package org.elasticsearch.xpack.security.authz.store;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.function.Consumer;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.DocWriteResponse;
import org.elasticsearch.action.delete.DeleteRequest;
import org.elasticsearch.action.delete.DeleteResponse;
import org.elasticsearch.action.get.GetResponse;
import org.elasticsearch.action.index.IndexResponse;
import org.elasticsearch.action.search.MultiSearchRequestBuilder;
import org.elasticsearch.action.search.MultiSearchResponse;
import org.elasticsearch.action.search.SearchRequest;
import org.elasticsearch.action.support.ThreadedActionListener;
import org.elasticsearch.action.support.TransportActions;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.cache.Cache;
import org.elasticsearch.common.cache.CacheBuilder;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.concurrent.ReleasableLock;
import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.gateway.GatewayService;
import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.index.get.GetResult;
import org.elasticsearch.index.query.MatchAllQueryBuilder;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.xpack.security.InternalClient;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.SecurityTemplateService;
import org.elasticsearch.xpack.security.action.role.ClearRolesCacheRequest;
import org.elasticsearch.xpack.security.action.role.ClearRolesCacheResponse;
import org.elasticsearch.xpack.security.action.role.DeleteRoleRequest;
import org.elasticsearch.xpack.security.action.role.PutRoleRequest;
import org.elasticsearch.xpack.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.security.authz.permission.IndicesPermission;
import org.elasticsearch.xpack.security.authz.permission.Role;
import org.elasticsearch.xpack.security.client.SecurityClient;

/* loaded from: input_file:org/elasticsearch/xpack/security/authz/store/NativeRolesStore.class */
public class NativeRolesStore extends AbstractComponent implements ClusterStateListener {
    private static final Setting<Integer> CACHE_SIZE_SETTING = Setting.intSetting(Security.setting("authz.store.roles.index.cache.max_size"), 10000, new Setting.Property[]{Setting.Property.NodeScope});
    private static final Setting<TimeValue> CACHE_TTL_SETTING = Setting.timeSetting(Security.setting("authz.store.roles.index.cache.ttl"), TimeValue.timeValueMinutes(20), new Setting.Property[]{Setting.Property.NodeScope});
    private static final String ROLE_DOC_TYPE = "role";
    private final InternalClient client;
    private final AtomicReference<State> state;
    private final boolean isTribeNode;
    private final Cache<String, RoleAndVersion> roleCache;
    private final ReleasableLock readLock;
    private final ReleasableLock writeLock;
    private SecurityClient securityClient;
    private final AtomicLong numInvalidation;
    private volatile boolean securityIndexExists;
    private volatile boolean canWrite;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/elasticsearch/xpack/security/authz/store/NativeRolesStore$RoleAndVersion.class */
    public static class RoleAndVersion {
        private static final RoleAndVersion NON_EXISTENT = new RoleAndVersion();
        private final RoleDescriptor roleDescriptor;
        private final Role role;
        private final long version;

        private RoleAndVersion() {
            this.roleDescriptor = null;
            this.role = null;
            this.version = Long.MIN_VALUE;
        }

        RoleAndVersion(RoleDescriptor roleDescriptor, long j) {
            this.roleDescriptor = roleDescriptor;
            this.role = Role.builder(roleDescriptor).build();
            this.version = j;
        }

        RoleDescriptor getRoleDescriptor() {
            return this.roleDescriptor;
        }

        Role getRole() {
            return this.role;
        }

        long getVersion() {
            return this.version;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/security/authz/store/NativeRolesStore$State.class */
    public enum State {
        INITIALIZED,
        STARTING,
        STARTED,
        STOPPING,
        STOPPED,
        FAILED
    }

    public NativeRolesStore(Settings settings, InternalClient internalClient) {
        super(settings);
        this.state = new AtomicReference<>(State.INITIALIZED);
        ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
        this.readLock = new ReleasableLock(reentrantReadWriteLock.readLock());
        this.writeLock = new ReleasableLock(reentrantReadWriteLock.writeLock());
        this.numInvalidation = new AtomicLong(0L);
        this.securityIndexExists = false;
        this.canWrite = false;
        this.client = internalClient;
        this.roleCache = CacheBuilder.builder().setMaximumWeight(((Integer) CACHE_SIZE_SETTING.get(settings)).intValue()).setExpireAfterWrite((TimeValue) CACHE_TTL_SETTING.get(settings)).build();
        this.isTribeNode = !settings.getGroups("tribe", true).isEmpty();
    }

