honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure validation of the reader context is executed first (#61831) 

This change makes sure that reader context is validated (`SearchOperationListener#validateReaderContext)
before any other operation and that it is correctly recycled or removed at the end of the operation.
This commit also fixes a race condition bug that would allocate the security reader for scrolls more than once.

Relates #61446

Co-authored-by: Nhat Nguyen <nhat.nguyen@elastic.co>
This commit is contained in:
Jim Ferenczi 2020-09-07 10:47:24 +02:00 committed by Nhat Nguyen
parent 44bd4a6004
commit 4d528e91a1
10 changed files with 146 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/main/java/org/elasticsearch/action/search/AbstractSearchAsyncAction.java
View File

@ -547,12 +547,14 @@ abstract class AbstractSearchAsyncAction<Result extends SearchPhaseResult> exten
}
/**
* This method should be called if a search phase failed to ensure all relevant search contexts and resources are released.
* this method will also notify the listener and sends back a failure to the user.
* This method should be called if a search phase failed to ensure all relevant reader contexts are released.
* This method will also notify the listener and sends back a failure to the user.
*
* @param exception the exception explaining or causing the phase failure
*/
private void raisePhaseFailure(SearchPhaseExecutionException exception) {
// we don't release persistent readers (point in time).
if (request.pointInTimeBuilder() == null) {
results.getSuccessfulResults().forEach((entry) -> {
if (entry.getContextId() != null) {
try {
@ -565,6 +567,7 @@ abstract class AbstractSearchAsyncAction<Result extends SearchPhaseResult> exten
}
}
});
}
listener.onFailure(exception);
}

2
server/src/main/java/org/elasticsearch/action/search/DfsQueryPhase.java
View File

@ -98,6 +98,7 @@ final class DfsQueryPhase extends SearchPhase {
progressListener.notifyQueryFailure(shardIndex, searchShardTarget, exception);
counter.onFailure(shardIndex, searchShardTarget, exception);
} finally {
if (context.getRequest().pointInTimeBuilder() == null) {
// the query might not have been executed at all (for example because thread pool rejected
// execution) and the search context that was created in dfs phase might not be released.
// release it again to be in the safe side
@ -105,6 +106,7 @@ final class DfsQueryPhase extends SearchPhase {
querySearchRequest.contextId(), connection, searchShardTarget.getOriginalIndices());
}
}
}
});
}
}

10
server/src/main/java/org/elasticsearch/action/search/FetchSearchPhase.java
View File

@ -206,11 +206,11 @@ final class FetchSearchPhase extends SearchPhase {
* Releases shard targets that are not used in the docsIdsToLoad.
*/
private void releaseIrrelevantSearchContext(QuerySearchResult queryResult) {
// we only release search context that we did not fetch from if we are not scrolling
// and if it has at lease one hit that didn't make it to the global topDocs
if (context.getRequest().scroll() == null &&
context.getRequest().pointInTimeBuilder() == null &&
queryResult.hasSearchContext()) {
// we only release search context that we did not fetch from, if we are not scrolling
// or using a PIT and if it has at least one hit that didn't make it to the global topDocs
if (queryResult.hasSearchContext()
&& context.getRequest().scroll() == null
&& context.getRequest().pointInTimeBuilder() == null) {
try {
SearchShardTarget searchShardTarget = queryResult.getSearchShardTarget();
Transport.Connection connection = context.getConnection(searchShardTarget.getClusterAlias(), searchShardTarget.getNodeId());

6
server/src/main/java/org/elasticsearch/index/shard/SearchOperationListener.java
View File

@ -113,7 +113,7 @@ public interface SearchOperationListener {
* @param readerContext The reader context used by this request.
* @param transportRequest the request that is going to use the search context
*/
default void validateSearchContext(ReaderContext readerContext, TransportRequest transportRequest) {}
default void validateReaderContext(ReaderContext readerContext, TransportRequest transportRequest) {}
/**
* A Composite listener that multiplexes calls to each of the listeners methods.
@ -238,11 +238,11 @@ public interface SearchOperationListener {
}
@Override
public void validateSearchContext(ReaderContext readerContext, TransportRequest request) {
public void validateReaderContext(ReaderContext readerContext, TransportRequest request) {
Exception exception = null;
for (SearchOperationListener listener : listeners) {
try {
listener.validateSearchContext(readerContext, request);
listener.validateReaderContext(readerContext, request);
} catch (Exception e) {
exception = ExceptionsHelper.useOrSuppress(exception, e);
}

