Fixing a test; adding a caching mechanism to avoid calling

findPrivilegesThatGrant each time.
2025-04-25 15:47:23 -04:00 · 2021-02-01 17:36:34 +01:00 · 2021-02-01 17:36:34 +01:00 · 7faa52f342
commit 7faa52f342
parent 93103aeca5
2 changed files with 15 additions and 3 deletions
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
@ -100,6 +100,7 @@ import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
 import java.util.TreeMap;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Function;
 import java.util.function.Predicate;
 import java.util.function.Supplier;
@ -1376,6 +1377,9 @@ public class LoggingAuditTrail implements AuditTrail, ClusterStateListener {
        private final Predicate<String> ignoreIndexPrivilegesPredicate;
        private final Predicate<String> ignoreClusterPrivilegesPredicate;

+        private final ConcurrentHashMap<String, Collection<String>> indexActions = new ConcurrentHashMap<>();
+        private final ConcurrentHashMap<String, Collection<String>> clusterActions = new ConcurrentHashMap<>();
+
        EventFilterPolicy(String name, Settings settings) {
            this(name, parsePredicate(FILTER_POLICY_IGNORE_PRINCIPALS.getConcreteSettingForNamespace(name).get(settings)),
                    parsePredicate(FILTER_POLICY_IGNORE_REALMS.getConcreteSettingForNamespace(name).get(settings)),
@ -1461,13 +1465,21 @@ public class LoggingAuditTrail implements AuditTrail, ClusterStateListener {

        private boolean ignoreIndexPrivilegesPredicateTest(String action) {
            if (ignoreIndexPrivilegesPredicate.test(action)) return true;
-            Collection<String> privileges = IndexPrivilege.findPrivilegesThatGrant(action);
+            Collection<String> privileges = indexActions.get(action);
+            if (privileges == null) {
+                privileges = IndexPrivilege.findPrivilegesThatGrant(action);
+                indexActions.put(action, privileges);
+            }
            return privileges != null && privileges.stream().anyMatch((s) -> ignoreIndexPrivilegesPredicate.test(s));
        }

        private boolean ignoreClusterPrivilegesPredicateTest(String action) {
            if (ignoreClusterPrivilegesPredicate.test(action)) return true;
-            Collection<String> privileges = ClusterPrivilegeResolver.findPrivilegesThatGrant(action);
+            Collection<String> privileges = clusterActions.get(action);
+            if (privileges == null) {
+                privileges = ClusterPrivilegeResolver.findPrivilegesThatGrant(action);
+                clusterActions.put(action, privileges);
+            }
            return privileges != null && privileges.stream().anyMatch((s) -> ignoreClusterPrivilegesPredicate.test(s));
        }

--- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailFilterTests.java
+++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailFilterTests.java
@ -2032,7 +2032,7 @@ public class LoggingAuditTrailFilterTests extends ESTestCase {
        for (int i = 0; i < listOfActions.size(); i++) {
            Collection<String> privileges = AuthorizationService.isIndexAction(listOfActions.get(i)) ?
                IndexPrivilege.findPrivilegesThatGrant(listOfActions.get(i)) :
-                ClusterPrivilegeResolver.findPrivilegesThatGrant(listOfActions.get(i), null, null);
+                ClusterPrivilegeResolver.findPrivilegesThatGrant(listOfActions.get(i));
            assertNotNull(privileges);
            filtered.addAll(privileges);
        }