Cleanup logging on automatically reloaded files

Fixes duplicate messages being logged on reload of the user_roles file. Add the realm name
to the logging on reload of the role mappings file since there can be a distinct file per
ldap/ad realm.

Closes elastic/elasticsearch#485

Original commit: elastic/x-pack-elasticsearch@90932fcec7

src/main/java/org/elasticsearch/shield/authc/active_directory/ActiveDirectoryGroupToRoleMapper.java

@@ -5,7 +5,6 @@
  */
 package org.elasticsearch.shield.authc.active_directory;
 
-import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.shield.authc.support.ldap.AbstractGroupToRoleMapper;
@@ -16,8 +15,7 @@ import org.elasticsearch.watcher.ResourceWatcherService;
  */
 public class ActiveDirectoryGroupToRoleMapper extends AbstractGroupToRoleMapper {
 
-    @Inject
-    public ActiveDirectoryGroupToRoleMapper(Settings settings, Environment env, ResourceWatcherService watcherService) {
-        super(settings, ActiveDirectoryRealm.TYPE, env, watcherService, null);
+    public ActiveDirectoryGroupToRoleMapper(Settings settings, String realmName, Environment env, ResourceWatcherService watcherService) {
+        super(settings, ActiveDirectoryRealm.TYPE, realmName, env, watcherService, null);
     }
 }

src/main/java/org/elasticsearch/shield/authc/active_directory/ActiveDirectoryRealm.java

@@ -47,7 +47,7 @@ public class ActiveDirectoryRealm extends AbstractLdapRealm {
         @Override
         public ActiveDirectoryRealm create(String name, Settings settings) {
             ActiveDirectoryConnectionFactory connectionFactory = new ActiveDirectoryConnectionFactory(settings);
-            ActiveDirectoryGroupToRoleMapper roleMapper = new ActiveDirectoryGroupToRoleMapper(settings, env, watcherService);
+            ActiveDirectoryGroupToRoleMapper roleMapper = new ActiveDirectoryGroupToRoleMapper(settings, name, env, watcherService);
             return new ActiveDirectoryRealm(name, settings, connectionFactory, roleMapper);
         }
     }

src/main/java/org/elasticsearch/shield/authc/esusers/FileUserPasswdStore.java

@@ -179,7 +179,7 @@ public class FileUserPasswdStore {
                     esUsers = parseFile(file.toPath(), logger);
                     logger.info("updated users (users file [{}] changed)", file.getAbsolutePath());
                 } catch (Throwable t) {
-                    logger.error("Failed to parse users file [{}]. Current users remain unmodified", t, file.getAbsolutePath());
+                    logger.error("failed to parse users file [{}]. Current users remain unmodified", t, file.getAbsolutePath());
                     return;
                 }
                 notifyRefresh();

src/main/java/org/elasticsearch/shield/authc/esusers/FileUserRolesStore.java

@@ -208,7 +208,7 @@ public class FileUserRolesStore {
                     userRoles = parseFile(file.toPath(), logger);
                     logger.info("updated users (users_roles file [{}] changed)", file.getAbsolutePath());
                 } catch (Throwable t) {
-                    logger.error("Failed to parse users_roles file [{}]. Current users_roles remain unmodified", t, file.getAbsolutePath());
+                    logger.error("failed to parse users_roles file [{}]. Current users_roles remain unmodified", t, file.getAbsolutePath());
                     return;
                 }
                 notifyRefresh();

src/main/java/org/elasticsearch/shield/authc/ldap/LdapGroupToRoleMapper.java

@@ -5,7 +5,6 @@
  */
 package org.elasticsearch.shield.authc.ldap;
 
-import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.shield.authc.support.ldap.AbstractGroupToRoleMapper;
@@ -16,8 +15,7 @@ import org.elasticsearch.watcher.ResourceWatcherService;
  */
 public class LdapGroupToRoleMapper extends AbstractGroupToRoleMapper {
 
-    @Inject
-    public LdapGroupToRoleMapper(Settings settings, Environment env, ResourceWatcherService watcherService) {
-        super(settings, LdapRealm.TYPE, env, watcherService, null);
+    public LdapGroupToRoleMapper(Settings settings, String realmName, Environment env, ResourceWatcherService watcherService) {
+        super(settings, LdapRealm.TYPE, realmName, env, watcherService, null);
     }
 }

src/main/java/org/elasticsearch/shield/authc/ldap/LdapRealm.java

@@ -44,7 +44,7 @@ public class LdapRealm extends AbstractLdapRealm {
         @Override
         public LdapRealm create(String name, Settings settings) {
             LdapConnectionFactory connectionFactory = new LdapConnectionFactory(settings);
-            LdapGroupToRoleMapper roleMapper = new LdapGroupToRoleMapper(settings, env, watcherService);
+            LdapGroupToRoleMapper roleMapper = new LdapGroupToRoleMapper(settings, name, env, watcherService);
             return new LdapRealm(name, settings, connectionFactory, roleMapper);
         }
     }

src/main/java/org/elasticsearch/shield/authc/support/ldap/AbstractGroupToRoleMapper.java

@@ -43,18 +43,20 @@ public abstract class AbstractGroupToRoleMapper {
     protected final Settings settings;
     private final Path file;
     private final boolean useUnmappedGroupsAsRoles;
+    private final String realmName;
     private final String realmType;
     private volatile ImmutableMap<LdapName, Set<String>> groupRoles;
 
     private CopyOnWriteArrayList<RefreshListener> listeners;
 
