Toss supplier

n1v0lg · n1v0lg · commit d8ed014da310 · 2025-03-10T11:22:37.000+01:00
diff --git a/server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java b/server/src/main/java/org/elasticsearch/cluster/metadata/IndexAbstractionResolver.java
@@ -24,7 +24,6 @@
 import java.util.Set;
 import java.util.function.BiPredicate;
 import java.util.function.Function;
-import java.util.function.Supplier;
 
 public class IndexAbstractionResolver {
 
@@ -38,7 +37,7 @@ public List<String> resolveIndexAbstractions(
         Iterable<String> indices,
         IndicesOptions indicesOptions,
         ProjectMetadata projectMetadata,
-        Function<String, Supplier<Set<String>>> allAuthorizedAndAvailableBySelector,
+        Function<String, Set<String>> allAuthorizedAndAvailableBySelector,
         BiPredicate<String, String> isAuthorized,
         boolean includeDataStreams
     ) {
@@ -72,7 +71,7 @@ public List<String> resolveIndexAbstractions(
             if (indicesOptions.expandWildcardExpressions() && Regex.isSimpleMatchPattern(indexAbstraction)) {
                 wildcardSeen = true;
                 Set<String> resolvedIndices = new HashSet<>();
-                for (String authorizedIndex : allAuthorizedAndAvailableBySelector.apply(selectorString).get()) {
+                for (String authorizedIndex : allAuthorizedAndAvailableBySelector.apply(selectorString)) {
                     if (Regex.simpleMatch(indexAbstraction, authorizedIndex)
                         && isIndexVisible(
                             indexAbstraction,
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/AuthorizationEngine.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/AuthorizationEngine.java
@@ -39,7 +39,6 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
-import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
 import static org.elasticsearch.action.ValidateActions.addValidationError;
@@ -290,8 +289,9 @@ interface AuthorizedIndices {
         /**
          * Returns all the index-like resource names that are available and accessible for an action type and selector by a user,
          * at a fixed point in time (for a single cluster state view).
+         * The result is cached and subsequent calls to this method are idempotent.
          */
-        Supplier<Set<String>> all(@Nullable String selector);
+        Set<String> all(@Nullable String selector);
 
         /**
          * Checks if an index-like resource name is authorized, for an action by a user. The resource might or might not exist.
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolver.java
@@ -49,7 +49,6 @@
 import java.util.SortedMap;
 import java.util.concurrent.CopyOnWriteArraySet;
 import java.util.function.BiPredicate;
-import java.util.function.Supplier;
 
 import static org.elasticsearch.xpack.core.security.authz.IndicesAndAliasesResolverField.NO_INDEX_PLACEHOLDER;
 
@@ -323,7 +322,7 @@ ResolvedIndices resolveIndicesAndAliases(
                     );
                 }
                 if (indicesOptions.expandWildcardExpressions()) {
-                    for (String authorizedIndex : authorizedIndices.all(allIndicesPatternSelector).get()) {
+                    for (String authorizedIndex : authorizedIndices.all(allIndicesPatternSelector)) {
                         if (IndexAbstractionResolver.isIndexVisible(
                             "*",
                             allIndicesPatternSelector,
@@ -389,7 +388,7 @@ ResolvedIndices resolveIndicesAndAliases(
             if (aliasesRequest.expandAliasesWildcards()) {
                 List<String> aliases = replaceWildcardsWithAuthorizedAliases(
                     aliasesRequest.aliases(),
-                    loadAuthorizedAliases(authorizedIndices.all(null), projectMetadata)
+                    loadAuthorizedAliases(authorizedIndices, projectMetadata)
                 );
                 aliasesRequest.replaceAliases(aliases.toArray(new String[aliases.size()]));
             }
@@ -483,10 +482,13 @@ static String getPutMappingIndexOrAlias(
         return resolvedAliasOrIndex;
     }
 
-    private static List<String> loadAuthorizedAliases(Supplier<Set<String>> authorizedIndices, ProjectMetadata projectMetadata) {
+    private static List<String> loadAuthorizedAliases(
+        AuthorizationEngine.AuthorizedIndices authorizedIndices,
+        ProjectMetadata projectMetadata
+    ) {
         List<String> authorizedAliases = new ArrayList<>();
         SortedMap<String, IndexAbstraction> existingAliases = projectMetadata.getIndicesLookup();
-        for (String authorizedIndex : authorizedIndices.get()) {
+        for (String authorizedIndex : authorizedIndices.all(null)) {
             IndexAbstraction indexAbstraction = existingAliases.get(authorizedIndex);
             if (indexAbstraction != null && indexAbstraction.getType() == IndexAbstraction.Type.ALIAS) {
                 authorizedAliases.add(authorizedIndex);
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/RBACEngine.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/RBACEngine.java
@@ -1091,10 +1091,10 @@ static final class AuthorizedIndices implements AuthorizationEngine.AuthorizedIn
         }
 
