github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-24 23:27:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add cache for application privileges (#55836)

Browse source 
Add caching support for application privileges to reduce number of round-trips to security index when building application privilege descriptors.

Privilege retrieving in NativePrivilegeStore is changed to always fetching all privilege documents for a given application. The caching is applied to all places including "get privilege", "has privileges" APIs and CompositeRolesStore (for authentication).
This commit is contained in:
Yang Wang 2020-06-29 13:59:00 +10:00 committed by GitHub
parent e9661558e7
commit 38185e5da0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 1526 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

33
docs/java-rest/high-level/security/clear-privileges-cache.asciidoc Normal file
View file

@ -0,0 +1,33 @@
--
:api: clear-privileges-cache
:request: ClearPrivilegesCacheRequest
:response: ClearPrivilegesCacheResponse
--
[role="xpack"]
[id="{upid}-{api}"]
=== Clear Privileges Cache API
[id="{upid}-{api}-request"]
==== Clear Privileges Cache Request
A +{request}+ supports defining the name of applications that the cache should be cleared for.
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests-file}[{api}-request]
--------------------------------------------------
<1> the name of the application(s) for which the cache should be cleared
include::../execution.asciidoc[]
[id="{upid}-{api}-response"]
==== Clear Privileges Cache Response
The returned +{response}+ allows to retrieve information about where the cache was cleared.
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
include-tagged::{doc-tests-file}[{api}-response]
--------------------------------------------------
<1> the list of nodes that the cache was cleared on

2
docs/java-rest/high-level/supported-apis.asciidoc
View file

@ -455,6 +455,7 @@ The Java High Level REST Client supports the following Security APIs:
* <<{upid}-get-roles>>
* <<java-rest-high-security-delete-role>>
* <<{upid}-clear-roles-cache>>
* <<{upid}-clear-privileges-cache>>
* <<{upid}-clear-realm-cache>>
* <<{upid}-authenticate>>
* <<{upid}-has-privileges>>
@ -486,6 +487,7 @@ include::security/delete-privileges.asciidoc[]
include::security/get-builtin-privileges.asciidoc[]
include::security/get-privileges.asciidoc[]
include::security/clear-roles-cache.asciidoc[]
include::security/clear-privileges-cache.asciidoc[]
include::security/clear-realm-cache.asciidoc[]
include::security/authenticate.asciidoc[]
include::security/has-privileges.asciidoc[]