble.template.PebbleTemplate;
+import jakarta.inject.Inject;
+
+import java.net.URI;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+abstract class AbstractFileFunction implements Function {
+    static final String KESTRA_SCHEME = "kestra:///";
+    static final String TRIGGER = "trigger";
+    static final String NAMESPACE = "namespace";
+    static final String TENANT_ID = "tenantId";
+    static final String ID  = "id";
+
+    private static final Pattern EXECUTION_FILE = Pattern.compile(".*/.*/executions/.*/tasks/.*/.*");
+
+    @Inject
+    private FlowService flowService;
+
+    URI getUriFromThePath(Object path, int lineNumber, PebbleTemplate self) {
+        if (path instanceof URI u) {
+            return u;
+        } else if (path instanceof String str && str.startsWith(KESTRA_SCHEME)) {
+            return URI.create(str);
+        } else {
+            throw new PebbleException(null, "Unable to create the URI from the path " + path, lineNumber, self.getName());
+        }
+    }
+
+    boolean isFileUriValid(String namespace, String flowId, String executionId, URI path) {
+        // Internal storage URI should be: kestra:///$namespace/$flowId/executions/$executionId/tasks/$taskName/$taskRunId/$random.ion or kestra:///$namespace/$flowId/executions/$executionId/trigger/$triggerName/$random.ion
+        // We check that the file is for the given flow execution
+        if (namespace == null || flowId == null || executionId == null) {
+            return false;
+        }
+
+        String authorizedBasePath = KESTRA_SCHEME + namespace.replace(".", "/") + "/" + Slugify.of(flowId) + "/executions/" + executionId + "/";
+        return path.toString().startsWith(authorizedBasePath);
+    }
+
+    @SuppressWarnings("unchecked")
+    String checkAllowedFileAndReturnNamespace(EvaluationContext context, URI path) {
+        Map<String, String> flow = (Map<String, String>) context.getVariable("flow");
+        Map<String, String> execution = (Map<String, String>) context.getVariable("execution");
+
+        // check if the file is from the current execution, the parent execution or an allowed namespaces
+        boolean isFileFromCurrentExecution = isFileUriValid(flow.get(NAMESPACE), flow.get(ID), execution.get(ID), path);
+        if (isFileFromCurrentExecution) {
+            return flow.get(NAMESPACE);
+        } else {
+            if (isFileFromParentExecution(context, path)) {
+                Map<String, String> trigger = (Map<String, String>) context.getVariable(TRIGGER);
+                return trigger.get(NAMESPACE);
+            }
+            else {
+                return checkIfFileFromAllowedNamespaceAndReturnIt(context, path, flow.get(TENANT_ID), flow.get(NAMESPACE));
+            }
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    private boolean isFileFromParentExecution(EvaluationContext context, URI path) {
+        if (context.getVariable(TRIGGER) != null) {
+            // if there is a trigger of type execution, we also allow accessing a file from the parent execution
+            Map<String, String> trigger = (Map<String, String>) context.getVariable(TRIGGER);
+
+            if (!isFileUriValid(trigger.get(NAMESPACE), trigger.get("flowId"), trigger.get("executionId"), path)) {
+                throw new IllegalArgumentException("Unable to read the file '" + path + "' as it didn't belong to the parent execution");
+            }
+            return true;
+        }
+        return false;
+    }
+
+    private String checkIfFileFromAllowedNamespaceAndReturnIt(EvaluationContext context, URI path, String tenantId, String fromNamespace) {
+        // Extract namespace from the path, it should be of the form: kestra:///({tenantId}/){namespace}/{flowId}/executions/{executionId}/tasks/{taskId}/{taskRunId}/{fileName}'
+        // To extract the namespace, we must do it step by step as tenantId, namespace and taskId can contain the words 'executions' and 'tasks'
+        String namespace = path.toString().substring(KESTRA_SCHEME.length());
+        if (!EXECUTION_FILE.matcher(namespace).matches()) {
+            throw new IllegalArgumentException("Unable to read the file '" + path + "' as it is not an execution file");
+        }
+
+        // 1. remove the tenantId if existing
+        if (tenantId != null) {
+            namespace = namespace.substring(tenantId.length() + 1);
+        }
+        // 2. remove everything after tasks
+        namespace = namespace.substring(0, namespace.lastIndexOf("/tasks/"));
+        // 3. remove everything after executions
+        namespace = namespace.substring(0, namespace.lastIndexOf("/executions/"));
+        // 4. remove the flowId
+        namespace = namespace.substring(0, namespace.lastIndexOf('/'));
+        // 5. replace '/' with '.'
+        namespace = namespace.replace("/", ".");
+
+        flowService.checkAllowedNamespace(tenantId, namespace, tenantId, fromNamespace);
+
+        return namespace;
+    }
+}
diff --git a/core/src/main/java/io/kestra/core/runners/pebble/functions/FileSizeFunction.java b/core/src/main/java/io/kestra/core/runners/pebble/functions/FileSizeFunction.java
@@ -61,16 +61,11 @@ private URI getUriFromThePath(Object path, int lineNumber, PebbleTemplate self)
 