         @Override
-        public Supplier<Set<String>> all(@Nullable String selector) {
+        public Set<String> all(@Nullable String selector) {
             return IndexComponentSelector.FAILURES.equals(IndexComponentSelector.getByKeyOrThrow(selector))
-                ? failureStoreAuthorizedAndAvailableSupplier
-                : authorizedAndAvailableSupplier;
+                ? failureStoreAuthorizedAndAvailableSupplier.get()
+                : authorizedAndAvailableSupplier.get();
         }
 
         @Override
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizedIndicesTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizedIndicesTests.java
@@ -55,7 +55,7 @@ public void testAuthorizedIndicesUserWithoutRoles() {
             Metadata.EMPTY_METADATA.getProject().getIndicesLookup(),
             () -> ignore -> {}
         );
-        assertTrue(authorizedIndices.all(null).get().isEmpty());
+        assertTrue(authorizedIndices.all(null).isEmpty());
     }
 
     public void testAuthorizedIndicesUserWithSomeRoles() {
@@ -115,14 +115,14 @@ public void testAuthorizedIndicesUserWithSomeRoles() {
             metadata.getProject().getIndicesLookup(),
             () -> ignore -> {}
         );
-        assertThat(authorizedIndices.all(null).get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
-        assertThat(authorizedIndices.all(null).get(), not(contains("bbbbb")));
+        assertThat(authorizedIndices.all(null), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
+        assertThat(authorizedIndices.all(null), not(contains("bbbbb")));
         assertThat(authorizedIndices.check("bbbbb", null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains("ba")));
+        assertThat(authorizedIndices.all(null), not(contains("ba")));
         assertThat(authorizedIndices.check("ba", null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains(internalSecurityIndex)));
+        assertThat(authorizedIndices.all(null), not(contains(internalSecurityIndex)));
         assertThat(authorizedIndices.check(internalSecurityIndex, null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
+        assertThat(authorizedIndices.all(null), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
         assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS, null), is(false));
     }
 
@@ -134,7 +134,7 @@ public void testAuthorizedIndicesUserWithSomeRolesEmptyMetadata() {
             Metadata.EMPTY_METADATA.getProject().getIndicesLookup(),
             () -> ignore -> {}
         );
-        assertTrue(authorizedIndices.all(null).get().isEmpty());
+        assertTrue(authorizedIndices.all(null).isEmpty());
     }
 
     public void testSecurityIndicesAreRemovedFromRegularUser() {
@@ -145,7 +145,7 @@ public void testSecurityIndicesAreRemovedFromRegularUser() {
             Metadata.EMPTY_METADATA.getProject().getIndicesLookup(),
             () -> ignore -> {}
         );
-        assertTrue(authorizedIndices.all(null).get().isEmpty());
+        assertTrue(authorizedIndices.all(null).isEmpty());
     }
 
     public void testSecurityIndicesAreRestrictedForDefaultRole() {
@@ -177,12 +177,12 @@ public void testSecurityIndicesAreRestrictedForDefaultRole() {
             metadata.getProject().getIndicesLookup(),
             () -> ignore -> {}
         );
-        assertThat(authorizedIndices.all(null).get(), containsInAnyOrder("an-index", "another-index"));
+        assertThat(authorizedIndices.all(null), containsInAnyOrder("an-index", "another-index"));
         assertThat(authorizedIndices.check("an-index", null), is(true));
         assertThat(authorizedIndices.check("another-index", null), is(true));
-        assertThat(authorizedIndices.all(null).get(), not(contains(internalSecurityIndex)));
+        assertThat(authorizedIndices.all(null), not(contains(internalSecurityIndex)));
         assertThat(authorizedIndices.check(internalSecurityIndex, null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
+        assertThat(authorizedIndices.all(null), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
         assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS, null), is(false));
     }
 
@@ -216,7 +216,7 @@ public void testSecurityIndicesAreNotRemovedFromUnrestrictedRole() {
             () -> ignore -> {}
         );
         assertThat(
-            authorizedIndices.all(null).get(),
+            authorizedIndices.all(null),
             containsInAnyOrder("an-index", "another-index", SecuritySystemIndices.SECURITY_MAIN_ALIAS, internalSecurityIndex)
         );
 
