Skip to content

Calculate changed roles on roles.yml reload #33525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 26, 2018
Merged

Calculate changed roles on roles.yml reload #33525

merged 2 commits into from
Sep 26, 2018

Conversation

@jaymode
Copy link
Member

@jaymode jaymode commented Sep 7, 2018

In order to optimize the use of the role cache, when the roles.yml file
is reloaded we now calculate the names of removed, changed, and added
roles so that they may be passed to any listeners. This allows a
listener to selectively clear cache for only the roles that have been
modified. The CompositeRolesStore has been adapted to do exactly that
so that we limit the need to reload roles from sources such as the
native roles stores or external role providers.

See #33205

@jaymode
Calculate changed roles on roles.yml reload
37c47b5 
In order to optimize the use of the role cache, when the roles.yml file
is reloaded we now calculate the names of removed, changed, and added
roles so that they may be passed to any listeners. This allows a
listener to selectively clear cache for only the roles that have been
modified. The CompositeRolesStore has been adapted to do exactly that
so that we limit the need to reload roles from sources such as the
native roles stores or external role providers.

See elastic#33205
@jaymode jaymode added >enhancement v7.0.0 :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v6.5.0 labels Sep 7, 2018
@jaymode jaymode requested review from jkakavas and tvernum September 7, 2018 18:00
@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 7, 2018

Pinging @elastic/es-security

@jaymode
Copy link
Member Author

jaymode commented Sep 7, 2018

run the java11 tests

tvernum
tvernum approved these changes Sep 14, 2018
View reviewed changes
Copy link
Contributor

@tvernum tvernum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jaymode jaymode merged commit fcb60ac into elastic:master Sep 26, 2018
@jaymode jaymode deleted the file_reload_cache_invalidate branch September 26, 2018 20:27
jaymode added a commit that referenced this pull request Sep 26, 2018
@jaymode
Calculate changed roles on roles.yml reload (#33525)
2d8bc27 
In order to optimize the use of the role cache, when the roles.yml file
is reloaded we now calculate the names of removed, changed, and added
roles so that they may be passed to any listeners. This allows a
listener to selectively clear cache for only the roles that have been
modified. The CompositeRolesStore has been adapted to do exactly that
so that we limit the need to reload roles from sources such as the
native roles stores or external role providers.

See #33205
jasontedor added a commit to jasontedor/elasticsearch that referenced this pull request Sep 27, 2018
@jasontedor
Merge remote-tracking branch 'elastic/master' into fix-search-remote-…
63b694f 
…fallback

* elastic/master:
  TEST: Add engine is closed as expected failure msg
  Adjust bwc version for max_seq_no_of_updates
  Build DocStats from SegmentInfos in ReadOnlyEngine (elastic#34079)
  When creating wildcard queries, use MatchNoDocsQuery when the field type doesn't exist. (elastic#34093)
  [DOCS] Moves graph to docs folder (elastic#33472)
  Mute MovAvgIT#testHoltWintersNotEnoughData
  Security: use default scroll keepalive (elastic#33639)
  Calculate changed roles on roles.yml reload (elastic#33525)
  Scripting: Reflect factory signatures in painless classloader (elastic#34088)
  XContentBuilder to handle BigInteger and BigDecimal (elastic#32888)
  Delegate wildcard query creation to MappedFieldType. (elastic#34062)
  Painless: Cleanup Cache (elastic#33963)
kcm pushed a commit that referenced this pull request Oct 30, 2018
@jaymode @kcm
Calculate changed roles on roles.yml reload (#33525)
d4d253f 
In order to optimize the use of the role cache, when the roles.yml file
is reloaded we now calculate the names of removed, changed, and added
roles so that they may be passed to any listeners. This allows a
listener to selectively clear cache for only the roles that have been
modified. The CompositeRolesStore has been adapted to do exactly that
so that we limit the need to reload roles from sources such as the
native roles stores or external role providers.

See #33205
@jaymode jaymode mentioned this pull request Jan 15, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tvernum tvernum tvernum approved these changes

@jkakavas jkakavas Awaiting requested review from jkakavas

Assignees

No one assigned

Labels

>enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC v6.5.0 v7.0.0-beta1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jaymode @elasticmachine @tvernum @colings86