From af8ef1bb985b3d3a984c9399502e39cfe071a857 Mon Sep 17 00:00:00 2001 From: Albert Zaharovits Date: Wed, 20 Feb 2019 15:32:35 +0200 Subject: [PATCH] Do not create the missing index when invoking getRole (#39039) In most of the places we avoid creating the `.security` index (or updating the mapping) for read/search operations. This is more of a nit for the case of the getRole call, that fixes a possible mapping update during a get role, and removes a dead if branch about creating the `.security` index. --- .../security/authz/store/NativeRolesStore.java | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java index cbc66235d30..4f596878bc2 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java @@ -114,9 +114,12 @@ public class NativeRolesStore implements BiConsumer, ActionListener< * Retrieve a list of roles, if rolesToGet is null or empty, fetch all roles */ public void getRoleDescriptors(Set names, final ActionListener listener) { - if (securityIndex.indexExists() == false) { + final SecurityIndexManager frozenSecurityIndex = this.securityIndex.freeze(); + if (frozenSecurityIndex.indexExists() == false) { // TODO remove this short circuiting and fix tests that fail without this! listener.onResponse(RoleRetrievalResult.success(Collections.emptySet())); + } else if (frozenSecurityIndex.isAvailable() == false) { + listener.onResponse(RoleRetrievalResult.failure(frozenSecurityIndex.getUnavailableReason())); } else if (names == null || names.isEmpty()) { securityIndex.checkIndexVersionThenExecute(listener::onFailure, () -> { QueryBuilder query = QueryBuilders.termQuery(RoleDescriptor.Fields.TYPE.getPreferredName(), ROLE_TYPE); @@ -311,17 +314,20 @@ public class NativeRolesStore implements BiConsumer, ActionListener< } private void getRoleDescriptor(final String roleId, ActionListener resultListener) { - if (securityIndex.indexExists() == false) { + final SecurityIndexManager frozenSecurityIndex = this.securityIndex.freeze(); + if (frozenSecurityIndex.indexExists() == false) { // TODO remove this short circuiting and fix tests that fail without this! resultListener.onResponse(RoleRetrievalResult.success(Collections.emptySet())); + } else if (frozenSecurityIndex.isAvailable() == false) { + resultListener.onResponse(RoleRetrievalResult.failure(frozenSecurityIndex.getUnavailableReason())); } else { - securityIndex.prepareIndexIfNeededThenExecute(e -> resultListener.onResponse(RoleRetrievalResult.failure(e)), () -> - executeGetRoleRequest(roleId, new ActionListener() { + securityIndex.checkIndexVersionThenExecute(e -> resultListener.onResponse(RoleRetrievalResult.failure(e)), + () -> executeGetRoleRequest(roleId, new ActionListener() { @Override public void onResponse(GetResponse response) { final RoleDescriptor descriptor = transformRole(response); - resultListener.onResponse(RoleRetrievalResult.success( - descriptor == null ? Collections.emptySet() : Collections.singleton(descriptor))); + resultListener.onResponse(RoleRetrievalResult + .success(descriptor == null ? Collections.emptySet() : Collections.singleton(descriptor))); } @Override