116
server/src/main/java/org/elasticsearch/search/SearchService.java
View File

@ -118,6 +118,7 @@ import org.elasticsearch.search.suggest.completion.CompletionSuggestion;
import org.elasticsearch.threadpool.Scheduler.Cancellable;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.threadpool.ThreadPool.Names;
import org.elasticsearch.transport.TransportRequest;
import java.io.IOException;
import java.util.Collections;
@ -353,7 +354,7 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
return context.dfsResult();
} catch (Exception e) {
logger.trace("Dfs phase failed", e);
processFailure(request, readerContext, e);
processFailure(readerContext, e);
throw e;
}
}
@ -396,7 +397,7 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
try (Releasable ignored = markAsUsed) {
listener.onFailure(exc);
} finally {
processFailure(request, readerContext, exc);
processFailure(readerContext, exc);
}
return;
}
@ -420,17 +421,8 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
}
// fork the execution in the search thread pool
runAsync(getExecutor(shard), () -> {
try (Releasable ignored = markAsUsed) {
return executeQueryPhase(orig, task, readerContext);
}
}, ActionListener.wrap(listener::onResponse, exc -> {
try (Releasable ignored = markAsUsed) {
listener.onFailure(exc);
} finally {
processFailure(request, readerContext, exc);
}
}));
runAsync(getExecutor(shard), () -> executeQueryPhase(orig, task, readerContext),
wrapFailureListener(listener, readerContext, markAsUsed));
}
@Override
@ -442,7 +434,7 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
private IndexShard getShard(ShardSearchRequest request) {
if (request.readerId() != null) {
return findReaderContext(request.readerId()).indexShard();
return findReaderContext(request.readerId(), request).indexShard();
} else {
return indicesService.indexServiceSafe(request.shardId().getIndex()).getShard(request.shardId().id());
}
@ -481,7 +473,7 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
(Exception) e.getCause() : new ElasticsearchException(e.getCause());
}
logger.trace("Query phase failed", e);
processFailure(request, readerContext, e);
processFailure(readerContext, e);
throw e;
}
}
@ -501,13 +493,12 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
public void executeQueryPhase(InternalScrollSearchRequest request,
SearchShardTask task,
ActionListener<ScrollQuerySearchResult> listener) {
final LegacyReaderContext readerContext = (LegacyReaderContext) findReaderContext(request.contextId());
final LegacyReaderContext readerContext = (LegacyReaderContext) findReaderContext(request.contextId(), request);
final Releasable markAsUsed = readerContext.markAsUsed();
runAsync(getExecutor(readerContext.indexShard()), () -> {
final ShardSearchRequest shardSearchRequest = readerContext.getShardSearchRequest(null);
try (Releasable ignored = readerContext.markAsUsed();
SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, false);
try (SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, false);
SearchOperationListenerExecutor executor = new SearchOperationListenerExecutor(searchContext)) {
readerContext.indexShard().getSearchOperationListener().validateSearchContext(readerContext, request);
if (request.scroll() != null && request.scroll().keepAlive() != null) {
final long keepAlive = request.scroll().keepAlive().millis();
checkKeepAliveLimit(keepAlive);
@ -521,21 +512,20 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
return new ScrollQuerySearchResult(searchContext.queryResult(), searchContext.shardTarget());
} catch (Exception e) {
logger.trace("Query phase failed", e);
processFailure(shardSearchRequest, readerContext, e);
processFailure(readerContext, e);
throw e;
}
}, listener);
}, ActionListener.runAfter(listener, markAsUsed::close));
}
public void executeQueryPhase(QuerySearchRequest request, SearchShardTask task, ActionListener<QuerySearchResult> listener) {
final ReaderContext readerContext = findReaderContext(request.contextId());
final ReaderContext readerContext = findReaderContext(request.contextId(), request);
final Releasable markAsUsed = readerContext.markAsUsed();
runAsync(getExecutor(readerContext.indexShard()), () -> {
final ShardSearchRequest shardSearchRequest = readerContext.getShardSearchRequest(request.shardSearchRequest());