    public boolean canStart(ClusterState clusterState, boolean z) {
        if (state() != State.INITIALIZED) {
            return false;
        }
        if (clusterState.blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
            this.logger.debug("native roles store waiting until gateway has recovered from disk");
            return false;
        }
        if (this.isTribeNode) {
            return true;
        }
        if (SecurityTemplateService.securityIndexMappingAndTemplateUpToDate(clusterState, this.logger)) {
            this.canWrite = true;
        } else {
            if (!SecurityTemplateService.securityIndexMappingAndTemplateSufficientToRead(clusterState, this.logger)) {
                this.canWrite = false;
                return false;
            }
            this.canWrite = false;
        }
        if (clusterState.metaData().index(SecurityTemplateService.SECURITY_INDEX_NAME) == null) {
            this.logger.debug("security index [{}] does not exist, so service can start", SecurityTemplateService.SECURITY_INDEX_NAME);
            return true;
        }
        if (!clusterState.routingTable().index(SecurityTemplateService.SECURITY_INDEX_NAME).allPrimaryShardsActive()) {
            return false;
        }
        this.logger.debug("security index [{}] all primary shards started, so service can start", SecurityTemplateService.SECURITY_INDEX_NAME);
        this.securityIndexExists = true;
        return true;
    }

    public void start() {
        try {
            if (this.state.compareAndSet(State.INITIALIZED, State.STARTING)) {
                this.securityClient = new SecurityClient(this.client);
                this.state.set(State.STARTED);
            }
        } catch (Exception e) {
            this.logger.error("failed to start ESNativeRolesStore", e);
            this.state.set(State.FAILED);
        }
    }

    public void stop() {
        if (this.state.compareAndSet(State.STARTED, State.STOPPING)) {
            this.state.set(State.STOPPED);
        }
    }

    public void getRoleDescriptors(String[] strArr, ActionListener<Collection<RoleDescriptor>> actionListener) {
        MatchAllQueryBuilder filter;
        if (state() != State.STARTED) {
            this.logger.trace("attempted to get roles before service was started");
            actionListener.onFailure(new IllegalStateException("roles cannot be retrieved as native role service has not been started"));
            return;
        }
        if (strArr != null && strArr.length == 1) {
            String str = (String) Objects.requireNonNull(strArr[0]);
            Consumer consumer = roleAndVersion -> {
                actionListener.onResponse((roleAndVersion == null || roleAndVersion.getRoleDescriptor() == null) ? Collections.emptyList() : Collections.singletonList(roleAndVersion.getRoleDescriptor()));
            };
            actionListener.getClass();
            getRoleAndVersion(str, ActionListener.wrap(consumer, actionListener::onFailure));
            return;
        }
        if (strArr != null) {
            try {
                if (strArr.length != 0) {
                    filter = QueryBuilders.boolQuery().filter(QueryBuilders.idsQuery(new String[]{ROLE_DOC_TYPE}).addIds(strArr));
                    SearchRequest request = this.client.prepareSearch(new String[]{SecurityTemplateService.SECURITY_INDEX_NAME}).setTypes(new String[]{ROLE_DOC_TYPE}).setScroll(TimeValue.timeValueSeconds(10L)).setQuery(filter).setSize(1000).setFetchSource(true).request();
                    request.indicesOptions().ignoreUnavailable();
                    InternalClient.fetchAllByEntity(this.client, request, actionListener, searchHit -> {
                        return transformRole(searchHit.getId(), searchHit.getSourceRef(), this.logger);
                    });
                }
            } catch (Exception e) {
                this.logger.error(() -> {
                    return new ParameterizedMessage("unable to retrieve roles {}", Arrays.toString(strArr));
                }, e);
                actionListener.onFailure(e);
                return;
            }
        }
        filter = QueryBuilders.matchAllQuery();
        SearchRequest request2 = this.client.prepareSearch(new String[]{SecurityTemplateService.SECURITY_INDEX_NAME}).setTypes(new String[]{ROLE_DOC_TYPE}).setScroll(TimeValue.timeValueSeconds(10L)).setQuery(filter).setSize(1000).setFetchSource(true).request();
        request2.indicesOptions().ignoreUnavailable();
        InternalClient.fetchAllByEntity(this.client, request2, actionListener, searchHit2 -> {
            return transformRole(searchHit2.getId(), searchHit2.getSourceRef(), this.logger);
        });
    }

