feat(core): restrict using the read function on the Worker

Fixes #3126

core/src/main/java/io/kestra/core/runners/pebble/functions/ReadFileFunction.java

@@ -3,6 +3,7 @@
 import io.kestra.core.storages.StorageContext;
 import io.kestra.core.storages.StorageInterface;
 import io.kestra.core.utils.Slugify;
+import io.micronaut.context.annotation.Value;
 import io.pebbletemplates.pebble.error.PebbleException;
 import io.pebbletemplates.pebble.extension.Function;
 import io.pebbletemplates.pebble.template.EvaluationContext;
@@ -25,13 +26,20 @@ public class ReadFileFunction implements Function {
     @Inject
     private StorageInterface storageInterface;
 
+    @Value("${kestra.server-type}") // default to STANDALONE which should only be the case in tests
+    private String serverType;
+
     @Override
     public List<String> getArgumentNames() {
         return List.of("path");
     }
 
     @Override
     public Object execute(Map<String, Object> args, PebbleTemplate self, EvaluationContext context, int lineNumber) {
+        if (!calledOnWorker()) {
+            throw new PebbleException(null, "The 'read' function can only be used in the Worker as it access the internal storage.", lineNumber, self.getName());
+        }
+
         if (!args.containsKey("path")) {
             throw new PebbleException(null, ERROR_MESSAGE, lineNumber, self.getName());
         }
@@ -45,6 +53,17 @@ public Object execute(Map<String, Object> args, PebbleTemplate self, EvaluationC
         }
     }
 
+    private boolean calledOnWorker() {
+        if ("WORKER".equals(serverType)) {
+            return true;
+        }
+        if ("STANDALONE".equals(serverType)) {
+            // check that it's called inside a worker thread
+            return Thread.currentThread().getClass().getName().equals("io.kestra.core.runners.Worker$WorkerThread");
+        }
+        return false;
+    }
+
     @SuppressWarnings("unchecked")
     private String readFromNamespaceFile(EvaluationContext context, String path) throws IOException {
         Map<String, String> flow = (Map<String, String>) context.getVariable("flow");

core/src/test/java/io/kestra/core/runners/pebble/functions/ReadFileFunctionTest.java

@@ -5,7 +5,9 @@
 import io.kestra.core.storages.StorageContext;
 import io.kestra.core.storages.StorageInterface;
 import io.kestra.core.utils.IdUtils;
+import io.micronaut.context.annotation.Property;
 import io.micronaut.test.extensions.junit5.annotation.MicronautTest;
+import io.pebbletemplates.pebble.error.PebbleException;
 import jakarta.inject.Inject;
 import org.junit.jupiter.api.Test;
 
@@ -16,10 +18,12 @@
 import java.util.Map;
 
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
-@MicronautTest
+@MicronautTest(rebuildContext = true)
+@Property(name="kestra.server-type", value="WORKER")
 class ReadFileFunctionTest {
     @Inject
     VariableRenderer variableRenderer;
@@ -131,4 +135,11 @@ void readUnauthorizedInternalStorageFile() throws IOException {
         exception = assertThrows(IllegalArgumentException.class, () -> variableRenderer.render("{{ read('" + internalStorageFile + "') }}", triggerVariables));
         assertThat(exception.getMessage(), is("Unable to read the file '" + internalStorageFile + "' as it didn't belong to the current execution"));
     }
+
+    @Test
+    @Property(name="kestra.server-type", value="EXECUTOR")
+    void readFailOnNonWorkerNodes() {
+        IllegalVariableEvaluationException exception = assertThrows(IllegalVariableEvaluationException.class, () -> variableRenderer.render("{{ read('unknown.txt') }}", Map.of("flow", Map.of("namespace", "io.kestra.tests"))));
+        assertThat(exception.getMessage(), containsString("The 'read' function can only be used in the Worker as it access the internal storage."));
+    }
 }