Initial work on view service configuration

* Max nested view depth
* Max number of view definitions
* Max individual view query length

Author: craigtaverner

x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/plugin/EsqlPlugin.java

@@ -233,7 +233,11 @@ public Collection<?> createComponents(PluginServices services) {
         BigArrays bigArrays = services.indicesService().getBigArrays().withCircuitBreaking();
         var blockFactoryProvider = blockFactoryProvider(circuitBreaker, bigArrays, maxPrimitiveArrayBlockSize);
         EsqlFunctionRegistry functionRegistry = new EsqlFunctionRegistry();
-        ViewService viewService = new ClusterViewService(functionRegistry, services.clusterService());
+        ViewService viewService = new ClusterViewService(
+            functionRegistry,
+            services.clusterService(),
+            ViewService.ViewServiceConfig.fromSettings(settings)
+        );
         setupSharedSecrets();
         List<BiConsumer<LogicalPlan, Failures>> extraCheckers = extraCheckerProviders.stream()
             .flatMap(p -> p.checkers(services.projectResolver(), services.clusterService()).stream())

x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/view/ClusterViewService.java

@@ -24,8 +24,8 @@
 public class ClusterViewService extends ViewService {
     private final ClusterService clusterService;
 
-    public ClusterViewService(EsqlFunctionRegistry functionRegistry, ClusterService clusterService) {
-        super(functionRegistry);
+    public ClusterViewService(EsqlFunctionRegistry functionRegistry, ClusterService clusterService, ViewServiceConfig config) {
+        super(functionRegistry, config);
         this.clusterService = clusterService;
     }
 

x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/view/InMemoryViewService.java

@@ -22,7 +22,7 @@ public class InMemoryViewService extends ViewService {
     private ViewMetadata metadata;
 
     public InMemoryViewService(EsqlFunctionRegistry functionRegistry) {
-        super(functionRegistry);
+        super(functionRegistry, ViewServiceConfig.DEFAULT);
         this.metadata = ViewMetadata.EMPTY;
     }
 

x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/view/ViewService.java

@@ -10,6 +10,7 @@
 import org.elasticsearch.ResourceNotFoundException;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.common.Strings;
+import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.xpack.esql.VerificationException;
 import org.elasticsearch.xpack.esql.expression.function.EsqlFunctionRegistry;
 import org.elasticsearch.xpack.esql.parser.EsqlParser;
@@ -27,14 +28,28 @@
 import java.util.function.Function;
 
 public abstract class ViewService {
-    /**
-     * Maximum number of views referencing views referencing views.
-     */
-    private static final int MAX_VIEW_DEPTH = 10;
+    private final ViewServiceConfig config;
     private final EsqlFunctionRegistry functionRegistry;
 
-    public ViewService(EsqlFunctionRegistry functionRegistry) {
+    public record ViewServiceConfig(int maxViews, int maxViewSize, int maxViewDepth) {
+
+        public static final String MAX_VIEWS_COUNT_SETTING = "esql.views.max_count";
+        public static final String MAX_VIEWS_SIZE_SETTING = "esql.views.max_size";
+        public static final String MAX_VIEWS_DEPTH_SETTING = "esql.views.max_depth";
+        public static final ViewServiceConfig DEFAULT = new ViewServiceConfig(100, 10_000, 10);
+
+        public static ViewServiceConfig fromSettings(Settings settings) {
+            return new ViewServiceConfig(
+                settings.getAsInt(MAX_VIEWS_COUNT_SETTING, DEFAULT.maxViews),
+                settings.getAsInt(MAX_VIEWS_SIZE_SETTING, DEFAULT.maxViewSize),
+                settings.getAsInt(MAX_VIEWS_DEPTH_SETTING, DEFAULT.maxViewDepth)
+            );
+        }
+    }
+
+    public ViewService(EsqlFunctionRegistry functionRegistry, ViewServiceConfig config) {
         this.functionRegistry = functionRegistry;
+        this.config = config;
     }
 
     protected abstract ViewMetadata getMetadata();
@@ -51,14 +66,14 @@ public LogicalPlan replaceViews(LogicalPlan plan, PlanTelemetry telemetry, Confi
                     return ur;
                 }
                 View view = views.views().get(name);
-                if (seen.size() > MAX_VIEW_DEPTH) {
-                    throw viewError("too many views referencing views ", seen);
-                }
                 boolean alreadySeen = seen.contains(name);
                 seen.add(name);
                 if (alreadySeen) {
                     throw viewError("circular view reference ", seen);
                 }
+                if (seen.size() > config.maxViewDepth) {
+                    throw viewError("The maximum allowed view depth of " + config.maxViewDepth + " has been exceeded: ", seen);
+                }
                 return resolve(view, telemetry, configuration);
             });
             if (plan.equals(prev)) {
@@ -95,10 +110,7 @@ private VerificationException viewError(String type, List<String> seen) {
      */
     public void put(String name, View view, ActionListener<Void> callback, Configuration configuration) {
         assertMasterNode();
-        new EsqlParser().createStatement(view.query(), new QueryParams(), new PlanTelemetry(functionRegistry), configuration);
-        // TODO should we validate this in the transport action and make it async? like plan like a query
-        // TODO postgresql does.
-
+        validatePutView(name, view, configuration);
         updateViewMetadata(callback, current -> {
             Map<String, View> original = getMetadata().views();
             Map<String, View> updated = new HashMap<>(original);
@@ -107,6 +119,29 @@ public void put(String name, View view, ActionListener<Void> callback, Configura
         });
     }
 