    public void deleteRole(final DeleteRoleRequest deleteRoleRequest, final ActionListener<Boolean> actionListener) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to delete role [{}] before service was started", deleteRoleRequest.name());
            actionListener.onResponse(false);
        } else if (this.isTribeNode) {
            actionListener.onFailure(new UnsupportedOperationException("roles may not be deleted using a tribe node"));
            return;
        } else if (!this.canWrite) {
            actionListener.onFailure(new IllegalStateException("role cannot be deleted as service cannot write until template and mappings are up to date"));
            return;
        }
        try {
            DeleteRequest request = this.client.prepareDelete(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, deleteRoleRequest.name()).request();
            request.setRefreshPolicy(deleteRoleRequest.getRefreshPolicy());
            this.client.delete(request, new ActionListener<DeleteResponse>() { // from class: org.elasticsearch.xpack.security.authz.store.NativeRolesStore.1
                public void onResponse(DeleteResponse deleteResponse) {
                    NativeRolesStore.this.clearRoleCache(deleteRoleRequest.name(), actionListener, Boolean.valueOf(deleteResponse.getResult() == DocWriteResponse.Result.DELETED));
                }

                public void onFailure(Exception exc) {
                    NativeRolesStore.this.logger.error("failed to delete role from the index", exc);
                    actionListener.onFailure(exc);
                }
            });
        } catch (IndexNotFoundException e) {
            this.logger.trace("security index does not exist", e);
            actionListener.onResponse(false);
        } catch (Exception e2) {
            this.logger.error("unable to remove role", e2);
            actionListener.onFailure(e2);
        }
    }

    public void putRole(final PutRoleRequest putRoleRequest, final RoleDescriptor roleDescriptor, final ActionListener<Boolean> actionListener) {
        if (state() != State.STARTED) {
            this.logger.trace("attempted to put role [{}] before service was started", putRoleRequest.name());
            actionListener.onResponse(false);
        } else if (this.isTribeNode) {
            actionListener.onFailure(new UnsupportedOperationException("roles may not be created or modified using a tribe node"));
            return;
        } else if (!this.canWrite) {
            actionListener.onFailure(new IllegalStateException("role cannot be created or modified as service cannot write until template and mappings are up to date"));
            return;
        }
        try {
            this.client.prepareIndex(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, roleDescriptor.getName()).setSource(roleDescriptor.toXContent(XContentFactory.jsonBuilder(), ToXContent.EMPTY_PARAMS)).setRefreshPolicy(putRoleRequest.getRefreshPolicy()).execute(new ActionListener<IndexResponse>() { // from class: org.elasticsearch.xpack.security.authz.store.NativeRolesStore.2
                public void onResponse(IndexResponse indexResponse) {
                    NativeRolesStore.this.clearRoleCache(roleDescriptor.getName(), actionListener, Boolean.valueOf(indexResponse.getResult() == DocWriteResponse.Result.CREATED));
                }

                public void onFailure(Exception exc) {
                    Logger logger = NativeRolesStore.this.logger;
                    PutRoleRequest putRoleRequest2 = putRoleRequest;
                    logger.error(() -> {
                        return new ParameterizedMessage("failed to put role [{}]", putRoleRequest2.name());
                    }, exc);
                    actionListener.onFailure(exc);
                }
            });
        } catch (Exception e) {
            this.logger.error(() -> {
                return new ParameterizedMessage("unable to put role [{}]", putRoleRequest.name());
            }, e);
            actionListener.onFailure(e);
        }
    }

    public void role(String str, final ActionListener<Role> actionListener) {
        if (state() != State.STARTED) {
            actionListener.onResponse((Object) null);
        } else {
            getRoleAndVersion(str, new ActionListener<RoleAndVersion>() { // from class: org.elasticsearch.xpack.security.authz.store.NativeRolesStore.3
                public void onResponse(RoleAndVersion roleAndVersion) {
                    actionListener.onResponse(roleAndVersion == null ? null : roleAndVersion.getRole());
                }

                public void onFailure(Exception exc) {
                    actionListener.onFailure(exc);
                }
            });
        }
    }

