Module org.elasticsearch.security
Class QueryableBuiltInRolesSynchronizer
java.lang.Object
org.elasticsearch.xpack.security.support.QueryableBuiltInRolesSynchronizer
- All Implemented Interfaces:
ClusterStateListener
Synchronizes built-in roles to the .security index.
The .security index is created if it does not exist.
The synchronization is executed only on the elected master node after the cluster has recovered and roles need to be synced. The goal is to reduce the potential for conflicting operations. While in most cases, there should be only a single node that’s attempting to create/update/delete roles, it’s still possible that the master node changes in the middle of the syncing process.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringIndex metadata key of the digest of built-in roles indexed in the .security index.static final booleanThis is a temporary feature flag to allow enabling the synchronization of built-in roles to the .security index.static final NodeFeature -
Constructor Summary
ConstructorsConstructorDescriptionQueryableBuiltInRolesSynchronizer(ClusterService clusterService, FeatureService featureService, QueryableBuiltInRolesProviderFactory rolesProviderFactory, NativeRolesStore nativeRolesStore, ReservedRolesStore reservedRolesStore, FileRolesStore fileRolesStore, ThreadPool threadPool) Constructs a new built-in roles synchronizer. -
Method Summary
Modifier and TypeMethodDescriptionvoidboolean
-
Field Details
-
QUERYABLE_BUILT_IN_ROLES_ENABLED
public static final boolean QUERYABLE_BUILT_IN_ROLES_ENABLEDThis is a temporary feature flag to allow enabling the synchronization of built-in roles to the .security index. Initially, it is disabled by default due to the number of tests that need to be adjusted now that .security index is created earlier in the cluster lifecycle.Once all tests are adjusted, this flag will be set to enabled by default and later removed altogether.
-
QUERYABLE_BUILT_IN_ROLES_FEATURE
-
METADATA_QUERYABLE_BUILT_IN_ROLES_DIGEST_KEY
Index metadata key of the digest of built-in roles indexed in the .security index.The value is a map of built-in role names to their digests (calculated by sha256 of the role definition).
- See Also:
-
-
Constructor Details
-
QueryableBuiltInRolesSynchronizer
public QueryableBuiltInRolesSynchronizer(ClusterService clusterService, FeatureService featureService, QueryableBuiltInRolesProviderFactory rolesProviderFactory, NativeRolesStore nativeRolesStore, ReservedRolesStore reservedRolesStore, FileRolesStore fileRolesStore, ThreadPool threadPool) Constructs a new built-in roles synchronizer.- Parameters:
clusterService- the cluster service to register as a listenerfeatureService- the feature service to check if the cluster has the queryable built-in roles featurerolesProviderFactory- the factory to create the built-in roles providernativeRolesStore- the native roles store to sync the built-in roles toreservedRolesStore- the reserved roles store to fetch the built-in roles fromfileRolesStore- the file roles store to fetch the built-in roles fromthreadPool- the thread pool
-
-
Method Details
-
clusterChanged
- Specified by:
clusterChangedin interfaceClusterStateListener
-
isSynchronizationInProgress
public boolean isSynchronizationInProgress()- Returns:
trueif the synchronization of built-in roles is in progress,falseotherwise
-