security: roles store poller should only update existing entries

Original commit: elastic/x-pack-elasticsearch@6573f4d689
This commit is contained in:
jaymode 2016-03-25 07:24:26 -04:00
parent 7fbd30c801
commit 6fab4680a2
1 changed files with 2 additions and 13 deletions

View File

@ -514,23 +514,12 @@ public class ESNativeRolesStore extends AbstractComponent implements RolesStore,
for (SearchHit hit : response.getHits().getHits()) { for (SearchHit hit : response.getHits().getHits()) {
final String roleName = hit.getId(); final String roleName = hit.getId();
final long version = hit.version(); final long version = hit.version();
final boolean existed = existingRoles.remove(roleName); existingRoles.remove(roleName);
// we use the locking mechanisms provided by the map/cache to help protect against concurrent operations // we use the locking mechanisms provided by the map/cache to help protect against concurrent operations
// that will leave the cache in a bad state // that will leave the cache in a bad state
roleCache.compute(roleName, new BiFunction<String, RoleAndVersion, RoleAndVersion>() { roleCache.computeIfPresent(roleName, new BiFunction<String, RoleAndVersion, RoleAndVersion>() {
@Override @Override
public RoleAndVersion apply(String roleName, RoleAndVersion existing) { public RoleAndVersion apply(String roleName, RoleAndVersion existing) {
if (existing == null) {
if (existed) {
// the cache doesn't have this role anymore, it got cleared by something else, do nothing.
return null;
} else {
// it is new, we can cache it
RoleDescriptor rd = transformRole(hit.getId(), hit.getSourceRef());
return new RoleAndVersion(rd, version);
}
}
if (version > existing.getVersion()) { if (version > existing.getVersion()) {
RoleDescriptor rd = transformRole(hit.getId(), hit.getSourceRef()); RoleDescriptor rd = transformRole(hit.getId(), hit.getSourceRef());
if (rd != null) { if (rd != null) {