Skip to content

Commit

Permalink
[backport] Testing queryable built-in role synchronization (#119178)
Browse files Browse the repository at this point in the history
Backport of #118964
  • Loading branch information
slobodanadamovic authored Dec 20, 2024
1 parent ae92ed1 commit 98bc977
Show file tree
Hide file tree
Showing 5 changed files with 558 additions and 18 deletions.
5 changes: 1 addition & 4 deletions muted-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -317,9 +317,6 @@ tests:
- class: org.elasticsearch.xpack.inference.DefaultEndPointsIT
method: testMultipleInferencesTriggeringDownloadAndDeploy
issue: https://github.com/elastic/elasticsearch/issues/117208
- class: org.elasticsearch.xpack.security.QueryableReservedRolesIT
method: testDeletingAndCreatingSecurityIndexTriggersSynchronization
issue: https://github.com/elastic/elasticsearch/issues/118806

# Examples:
#
Expand Down Expand Up @@ -438,4 +435,4 @@ tests:
issue: https://github.com/elastic/elasticsearch/issues/119159
- class: org.elasticsearch.versioning.ConcurrentSeqNoVersioningIT
method: testSeqNoCASLinearizability
issue: https://github.com/elastic/elasticsearch/issues/117249
issue: https://github.com/elastic/elasticsearch/issues/117249
Original file line number Diff line number Diff line change
Expand Up @@ -201,20 +201,33 @@ public void clusterChanged(ClusterChangedEvent event) {
}
}

/**
* @return {@code true} if the synchronization of built-in roles is in progress, {@code false} otherwise
*/
public boolean isSynchronizationInProgress() {
return synchronizationInProgress.get();
}

private void syncBuiltInRoles(final QueryableBuiltInRoles roles) {
if (synchronizationInProgress.compareAndSet(false, true)) {
final Map<String, String> indexedRolesDigests = readIndexedBuiltInRolesDigests(clusterService.state());
if (roles.rolesDigest().equals(indexedRolesDigests)) {
logger.debug("Security index already contains the latest built-in roles indexed, skipping synchronization");
return;
}
executor.execute(() -> doSyncBuiltinRoles(indexedRolesDigests, roles, ActionListener.wrap(v -> {
logger.info("Successfully synced [" + roles.roleDescriptors().size() + "] built-in roles to .security index");
synchronizationInProgress.set(false);
}, e -> {
handleException(e);
try {
final Map<String, String> indexedRolesDigests = readIndexedBuiltInRolesDigests(clusterService.state());
if (roles.rolesDigest().equals(indexedRolesDigests)) {
logger.debug("Security index already contains the latest built-in roles indexed, skipping roles synchronization");
synchronizationInProgress.set(false);
} else {
executor.execute(() -> doSyncBuiltinRoles(indexedRolesDigests, roles, ActionListener.wrap(v -> {
logger.info("Successfully synced [" + roles.roleDescriptors().size() + "] built-in roles to .security index");
synchronizationInProgress.set(false);
}, e -> {
handleException(e);
synchronizationInProgress.set(false);
})));
}
} catch (Exception e) {
logger.error("Failed to sync built-in roles", e);
synchronizationInProgress.set(false);
})));
}
}
}

Expand Down Expand Up @@ -466,6 +479,10 @@ static class MarkRolesAsSyncedTask implements ClusterStateTaskListener {
this.newRoleDigests = newRoleDigests;
}

public Map<String, String> getNewRoleDigests() {
return newRoleDigests;
}

Tuple<ClusterState, Map<String, String>> execute(ClusterState state) {
IndexMetadata indexMetadata = state.metadata().index(concreteSecurityIndexName);
if (indexMetadata == null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
* The reserved roles are static and do not change during runtime, hence this provider will never notify any listeners.
* </p>
*/
public final class QueryableReservedRolesProvider implements QueryableBuiltInRoles.Provider {
public class QueryableReservedRolesProvider implements QueryableBuiltInRoles.Provider {

private final Supplier<QueryableBuiltInRoles> reservedRolesSupplier;

Expand Down
Loading

0 comments on commit 98bc977

Please sign in to comment.