readerContext.setAggregatedDfs(request.dfs());
try (Releasable ignored = readerContext.markAsUsed();
SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, true);
try (SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, true);
SearchOperationListenerExecutor executor = new SearchOperationListenerExecutor(searchContext)) {
readerContext.indexShard().getSearchOperationListener().validateSearchContext(readerContext, request);
searchContext.searcher().setAggregatedDfs(request.dfs());
queryPhase.execute(searchContext);
if (searchContext.queryResult().hasSearchContext() == false && readerContext.singleSession()) {
@ -552,10 +542,10 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
} catch (Exception e) {
assert TransportActions.isShardNotAvailableException(e) == false : new AssertionError(e);
logger.trace("Query phase failed", e);
processFailure(shardSearchRequest, readerContext, e);
processFailure(readerContext, e);
throw e;
}
}, listener);
}, wrapFailureListener(listener, readerContext, markAsUsed));
}
private Executor getExecutor(IndexShard indexShard) {
@ -573,13 +563,12 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
public void executeFetchPhase(InternalScrollSearchRequest request, SearchShardTask task,
ActionListener<ScrollQueryFetchSearchResult> listener) {
final LegacyReaderContext readerContext = (LegacyReaderContext) findReaderContext(request.contextId());
final LegacyReaderContext readerContext = (LegacyReaderContext) findReaderContext(request.contextId(), request);
final Releasable markAsUsed = readerContext.markAsUsed();
runAsync(getExecutor(readerContext.indexShard()), () -> {
final ShardSearchRequest shardSearchRequest = readerContext.getShardSearchRequest(null);
try (Releasable ignored = readerContext.markAsUsed();
SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, false);
try (SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, false);
SearchOperationListenerExecutor executor = new SearchOperationListenerExecutor(searchContext)) {
readerContext.indexShard().getSearchOperationListener().validateSearchContext(readerContext, request);
if (request.scroll() != null && request.scroll().keepAlive() != null) {
checkKeepAliveLimit(request.scroll().keepAlive().millis());
readerContext.keepAlive(request.scroll().keepAlive().millis());
@ -594,19 +583,18 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
} catch (Exception e) {
assert TransportActions.isShardNotAvailableException(e) == false : new AssertionError(e);
logger.trace("Fetch phase failed", e);
processFailure(shardSearchRequest, readerContext, e);
processFailure(readerContext, e);
throw e;
}
}, listener);
}, ActionListener.runAfter(listener, markAsUsed::close));
}
public void executeFetchPhase(ShardFetchRequest request, SearchShardTask task, ActionListener<FetchSearchResult> listener) {
final ReaderContext readerContext = findReaderContext(request.contextId());
final ReaderContext readerContext = findReaderContext(request.contextId(), request);
final Releasable markAsUsed = readerContext.markAsUsed();
runAsync(getExecutor(readerContext.indexShard()), () -> {
final ShardSearchRequest shardSearchRequest = readerContext.getShardSearchRequest(request.getShardSearchRequest());
try (Releasable ignored = readerContext.markAsUsed();
SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, false)) {
readerContext.indexShard().getSearchOperationListener().validateSearchContext(readerContext, request);
try (SearchContext searchContext = createContext(readerContext, shardSearchRequest, task, false)) {
if (request.lastEmittedDoc() != null) {
searchContext.scrollContext().lastEmittedDoc = request.lastEmittedDoc();
}
@ -625,10 +613,10 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
} catch (Exception e) {
assert TransportActions.isShardNotAvailableException(e) == false : new AssertionError(e);
logger.trace("Fetch phase failed", e);
processFailure(shardSearchRequest, readerContext, e);
processFailure(readerContext, e);
throw e;
}
}, listener);
}, wrapFailureListener(listener, readerContext, markAsUsed));
}
private ReaderContext getReaderContext(ShardSearchContextId id) {
@ -642,19 +630,24 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
return null;
}
