honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not create the missing index when invoking getRole (#39039) 

In most of the places we avoid creating the `.security` index (or updating the mapping)
for read/search operations. This is more of a nit for the case of the getRole call,
that fixes a possible mapping update during a get role, and removes a dead if branch
about creating the `.security` index.
This commit is contained in:
Albert Zaharovits 2019-02-20 15:32:35 +02:00 committed by Albert Zaharovits
parent 0594a467f2
commit af8ef1bb98
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java
View File

@ -114,9 +114,12 @@ public class NativeRolesStore implements BiConsumer<Set<String>, ActionListener<
* Retrieve a list of roles, if rolesToGet is null or empty, fetch all roles * Retrieve a list of roles, if rolesToGet is null or empty, fetch all roles
*/ */
public void getRoleDescriptors(Set<String> names, final ActionListener<RoleRetrievalResult> listener) { public void getRoleDescriptors(Set<String> names, final ActionListener<RoleRetrievalResult> listener) {
if (securityIndex.indexExists() == false) { final SecurityIndexManager frozenSecurityIndex = this.securityIndex.freeze();
if (frozenSecurityIndex.indexExists() == false) {
// TODO remove this short circuiting and fix tests that fail without this! // TODO remove this short circuiting and fix tests that fail without this!
listener.onResponse(RoleRetrievalResult.success(Collections.emptySet())); listener.onResponse(RoleRetrievalResult.success(Collections.emptySet()));
} else if (frozenSecurityIndex.isAvailable() == false) {
listener.onResponse(RoleRetrievalResult.failure(frozenSecurityIndex.getUnavailableReason()));
} else if (names == null || names.isEmpty()) { } else if (names == null || names.isEmpty()) {
securityIndex.checkIndexVersionThenExecute(listener::onFailure, () -> { securityIndex.checkIndexVersionThenExecute(listener::onFailure, () -> {
QueryBuilder query = QueryBuilders.termQuery(RoleDescriptor.Fields.TYPE.getPreferredName(), ROLE_TYPE); QueryBuilder query = QueryBuilders.termQuery(RoleDescriptor.Fields.TYPE.getPreferredName(), ROLE_TYPE);
@ -311,17 +314,20 @@ public class NativeRolesStore implements BiConsumer<Set<String>, ActionListener<
} }
private void getRoleDescriptor(final String roleId, ActionListener<RoleRetrievalResult> resultListener) { private void getRoleDescriptor(final String roleId, ActionListener<RoleRetrievalResult> resultListener) {
if (securityIndex.indexExists() == false) { final SecurityIndexManager frozenSecurityIndex = this.securityIndex.freeze();
if (frozenSecurityIndex.indexExists() == false) {
// TODO remove this short circuiting and fix tests that fail without this! // TODO remove this short circuiting and fix tests that fail without this!
resultListener.onResponse(RoleRetrievalResult.success(Collections.emptySet())); resultListener.onResponse(RoleRetrievalResult.success(Collections.emptySet()));
} else if (frozenSecurityIndex.isAvailable() == false) {
resultListener.onResponse(RoleRetrievalResult.failure(frozenSecurityIndex.getUnavailableReason()));
} else { } else {
securityIndex.prepareIndexIfNeededThenExecute(e -> resultListener.onResponse(RoleRetrievalResult.failure(e)), () -> securityIndex.checkIndexVersionThenExecute(e -> resultListener.onResponse(RoleRetrievalResult.failure(e)),
executeGetRoleRequest(roleId, new ActionListener<GetResponse>() { () -> executeGetRoleRequest(roleId, new ActionListener<GetResponse>() {
@Override @Override
public void onResponse(GetResponse response) { public void onResponse(GetResponse response) {
final RoleDescriptor descriptor = transformRole(response); final RoleDescriptor descriptor = transformRole(response);
resultListener.onResponse(RoleRetrievalResult.success( resultListener.onResponse(RoleRetrievalResult
descriptor == null ? Collections.emptySet() : Collections.singleton(descriptor))); .success(descriptor == null ? Collections.emptySet() : Collections.singleton(descriptor)));
} }
@Override @Override