Client: Do not trigger product check on 401 or 403 and forward response to user (#369)

Author: Anaethelion

elasticsearch.go

@@ -212,14 +212,15 @@ func (c *Client) Perform(req *http.Request) (*http.Response, error) {
 	// Retrieve the original request.
 	res, err := c.Transport.Perform(req)
 
-	// ResponseCheck path continues, we run the header check on the first answer from ES.
-	if err == nil {
+	// ResponseCheck, we run the header check on the first answer from ES.
+	if err == nil && (res.StatusCode != http.StatusForbidden && res.StatusCode != http.StatusUnauthorized) {
 		checkHeader := func() error { return genuineCheckHeader(res.Header) }
 		if err := c.doProductCheck(checkHeader); err != nil {
 			res.Body.Close()
 			return nil, err
 		}
 	}
+
 	return res, err
 }
 

elasticsearch_internal_test.go

@@ -15,6 +15,7 @@
 // specific language governing permissions and limitations
 // under the License.
 
+//go:build !integration
 // +build !integration
 
 package elasticsearch
@@ -389,10 +390,10 @@ func TestClientMetrics(t *testing.T) {
 
 func TestResponseCheckOnly(t *testing.T) {
 	tests := []struct {
-		name                 string
-		response             *http.Response
-		requestErr           error
-		wantErr              bool
+		name       string
+		response   *http.Response
+		requestErr error
+		wantErr    bool
 	}{
 		{
 			name: "Valid answer with header",
@@ -410,14 +411,62 @@ func TestResponseCheckOnly(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "Valid answer with http error code",
+			name: "Valid answer with header and response check",
 			response: &http.Response{
-				StatusCode: http.StatusUnauthorized,
 				Header: http.Header{"X-Elastic-Product": []string{"Elasticsearch"}},
-				Body:       ioutil.NopCloser(strings.NewReader("{}")),
+				Body:   ioutil.NopCloser(strings.NewReader("{}")),
 			},
 			wantErr: false,
 		},
+		{
+			name: "Valid answer without header and response check",
+			response: &http.Response{
+				Body: ioutil.NopCloser(strings.NewReader("{}")),
+			},
+			wantErr: true,
+		},
+		{
+			name:       "Request failed",
+			response:   nil,
+			requestErr: errors.New("request failed"),
+			wantErr:    true,
+		},
+		{
+			name: "Valid request, 500 response",
+			response: &http.Response{
+				StatusCode: http.StatusInternalServerError,
+				Body:       ioutil.NopCloser(strings.NewReader("")),
+			},
+			requestErr: nil,
+			wantErr:    true,
+		},
+		{
+			name: "Valid request, 404 response",
+			response: &http.Response{
+				StatusCode: http.StatusNotFound,
+				Body:       ioutil.NopCloser(strings.NewReader("")),
+			},
+			requestErr: nil,
+			wantErr:    true,
+		},
+		{
+			name: "Valid request, 403 response",
+			response: &http.Response{
+				StatusCode: http.StatusForbidden,
+				Body:       ioutil.NopCloser(strings.NewReader("")),
+			},
+			requestErr: nil,
+			wantErr:    false,
+		},
+		{
+			name: "Valid request, 401 response",
+			response: &http.Response{
+				StatusCode: http.StatusUnauthorized,
+				Body:       ioutil.NopCloser(strings.NewReader("")),
+			},
+			requestErr: nil,
+			wantErr:    false,
+		},
 	}
 
 	for _, tt := range tests {
@@ -435,7 +484,6 @@ func TestResponseCheckOnly(t *testing.T) {
 	}
 }
 
-
 func TestProductCheckError(t *testing.T) {
 	var requestPaths []string
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -472,7 +520,6 @@ func TestProductCheckError(t *testing.T) {
 	}
 }
 
-
 func TestFingerprint(t *testing.T) {
 	body := []byte(`{"body": true"}"`)
 	server := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -482,7 +529,7 @@ func TestFingerprint(t *testing.T) {
 	defer server.Close()
 
 	config := Config{
-		Addresses: []string{server.URL},
+		Addresses:    []string{server.URL},
 		DisableRetry: true,
 	}
 
@@ -507,4 +554,4 @@ func TestFingerprint(t *testing.T) {
 	if bytes.Compare(data, body) != 0 {
 		t.Fatalf("unexpected payload returned: expected: %s, got: %s", body, data)
 	}
-}
+}