private ReaderContext findReaderContext(ShardSearchContextId id) throws SearchContextMissingException {
private ReaderContext findReaderContext(ShardSearchContextId id, TransportRequest request) throws SearchContextMissingException {
final ReaderContext reader = getReaderContext(id);
if (reader == null) {
throw new SearchContextMissingException(id);
}
try {
reader.validate(request);
} catch (Exception exc) {
processFailure(reader, exc);
throw exc;
}
return reader;
}
final ReaderContext createOrGetReaderContext(ShardSearchRequest request, boolean keepStatesInContext) {
if (request.readerId() != null) {
assert keepStatesInContext == false;
final ReaderContext readerContext = findReaderContext(request.readerId());
readerContext.indexShard().getSearchOperationListener().validateSearchContext(readerContext, request);
final ReaderContext readerContext = findReaderContext(request.readerId(), request);
final long keepAlive = request.keepAlive().millis();
checkKeepAliveLimit(keepAlive);
readerContext.keepAlive(keepAlive);
@ -860,17 +853,38 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
}
}
private void processFailure(ShardSearchRequest request, ReaderContext context, Exception e) {
if (context.singleSession() || request.scroll() != null) {
private <T> ActionListener<T> wrapFailureListener(ActionListener<T> listener, ReaderContext context, Releasable releasable) {
return new ActionListener<T>() {
@Override
public void onResponse(T resp) {
Releasables.close(releasable);
listener.onResponse(resp);
}
@Override
public void onFailure(Exception exc) {
processFailure(context, exc);
Releasables.close(releasable);
listener.onFailure(exc);
}
};
}
private boolean isScrollContext(ReaderContext context) {
return context instanceof LegacyReaderContext && context.singleSession() == false;
}
private void processFailure(ReaderContext context, Exception exc) {
if (context.singleSession() || isScrollContext(context)) {
// we release the reader on failure if the request is a normal search or a scroll
freeReaderContext(context.id());
}
try {
if (Lucene.isCorruptionException(e)) {
context.indexShard().failShard("search execution corruption failure", e);
if (Lucene.isCorruptionException(exc)) {
context.indexShard().failShard("search execution corruption failure", exc);
}
} catch (Exception inner) {
inner.addSuppressed(e);
inner.addSuppressed(exc);
logger.warn("failed to process shard failure to (potentially) send back shard failure on corruption", inner);
}
}
@ -1145,13 +1159,12 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
*/
public CanMatchResponse canMatch(ShardSearchRequest request) throws IOException {
assert request.searchType() == SearchType.QUERY_THEN_FETCH : "unexpected search type: " + request.searchType();
final ReaderContext readerContext = request.readerId() != null ? getReaderContext(request.readerId()) : null;
final Releasable markAsUsed = readerContext != null ? readerContext.markAsUsed() : null;
final ReaderContext readerContext = request.readerId() != null ? findReaderContext(request.readerId(), request) : null;
try (Releasable ignored = readerContext != null ? readerContext.markAsUsed() : () -> {}) {
final IndexService indexService;
final Engine.Searcher canMatchSearcher;
final boolean hasRefreshPending;
if (readerContext != null) {
readerContext.indexShard().getSearchOperationListener().validateSearchContext(readerContext, request);
checkKeepAliveLimit(request.keepAlive().millis());
readerContext.keepAlive(request.keepAlive().millis());
indexService = readerContext.indexService();
@ -1164,7 +1177,7 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
canMatchSearcher = indexShard.acquireSearcher(Engine.CAN_MATCH_SEARCH_SOURCE);
}
try (Releasable ignored = Releasables.wrap(markAsUsed, canMatchSearcher)) {
try (Releasable ignored2 = canMatchSearcher) {
QueryShardContext context = indexService.newQueryShardContext(request.shardId().id(), canMatchSearcher,
request::nowInMillis, request.getClusterAlias());
Rewriteable.rewrite(request.getRewriteable(), context, false);
@ -1183,6 +1196,7 @@ public class SearchService extends AbstractLifecycleComponent implements IndexEv
return new CanMatchResponse(canMatch || hasRefreshPending, minMax);
}
}
}
public void canMatch(ShardSearchRequest request, ActionListener<CanMatchResponse> listener) {
try {

