[MD] multiple datasource doesn't throw 401 error as expected when security plugin enabled

[zhongnansu]

Issue description

Security-dashboards-plugin has below logic to detect any 401 error on the page, and enforce reload of the page to achieve log out. This was intended to handle the session time out. However, in MD use case, since data source client could also throw 401 error during connection, if provided with invalid auth. Current logic in security plugin couldn't distinguish if 401 is from default opensearch cluster or from data source. And it will apply a reload, which overwrite the error toasts MD has, leading to a bad user experience.

https://github.com/opensearch-project/security-dashboards-plugin/blob/5d018b0130d311be625ad5dd00466054607a907b/public/utils/logout-utils.tsx#L38

Solution

short term solution is to find places to cast all 401 error thrown by data source client to 400

• 401 error is returned by OSD request /internal/search/<search-strategy> which is defined in data plugin
• the request flow is
  Create DS with wrong credential -> create index-pattern with this DS -> use index pattern to search -> search_intercepter.ts(client) issue the request -> search_strategy(server side) get the request -> opensearch-js client forward the request to talk to OS -> get 401 --> data plugin server side error handler -> http router error handler -> security plugin error intercepter at http router layer -> search intercepter error handler -> Browser(client)

[seraphjiang]

good finding, thanks @zhongnansu