Skip to content

Commit

Permalink
Initialize document subset bit set cache used for DLS (elastic#46211)
Browse files Browse the repository at this point in the history
This commit initializes DocumentSubsetBitsetCache even if DLS
is disabled. Previously it would throw null pointer when querying
usage stats if we explicitly disabled DLS as there would be no instance of DocumentSubsetBitsetCache to query. It is okay to initialize
DocumentSubsetBitsetCache which will be empty as the license enforcement
would prevent usage of DLS feature and it will not fail when accessing usage stats.

Closes elastic#45147
  • Loading branch information
bizybot authored and Yogesh Gaikwad committed Sep 5, 2019
1 parent b11968c commit 43a8446
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 35 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -406,10 +406,6 @@ Collection<Object> createComponents(Client client, ThreadPool threadPool, Cluste
securityContext.set(new SecurityContext(settings, threadPool.getThreadContext()));
components.add(securityContext.get());

if (XPackSettings.DLS_FLS_ENABLED.get(settings)) {
dlsBitsetCache.set(new DocumentSubsetBitsetCache(settings));
}

// audit trail service construction
final List<AuditTrail> auditTrails = XPackSettings.AUDIT_ENABLED.get(settings)
? Collections.singletonList(new LoggingAuditTrail(settings, clusterService, threadPool))
Expand Down Expand Up @@ -453,6 +449,7 @@ Collection<Object> createComponents(Client client, ThreadPool threadPool, Cluste
final NativePrivilegeStore privilegeStore = new NativePrivilegeStore(settings, client, securityIndex.get());
components.add(privilegeStore);

dlsBitsetCache.set(new DocumentSubsetBitsetCache(settings));
final FieldPermissionsCache fieldPermissionsCache = new FieldPermissionsCache(settings);
final FileRolesStore fileRolesStore = new FileRolesStore(settings, env, resourceWatcherService, getLicenseState());
final NativeRolesStore nativeRolesStore = new NativeRolesStore(settings, client, getLicenseState(), securityIndex.get());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -106,17 +106,17 @@ public CompositeRolesStore(Settings settings, FileRolesStore fileRolesStore, Nat
ReservedRolesStore reservedRolesStore, NativePrivilegeStore privilegeStore,
List<BiConsumer<Set<String>, ActionListener<RoleRetrievalResult>>> rolesProviders,
ThreadContext threadContext, XPackLicenseState licenseState, FieldPermissionsCache fieldPermissionsCache,
ApiKeyService apiKeyService, @Nullable DocumentSubsetBitsetCache dlsBitsetCache,
ApiKeyService apiKeyService, DocumentSubsetBitsetCache dlsBitsetCache,
Consumer<Collection<RoleDescriptor>> effectiveRoleDescriptorsConsumer) {
this.fileRolesStore = fileRolesStore;
this.dlsBitsetCache = dlsBitsetCache;
this.fileRolesStore = Objects.requireNonNull(fileRolesStore);
this.dlsBitsetCache = Objects.requireNonNull(dlsBitsetCache);
fileRolesStore.addListener(this::invalidate);
this.nativeRolesStore = nativeRolesStore;
this.privilegeStore = privilegeStore;
this.licenseState = licenseState;
this.fieldPermissionsCache = fieldPermissionsCache;
this.apiKeyService = apiKeyService;
this.effectiveRoleDescriptorsConsumer = effectiveRoleDescriptorsConsumer;
this.nativeRolesStore = Objects.requireNonNull(nativeRolesStore);
this.privilegeStore = Objects.requireNonNull(privilegeStore);
this.licenseState = Objects.requireNonNull(licenseState);
this.fieldPermissionsCache = Objects.requireNonNull(fieldPermissionsCache);
this.apiKeyService = Objects.requireNonNull(apiKeyService);
this.effectiveRoleDescriptorsConsumer = Objects.requireNonNull(effectiveRoleDescriptorsConsumer);
CacheBuilder<RoleKey, Role> builder = CacheBuilder.builder();
final int cacheSize = CACHE_SIZE_SETTING.get(settings);
if (cacheSize >= 0) {
Expand Down Expand Up @@ -415,9 +415,7 @@ public void invalidateAll() {
try (ReleasableLock ignored = roleCacheHelper.acquireUpdateLock()) {
roleCache.invalidateAll();
}
if (dlsBitsetCache != null) {
dlsBitsetCache.clear("role store invalidation");
}
dlsBitsetCache.clear("role store invalidation");
}

public void invalidate(String role) {
Expand Down
Loading

0 comments on commit 43a8446

Please sign in to comment.