From 3ac8801a4259d1037872e6a684417eb3d353d153 Mon Sep 17 00:00:00 2001
From: David Lin <dlin2028@gmail.com>
Date: Sun, 12 Nov 2023 21:23:10 -0600
Subject: [PATCH] add invalidateUserCache to BackendRegistry

---
 .../security/auth/BackendRegistry.java        | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/main/java/org/opensearch/security/auth/BackendRegistry.java b/src/main/java/org/opensearch/security/auth/BackendRegistry.java
index 3f6aae0720..8c8c51a745 100644
--- a/src/main/java/org/opensearch/security/auth/BackendRegistry.java
+++ b/src/main/java/org/opensearch/security/auth/BackendRegistry.java
@@ -166,6 +166,29 @@ public void invalidateCache() {
         restRoleCache.invalidateAll();
     }
 
+    public void invalidateUserCache(String username) {
+        if (username == null || username.isEmpty()) {
+            log.debug("No username given, not invalidating user cache.");
+            return;
+        }
+    
+        // Invalidate entries in the userCache by iterating over the keys and matching the username.
+        userCache.asMap().keySet().stream()
+            .filter(authCreds -> username.equals(authCreds.getUsername()))
+            .forEach(userCache::invalidate);
+    
+        // Invalidate entries in the restImpersonationCache directly since it uses the username as the key.
+        restImpersonationCache.invalidate(username);
+    
+        // Invalidate entries in the restRoleCache by iterating over the keys and matching the username.
+        restRoleCache.asMap().keySet().stream()
+            .filter(user -> username.equals(user.getName()))
+            .forEach(restRoleCache::invalidate);
+    
+        // If the user isn't found it still says this which could be bad
+        log.debug("Invalidated cache for user {}", username);
+    }
+    
     @Subscribe
     public void onDynamicConfigModelChanged(DynamicConfigModel dcm) {