From 34e7e17e61bd43c9eac1a2bd8191e3c16cf0ddd0 Mon Sep 17 00:00:00 2001 From: Nils Bandener Date: Tue, 27 May 2025 18:51:01 +0200 Subject: [PATCH] Quick fix for tenant privilege performance issues Signed-off-by: Nils Bandener --- .../org/opensearch/security/securityconf/ConfigModelV7.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java b/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java index 463afafa88..e65f5709fc 100644 --- a/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java +++ b/src/main/java/org/opensearch/security/securityconf/ConfigModelV7.java @@ -1029,9 +1029,11 @@ private static boolean impliesTypePerm( private class TenantHolder { private SetMultimap> tenantsMM = null; + private final ImmutableSet allDefinedTenantNames; public TenantHolder(SecurityDynamicConfiguration roles, SecurityDynamicConfiguration definedTenants) { final Set>>>> futures = new HashSet<>(roles.getCEntries().size()); + this.allDefinedTenantNames = ImmutableSet.copyOf(definedTenants.getCEntries().keySet()); final ExecutorService execs = Executors.newFixedThreadPool(10); @@ -1053,7 +1055,7 @@ public Tuple>> call() throws Exception { // find Wildcarded tenant patterns List matchingTenants = WildcardMatcher.from(tenant.getTenant_patterns()) - .getMatchAny(definedTenants.getCEntries().keySet(), Collectors.toList()); + .getMatchAny(allDefinedTenantNames, Collectors.toList()); for (String matchingTenant : matchingTenants) { tuples.add( new Tuple( @@ -1146,7 +1148,7 @@ public Map mapTenants(final User user, Set roles) { // Indeed, because we don't have control over what will be // passed on as values of users' attributes, we have to make // sure that we don't allow them to select tenants that do not exist. - if (ConfigModelV7.this.tenants.getCEntries().keySet().contains(tenant)) { + if (this.allDefinedTenantNames.contains(tenant)) { result.put(tenant, rw); } }