Add ProjectScopedCache and update ReloadablePlugin

Author: jfreden

modules/ingest-geoip/src/main/java/org/elasticsearch/ingest/geoip/GeoIpDownloaderTaskExecutor.java

@@ -396,21 +396,22 @@ private void stopTask(Runnable onFailure) {
             GEOIP_DOWNLOADER,
             MasterNodeRequest.INFINITE_MASTER_NODE_TIMEOUT,
             ActionListener.runAfter(listener, () -> {
-                IndexAbstraction databasesAbstraction = clusterService.state()
-                    .metadata()
-                    .getProject()
-                    .getIndicesLookup()
-                    .get(DATABASES_INDEX);
-                if (databasesAbstraction != null) {
-                    // regardless of whether DATABASES_INDEX is an alias, resolve it to a concrete index
-                    Index databasesIndex = databasesAbstraction.getWriteIndex();
-                    client.admin().indices().prepareDelete(databasesIndex.getName()).execute(ActionListener.wrap(rr -> {}, e -> {
-                        Throwable t = e instanceof RemoteTransportException ? ExceptionsHelper.unwrapCause(e) : e;
-                        if (t instanceof ResourceNotFoundException == false) {
-                            logger.warn("failed to remove " + databasesIndex, e);
-                        }
-                    }));
-                }
+                // TODO FOR TESTING ONLY!
+                // IndexAbstraction databasesAbstraction = clusterService.state()
+                // .metadata()
+                // .getProject()
+                // .getIndicesLookup()
+                // .get(DATABASES_INDEX);
+                // if (databasesAbstraction != null) {
+                // // regardless of whether DATABASES_INDEX is an alias, resolve it to a concrete index
+                // Index databasesIndex = databasesAbstraction.getWriteIndex();
+                // client.admin().indices().prepareDelete(databasesIndex.getName()).execute(ActionListener.wrap(rr -> {}, e -> {
+                // Throwable t = e instanceof RemoteTransportException ? ExceptionsHelper.unwrapCause(e) : e;
+                // if (t instanceof ResourceNotFoundException == false) {
+                // logger.warn("failed to remove " + databasesIndex, e);
+                // }
+                // }));
+                // }
             })
         );
     }

server/src/main/java/org/elasticsearch/node/NodeConstruction.java

@@ -52,6 +52,7 @@
 import org.elasticsearch.cluster.metadata.MetadataDataStreamsService;
 import org.elasticsearch.cluster.metadata.MetadataIndexTemplateService;
 import org.elasticsearch.cluster.metadata.MetadataUpdateSettingsService;
+import org.elasticsearch.cluster.metadata.ProjectId;
 import org.elasticsearch.cluster.metadata.ProjectMetadata;
 import org.elasticsearch.cluster.metadata.SystemIndexMetadataUpgradeService;
 import org.elasticsearch.cluster.metadata.TemplateUpgradeService;
@@ -1517,12 +1518,26 @@ private CircuitBreakerService createCircuitBreakerService(
      * @return A single ReloadablePlugin that, upon reload, reloads the plugins it wraps
      */
     private static ReloadablePlugin wrapPlugins(List<ReloadablePlugin> reloadablePlugins) {
-        return settings -> {
-            for (ReloadablePlugin plugin : reloadablePlugins) {
-                try {
-                    plugin.reload(settings);
-                } catch (IOException e) {
-                    throw new UncheckedIOException(e);
+        return new ReloadablePlugin() {
+            @Override
+            public void reload(Settings settings) throws Exception {
+                for (ReloadablePlugin plugin : reloadablePlugins) {
+                    try {
+                        plugin.reload(settings);
+                    } catch (IOException e) {
+                        throw new UncheckedIOException(e);
+                    }
+                }
+            }
+
+            @Override
+            public void reload(ProjectId projectId, Settings settings) throws Exception {
+                for (ReloadablePlugin plugin : reloadablePlugins) {
+                    try {
+                        plugin.reload(projectId, settings);
+                    } catch (IOException e) {
+                        throw new UncheckedIOException(e);
+                    }
                 }
             }
         };

server/src/main/java/org/elasticsearch/plugins/ReloadablePlugin.java

@@ -9,6 +9,7 @@
 
 package org.elasticsearch.plugins;
 