-    protected AbstractGroupToRoleMapper(Settings settings, String realmType, Environment env,
+    protected AbstractGroupToRoleMapper(Settings settings, String realmType, String realmName, Environment env,
                                         ResourceWatcherService watcherService, @Nullable RefreshListener listener) {
         this.settings = settings;
         this.realmType = realmType;
+        this.realmName = realmName;
         useUnmappedGroupsAsRoles = settings.getAsBoolean(USE_UNMAPPED_GROUPS_AS_ROLES_SETTING, false);
         file = resolveFile(settings, env);
-        groupRoles = parseFile(file, logger, realmType);
+        groupRoles = parseFile(file, logger, realmType, realmName);
         FileWatcher watcher = new FileWatcher(file.getParent().toFile());
         watcher.addListener(new FileListener());
         watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
@@ -76,7 +78,7 @@ public abstract class AbstractGroupToRoleMapper {
         return Paths.get(location);
     }
 
-    public static ImmutableMap<LdapName, Set<String>> parseFile(Path path, ESLogger logger, String realmType) {
+    public static ImmutableMap<LdapName, Set<String>> parseFile(Path path, ESLogger logger, String realmType, String realmName) {
         if (!Files.exists(path)) {
             return ImmutableMap.of();
         }
@@ -99,7 +101,7 @@ public abstract class AbstractGroupToRoleMapper {
                         }
                         groupRoles.add(role);
                     } catch (InvalidNameException e) {
-                        logger.error("Invalid group DN [{}] found in [{}] group to role mappings [{}]. Skipping... ", e, ldapDN, realmType, path);
+                        logger.error("Invalid group DN [{}] found in [{}] group to role mappings [{}] for realm [{}]. Skipping... ", e, ldapDN, realmType, path, realmName);
                     }
                 }
 
@@ -107,7 +109,7 @@ public abstract class AbstractGroupToRoleMapper {
             return ImmutableMap.copyOf(groupToRoles);
 
         } catch (IOException e) {
-            throw new ElasticsearchException("unable to load [" + realmType + "] role mapper file [" + path.toAbsolutePath() + "]", e);
+            throw new ElasticsearchException("unable to load [" + realmName + "] role mapper file [" + path.toAbsolutePath() + "]", e);
         }
     }
 
@@ -125,7 +127,7 @@ public abstract class AbstractGroupToRoleMapper {
             }
         }
         if (logger.isDebugEnabled()) {
-            logger.debug("The roles [{}], are mapped from these [{}] groups [{}]", roles, realmType, groupDns);
+            logger.debug("The roles [{}], are mapped from these [{}] groups [{}] for realm [{}]", roles, realmType, groupDns, realmName);
         }
         return roles;
     }
@@ -154,7 +156,13 @@ public abstract class AbstractGroupToRoleMapper {
         @Override
         public void onFileChanged(File file) {
             if (file.equals(AbstractGroupToRoleMapper.this.file.toFile())) {
-                groupRoles = parseFile(file.toPath(), logger, realmType);
+                try {
+                    groupRoles = parseFile(file.toPath(), logger, realmType, realmName);
+                    logger.info("updated role mappings (role mappings file [{}] changed) for realm [{}]", file.getAbsolutePath(), realmName);
+                } catch (Throwable t) {
+                    logger.error("could not reload role mappings file [{}] for realm [{}]. Current role mappings remain unmodified", t, file.getAbsolutePath(), realmName);
+                    return;
+                }
                 notifyRefresh();
             }
         }

src/main/java/org/elasticsearch/shield/authz/AuthorizationModule.java

@@ -21,7 +21,7 @@ public class AuthorizationModule extends AbstractShieldModule.Node {
 
     @Override
     protected void configureNode() {
-        bind(RolesStore.class).to(FileRolesStore.class);
+        bind(RolesStore.class).to(FileRolesStore.class).asEagerSingleton();
         bind(AuthorizationService.class).to(InternalAuthorizationService.class).asEagerSingleton();
     }
 }

src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java

@@ -222,7 +222,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
                     permissions = parseFile(file.toPath(), logger);
                     logger.info("updated roles (roles file [{}] changed)", file.getAbsolutePath());
                 } catch (Throwable t) {
-                    logger.error("Could not reload roles file [{}]. Current roles remain unmodified", t, file.getAbsolutePath());
+                    logger.error("could not reload roles file [{}]. Current roles remain unmodified", t, file.getAbsolutePath());
                     return;
                 }
                 listener.onRefresh();

src/test/java/org/elasticsearch/shield/authc/ldap/LdapGroupToRoleMapperTest.java

@@ -59,6 +59,7 @@ public class LdapGroupToRoleMapperTest extends ElasticsearchTestCase {
                 .build();
 
         AbstractGroupToRoleMapper mapper = new LdapGroupToRoleMapper(settings,
+                "ldap1",
                 new Environment(settings),
                 new ResourceWatcherService(settings, threadPool));
 
@@ -75,6 +76,7 @@ public class LdapGroupToRoleMapperTest extends ElasticsearchTestCase {
                 .build();
 
         AbstractGroupToRoleMapper mapper = new LdapGroupToRoleMapper(settings,
+                "ldap1",
                 new Environment(settings),
                 new ResourceWatcherService(settings, threadPool));
 

src/test/java/org/elasticsearch/shield/authc/support/ldap/LdapTest.java

@@ -70,7 +70,7 @@ public abstract class LdapTest extends ElasticsearchTestCase {
                 .put(AbstractGroupToRoleMapper.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING, true)
                 .build();
 
-        return new LdapGroupToRoleMapper(settings, new Environment(settings), resourceWatcherService);
+        return new LdapGroupToRoleMapper(settings, "ldap1", new Environment(settings), resourceWatcherService);
     }
 
     /**