ATLAS-4797: Implement custom audit filters in Atlas

Author: Sheetal Shah

addons/hbase-bridge/pom.xml

@@ -111,6 +111,10 @@
             <artifactId>hadoop-hdfs</artifactId>
             <version>${hadoop.version}</version>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>javax.servlet</groupId>
                     <artifactId>servlet-api</artifactId>

addons/hbase-testing-util/pom.xml

@@ -100,6 +100,10 @@
             <version>${hadoop.version}</version>
             <scope>compile</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.apache.commons</groupId>
                     <artifactId>commons-configuration2</artifactId>

addons/hive-bridge-shim/pom.xml

@@ -44,6 +44,10 @@
             <version>${hive.version}</version>
             <scope>provided</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.apache.commons</groupId>
                     <artifactId>commons-text</artifactId>

addons/hive-bridge/pom.xml

@@ -113,6 +113,10 @@
             <version>${hive.version}</version>
             <scope>provided</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>javax.servlet</groupId>
                     <artifactId>*</artifactId>

addons/kafka-bridge/pom.xml

@@ -70,6 +70,10 @@
             <version>${hadoop.version}</version>
             <scope>compile</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>javax.servlet</groupId>
                     <artifactId>servlet-api</artifactId>

addons/models/0000-Area0/0010-base_model.json

@@ -568,6 +568,64 @@
       "serviceType": "atlas_core",
       "typeVersion": "1.0",
       "attributeDefs": []
+    },
+    {
+      "name": "__AtlasRule",
+      "superTypes": [
+        "__internal"
+      ],
+      "serviceType": "atlas_core",
+      "typeVersion": "1.0",
+      "attributeDefs": [
+        {
+          "name": "ruleName",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": true,
+          "isOptional": false,
+          "isUnique": true
+        },
+        {
+          "name": "desc",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": true,
+          "isUnique": false
+        },
+        {
+          "name": "action",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": true,
+          "isOptional": false,
+          "isUnique": false
+        },
+        {
+          "name": "ruleExpr",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": false,
+          "isUnique": true
+        },
+        {
+          "name": "createdTime",
+          "typeName": "date",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": false,
+          "isUnique": false
+        },
+        {
+          "name": "updatedTime",
+          "typeName": "date",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": true,
+          "isUnique": false
+        }
+      ]
     }
   ],
   "relationshipDefs": [

addons/sqoop-bridge/pom.xml

@@ -110,6 +110,12 @@
             <artifactId>hive-exec</artifactId>
             <version>${hive.version}</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>

client/client-v2/src/main/java/org/apache/atlas/AtlasClientV2.java

@@ -52,6 +52,7 @@
 import org.apache.atlas.model.instance.AtlasRelatedObjectId;
 import org.apache.atlas.model.instance.AtlasRelationship;
 import org.apache.atlas.model.instance.AtlasRelationship.AtlasRelationshipWithExtInfo;
+import org.apache.atlas.model.instance.AtlasRule;
 import org.apache.atlas.model.instance.ClassificationAssociateRequest;
 import org.apache.atlas.model.instance.EntityMutationResponse;
 import org.apache.atlas.model.lineage.AtlasLineageInfo;
@@ -108,6 +109,7 @@ public class AtlasClientV2 extends AtlasBaseClient {
     private static final String ADMIN_API        = BASE_URI + "admin/";
     private static final String ENTITY_PURGE_API = ADMIN_API + "purge/";
     private static final String ATLAS_AUDIT_API  = ADMIN_API + "audits/";
+    private static final String ATLAS_RULES_API = ATLAS_AUDIT_API + "rules/";
 
     // Lineage APIs
     private static final String LINEAGE_URI = BASE_URI + "v2/lineage/";
@@ -560,6 +562,22 @@ public String getTemplateForBulkUpdateBusinessAttributes() throws AtlasServiceEx
         return readStreamContents(inputStream);
     }
 
+    public AtlasRule createRule(AtlasRule atlasRule) throws AtlasServiceException {
+        return callAPI(API_V2.CREATE_RULE, AtlasRule.class, atlasRule);
+    }
+
+    public List<AtlasRule> getAllRules() throws AtlasServiceException {
+        return callAPI(API_V2.GET_RULES, List.class, null);
+    }
+
+    public EntityMutationResponse deleteRuleByGuid(String guid) throws AtlasServiceException {
+        return callAPI(formatPathParameters(API_V2.DELETE_RULE_BY_GUID, guid), EntityMutationResponse.class, null, guid);
+    }
+
+    public EntityMutationResponse deleteRulesByGuid(List<String> guidList) throws AtlasServiceException {
+        return callAPI(API_V2.DELETE_RULES_BY_GUID, EntityMutationResponse.class, null, guidList);
+    }
+
     public BulkImportResponse bulkUpdateBusinessAttributes(String fileName) throws AtlasServiceException {
         MultiPart multipartEntity = getMultiPartData(fileName);
 
@@ -1281,6 +1299,10 @@ public static class API_V2 extends API {
         public static final API_V2 DISASSOCIATE_TERM_FROM_ENTITIES = new API_V2(GLOSSARY_TERMS + "/%s/assignedEntities", HttpMethod.PUT, Response.Status.NO_CONTENT);
         public static final API_V2 GET_IMPORT_GLOSSARY_TEMPLATE    = new API_V2(GLOSSARY_URI + "/import/template", HttpMethod.GET, Response.Status.OK, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM);
         public static final API_V2 IMPORT_GLOSSARY                 = new API_V2(GLOSSARY_URI + "/import", HttpMethod.POST, Response.Status.OK, MediaType.MULTIPART_FORM_DATA, MediaType.APPLICATION_JSON);
+        public static final API_V2 CREATE_RULE                     = new API_V2(ATLAS_RULES_API, HttpMethod.POST, Response.Status.OK);
+        public static final API_V2 GET_RULES                       = new API_V2(ATLAS_RULES_API, HttpMethod.GET, Response.Status.OK);
+        public static final API_V2 DELETE_RULE_BY_GUID             = new API_V2(ATLAS_RULES_API + "guid/", HttpMethod.DELETE, Response.Status.OK);
+        public static final API_V2 DELETE_RULES_BY_GUID            = new API_V2(ATLAS_RULES_API, HttpMethod.DELETE, Response.Status.OK);
 
         private API_V2(String path, String method, Response.Status status) {
             super(path, method, status);

distro/src/conf/atlas-application.properties

@@ -281,4 +281,7 @@ atlas.search.gremlin.enable=false
 
 ######### Skip check for the same attribute name in Parent type and Child type #########
 
-#atlas.skip.check.for.parent.child.attribute.name=true
+#atlas.skip.check.for.parent.child.attribute.name=true
+
+atlas.entity.audit.filter.enabled=false
+atlas.entity.audit.filter.default.action=ACCEPT

graphdb/api/pom.xml

@@ -37,6 +37,11 @@
     </properties>
 
     <dependencies>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>${gson.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.atlas</groupId>
             <artifactId>atlas-common</artifactId>