+import org.elasticsearch.cluster.metadata.ProjectId;
 import org.elasticsearch.common.settings.Settings;
 
 /**
@@ -41,4 +42,6 @@ public interface ReloadablePlugin {
      *             if the offending call didn't happen.
      */
     void reload(Settings settings) throws Exception;
+
+    default void reload(ProjectId projectId, Settings settings) throws Exception {}
 }

test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java

@@ -61,6 +61,7 @@
 import org.elasticsearch.core.CharArrays;
 import org.elasticsearch.core.CheckedFunction;
 import org.elasticsearch.core.CheckedRunnable;
+import org.elasticsearch.core.FixForMultiProject;
 import org.elasticsearch.core.IOUtils;
 import org.elasticsearch.core.Nullable;
 import org.elasticsearch.core.PathUtils;
@@ -418,7 +419,7 @@ public void initClient() throws IOException {
                 .collect(Collectors.toSet());
             assert semanticNodeVersions.isEmpty() == false || serverless;
 
-            testFeatureService = createTestFeatureService(getClusterStateFeatures(adminClient), semanticNodeVersions);
+            testFeatureService = createTestFeatureService(getClusterStateFeatures(adminClient, multiProject()), semanticNodeVersions);
         }
 
         assert testFeatureServiceInitialized();
@@ -1818,6 +1819,11 @@ public final void ensureGreen(RestClient client, String index) throws IOExceptio
         });
     }
 
+    @FixForMultiProject(description = "Remove when cluster state API can be called in multi project mode without the query param")
+    protected boolean multiProject() {
+        return false;
+    }
+
     protected static void ensureHealth(Consumer<Request> requestConsumer) throws IOException {
         ensureHealth("", requestConsumer);
     }
@@ -2374,7 +2380,11 @@ public void ensurePeerRecoveryRetentionLeasesRenewedAndSynced(String index) thro
     }
 
     protected static Map<String, Set<String>> getClusterStateFeatures(RestClient adminClient) throws IOException {
-        final Request request = new Request("GET", "_cluster/state");
+        return getClusterStateFeatures(adminClient, false);
+    }
+
+    protected static Map<String, Set<String>> getClusterStateFeatures(RestClient adminClient, boolean multiProject) throws IOException {
+        final Request request = new Request("GET", "_cluster/state" + (multiProject ? "?multi_project=true" : ""));
         request.addParameter("filter_path", "nodes_features");
 
         final Response response = adminClient.performRequest(request);

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/CachingUsernamePasswordRealm.java

@@ -9,6 +9,7 @@
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.common.cache.Cache;
 import org.elasticsearch.common.cache.CacheBuilder;
+import org.elasticsearch.common.cache.CacheLoader;
 import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.common.util.concurrent.ListenableFuture;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
@@ -32,25 +33,62 @@
 
 public abstract class CachingUsernamePasswordRealm extends UsernamePasswordRealm implements CachingRealm {
 
-    private final Cache<String, ListenableFuture<CachedResult>> cache;
+    private final UserAuthenticationCache cache;
     private final ThreadPool threadPool;
     private final boolean authenticationEnabled;
-    final Hasher cacheHasher;
+    protected final Hasher credentialHasher;
 
