Resource watching for SSL reload does not need monitor entire directory

ES monitors SSL configuration files and hot-reloads them on change. However, instead of monitoring individual files, [ES monitors their parent directories](https://github.com/elastic/elasticsearch/blob/1cad44d43fe62a5aa3cddfb9de2ac65ba452b44b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloader.java#L118-L127). This could be wasteful because it ends up monitoring unnecessary files and directory traversal is in theory unbounded. In addition, hot-reload works only for files specified in the YAML configuration, i.e. you need to change an existing file for reload to happen, simply adding a new file does not work. 

We should fix it by monitoring individual files. As an example, the [SSL reloading for reindexing](https://github.com/elastic/elasticsearch/blob/471b3f510070e0a8ba396434bf2ec0d4e05afbef/modules/reindex/src/main/java/org/elasticsearch/reindex/ReindexSslConfig.java#L129) is already monitoring individual files.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Resource watching for SSL reload does not need monitor entire directory #96266

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Resource watching for SSL reload does not need monitor entire directory #96266

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions