Store creds with connection

n1v0lg · Nov 30, 2023 · 324f84e · 324f84e
1 parent f477953
commit 324f84e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/server/src/main/java/org/elasticsearch/transport/RemoteConnectionManager.java b/server/src/main/java/org/elasticsearch/transport/RemoteConnectionManager.java
@@ -101,7 +101,9 @@ public void openConnection(DiscoveryNode node, @Nullable ConnectionProfile profi
             node,
             profile,
             listener.delegateFailureAndWrap(
-                (l, connection) -> l.onResponse(new InternalRemoteConnection(connection, clusterAlias, credentialsManager))
+                (l, connection) -> l.onResponse(
+                    new InternalRemoteConnection(connection, clusterAlias, credentialsManager.resolveCredentials(clusterAlias))
+                )
             )
         );
     }
@@ -212,7 +214,7 @@ public static RemoteClusterInfoTuple resolveRemoteClusterInfoTuple(Transport.Con
 
     private Transport.Connection getConnectionInternal(DiscoveryNode node) throws NodeNotConnectedException {
         Transport.Connection connection = delegate.getConnection(node);
-        return new InternalRemoteConnection(connection, clusterAlias, credentialsManager);
+        return new InternalRemoteConnection(connection, clusterAlias, credentialsManager.resolveCredentials(clusterAlias));
     }
 
     private synchronized void addConnectedNode(DiscoveryNode addedNode) {
@@ -318,23 +320,25 @@ private static final class InternalRemoteConnection implements Transport.Connect
         private static final Logger logger = LogManager.getLogger(InternalRemoteConnection.class);
         private final Transport.Connection connection;
         private final String clusterAlias;
-        private final RemoteClusterCredentialsManager clusterCredentialsManager;
+        @Nullable
+        private final SecureString clusterCredentials;
 
-        InternalRemoteConnection(Transport.Connection connection, String clusterAlias, RemoteClusterCredentialsManager credentialsManager) {
+        InternalRemoteConnection(Transport.Connection connection, String clusterAlias, @Nullable SecureString clusterCredentials) {
             assert false == connection instanceof InternalRemoteConnection : "should not double wrap";
             assert false == connection instanceof ProxyConnection
                 : "proxy connection should wrap internal remote connection, not the other way around";
             this.clusterAlias = Objects.requireNonNull(clusterAlias);
             this.connection = Objects.requireNonNull(connection);
-            this.clusterCredentialsManager = Objects.requireNonNull(credentialsManager);
+            this.clusterCredentials = clusterCredentials;
         }
 
         public String getClusterAlias() {
             return clusterAlias;
         }
 
+        @Nullable
         public SecureString getClusterCredentials() {
-            return clusterCredentialsManager.resolveCredentials(clusterAlias);
+            return clusterCredentials;
         }
 
         @Override
@@ -346,7 +350,7 @@ public DiscoveryNode getNode() {
         public void sendRequest(long requestId, String action, TransportRequest request, TransportRequestOptions options)
             throws IOException, TransportException {
             final String effectiveAction;
-            if (clusterCredentialsManager.hasCredentials(clusterAlias) && TransportService.HANDSHAKE_ACTION_NAME.equals(action)) {
+            if (clusterCredentials != null && TransportService.HANDSHAKE_ACTION_NAME.equals(action)) {
                 logger.trace("sending remote cluster specific handshake to node [{}] of remote cluster [{}]", getNode(), clusterAlias);
                 effectiveAction = REMOTE_CLUSTER_HANDSHAKE_ACTION_NAME;
             } else {
@@ -416,6 +420,6 @@ static InternalRemoteConnection wrapConnectionWithRemoteClusterInfo(
         String clusterAlias,
         RemoteClusterCredentialsManager credentialsManager
     ) {
-        return new InternalRemoteConnection(connection, clusterAlias, credentialsManager);
+        return new InternalRemoteConnection(connection, clusterAlias, credentialsManager.resolveCredentials(clusterAlias));
     }
 }
diff --git a/...alClusterTest/java/org/elasticsearch/xpack/security/ReloadRemoteClusterCredentialsIT.java b/...alClusterTest/java/org/elasticsearch/xpack/security/ReloadRemoteClusterCredentialsIT.java
@@ -52,6 +52,7 @@ public void testReloadRemoteClusterCredentials() throws Exception {
         successfulReloadCall();
 
         assertThat(remoteClusterService.getRemoteClusterCredentialsManager().resolveCredentials("my_remote_cluster"), equalTo(credentials));
+
     }
 
     private void successfulReloadCall() throws InterruptedException {
-Original file line number
+Diff line change
@@ Expand Up @@
             successfulReloadCall();
             assertThat(remoteClusterService.getRemoteClusterCredentialsManager().resolveCredentials("my_remote_cluster"), equalTo(credentials));
         }
         private void successfulReloadCall() throws InterruptedException {
@@ Expand Down @@