16
server/src/main/java/org/elasticsearch/search/internal/LegacyReaderContext.java
View File

@ -19,8 +19,6 @@
package org.elasticsearch.search.internal;
import org.elasticsearch.common.lease.Releasable;
import org.elasticsearch.common.lease.Releasables;
import org.elasticsearch.index.IndexService;
import org.elasticsearch.index.engine.Engine;
import org.elasticsearch.index.shard.IndexShard;
@ -35,8 +33,7 @@ public class LegacyReaderContext extends ReaderContext {
private AggregatedDfs aggregatedDfs;
private RescoreDocIds rescoreDocIds;
private Engine.Searcher searcher;
private Releasable onClose;
private volatile Engine.Searcher searcher;
public LegacyReaderContext(long id, IndexService indexService, IndexShard indexShard, Engine.SearcherSupplier reader,
ShardSearchRequest shardSearchRequest, long keepAliveInMillis) {
@ -59,8 +56,9 @@ public class LegacyReaderContext extends ReaderContext {
// This ensures that we wrap the searcher's reader with the user's permissions
// when they are available.
if (searcher == null) {
Engine.Searcher delegate = searcherSupplier.acquireSearcher(source);
onClose = delegate::close;
final Engine.Searcher delegate = searcherSupplier.acquireSearcher(source);
addOnClose(delegate);
// wrap the searcher so that closing is a noop, the actual closing happens when this context is closed
searcher = new Engine.Searcher(delegate.source(), delegate.getDirectoryReader(),
delegate.getSimilarity(), delegate.getQueryCache(), delegate.getQueryCachingPolicy(), () -> {});
}
@ -69,12 +67,6 @@ public class LegacyReaderContext extends ReaderContext {
return super.acquireSearcher(source);
}
@Override
void doClose() {
Releasables.close(onClose, super::doClose);
}
@Override
public ShardSearchRequest getShardSearchRequest(ShardSearchRequest other) {
return shardSearchRequest;

5
server/src/main/java/org/elasticsearch/search/internal/ReaderContext.java
View File

@ -28,6 +28,7 @@ import org.elasticsearch.index.engine.Engine;
import org.elasticsearch.index.shard.IndexShard;
import org.elasticsearch.search.RescoreDocIds;
import org.elasticsearch.search.dfs.AggregatedDfs;
import org.elasticsearch.transport.TransportRequest;
import java.util.HashMap;
import java.util.List;
@ -84,6 +85,10 @@ public class ReaderContext implements Releasable {
};
}
public void validate(TransportRequest request) {
indexShard.getSearchOperationListener().validateReaderContext(this, request);
}
private long nowInMillis() {
return indexShard.getThreadPool().relativeTimeInMillis();
}

6
server/src/test/java/org/elasticsearch/index/shard/SearchOperationListenerTests.java
View File

@ -116,7 +116,7 @@ public class SearchOperationListenerTests extends ESTestCase {
}
@Override
public void validateSearchContext(ReaderContext readerContext, TransportRequest request) {
public void validateReaderContext(ReaderContext readerContext, TransportRequest request) {
assertNotNull(readerContext);
validateSearchContext.incrementAndGet();
}
@ -271,10 +271,10 @@ public class SearchOperationListenerTests extends ESTestCase {
assertEquals(0, validateSearchContext.get());
if (throwingListeners == 0) {
compositeListener.validateSearchContext(mock(ReaderContext.class), Empty.INSTANCE);
compositeListener.validateReaderContext(mock(ReaderContext.class), Empty.INSTANCE);
} else {
RuntimeException expected = expectThrows(RuntimeException.class,
() -> compositeListener.validateSearchContext(mock(ReaderContext.class), Empty.INSTANCE));
() -> compositeListener.validateReaderContext(mock(ReaderContext.class), Empty.INSTANCE));
assertNull(expected.getMessage());
assertEquals(throwingListeners - 1, expected.getSuppressed().length);
if (throwingListeners > 1) {