     protected CachingUsernamePasswordRealm(RealmConfig config, ThreadPool threadPool) {
+        this(config, threadPool, buildDefaultCache(config));
+    }
+
+    protected CachingUsernamePasswordRealm(RealmConfig config, ThreadPool threadPool, UserAuthenticationCache cache) {
         super(config);
-        cacheHasher = Hasher.resolve(this.config.getSetting(CachingUsernamePasswordRealmSettings.CACHE_HASH_ALGO_SETTING));
+        credentialHasher = Hasher.resolve(this.config.getSetting(CachingUsernamePasswordRealmSettings.CACHE_HASH_ALGO_SETTING));
         this.threadPool = threadPool;
-        final TimeValue ttl = this.config.getSetting(CachingUsernamePasswordRealmSettings.CACHE_TTL_SETTING);
+        this.authenticationEnabled = config.getSetting(CachingUsernamePasswordRealmSettings.AUTHC_ENABLED_SETTING);
+        this.cache = cache;
+    }
+
+    private static UserAuthenticationCache buildDefaultCache(RealmConfig config) {
+        final TimeValue ttl = config.getSetting(CachingUsernamePasswordRealmSettings.CACHE_TTL_SETTING);
         if (ttl.getNanos() > 0) {
-            cache = CacheBuilder.<String, ListenableFuture<CachedResult>>builder()
+            final Cache<String, ListenableFuture<CachedResult>> cache = CacheBuilder.<String, ListenableFuture<CachedResult>>builder()
                 .setExpireAfterWrite(ttl)
-                .setMaximumWeight(this.config.getSetting(CachingUsernamePasswordRealmSettings.CACHE_MAX_USERS_SETTING))
+                .setMaximumWeight(config.getSetting(CachingUsernamePasswordRealmSettings.CACHE_MAX_USERS_SETTING))
                 .build();
-        } else {
-            cache = null;
+            return new UserAuthenticationCache() {
+                @Override
+                public void invalidate(String key) {
+                    cache.invalidate(key);
+                }
+
+                @Override
+                public void invalidate(String key, ListenableFuture<CachedResult> value) {
+                    cache.invalidate(key, value);
+                }
+
+                @Override
+                public void invalidateAll() {
+                    cache.invalidateAll();
+                }
+
+                @Override
+                public int count() {
+                    return cache.count();
+                }
+
+                @Override
+                public ListenableFuture<CachedResult> computeIfAbsent(
+                    String key,
+                    CacheLoader<String, ListenableFuture<CachedResult>> loader
+                ) throws ExecutionException {
+                    return cache.computeIfAbsent(key, loader);
+                }
+            };
         }
-        this.authenticationEnabled = config.getSetting(CachingUsernamePasswordRealmSettings.AUTHC_ENABLED_SETTING);
+
+        return null;
     }
 
     @Override
@@ -217,7 +255,9 @@ private void authenticateWithCache(UsernamePasswordToken token, ActionListener<A
                     // notify any forestalled request listeners; they will not reach to the
                     // authentication request and instead will use this result if they contain
                     // the same credentials
-                    listenableCacheEntry.onResponse(new CachedResult(authResult, cacheHasher, authResult.getValue(), token.credentials()));
+                    listenableCacheEntry.onResponse(
+                        new CachedResult(authResult, credentialHasher, authResult.getValue(), token.credentials())
+                    );
                     listener.onResponse(authResult);
                 }, e -> {
                     cache.invalidate(token.principal(), listenableCacheEntry);
@@ -282,7 +322,7 @@ private void lookupWithCache(String username, ActionListener<User> listener) {
             if (false == lookupInCache.get()) {
                 // attempt lookup against the user directory
                 doLookupUser(username, ActionListener.wrap(user -> {
-                    final CachedResult result = new CachedResult(AuthenticationResult.notHandled(), cacheHasher, user, null);
+                    final CachedResult result = new CachedResult(AuthenticationResult.notHandled(), credentialHasher, user, null);
                     if (user == null) {
                         // user not found, invalidate cache so that subsequent requests are forwarded to
                         // the user directory
@@ -311,7 +351,20 @@ private void lookupWithCache(String username, ActionListener<User> listener) {
 
     protected abstract void doLookupUser(String username, ActionListener<User> listener);
 
-    private static class CachedResult {
+    protected interface UserAuthenticationCache {
+        void invalidate(String key);
+
+        void invalidate(String key, ListenableFuture<CachedResult> value);
+
+        void invalidateAll();
+
+        int count();
+
+        ListenableFuture<CachedResult> computeIfAbsent(String key, CacheLoader<String, ListenableFuture<CachedResult>> loader)
+            throws ExecutionException;
+    }
+
+    protected static class CachedResult {
         private final AuthenticationResult<User> authenticationResult;
         private final User user;
         private final char[] hash;