Fix NPE on null user in RP code path

DarshitChanpura · DarshitChanpura · commit c688d82aeddc · 2025-11-13T16:59:15.000-08:00
Signed-off-by: Darshit Chanpura &lt;dchanp@amazon.com&gt;
diff --git a/plugin/src/main/java/org/opensearch/ml/helper/ModelAccessControlHelper.java b/plugin/src/main/java/org/opensearch/ml/helper/ModelAccessControlHelper.java
@@ -106,7 +106,7 @@ public void validateModelGroupAccess(User user, String modelGroupId, String acti
                         .onFailure(
                             new OpenSearchStatusException(
                                 "User "
-                                    + user.getName()
+                                    + (user == null ? null : user.getName())
                                     + " is not authorized to perform action "
                                     + action
                                     + " on ml-model-group id: "
@@ -173,6 +173,7 @@ public void validateModelGroupAccess(
             listener.onResponse(true);
             return;
         }
+
         if (shouldUseResourceAuthz(ML_MODEL_GROUP_RESOURCE_TYPE)) {
             var resourceSharingClient = ResourceSharingClientAccessor.getInstance().getResourceSharingClient();
             resourceSharingClient.verifyAccess(modelGroupId, ML_MODEL_GROUP_RESOURCE_TYPE, action, ActionListener.wrap(isAuthorized -> {
@@ -181,7 +182,7 @@ public void validateModelGroupAccess(
                         .onFailure(
                             new OpenSearchStatusException(
                                 "User "
-                                    + user.getName()
+                                    + (user == null ? null : user.getName())
                                     + " is not authorized to perform action "
                                     + action
                                     + " on ml-model-group id: "
diff --git a/plugin/src/test/java/org/opensearch/ml/helper/ModelAccessControlHelperTests.java b/plugin/src/test/java/org/opensearch/ml/helper/ModelAccessControlHelperTests.java
@@ -487,6 +487,70 @@ public void test_ShouldUseResourceAuthz_FeatureDisabled_And_ClientNull() {
         assertFalse(ModelAccessControlHelper.shouldUseResourceAuthz(CommonValue.ML_MODEL_GROUP_RESOURCE_TYPE));
     }
 
+    public void test_ResourceAuthz_NotAuthorized_UserNull_UsesUnknownName() {
+        when(resourceSharingClient.isFeatureEnabledForType(CommonValue.ML_MODEL_GROUP_RESOURCE_TYPE)).thenReturn(true);
+        ResourceSharingClientAccessor.getInstance().setResourceSharingClient(resourceSharingClient);
+
+        doAnswer(invocation -> {
+            ActionListener<Boolean> listener = invocation.getArgument(3);
+            listener.onResponse(false);
+            return null;
+        }).when(resourceSharingClient).verifyAccess(any(), any(), any(), any());
+
+        modelAccessControlHelper
+                .validateModelGroupAccess(
+                        null,                      // user
+                        mlFeatureEnabledSetting,
+                        "testTenant",
+                        "testGroupID",
+                        "testAction",
+                        client,
+                        sdkClient,
+                        actionListener
+                );
+
+        ArgumentCaptor<Exception> argumentCaptor = ArgumentCaptor.forClass(Exception.class);
+        verify(actionListener).onFailure(argumentCaptor.capture());
+        Exception ex = argumentCaptor.getValue();
+        assertTrue(ex instanceof org.opensearch.OpenSearchStatusException);
+        assertTrue(ex.getMessage().contains("User null is not authorized"));
+
+        ResourceSharingClientAccessor.getInstance().setResourceSharingClient(null);
+    }
+
+    public void test_ResourceAuthz_NotAuthorized_UserPresent_UsesUserName() {
+        when(resourceSharingClient.isFeatureEnabledForType(CommonValue.ML_MODEL_GROUP_RESOURCE_TYPE)).thenReturn(true);
+        ResourceSharingClientAccessor.getInstance().setResourceSharingClient(resourceSharingClient);
+
+        doAnswer(invocation -> {
+            ActionListener<Boolean> listener = invocation.getArgument(3);
+            listener.onResponse(false);
+            return null;
+        }).when(resourceSharingClient).verifyAccess(any(), any(), any(), any());
+
+        User user = User.parse("owner|IT,HR|myTenant");
+
+        modelAccessControlHelper
+                .validateModelGroupAccess(
+                        user,
+                        mlFeatureEnabledSetting,
+                        "testTenant",
+                        "testGroupID",
+                        "testAction",
+                        client,
+                        sdkClient,
+                        actionListener
+                );
+
+        ArgumentCaptor<Exception> argumentCaptor = ArgumentCaptor.forClass(Exception.class);
+        verify(actionListener).onFailure(argumentCaptor.capture());
+        Exception ex = argumentCaptor.getValue();
+        assertTrue(ex instanceof org.opensearch.OpenSearchStatusException);
+        assertTrue(ex.getMessage().contains("User owner is not authorized"));
+
+        ResourceSharingClientAccessor.getInstance().setResourceSharingClient(null);
+    }
+
     private GetResponse modelGroupBuilder(List<String> backendRoles, String access, String owner) throws IOException {
         MLModelGroup mlModelGroup = MLModelGroup
             .builder()
