Undo

n1v0lg · Nov 3, 2023 · ec08a46 · ec08a46
1 parent be136a7
commit ec08a46
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 22 deletions.
diff --git a/...st/java/org/elasticsearch/xpack/security/authc/jwt/JwtUnavailableSecurityIndexRestIT.java b/...st/java/org/elasticsearch/xpack/security/authc/jwt/JwtUnavailableSecurityIndexRestIT.java
@@ -85,7 +85,7 @@ public class JwtUnavailableSecurityIndexRestIT extends ESRestTestCase {
         .setting("xpack.security.authc.realms.jwt.jwt1.client_authentication.type", "NONE")
         .setting("xpack.security.authc.realms.jwt.jwt1.pkc_jwkset_path", "rsa.jwkset")
 
-        .setting("xpack.security.authc.role_mapping.cache_last_successful_load", "true")
+        .setting("xpack.security.authc.role_mapping.fallback_cache.enabled", "true")
         .user("admin_user", "admin-password")
         .build();
 

diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
@@ -1198,7 +1198,7 @@ public static List<Setting<?>> getSettings(List<SecurityExtension> securityExten
         settingsList.add(CachingServiceAccountTokenStore.CACHE_HASH_ALGO_SETTING);
         settingsList.add(CachingServiceAccountTokenStore.CACHE_MAX_TOKENS_SETTING);
         settingsList.add(SimpleRole.CACHE_SIZE_SETTING);
-        settingsList.add(NativeRoleMappingStore.CACHE_LAST_SUCCESSFUL_LOAD_SETTING);
+        settingsList.add(NativeRoleMappingStore.FALLBACK_CACHE_ENABLED_SETTING);
 
         // hide settings
         settingsList.add(Setting.stringListSetting(SecurityField.setting("hide_settings"), Property.NodeScope, Property.Filtered));

diff --git a/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStore.java b/...in/java/org/elasticsearch/xpack/security/authc/support/mapper/NativeRoleMappingStore.java
@@ -90,8 +90,8 @@ public class NativeRoleMappingStore implements UserRoleMapper {
 
     private static final String ID_PREFIX = DOC_TYPE_ROLE_MAPPING + "_";
 
-    public static final Setting<Boolean> CACHE_LAST_SUCCESSFUL_LOAD_SETTING = Setting.boolSetting(
-        "xpack.security.authc.role_mapping.cache_last_successful_load",
+    public static final Setting<Boolean> FALLBACK_CACHE_ENABLED_SETTING = Setting.boolSetting(
+        "xpack.security.authc.role_mapping.fallback_cache.enabled",
         false,
         Setting.Property.NodeScope
     );
@@ -109,7 +109,7 @@ public NativeRoleMappingStore(Settings settings, Client client, SecurityIndexMan
         this.client = client;
         this.securityIndex = securityIndex;
         this.scriptService = scriptService;
-        this.shouldCacheSuccessfulLoad = CACHE_LAST_SUCCESSFUL_LOAD_SETTING.get(settings);
+        this.shouldCacheSuccessfulLoad = FALLBACK_CACHE_ENABLED_SETTING.get(settings);
     }
 
     NativeRoleMappingStore(
@@ -381,24 +381,11 @@ private static void reportStats(ActionListener<Map<String, Object>> listener, Li
     }
 
     public void onSecurityIndexStateChange(SecurityIndexManager.State previousState, SecurityIndexManager.State currentState) {
-        final boolean moveFromRedToNonRed = isMoveFromRedToNonRed(previousState, currentState);
-        final boolean indexDeleted = isIndexDeleted(previousState, currentState);
-        final boolean uuidChanged = Objects.equals(previousState.indexUUID, currentState.indexUUID) == false;
-        final boolean indexNotUpToDateChanged = previousState.isIndexUpToDate != currentState.isIndexUpToDate;
-        if (moveFromRedToNonRed || indexDeleted || uuidChanged || indexNotUpToDateChanged) {
+        if (isMoveFromRedToNonRed(previousState, currentState)
+            || isIndexDeleted(previousState, currentState)
+            || Objects.equals(previousState.indexUUID, currentState.indexUUID) == false
+            || previousState.isIndexUpToDate != currentState.isIndexUpToDate) {
             refreshRealms(ActionListener.noop(), null);
-            // TODO to clear or not to clear...
-            if (shouldCacheSuccessfulLoad && false == indexDeleted) {
-                logger.debug(
-                    "Clearing role mapping cache."
-                        + " moveFromRedToNonRed [{}] indexDeleted [{}] uuidChanged [{}] indexNotUpToDateChanged [{}]",
-                    moveFromRedToNonRed,
-                    indexDeleted,
-                    uuidChanged,
-                    indexNotUpToDateChanged
-                );
-                lastSuccessfulLoadRef.set(null);
-            }
         }
     }