From 27d26c6eb7ab79b53bd90ed622fb3e9811a458da Mon Sep 17 00:00:00 2001
From: Andrei Stefan <andrei@elastic.co>
Date: Thu, 30 Aug 2018 03:41:51 +0300
Subject: [PATCH] Different handling for security specific errors in the CLI.
 Fix for https://github.com/elastic/elasticsearch/issues/33230

---
 docs/reference/sql/endpoints/cli.asciidoc                | 9 +++++++++
 .../main/java/org/elasticsearch/xpack/sql/cli/Cli.java   | 5 +++++
 2 files changed, 14 insertions(+)

diff --git a/docs/reference/sql/endpoints/cli.asciidoc b/docs/reference/sql/endpoints/cli.asciidoc
index 0908c2344bb15..eef2fbfbf5969 100644
--- a/docs/reference/sql/endpoints/cli.asciidoc
+++ b/docs/reference/sql/endpoints/cli.asciidoc
@@ -22,6 +22,15 @@ the first parameter:
 $ ./bin/elasticsearch-sql-cli https://some.server:9200
 --------------------------------------------------
 
+If security is enabled on your cluster, you can pass the username
+and password in the form `username:password@host_name:port`
+to the SQL CLI:
+
+[source,bash]
+--------------------------------------------------
+$ ./bin/elasticsearch-sql-cli https://sql_user:strongpassword@some.server:9200
+--------------------------------------------------
+
 Once the CLI is running you can use any <<sql-spec,query>> that
 Elasticsearch supports:
 
diff --git a/x-pack/plugin/sql/sql-cli/src/main/java/org/elasticsearch/xpack/sql/cli/Cli.java b/x-pack/plugin/sql/sql-cli/src/main/java/org/elasticsearch/xpack/sql/cli/Cli.java
index 357a4bcb5a770..6431f10a49217 100644
--- a/x-pack/plugin/sql/sql-cli/src/main/java/org/elasticsearch/xpack/sql/cli/Cli.java
+++ b/x-pack/plugin/sql/sql-cli/src/main/java/org/elasticsearch/xpack/sql/cli/Cli.java
@@ -27,6 +27,7 @@
 import org.jline.terminal.TerminalBuilder;
 import java.io.IOException;
 import java.net.ConnectException;
+import java.sql.SQLInvalidAuthorizationSpecException;
 import java.util.Arrays;
 import java.util.List;
 import java.util.logging.LogManager;
@@ -139,6 +140,10 @@ private void checkConnection(CliSession cliSession, CliTerminal cliTerminal, Con
                 // Most likely Elasticsearch is not running
                 throw new UserException(ExitCodes.IO_ERROR,
                         "Cannot connect to the server " + con.connectionString() + " - " + ex.getCause().getMessage());
+            } else if (ex.getCause() != null && ex.getCause() instanceof SQLInvalidAuthorizationSpecException) {
+                throw new UserException(ExitCodes.NOPERM,
+                        "Cannot establish a secure connection to the server " + 
+                                con.connectionString() + " - " + ex.getCause().getMessage());
             } else {
                 // Most likely we connected to something other than Elasticsearch
                 throw new UserException(ExitCodes.DATA_ERROR,