    public Map<String, Object> usageStats() {
        if (state() != State.STARTED) {
            return Collections.emptyMap();
        }
        boolean z = false;
        boolean z2 = false;
        HashMap hashMap = new HashMap();
        if (!this.securityIndexExists) {
            hashMap.put("size", 0L);
            hashMap.put("fls", false);
            hashMap.put("dls", false);
            return hashMap;
        }
        long j = 0;
        ReleasableLock acquire = this.writeLock.acquire();
        Throwable th = null;
        try {
            for (RoleAndVersion roleAndVersion : this.roleCache.values()) {
                if (roleAndVersion != RoleAndVersion.NON_EXISTENT) {
                    j++;
                    Iterator<IndicesPermission.Group> it = roleAndVersion.getRole().indices().iterator();
                    while (it.hasNext()) {
                        IndicesPermission.Group next = it.next();
                        z2 = z2 || next.getFieldPermissions().hasFieldLevelSecurity();
                        z = z || next.hasQuery();
                    }
                }
            }
            if (!z2 || !z) {
                MultiSearchRequestBuilder add = this.client.prepareMultiSearch().add(this.client.prepareSearch(new String[]{SecurityTemplateService.SECURITY_INDEX_NAME}).setTypes(new String[]{ROLE_DOC_TYPE}).setQuery(QueryBuilders.matchAllQuery()).setSize(0));
                if (!z2) {
                    add.add(this.client.prepareSearch(new String[]{SecurityTemplateService.SECURITY_INDEX_NAME}).setTypes(new String[]{ROLE_DOC_TYPE}).setQuery(QueryBuilders.boolQuery().should(QueryBuilders.existsQuery("indices.field_security.grant")).should(QueryBuilders.existsQuery("indices.field_security.except")).should(QueryBuilders.existsQuery("indices.fields"))).setSize(0).setTerminateAfter(1));
                }
                if (!z) {
                    add.add(this.client.prepareSearch(new String[]{SecurityTemplateService.SECURITY_INDEX_NAME}).setTypes(new String[]{ROLE_DOC_TYPE}).setQuery(QueryBuilders.existsQuery("indices.query")).setSize(0).setTerminateAfter(1));
                }
                int i = 0;
                MultiSearchResponse.Item[] responses = add.get().getResponses();
                if (!responses[0].isFailure()) {
                    j = responses[0].getResponse().getHits().getTotalHits();
                }
                if (!z2) {
                    i = 0 + 1;
                    if (!responses[i].isFailure()) {
                        z2 = responses[i].getResponse().getHits().getTotalHits() > 0;
                    }
                }
                if (!z) {
                    int i2 = i + 1;
                    if (!responses[i2].isFailure()) {
                        z = responses[i2].getResponse().getHits().getTotalHits() > 0;
                    }
                }
            }
            hashMap.put("size", Long.valueOf(j));
            hashMap.put("fls", Boolean.valueOf(z2));
            hashMap.put("dls", Boolean.valueOf(z));
            return hashMap;
        } finally {
            if (acquire != null) {
                if (0 != 0) {
                    try {
                        acquire.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    acquire.close();
                }
            }
        }
    }

    private void getRoleAndVersion(final String str, final ActionListener<RoleAndVersion> actionListener) {
        if (!this.securityIndexExists) {
            actionListener.onResponse((Object) null);
            return;
        }
        RoleAndVersion roleAndVersion = (RoleAndVersion) this.roleCache.get(str);
        if (roleAndVersion != null) {
            actionListener.onResponse(roleAndVersion);
        } else {
            final long j = this.numInvalidation.get();
            executeGetRoleRequest(str, new ActionListener<GetResponse>() { // from class: org.elasticsearch.xpack.security.authz.store.NativeRolesStore.4
                public void onResponse(GetResponse getResponse) {
                    RoleAndVersion roleAndVersion2;
                    RoleDescriptor transformRole = NativeRolesStore.this.transformRole(getResponse);
                    if (transformRole != null) {
                        NativeRolesStore.this.logger.debug("loaded role [{}] from index with version [{}]", str, Long.valueOf(getResponse.getVersion()));
                        roleAndVersion2 = new RoleAndVersion(transformRole, getResponse.getVersion());
                    } else {
                        roleAndVersion2 = RoleAndVersion.NON_EXISTENT;
                    }
                    try {
                        ReleasableLock acquire = NativeRolesStore.this.readLock.acquire();
                        Throwable th = null;
                        try {
                            try {
                                if (j == NativeRolesStore.this.numInvalidation.get()) {
                                    RoleAndVersion roleAndVersion3 = roleAndVersion2;
                                    NativeRolesStore.this.roleCache.computeIfAbsent(str, str2 -> {
                                        return roleAndVersion3;
                                    });
                                }
                                if (acquire != null) {
                                    if (0 != 0) {
                                        try {
                                            acquire.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        acquire.close();
                                    }
                                }
                                actionListener.onResponse(roleAndVersion2);
                            } finally {
                            }
                        } finally {
                        }
                    } catch (ExecutionException e) {
                        throw new AssertionError("failed to load constant non-null value", e);
                    }
                }

