Merge pull request #2449 from atlanhq/PLT-302

PLT-302 Limit Persona policies assets
atlanhq · Nov 8, 2023 · e207622 · e207622
2 parents 6ef08eb + 0f1e3ac
commit e207622
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 3 deletions.
diff --git a/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java b/intg/src/main/java/org/apache/atlas/AtlasConfiguration.java
@@ -104,7 +104,9 @@ public enum AtlasConfiguration {
     INDEX_CLIENT_CONNECTION_TIMEOUT("atlas.index.client.connection.timeout.ms", 900000),
     INDEX_CLIENT_SOCKET_TIMEOUT("atlas.index.client.socket.timeout.ms", 900000),
     ENABLE_SEARCH_LOGGER("atlas.enable.search.logger", true),
-    SEARCH_LOGGER_MAX_THREADS("atlas.enable.search.logger.max.threads", 20);
+    SEARCH_LOGGER_MAX_THREADS("atlas.enable.search.logger.max.threads", 20),
+
+    PERSONA_POLICY_ASSET_MAX_LIMIT("atlas.persona.policy.asset.maxlimit", 1000);
 
 
     private static final Configuration APPLICATION_PROPERTIES;

diff --git a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java
@@ -282,7 +282,9 @@ public enum AtlasErrorCode {
     JSON_ERROR(400, "ATLAS-400-00-109", "Error occurred putting object into JSONObject: {0}"),
     DISABLED_OPERATION(400, "ATLAS-400-00-110", "This operation is temporarily disabled as it is under maintenance."),
     TASK_INVALID_PARAMETERS(400, "ATLAS-400-00-111", "Invalid parameters for task {0}"),
-    TASK_TYPE_NOT_SUPPORTED(400, "ATLAS-400-00-112", "Task type {0} is not supported");
+    TASK_TYPE_NOT_SUPPORTED(400, "ATLAS-400-00-112", "Task type {0} is not supported"),
+
+    PERSONA_POLICY_ASSETS_LIMIT_EXCEEDED(400, "ATLAS-400-00-113", "Exceeded limit of maximum allowed assets across policies for a Persona: Limit: {0}, assets: {1}");
 
 
     private String errorCode;

diff --git a/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java b/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java
@@ -17,6 +17,8 @@
  */
 package org.apache.atlas.repository.store.aliasstore;
 
+import org.apache.atlas.AtlasConfiguration;
+import org.apache.atlas.AtlasErrorCode;
 import org.apache.atlas.ESAliasRequestBuilder;
 import org.apache.atlas.ESAliasRequestBuilder.AliasAction;
 import org.apache.atlas.exception.AtlasBaseException;
@@ -69,6 +71,8 @@ public class ESAliasStore implements IndexAliasStore {
     private final AtlasGraph graph;
     private final EntityGraphRetriever entityRetriever;
 
+    private final int assetsMaxLimit = AtlasConfiguration.PERSONA_POLICY_ASSET_MAX_LIMIT.getInt();
+
     @Inject
     public ESAliasStore(AtlasGraph graph,
                         EntityGraphRetriever entityRetriever) {
@@ -166,7 +170,7 @@ private Map<String, Object> getFilterForPurpose(AtlasEntity purpose) throws Atla
 
     private void personaPolicyToESDslClauses(List<AtlasEntity> policies,
                                              List<Map<String, Object>> allowClauseList) throws AtlasBaseException {
-        Set<String> terms = new HashSet<>();
+        List<String> terms = new ArrayList<>();
         for (AtlasEntity policy: policies) {
 
             if (policy.getStatus() == null || AtlasEntity.Status.ACTIVE.equals(policy.getStatus())) {
@@ -196,6 +200,10 @@ private void personaPolicyToESDslClauses(List<AtlasEntity> policies,
             }
         }
 
+        if (terms.size() > assetsMaxLimit) {
+            throw new AtlasBaseException(AtlasErrorCode.PERSONA_POLICY_ASSETS_LIMIT_EXCEEDED, String.valueOf(assetsMaxLimit), String.valueOf(terms.size()));
+        }
+
         allowClauseList.add(mapOf("terms", mapOf(QUALIFIED_NAME, terms)));
     }