From 14e2aa3bd843f37a8b0a0b7f7f35f807ac8b94e5 Mon Sep 17 00:00:00 2001
From: jaymode <jay@elastic.co>
Date: Wed, 2 May 2018 12:14:09 -0600
Subject: [PATCH 1/3] Security: cleanup code in file stores

This commit cleans up some code in the FileUserPasswdStore and the
FileUserRolesStore classes. The maps used in these classes are volatile
so we need to make sure that we don't perform multiple operations with
the map unless we are sure we are using a reference to the same map.

The maps are also never null, but there were a few null checks in the
code that were not needed. These checks have been removed.
---
 .../authc/file/FileUserPasswdStore.java       |  4 ++--
 .../authc/file/FileUserRolesStore.java        | 19 ++++---------------
 2 files changed, 6 insertions(+), 17 deletions(-)

diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java
index 93d222fc791fd..5773bf5a44861 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java
@@ -80,7 +80,7 @@ public int usersCount() {
     }
 
     public AuthenticationResult verifyPassword(String username, SecureString password, java.util.function.Supplier<User> user) {
-        char[] hash = users.get(username);
+        final char[] hash = users.get(username);
         if (hash == null) {
             return AuthenticationResult.notHandled();
         }
@@ -91,7 +91,7 @@ public AuthenticationResult verifyPassword(String username, SecureString passwor
     }
 
     public boolean userExists(String username) {
-        return users != null && users.containsKey(username);
+        return users.containsKey(username);
     }
 
     public static Path resolveFile(Environment env) {
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java
index 1631fef60ea89..e17d8c5c7ecfa 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java
@@ -75,11 +75,8 @@ int entriesCount() {
     }
 
     public String[] roles(String username) {
-        if (userRoles == null) {
-            return Strings.EMPTY_ARRAY;
-        }
-        String[] roles = userRoles.get(username);
-        return roles == null ? Strings.EMPTY_ARRAY : userRoles.get(username);
+        final String[] roles = userRoles.get(username);
+        return roles == null ? Strings.EMPTY_ARRAY : roles;
     }
 
     public static Path resolveFile(Environment env) {
@@ -160,11 +157,7 @@ public static Map<String, String[]> parseFile(Path path, @Nullable Logger logger
             }
 
             for (String user : roleUsers) {
-                List<String> roles = userToRoles.get(user);
-                if (roles == null) {
-                    roles = new ArrayList<>();
-                    userToRoles.put(user, roles);
-                }
+                List<String> roles = userToRoles.computeIfAbsent(user, k -> new ArrayList<>());
                 roles.add(role);
             }
         }
@@ -185,11 +178,7 @@ public static void writeFile(Map<String, String[]> userToRoles, Path path) {
         HashMap<String, List<String>> roleToUsers = new HashMap<>();
         for (Map.Entry<String, String[]> entry : userToRoles.entrySet()) {
             for (String role : entry.getValue()) {
-                List<String> users = roleToUsers.get(role);
-                if (users == null) {
-                    users = new ArrayList<>();
-                    roleToUsers.put(role, users);
-                }
+                List<String> users = roleToUsers.computeIfAbsent(role, k -> new ArrayList<>());
                 users.add(entry.getKey());
             }
         }

From ee75c3185f997456ff51311487867b3d8e0ab039 Mon Sep 17 00:00:00 2001
From: jaymode <jay@elastic.co>
Date: Fri, 4 May 2018 12:48:32 -0600
Subject: [PATCH 2/3] changelog entry

---
 docs/CHANGELOG.asciidoc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
index f4ecaf44a6c5a..f44112abcbbd3 100644
--- a/docs/CHANGELOG.asciidoc
+++ b/docs/CHANGELOG.asciidoc
@@ -207,6 +207,8 @@ coming[6.3.1]
 
 Reduce the number of object allocations made by {security} when resolving the indices and aliases for a request ({pull}30180[#30180])
 
+Improve the consistency of the roles returned for users in the `file` realm, especially during file reloads ({pull}30348[#30348])
+
 //[float]
 //=== Regressions
 

From e579b21facf8c3850f9f720e93c0038d464dd738 Mon Sep 17 00:00:00 2001
From: jaymode <jay@elastic.co>
Date: Thu, 10 May 2018 07:36:57 -0600
Subject: [PATCH 3/3] remove changelog entry

---
 docs/CHANGELOG.asciidoc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
index c4da6f8897723..5f7ed63cdd8ad 100644
--- a/docs/CHANGELOG.asciidoc
+++ b/docs/CHANGELOG.asciidoc
@@ -239,7 +239,6 @@ coming[6.3.1]
 
 Reduce the number of object allocations made by {security} when resolving the indices and aliases for a request ({pull}30180[#30180])
 
-Improve the consistency of the roles returned for users in the `file` realm, especially during file reloads ({pull}30348[#30348])
 Respect accept header on requests with no handler ({pull}30383[#30383])
 
 //[float]