From 0e62c00913b159d8c60fe3c757f15b77221b2569 Mon Sep 17 00:00:00 2001 From: Suman Das <59254445+sumandas0@users.noreply.github.com> Date: Wed, 24 Jul 2024 17:30:19 +0530 Subject: [PATCH 1/3] feat: add _glossary based filtering on persona alias for better performance --- .../repository/store/aliasstore/ESAliasStore.java | 11 +++++++---- .../atlas/repository/util/AccessControlUtils.java | 2 ++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java b/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java index 2d272cb8fc..142cac4e49 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java @@ -39,6 +39,7 @@ import javax.inject.Inject; import java.util.*; +import java.util.stream.Collectors; import static org.apache.atlas.ESAliasRequestBuilder.ESAliasAction.ADD; import static org.apache.atlas.repository.Constants.PERSONA_ENTITY_TYPE; @@ -51,6 +52,7 @@ import static org.apache.atlas.repository.util.AccessControlUtils.ACCESS_READ_PERSONA_GLOSSARY; import static org.apache.atlas.repository.util.AccessControlUtils.ACCESS_READ_PERSONA_PRODUCT; import static org.apache.atlas.repository.util.AccessControlUtils.ACCESS_READ_PERSONA_SUB_DOMAIN; +import static org.apache.atlas.repository.util.AccessControlUtils.GLOSSARY_QUALIFIED_NAME_ATTRIBUTE; import static org.apache.atlas.repository.util.AccessControlUtils.getConnectionQualifiedNameFromPolicyAssets; import static org.apache.atlas.repository.util.AccessControlUtils.getESAliasName; import static org.apache.atlas.repository.util.AccessControlUtils.getIsAllowPolicy; @@ -207,10 +209,11 @@ private void personaPolicyToESDslClauses(List policies, terms.add(connectionQName); } else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_GLOSSARY)) { - - for (String glossaryQName : assets) { - terms.add(glossaryQName); - allowClauseList.add(mapOf("wildcard", mapOf(QUALIFIED_NAME, "*@" + glossaryQName))); + List glossaryQualifiedNames = assets.stream() + .peek(terms::add) + .collect(Collectors.toList()); + if (!glossaryQualifiedNames.isEmpty()) { + allowClauseList.add(mapOf("terms", mapOf(GLOSSARY_QUALIFIED_NAME_ATTRIBUTE, glossaryQualifiedNames))); } } else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_DOMAIN)) { diff --git a/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java b/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java index c2c04b8d4e..1c3ac63401 100644 --- a/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java +++ b/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java @@ -85,6 +85,8 @@ public final class AccessControlUtils { public static final String ACCESS_READ_PERSONA_METADATA = "persona-asset-read"; public static final String ACCESS_READ_PERSONA_GLOSSARY = "persona-glossary-read"; public static final String ACCESS_READ_PERSONA_DOMAIN = "persona-domain-read"; + + public static final String GLOSSARY_QUALIFIED_NAME_ATTRIBUTE = "__glossary"; public static final String ACCESS_READ_PERSONA_SUB_DOMAIN = "persona-domain-sub-domain-read"; public static final String ACCESS_READ_PERSONA_PRODUCT = "persona-domain-product-read"; From 1d566de1fd7464d1f5a31aa9f7a33b07b3fe6dcf Mon Sep 17 00:00:00 2001 From: Suman Das <59254445+sumandas0@users.noreply.github.com> Date: Wed, 24 Jul 2024 19:15:33 +0530 Subject: [PATCH 2/3] nit: simplify and reuse the codebase --- .../repository/store/aliasstore/ESAliasStore.java | 11 ++++------- .../atlas/repository/util/AccessControlUtils.java | 2 -- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java b/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java index 142cac4e49..b158ebf90d 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java @@ -52,7 +52,6 @@ import static