Moar

n1v0lg · Nov 2, 2023 · cc4d194 · cc4d194
1 parent f41ec8c
commit cc4d194
Showing 1 changed file with 20 additions and 15 deletions.
diff --git a/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStore.java b/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStore.java
@@ -95,15 +95,15 @@ public class NativeRoleMappingStore implements UserRoleMapper {
     private final SecurityIndexManager securityIndex;
     private final ScriptService scriptService;
     private final List<String> realmsToRefresh = new CopyOnWriteArrayList<>();
-    private final Cache<String, ExpressionRoleMapping> fallbackCache;
+    private final Cache<String, ExpressionRoleMapping> cache;
 
     public NativeRoleMappingStore(Settings settings, Client client, SecurityIndexManager securityIndex, ScriptService scriptService) {
         this.settings = settings;
         this.client = client;
         this.securityIndex = securityIndex;
         this.scriptService = scriptService;
         // TODO would be enabled and parametrized based on hidden settings
-        this.fallbackCache = CacheBuilder.<String, ExpressionRoleMapping>builder().build();
+        this.cache = CacheBuilder.<String, ExpressionRoleMapping>builder().build();
     }
 
     private static String getNameFromId(String id) {
@@ -145,6 +145,13 @@ protected void loadMappings(ActionListener<List<ExpressionRoleMapping>> listener
                 new ContextPreservingActionListener<>(supplier, ActionListener.wrap((Collection<ExpressionRoleMapping> mappings) -> {
                     final List<ExpressionRoleMapping> mappingList = mappings.stream().filter(Objects::nonNull).toList();
                     logger.debug("successfully loaded [{}] role-mapping(s) from [{}]", mappingList.size(), securityIndex.aliasName());
+                    // TODO hack hack hack
+                    if (cache != null) {
+                        cache.invalidateAll();
+                        for (var mapping : mappingList) {
+                            cache.put(mapping.getName(), mapping);
+                        }
+                    }
                     listener.onResponse(mappingList);
                 }, ex -> {
                     logger.error(
@@ -235,8 +242,8 @@ private void innerPutMapping(PutRoleMappingRequest request, ActionListener<Boole
                     @Override
                     public void onResponse(DocWriteResponse indexResponse) {
                         boolean created = indexResponse.getResult() == CREATED;
-                        if (fallbackCache != null) {
-                            fallbackCache.put(mapping.getName(), mapping);
+                        if (cache != null) {
+                            cache.put(mapping.getName(), mapping);
                         }
                         listener.onResponse(created);
                     }
@@ -271,8 +278,8 @@ private void innerDeleteMapping(DeleteRoleMappingRequest request, ActionListener
                         @Override
                         public void onResponse(DeleteResponse deleteResponse) {
                             boolean deleted = deleteResponse.getResult() == DELETED;
-                            if (fallbackCache != null) {
-                                fallbackCache.invalidate(request.getName());
+                            if (cache != null) {
+                                cache.invalidate(request.getName());
                             }
                             listener.onResponse(deleted);
                         }
@@ -312,11 +319,10 @@ private void getMappings(ActionListener<List<ExpressionRoleMapping>> listener) {
             logger.debug("The security index exists but is closed - no role mappings can be loaded");
             listener.onResponse(Collections.emptyList());
         } else if (frozenSecurityIndex.isAvailable(SEARCH_SHARDS) == false) {
-            if (fallbackCache != null) {
-                logger.debug(
-                    "The security index exists but is not available - loading role mappings from fallback cache. Results may be incomplete"
-                );
-                loadMappingsFromFallbackCache(listener);
+            // Best effort - try to fetch from cache
+            if (cache != null) {
+                logger.debug("The security index exists but is not available - loading role mappings from cache.");
+                loadMappingsFromCache(listener);
                 return;
             }
             logger.debug("The security index exists but is not available - no role mappings can be loaded");
@@ -326,10 +332,9 @@ private void getMappings(ActionListener<List<ExpressionRoleMapping>> listener) {
         }
     }
 
-    private void loadMappingsFromFallbackCache(ActionListener<List<ExpressionRoleMapping>> listener) {
-        final List<ExpressionRoleMapping> mappings = StreamSupport.stream(fallbackCache.values().spliterator(), false)
-            .collect(Collectors.toList());
-        logger.debug("Successfully loaded [{}] role mappings(s) from fallback cache", mappings.size());
+    private void loadMappingsFromCache(ActionListener<List<ExpressionRoleMapping>> listener) {
+        final List<ExpressionRoleMapping> mappings = StreamSupport.stream(cache.values().spliterator(), false).collect(Collectors.toList());
+        logger.debug("Successfully loaded [{}] role mappings(s) from cache", mappings.size());
         listener.onResponse(mappings);
     }