Fix token invalidation when retries exhausted (#39799)

albertzaharovits · albertzaharovits · commit 3c7fafd0cc4f · 2019-03-08T20:18:59.000+02:00
Fixes an error about missing to call the index invalidation listener
when retry count is exhausted but there are still tokens to be retried.
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java
@@ -679,20 +679,24 @@ private void indexInvalidation(Collection<String> tokenIds, ActionListener<Token
                                 }
                             }
                         }
-                        if (retryTokenDocIds.isEmpty() == false) {
-                            if (backoff.hasNext()) {
-                                logger.debug("failed to invalidate [{}] tokens out of [{}], retrying to invalidate these too",
-                                        retryTokenDocIds.size(), tokenIds.size());
-                                final TokensInvalidationResult incompleteResult = new TokensInvalidationResult(invalidated,
+                        if (retryTokenDocIds.isEmpty() == false && backoff.hasNext()) {
+                            logger.debug("failed to invalidate [{}] tokens out of [{}], retrying to invalidate these too",
+                                    retryTokenDocIds.size(), tokenIds.size());
+                            final TokensInvalidationResult incompleteResult = new TokensInvalidationResult(invalidated,
                                         previouslyInvalidated, failedRequestResponses);
-                                final Runnable retryWithContextRunnable = client.threadPool().getThreadContext().preserveContext(
+                            final Runnable retryWithContextRunnable = client.threadPool().getThreadContext().preserveContext(
                                         () -> indexInvalidation(retryTokenDocIds, listener, backoff, srcPrefix, incompleteResult));
-                                client.threadPool().schedule(retryWithContextRunnable, backoff.next(), GENERIC);
-                            } else {
+                            client.threadPool().schedule(retryWithContextRunnable, backoff.next(), GENERIC);
+                        } else {
+                            if (retryTokenDocIds.isEmpty() == false) {
                                 logger.warn("failed to invalidate [{}] tokens out of [{}] after all retries", retryTokenDocIds.size(),
                                         tokenIds.size());
+                                for (String retryTokenDocId : retryTokenDocIds) {
+                                    failedRequestResponses.add(
+                                            new ElasticsearchException("Error invalidating [{}] with doc id [{}] after retries exhausted",
+                                                    srcPrefix, retryTokenDocId));
+                                }
                             }
-                        } else {
                             final TokensInvalidationResult result = new TokensInvalidationResult(invalidated, previouslyInvalidated,
                                     failedRequestResponses);
                             listener.onResponse(result);