                public void onFailure(Exception exc) {
                    if (TransportActions.isShardNotAvailableException(exc)) {
                        Logger logger = NativeRolesStore.this.logger;
                        String str2 = str;
                        logger.warn(() -> {
                            return new ParameterizedMessage("failed to load role [{}] index not available", str2);
                        }, exc);
                        actionListener.onResponse(RoleAndVersion.NON_EXISTENT);
                        return;
                    }
                    Logger logger2 = NativeRolesStore.this.logger;
                    String str3 = str;
                    logger2.error(() -> {
                        return new ParameterizedMessage("failed to load role [{}]", str3);
                    }, exc);
                    actionListener.onFailure(exc);
                }
            });
        }
    }

    void executeGetRoleRequest(String str, ActionListener<GetResponse> actionListener) {
        try {
            this.client.get(this.client.prepareGet(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, str).request(), new ThreadedActionListener(this.logger, this.client.threadPool(), "listener", actionListener, true));
        } catch (IndexNotFoundException e) {
            this.logger.trace(() -> {
                return new ParameterizedMessage("unable to retrieve role [{}] since security index does not exist", str);
            }, e);
            actionListener.onResponse(new GetResponse(new GetResult(SecurityTemplateService.SECURITY_INDEX_NAME, ROLE_DOC_TYPE, str, -1L, false, (BytesReference) null, (Map) null)));
        } catch (Exception e2) {
            this.logger.error("unable to retrieve role", e2);
            actionListener.onFailure(e2);
        }
    }

    public void reset() {
        State state = state();
        if (state != State.STOPPED && state != State.FAILED) {
            throw new IllegalStateException("can only reset if stopped!!!");
        }
        invalidateAll();
        this.securityIndexExists = false;
        this.canWrite = false;
        this.state.set(State.INITIALIZED);
    }

    public void invalidateAll() {
        this.logger.debug("invalidating all roles in cache");
        this.numInvalidation.incrementAndGet();
        ReleasableLock acquire = this.readLock.acquire();
        Throwable th = null;
        try {
            this.roleCache.invalidateAll();
            if (acquire != null) {
                if (0 == 0) {
                    acquire.close();
                    return;
                }
                try {
                    acquire.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (acquire != null) {
                if (0 != 0) {
                    try {
                        acquire.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    acquire.close();
                }
            }
            throw th3;
        }
    }

    public void invalidate(String str) {
        this.logger.debug("invalidating role [{}] in cache", str);
        this.numInvalidation.incrementAndGet();
        ReleasableLock acquire = this.readLock.acquire();
        Throwable th = null;
        try {
            try {
                this.roleCache.invalidate(str);
                if (acquire != null) {
                    if (0 == 0) {
                        acquire.close();
                        return;
                    }
                    try {
                        acquire.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (acquire != null) {
                if (th != null) {
                    try {
                        acquire.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    acquire.close();
                }
            }
            throw th4;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <Response> void clearRoleCache(final String str, final ActionListener<Response> actionListener, final Response response) {
        this.securityClient.clearRolesCache(new ClearRolesCacheRequest().names(str), new ActionListener<ClearRolesCacheResponse>() { // from class: org.elasticsearch.xpack.security.authz.store.NativeRolesStore.5
            public void onResponse(ClearRolesCacheResponse clearRolesCacheResponse) {
                actionListener.onResponse(response);
            }

            public void onFailure(Exception exc) {
                Logger logger = NativeRolesStore.this.logger;
                String str2 = str;
                logger.error(() -> {
                    return new ParameterizedMessage("unable to clear cache for role [{}]", str2);
                }, exc);
                actionListener.onFailure(new ElasticsearchException("clearing the cache for [" + str + "] failed. please clear the role cache manually", exc, new Object[0]));
            }
        });
    }

    public void clusterChanged(ClusterChangedEvent clusterChangedEvent) {
        this.securityIndexExists = clusterChangedEvent.state().metaData().indices().get(SecurityTemplateService.SECURITY_INDEX_NAME) != null;
        this.canWrite = SecurityTemplateService.securityIndexMappingAndTemplateUpToDate(clusterChangedEvent.state(), this.logger);
    }

    public State state() {
        return this.state.get();
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public RoleDescriptor transformRole(GetResponse getResponse) {
        if (getResponse.isExists()) {
            return transformRole(getResponse.getId(), getResponse.getSourceAsBytesRef(), this.logger);
        }
        return null;
    }

    @Nullable
    static RoleDescriptor transformRole(String str, BytesReference bytesReference, Logger logger) {
        try {
            return RoleDescriptor.parse(str, bytesReference, true);
        } catch (Exception e) {
            logger.error(() -> {
                return new ParameterizedMessage("error in the format of data for role [{}]", str);
            }, e);
            return null;
        }
    }

    public static void addSettings(List<Setting<?>> list) {
        list.add(CACHE_SIZE_SETTING);
        list.add(CACHE_TTL_SETTING);
    }
}