+    private void validatePutView(String name, View view, Configuration configuration) {
+        if (Strings.isNullOrEmpty(name)) {
+            throw new IllegalArgumentException("name is missing or empty");
+        }
+        if (view == null) {
+            throw new IllegalArgumentException("view is missing");
+        }
+        if (Strings.isNullOrEmpty(view.query())) {
+            throw new IllegalArgumentException("view query is missing or empty");
+        }
+        if (view.query().length() > config.maxViewSize) {
+            throw new IllegalArgumentException(
+                "view query is too large: " + view.query().length() + " characters, the maximum allowed is " + config.maxViewSize
+            );
+        }
+        if (getMetadata().views().containsKey(name) == false && getMetadata().views().size() >= config.maxViews) {
+            throw new IllegalArgumentException("cannot add view, the maximum number of views is reached: " + config.maxViews);
+        }
+        new EsqlParser().createStatement(view.query(), new QueryParams(), new PlanTelemetry(functionRegistry), configuration);
+        // TODO should we validate this in the transport action and make it async? like plan like a query
+        // TODO postgresql does.
+    }
+
     /**
      * Gets the view by name.
      */

x-pack/plugin/esql/src/test/java/org/elasticsearch/xpack/esql/parser/AbstractStatementParserTests.java

@@ -35,7 +35,7 @@
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 
-abstract class AbstractStatementParserTests extends ESTestCase {
+public abstract class AbstractStatementParserTests extends ESTestCase {
 
     EsqlParser parser = new EsqlParser();
 
@@ -53,7 +53,7 @@ LogicalPlan statement(String query, String arg) {
         return statement(LoggerMessageFormat.format(null, query, arg), new QueryParams());
     }
 
-    LogicalPlan statement(String e) {
+    protected LogicalPlan statement(String e) {
         return statement(e, new QueryParams());
     }
 

x-pack/plugin/esql/src/test/java/org/elasticsearch/xpack/esql/view/InMemoryViewServiceTests.java

@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+package org.elasticsearch.xpack.esql.view;
+
+import org.elasticsearch.action.ActionListener;
+import org.elasticsearch.xpack.esql.EsqlTestUtils;
+import org.elasticsearch.xpack.esql.VerificationException;
+import org.elasticsearch.xpack.esql.expression.function.EsqlFunctionRegistry;
+import org.elasticsearch.xpack.esql.parser.AbstractStatementParserTests;
+import org.elasticsearch.xpack.esql.plan.logical.LogicalPlan;
+import org.elasticsearch.xpack.esql.telemetry.PlanTelemetry;
+
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.startsWith;
+
+public class InMemoryViewServiceTests extends AbstractStatementParserTests {
+    EsqlFunctionRegistry functionRegistry = new EsqlFunctionRegistry();
+    InMemoryViewService viewService = new InMemoryViewService(functionRegistry);
+    PlanTelemetry telemetry = new PlanTelemetry(functionRegistry);
+
+    public void testPutGet() throws Exception {
+        addView("view1", "from emp");
+        addView("view2", "from view1");
+        addView("view3", "from view2");
+        assertThat(viewService.get("view1").query(), equalTo("from emp"));
+        assertThat(viewService.get("view2").query(), equalTo("from view1"));
+        assertThat(viewService.get("view3").query(), equalTo("from view2"));
+    }
+
+    public void testReplaceView() throws Exception {
+        addView("view1", "from emp");
+        addView("view2", "from view1");
+        addView("view3", "from view2");
+        LogicalPlan plan = statement("from view3");
+        LogicalPlan rewritten = viewService.replaceViews(plan, telemetry, EsqlTestUtils.TEST_CFG);
+        assertThat(rewritten, equalTo(statement("from emp")));
+    }
+
+    public void testViewDepthExceeded() throws Exception {
+        addView("view1", "from emp");
+        addView("view2", "from view1");
+        addView("view3", "from view2");
+        addView("view4", "from view3");
+        addView("view5", "from view4");
+        addView("view6", "from view5");
+        addView("view7", "from view6");
+        addView("view8", "from view7");
+        addView("view9", "from view8");
+        addView("view10", "from view9");
+        addView("view11", "from view10");
+        LogicalPlan plan = statement("from view11");
+        Exception e = expectThrows(VerificationException.class, () -> viewService.replaceViews(plan, telemetry, EsqlTestUtils.TEST_CFG));
+        assertThat(e.getMessage(), startsWith("The maximum allowed view depth of 10 has been exceeded"));
+    }
+
+    private void addView(String name, String query) throws Exception {
+        viewService.put(name, new View(query), ActionListener.noop(), EsqlTestUtils.TEST_CFG);
+    }
+
+}