     @SuppressWarnings("unchecked")
     private long getFileSizeFromInternalStorageUri(EvaluationContext context, URI path) throws IOException {
-        Map<String, String> flow = (Map<String, String>) context.getVariable("flow");
-        Map<String, String> execution = (Map<String, String>) context.getVariable("execution");
-
-        boolean isFileFromCurrentExecution = isFileUriValid(flow.get(NAMESPACE), flow.get(ID), execution.get(ID), path);
+        // check if the file is from the current execution, the parent execution, or an allowed namespace
+        String namespace = checkAllowedFileAndReturnNamespace(context, path);
 
-        if (!isFileFromCurrentExecution) {
-            checkIfFileFromParentExecution(context, path);
-        }
-
-        FileAttributes fileAttributes = storageInterface.getAttributes(flow.get("tenantId"), flow.get("namespace"), path);
+        Map<String, String> flow = (Map<String, String>) context.getVariable("flow");
+        FileAttributes fileAttributes = storageInterface.getAttributes(flow.get(TENANT_ID), namespace, path);
         return fileAttributes.getSize();
     }
 
diff --git a/core/src/main/java/io/kestra/core/runners/pebble/functions/ReadFileFunction.java b/core/src/main/java/io/kestra/core/runners/pebble/functions/ReadFileFunction.java
@@ -2,8 +2,6 @@
 
 import io.kestra.core.storages.StorageContext;
 import io.kestra.core.storages.StorageInterface;
-import io.kestra.core.utils.Slugify;
-import io.micronaut.context.annotation.Value;
 import io.pebbletemplates.pebble.error.PebbleException;
 import io.pebbletemplates.pebble.extension.Function;
 import io.pebbletemplates.pebble.template.EvaluationContext;
@@ -26,8 +24,8 @@ public class ReadFileFunction implements Function {
     @Inject
     private StorageInterface storageInterface;
 
-    @Value("${kestra.server-type:}") // default to empty as tests didn't set this property
-    private String serverType;
+//    @Value("${kestra.server-type:}") // default to empty as tests didn't set this property
+//    private String serverType;
 
     @Override
     public List<String> getArgumentNames() {
@@ -70,33 +68,19 @@ public Object execute(Map<String, Object> args, PebbleTemplate self, EvaluationC
     @SuppressWarnings("unchecked")
     private String readFromNamespaceFile(EvaluationContext context, String path) throws IOException {
         Map<String, String> flow = (Map<String, String>) context.getVariable("flow");
-        URI namespaceFile = URI.create(StorageContext.namespaceFilePrefix(flow.get("namespace")) + "/" + path);
-        try (InputStream inputStream = storageInterface.get(flow.get("tenantId"), flow.get("namespace"), namespaceFile)) {
+        URI namespaceFile = URI.create(StorageContext.namespaceFilePrefix(flow.get(NAMESPACE)) + "/" + path);
+        try (InputStream inputStream = storageInterface.get(flow.get(TENANT_ID), flow.get(NAMESPACE), namespaceFile)) {
             return new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
         }
     }
 
     @SuppressWarnings("unchecked")
     private String readFromInternalStorageUri(EvaluationContext context, URI path) throws IOException {
-        Map<String, String> flow = (Map<String, String>) context.getVariable("flow");
-        Map<String, String> execution = (Map<String, String>) context.getVariable("execution");
-
-        // check if the file is from the current execution
-        if (!validateFileUri(flow.get("namespace"), flow.get("id"), execution.get("id"), path)) {
-            // if not, it can be from the parent execution, so we check if there is a trigger of type execution
-            if (context.getVariable("trigger") != null) {
-                // if there is a trigger of type execution, we also allow accessing a file from the parent execution
-                Map<String, String> trigger = (Map<String, String>) context.getVariable("trigger");
-                if (!validateFileUri(trigger.get("namespace"), trigger.get("flowId"), trigger.get("executionId"), path)) {
-                    throw new IllegalArgumentException("Unable to read the file '" + path + "' as it didn't belong to the current execution");
-                }
-            }
-            else {
-                throw new IllegalArgumentException("Unable to read the file '" + path + "' as it didn't belong to the current execution");
-            }
-        }
+        // check if the file is from the current execution, the parent execution, or an allowed namespace
+        String namespace = checkAllowedFileAndReturnNamespace(context, path);
 