org.apache.atlas.repository.util.AccessControlUtils.ACCESS_READ_PERSONA_GLOSSARY; import static org.apache.atlas.repository.util.AccessControlUtils.ACCESS_READ_PERSONA_PRODUCT; import static org.apache.atlas.repository.util.AccessControlUtils.ACCESS_READ_PERSONA_SUB_DOMAIN; -import static org.apache.atlas.repository.util.AccessControlUtils.GLOSSARY_QUALIFIED_NAME_ATTRIBUTE; import static org.apache.atlas.repository.util.AccessControlUtils.getConnectionQualifiedNameFromPolicyAssets; import static org.apache.atlas.repository.util.AccessControlUtils.getESAliasName; import static org.apache.atlas.repository.util.AccessControlUtils.getIsAllowPolicy; @@ -62,6 +61,7 @@ import static org.apache.atlas.repository.util.AccessControlUtils.getPolicyConnectionQN; import static org.apache.atlas.repository.util.AccessControlUtils.getPurposeTags; import static org.apache.atlas.repository.util.AtlasEntityUtils.mapOf; +import static org.apache.atlas.type.Constants.GLOSSARY_PROPERTY_KEY; @Component @@ -209,14 +209,11 @@ private void personaPolicyToESDslClauses(List policies, terms.add(connectionQName); } else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_GLOSSARY)) { - List glossaryQualifiedNames = assets.stream() - .peek(terms::add) - .collect(Collectors.toList()); - if (!glossaryQualifiedNames.isEmpty()) { - allowClauseList.add(mapOf("terms", mapOf(GLOSSARY_QUALIFIED_NAME_ATTRIBUTE, glossaryQualifiedNames))); + if (CollectionUtils.isNotEmpty(assets)) { + terms.addAll(assets); + allowClauseList.add(mapOf("terms", mapOf(QUALIFIED_NAME, assets))); } } else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_DOMAIN)) { - for (String asset : assets) { if(!isAllDomain(asset)) { terms.add(asset); diff --git a/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java b/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java index 1c3ac63401..c2c04b8d4e 100644 --- a/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java +++ b/repository/src/main/java/org/apache/atlas/repository/util/AccessControlUtils.java @@ -85,8 +85,6 @@ public final class AccessControlUtils { public static final String ACCESS_READ_PERSONA_METADATA = "persona-asset-read"; public static final String ACCESS_READ_PERSONA_GLOSSARY = "persona-glossary-read"; public static final String ACCESS_READ_PERSONA_DOMAIN = "persona-domain-read"; - - public static final String GLOSSARY_QUALIFIED_NAME_ATTRIBUTE = "__glossary"; public static final String ACCESS_READ_PERSONA_SUB_DOMAIN = "persona-domain-sub-domain-read"; public static final String ACCESS_READ_PERSONA_PRODUCT = "persona-domain-product-read"; From 9915fba91cbf05a6e7e900f4763761928bb58111 Mon Sep 17 00:00:00 2001 From: Suman Das <59254445+sumandas0@users.noreply.github.com> Date: Wed, 24 Jul 2024 19:24:04 +0530 Subject: [PATCH 3/3] fix: add glossary key --- .../apache/atlas/repository/store/aliasstore/ESAliasStore.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java b/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java index b158ebf90d..2990bc1505 100644 --- a/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java +++ b/repository/src/main/java/org/apache/atlas/repository/store/aliasstore/ESAliasStore.java @@ -211,7 +211,7 @@ private void personaPolicyToESDslClauses(List policies, } else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_GLOSSARY)) { if (CollectionUtils.isNotEmpty(assets)) { terms.addAll(assets); - allowClauseList.add(mapOf("terms", mapOf(QUALIFIED_NAME, assets))); + allowClauseList.add(mapOf("terms", mapOf(GLOSSARY_PROPERTY_KEY, assets))); } } else if (getPolicyActions(policy).contains(ACCESS_READ_PERSONA_DOMAIN)) { for (String asset : assets) {