@@ -227,7 +227,7 @@ public void testSecurityIndicesAreNotRemovedFromUnrestrictedRole() {
             () -> ignore -> {}
         );
         assertThat(
-            authorizedIndicesSuperUser.all(null).get(),
+            authorizedIndicesSuperUser.all(null),
             containsInAnyOrder("an-index", "another-index", SecuritySystemIndices.SECURITY_MAIN_ALIAS, internalSecurityIndex)
         );
     }
@@ -297,21 +297,21 @@ public void testDataStreamsAreNotIncludedInAuthorizedIndices() {
             metadata.getProject().getIndicesLookup(),
             () -> ignore -> {}
         );
-        assertThat(authorizedIndices.all(null).get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
+        assertThat(authorizedIndices.all(null), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab"));
         for (String resource : List.of("a1", "a2", "aaaaaa", "b", "ab")) {
             assertThat(authorizedIndices.check(resource, null), is(true));
         }
-        assertThat(authorizedIndices.all(null).get(), not(contains("bbbbb")));
+        assertThat(authorizedIndices.all(null), not(contains("bbbbb")));
         assertThat(authorizedIndices.check("bbbbb", null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains("ba")));
+        assertThat(authorizedIndices.all(null), not(contains("ba")));
         assertThat(authorizedIndices.check("ba", null), is(false));
         // due to context, datastreams are excluded from wildcard expansion
-        assertThat(authorizedIndices.all(null).get(), not(contains("adatastream1")));
+        assertThat(authorizedIndices.all(null), not(contains("adatastream1")));
         // but they are authorized when explicitly tested (they are not "unavailable" for the Security filter)
         assertThat(authorizedIndices.check("adatastream1", null), is(true));
-        assertThat(authorizedIndices.all(null).get(), not(contains(internalSecurityIndex)));
+        assertThat(authorizedIndices.all(null), not(contains(internalSecurityIndex)));
         assertThat(authorizedIndices.check(internalSecurityIndex, null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
+        assertThat(authorizedIndices.all(null), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
         assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS, null), is(false));
     }
 
@@ -382,14 +382,14 @@ public void testDataStreamsAreIncludedInAuthorizedIndices() {
             metadata.getProject().getIndicesLookup(),
             () -> ignore -> {}
         );
-        assertThat(authorizedIndices.all(null).get(), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab", "adatastream1", backingIndex));
-        assertThat(authorizedIndices.all(null).get(), not(contains("bbbbb")));
+        assertThat(authorizedIndices.all(null), containsInAnyOrder("a1", "a2", "aaaaaa", "b", "ab", "adatastream1", backingIndex));
+        assertThat(authorizedIndices.all(null), not(contains("bbbbb")));
         assertThat(authorizedIndices.check("bbbbb", null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains("ba")));
+        assertThat(authorizedIndices.all(null), not(contains("ba")));
         assertThat(authorizedIndices.check("ba", null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains(internalSecurityIndex)));
+        assertThat(authorizedIndices.all(null), not(contains(internalSecurityIndex)));
         assertThat(authorizedIndices.check(internalSecurityIndex, null), is(false));
-        assertThat(authorizedIndices.all(null).get(), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
+        assertThat(authorizedIndices.all(null), not(contains(SecuritySystemIndices.SECURITY_MAIN_ALIAS)));
         assertThat(authorizedIndices.check(SecuritySystemIndices.SECURITY_MAIN_ALIAS, null), is(false));
     }
 
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolverTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/IndicesAndAliasesResolverTests.java
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RBACEngineTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RBACEngineTests.java

Original file line number	Diff line number	Diff line change
`@@ -1091,10 +1091,10 @@ static final class AuthorizedIndices implements AuthorizationEngine.AuthorizedIn`
`1091`	`1091`	`}`
`1092`	`1092`
`1093`	`1093`	`@Override`
`1094`		`- public Supplier<Set<String>> all(@Nullable String selector) {`
	`1094`	`+ public Set<String> all(@Nullable String selector) {`
`1095`	`1095`	`return IndexComponentSelector.FAILURES.equals(IndexComponentSelector.getByKeyOrThrow(selector))`
`1096`		`- ? failureStoreAuthorizedAndAvailableSupplier`
`1097`		`- : authorizedAndAvailableSupplier;`
	`1096`	`+ ? failureStoreAuthorizedAndAvailableSupplier.get()`
	`1097`	`+ : authorizedAndAvailableSupplier.get();`
`1098`	`1098`	`}`
`1099`	`1099`
`1100`	`1100`	`@Override`