Wait until security index is ready for role mappings #92173
Conversation
grcevski
added
>bug
:Core/Infra/Core
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
|
Hi @grcevski, I've created a changelog YAML for you. |
…ki/elasticsearch into fix/file_settings_role_mappings_1
|
@elasticsearchmachine run elasticsearch-ci/part-1 |
|
@ywangd I think this is now ready to be reviewed. Thanks again! |
| logger.info("--> restart master"); | ||
| internalCluster().restartNode(masterNode); |
There was a problem hiding this comment.
If there are multiple nodes in the cluster, I think this test may not exercise the new logic. Because once the master node is restarted, it is likely that it won't be the master anymore. Hence the file setting related code won't run at all?
There was a problem hiding this comment.
Good point, I'll change the test to use only a single master node.
| Files.move(tempFilePath, fileSettingsService.operatorSettingsFile(), StandardCopyOption.ATOMIC_MOVE); | ||
| } | ||
|
|
||
| public void testFailsOnStartWithError() throws Exception { |
There was a problem hiding this comment.
Nit: maybe rename this to testFailsOnStartMasterNodeWithError since data node starts fine.
|
@elasticsearchmachine run elasticsearch-ci/bwc |
File based settings are always stored in the cluster state, except in one case - security role mappings. The role mappings are stored in the
.securitysystem index. While the cluster state is immediately available on bootstrap of the Node, the system indices might take a while to become available.This PR changes the flow of updating the role mappings, such that we properly wait for the role mappings to be saved until the security index becomes available.
The code for the PR is pretty much what @ywangd provided me with :). Thanks Yang!
Outstanding item:
Closes #91939