-        try (InputStream inputStream = storageInterface.get(flow.get("tenantId"), flow.get("namespace"), path)) {
+        Map<String, String> flow = (Map<String, String>) context.getVariable("flow");
+        try (InputStream inputStream = storageInterface.get(flow.get(TENANT_ID), namespace, path)) {
             return new String(inputStream.readAllBytes(), StandardCharsets.UTF_8);
         }
     }
diff --git a/core/src/test/java/io/kestra/core/runners/pebble/functions/FileSizeFunctionTest.java b/core/src/test/java/io/kestra/core/runners/pebble/functions/FileSizeFunctionTest.java
@@ -73,7 +73,7 @@ void returnsCorrectSize_givenStringUri_andParentExecution() throws IOException,
     }
 
     @Test
-    void shouldThrowIllegalArgumentException_givenMissingTrigger_andParentExecution() throws IOException {
+    void shouldReadFromAnotherExecution() throws IOException, IllegalVariableEvaluationException {
         String executionId = IdUtils.create();
         URI internalStorageURI = getInternalStorageURI(executionId);
         URI internalStorageFile = getInternalStorageFile(internalStorageURI);
@@ -85,12 +85,8 @@ void shouldThrowIllegalArgumentException_givenMissingTrigger_andParentExecution(
             "execution", Map.of("id", IdUtils.create())
         );
 
-        Exception ex = assertThrows(
-            IllegalArgumentException.class,
-            () -> variableRenderer.render("{{ fileSize('" + internalStorageFile + "') }}", variables)
-        );
-
-        assertTrue(ex.getMessage().startsWith("Unable to read the file"), "Exception message doesn't match expected one");
+        String size = variableRenderer.render("{{ fileSize('" + internalStorageFile + "') }}", variables);
+        assertThat(size, is(FILE_SIZE));
     }
 
     @Test
diff --git a/core/src/test/java/io/kestra/core/runners/pebble/functions/ReadFileFunctionTest.java b/core/src/test/java/io/kestra/core/runners/pebble/functions/ReadFileFunctionTest.java
@@ -125,54 +125,22 @@ void readInternalStorageURI() throws IOException, IllegalVariableEvaluationExcep
     }
 
     @Test
-    void readUnauthorizedInternalStorageFile() throws IOException {
+    void readInternalStorageFileFromAnotherExecution() throws IOException, IllegalVariableEvaluationException {
         String namespace = "my.namespace";
         String flowId = "flow";
         String executionId = IdUtils.create();
         URI internalStorageURI = URI.create("/" + namespace.replace(".", "/") + "/" + flowId + "/executions/" + executionId + "/tasks/task/" + IdUtils.create() + "/123456.ion");
         URI internalStorageFile = storageInterface.put(null, namespace, internalStorageURI, new ByteArrayInputStream("Hello from a task output".getBytes()));
 
-        // test for an un-authorized execution with no trigger
         Map<String, Object> variables = Map.of(
             "flow", Map.of(
                 "id", "notme",
                 "namespace", "notme"),
             "execution", Map.of("id", "notme")
         );
 
-        var exception = assertThrows(IllegalArgumentException.class, () -> variableRenderer.render("{{ read('" + internalStorageFile + "') }}", variables));
-        assertThat(exception.getMessage(), is("Unable to read the file '" + internalStorageFile + "' as it didn't belong to the current execution"));
-
-        // test for an un-authorized execution with a trigger of type execution
-        Map<String, Object> executionTriggerVariables = Map.of(
-            "flow", Map.of(
-                "id", "notme",
-                "namespace", "notme"),
-            "execution", Map.of("id", "notme"),
-            "trigger", Map.of(
-                "flowId", "notme",
-                "namespace", "notme",
-                "executionId", "notme"
-            )
-        );
-
-        exception = assertThrows(IllegalArgumentException.class, () -> variableRenderer.render("{{ read('" + internalStorageFile + "') }}", executionTriggerVariables));
-        assertThat(exception.getMessage(), is("Unable to read the file '" + internalStorageFile + "' as it didn't belong to the current execution"));
-
-        // test for an un-authorized execution with a trigger of another type
-        Map<String, Object> triggerVariables = Map.of(
-            "flow", Map.of(
-                "id", "notme",
-                "namespace", "notme"),
-            "execution", Map.of("id", "notme"),
-            "trigger", Map.of(
-                "date", "somedate",
-                "row", "somerow"
-            )
-        );
-
-        exception = assertThrows(IllegalArgumentException.class, () -> variableRenderer.render("{{ read('" + internalStorageFile + "') }}", triggerVariables));
-        assertThat(exception.getMessage(), is("Unable to read the file '" + internalStorageFile + "' as it didn't belong to the current execution"));
+        String render = variableRenderer.render("{{ read('" + internalStorageFile + "') }}", variables);
+        assertThat(render, is("Hello from a task output"));
     }
 
     @Test