12
x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java
View File

@ -79,7 +79,7 @@ public class SecuritySearchOperationListenerTests extends ESSingleNodeTestCase {
SecuritySearchOperationListener listener =
new SecuritySearchOperationListener(securityContext, licenseState, auditTrailService);
listener.onNewScrollContext(readerContext);
listener.validateSearchContext(readerContext, Empty.INSTANCE);
listener.validateReaderContext(readerContext, Empty.INSTANCE);
verify(licenseState, times(2)).isSecurityEnabled();
verifyZeroInteractions(auditTrailService, searchContext);
}
@ -136,7 +136,7 @@ public class SecuritySearchOperationListenerTests extends ESSingleNodeTestCase {
try (StoredContext ignore = threadContext.newStoredContext(false)) {
Authentication authentication = new Authentication(new User("test", "role"), new RealmRef("realm", "file", "node"), null);
authentication.writeToContext(threadContext);
listener.validateSearchContext(readerContext, Empty.INSTANCE);
listener.validateReaderContext(readerContext, Empty.INSTANCE);
assertThat(threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY), is(indicesAccessControl));
verify(licenseState).isSecurityEnabled();
verifyZeroInteractions(auditTrail);
@ -148,7 +148,7 @@ public class SecuritySearchOperationListenerTests extends ESSingleNodeTestCase {
Authentication authentication =
new Authentication(new User("test", "role"), new RealmRef(realmName, "file", nodeName), null);
authentication.writeToContext(threadContext);
listener.validateSearchContext(readerContext, Empty.INSTANCE);
listener.validateReaderContext(readerContext, Empty.INSTANCE);
assertThat(threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY), is(indicesAccessControl));
verify(licenseState, times(2)).isSecurityEnabled();
verifyZeroInteractions(auditTrail);
@ -166,7 +166,7 @@ public class SecuritySearchOperationListenerTests extends ESSingleNodeTestCase {
(AuthorizationInfo) () -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, authentication.getUser().roles()));
final InternalScrollSearchRequest request = new InternalScrollSearchRequest();
SearchContextMissingException expected = expectThrows(SearchContextMissingException.class,
() -> listener.validateSearchContext(readerContext, request));
() -> listener.validateReaderContext(readerContext, request));
assertEquals(readerContext.id(), expected.contextId());
assertThat(threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY), nullValue());
verify(licenseState, Mockito.atLeast(3)).isSecurityEnabled();
@ -185,7 +185,7 @@ public class SecuritySearchOperationListenerTests extends ESSingleNodeTestCase {
authentication.writeToContext(threadContext);
threadContext.putTransient(ORIGINATING_ACTION_KEY, "action");
final InternalScrollSearchRequest request = new InternalScrollSearchRequest();
listener.validateSearchContext(readerContext, request);
listener.validateReaderContext(readerContext, request);
assertThat(threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY), is(indicesAccessControl));
verify(licenseState, Mockito.atLeast(4)).isSecurityEnabled();
verifyNoMoreInteractions(auditTrail);
@ -204,7 +204,7 @@ public class SecuritySearchOperationListenerTests extends ESSingleNodeTestCase {
(AuthorizationInfo) () -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, authentication.getUser().roles()));
final InternalScrollSearchRequest request = new InternalScrollSearchRequest();
SearchContextMissingException expected = expectThrows(SearchContextMissingException.class,
() -> listener.validateSearchContext(readerContext, request));
() -> listener.validateReaderContext(readerContext, request));
assertEquals(readerContext.id(), expected.contextId());
assertThat(threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY), nullValue());
verify(licenseState, Mockito.atLeast(5)).isSecurityEnabled();

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListener.java
View File

@ -69,7 +69,7 @@ public final class SecuritySearchOperationListener implements SearchOperationLis
* object from the scroll context with the current authentication context
*/
@Override
public void validateSearchContext(ReaderContext readerContext, TransportRequest request) {
public void validateReaderContext(ReaderContext readerContext, TransportRequest request) {
if (licenseState.isSecurityEnabled()) {
if (readerContext.scrollContext() != null) {
final Authentication originalAuth = readerContext.getFromContext(AuthenticationField.AUTHENTICATION_KEY);