Skip to content

Commit

Permalink
Merge pull request #2499 from atlanhq/master
Browse files Browse the repository at this point in the history 
Merge master
  • Loading branch information
@ektavarma10
ektavarma10 authored Nov 20, 2023
2 parents 92a6749 + 88ef584 commit 48780f8
Showing 1 changed file with 23 additions and 27 deletions.
50 changes: 23 additions & 27 deletions repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,46 +171,42 @@ private Map<String, Object> getFilterForPurpose(AtlasEntity purpose) throws Atla
private void personaPolicyToESDslClauses(List<AtlasEntity> policies,
List<Map<String, Object>> allowClauseList) throws AtlasBaseException {
List<String> terms = new ArrayList<>();

for (AtlasEntity policy: policies) {

if (policy.getStatus() == null || AtlasEntity.Status.ACTIVE.equals(policy.getStatus())) {
List<String> assets = getPolicyAssets(policy);

if (getIsAllowPolicy(policy)) {
if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_METADATA)) {

int assetSize = terms.size() + assets.size() + 1;
if (assetSize > assetsMaxLimit) {
// For Metadata policies, along with assets we add 1 more clause for connection qualifiedName hence comparing with "assets.size() + 1"
throw new AtlasBaseException(AtlasErrorCode.PERSONA_POLICY_ASSETS_LIMIT_EXCEEDED, String.valueOf(assetsMaxLimit), String.valueOf(assetSize));
}

String connectionQName = getPolicyConnectionQN(policy);
if (StringUtils.isEmpty(connectionQName)) {
connectionQName = getConnectionQualifiedNameFromPolicyAssets(entityRetriever, assets);
}
if (!getIsAllowPolicy(policy)) {
continue;
}

if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_METADATA)) {

for (String asset : assets) {
terms.add(asset);
allowClauseList.add(mapOf("wildcard", mapOf(QUALIFIED_NAME, asset + "/*")));
}
String connectionQName = getPolicyConnectionQN(policy);
if (StringUtils.isEmpty(connectionQName)) {
connectionQName = getConnectionQualifiedNameFromPolicyAssets(entityRetriever, assets);
}

terms.add(connectionQName);
for (String asset : assets) {
terms.add(asset);
allowClauseList.add(mapOf("wildcard", mapOf(QUALIFIED_NAME, asset + "/*")));
}

} else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_GLOSSARY)) {
terms.add(connectionQName);

int assetSize = terms.size() + assets.size();
if (terms.size() + assets.size() > assetsMaxLimit) {
throw new AtlasBaseException(AtlasErrorCode.PERSONA_POLICY_ASSETS_LIMIT_EXCEEDED, String.valueOf(assetsMaxLimit), String.valueOf(assetSize));
}
} else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_GLOSSARY)) {

for (String glossaryQName : assets) {
terms.add(glossaryQName);
allowClauseList.add(mapOf("wildcard", mapOf(QUALIFIED_NAME, "*@" + glossaryQName)));
}
for (String glossaryQName : assets) {
terms.add(glossaryQName);
allowClauseList.add(mapOf("wildcard", mapOf(QUALIFIED_NAME, "*@" + glossaryQName)));
}
}
}

if (terms.size() > assetsMaxLimit) {
throw new AtlasBaseException(AtlasErrorCode.PERSONA_POLICY_ASSETS_LIMIT_EXCEEDED, String.valueOf(assetsMaxLimit), String.valueOf(terms.size()));
}
}

allowClauseList.add(mapOf("terms", mapOf(QUALIFIED_NAME, terms)));
Expand Down

0 comments on commit 48780f8

Please sign in to comment.