ATLAS-4797: Implement custom audit filters in Atlas

addons/hbase-bridge/pom.xml

@@ -111,6 +111,10 @@
             <artifactId>hadoop-hdfs</artifactId>
             <version>${hadoop.version}</version>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>javax.servlet</groupId>
                     <artifactId>servlet-api</artifactId>

addons/hbase-testing-util/pom.xml

@@ -100,6 +100,10 @@
             <version>${hadoop.version}</version>
             <scope>compile</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.apache.commons</groupId>
                     <artifactId>commons-configuration2</artifactId>

addons/hive-bridge-shim/pom.xml

@@ -44,6 +44,10 @@
             <version>${hive.version}</version>
             <scope>provided</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.apache.commons</groupId>
                     <artifactId>commons-text</artifactId>

addons/hive-bridge/pom.xml

@@ -113,6 +113,10 @@
             <version>${hive.version}</version>
             <scope>provided</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>javax.servlet</groupId>
                     <artifactId>*</artifactId>

addons/kafka-bridge/pom.xml

@@ -70,6 +70,10 @@
             <version>${hadoop.version}</version>
             <scope>compile</scope>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>javax.servlet</groupId>
                     <artifactId>servlet-api</artifactId>

addons/models/0000-Area0/0010-base_model.json

@@ -568,6 +568,64 @@
       "serviceType": "atlas_core",
       "typeVersion": "1.0",
       "attributeDefs": []
+    },
+    {
+      "name": "__AtlasRule",
+      "superTypes": [
+        "__internal"
+      ],
+      "serviceType": "atlas_core",
+      "typeVersion": "1.0",
+      "attributeDefs": [
+        {
+          "name": "ruleName",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": true,
+          "isOptional": false,
+          "isUnique": true
+        },
+        {
+          "name": "desc",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": true,
+          "isUnique": false
+        },
+        {
+          "name": "action",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": true,
+          "isOptional": false,
+          "isUnique": false
+        },
+        {
+          "name": "ruleExpr",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": false,
+          "isUnique": true
+        },
+        {
+          "name": "createdTime",
+          "typeName": "date",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": false,
+          "isUnique": false
+        },
+        {
+          "name": "updatedTime",
+          "typeName": "date",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": true,
+          "isUnique": false
+        }
+      ]
     }
   ],
   "relationshipDefs": [

addons/sqoop-bridge/pom.xml

@@ -110,6 +110,12 @@
             <artifactId>hive-exec</artifactId>
             <version>${hive.version}</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>

client/client-v2/src/main/java/org/apache/atlas/AtlasClientV2.java

@@ -52,6 +52,7 @@
 import org.apache.atlas.model.instance.AtlasRelatedObjectId;
 import org.apache.atlas.model.instance.AtlasRelationship;
 import org.apache.atlas.model.instance.AtlasRelationship.AtlasRelationshipWithExtInfo;
+import org.apache.atlas.model.instance.AtlasRule;
 import org.apache.atlas.model.instance.ClassificationAssociateRequest;
 import org.apache.atlas.model.instance.EntityMutationResponse;
 import org.apache.atlas.model.lineage.AtlasLineageInfo;
@@ -108,6 +109,7 @@ public class AtlasClientV2 extends AtlasBaseClient {
     private static final String ADMIN_API        = BASE_URI + "admin/";
     private static final String ENTITY_PURGE_API = ADMIN_API + "purge/";
     private static final String ATLAS_AUDIT_API  = ADMIN_API + "audits/";
+    private static final String ATLAS_RULES_API = ATLAS_AUDIT_API + "rules/";
 
     // Lineage APIs
     private static final String LINEAGE_URI = BASE_URI + "v2/lineage/";
@@ -560,6 +562,22 @@ public String getTemplateForBulkUpdateBusinessAttributes() throws AtlasServiceEx
         return readStreamContents(inputStream);
     }
 
+    public AtlasRule createRule(AtlasRule atlasRule) throws AtlasServiceException {
+        return callAPI(API_V2.CREATE_RULE, AtlasRule.class, atlasRule);
+    }
+
+    public List<AtlasRule> getAllRules() throws AtlasServiceException {
+        return callAPI(API_V2.GET_RULES, List.class, null);
+    }
+
+    public EntityMutationResponse deleteRuleByGuid(String guid) throws AtlasServiceException {
+        return callAPI(formatPathParameters(API_V2.DELETE_RULE_BY_GUID, guid), EntityMutationResponse.class, null, guid);
+    }
+
+    public EntityMutationResponse deleteRulesByGuid(List<String> guidList) throws AtlasServiceException {
+        return callAPI(API_V2.DELETE_RULES_BY_GUID, EntityMutationResponse.class, null, guidList);
+    }
+
     public BulkImportResponse bulkUpdateBusinessAttributes(String fileName) throws AtlasServiceException {
         MultiPart multipartEntity = getMultiPartData(fileName);
 
@@ -1281,6 +1299,10 @@ public static class API_V2 extends API {
         public static final API_V2 DISASSOCIATE_TERM_FROM_ENTITIES = new API_V2(GLOSSARY_TERMS + "/%s/assignedEntities", HttpMethod.PUT, Response.Status.NO_CONTENT);
         public static final API_V2 GET_IMPORT_GLOSSARY_TEMPLATE    = new API_V2(GLOSSARY_URI + "/import/template", HttpMethod.GET, Response.Status.OK, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM);
         public static final API_V2 IMPORT_GLOSSARY                 = new API_V2(GLOSSARY_URI + "/import", HttpMethod.POST, Response.Status.OK, MediaType.MULTIPART_FORM_DATA, MediaType.APPLICATION_JSON);
+        public static final API_V2 CREATE_RULE                     = new API_V2(ATLAS_RULES_API, HttpMethod.POST, Response.Status.OK);
+        public static final API_V2 GET_RULES                       = new API_V2(ATLAS_RULES_API, HttpMethod.GET, Response.Status.OK);
+        public static final API_V2 DELETE_RULE_BY_GUID             = new API_V2(ATLAS_RULES_API + "guid/", HttpMethod.DELETE, Response.Status.OK);
+        public static final API_V2 DELETE_RULES_BY_GUID            = new API_V2(ATLAS_RULES_API, HttpMethod.DELETE, Response.Status.OK);
 
         private API_V2(String path, String method, Response.Status status) {
             super(path, method, status);

distro/src/conf/atlas-application.properties

@@ -281,4 +281,7 @@ atlas.search.gremlin.enable=false
 
 ######### Skip check for the same attribute name in Parent type and Child type #########
 
-#atlas.skip.check.for.parent.child.attribute.name=true
+#atlas.skip.check.for.parent.child.attribute.name=true
+
+atlas.entity.audit.filter.enabled=false
+atlas.entity.audit.filter.default.action=ACCEPT

graphdb/api/pom.xml

@@ -37,6 +37,11 @@
     </properties>
 
     <dependencies>
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>${gson.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.atlas</groupId>
             <artifactId>atlas-common</artifactId>

intg/pom.xml

@@ -88,6 +88,10 @@
             <groupId>org.apache.hadoop</groupId>
             <artifactId>hadoop-common</artifactId>
             <exclusions>
+                <exclusion>
+                    <groupId>com.google.code.gson</groupId>
+                    <artifactId>gson</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>io.netty</groupId>
                     <artifactId>netty-handler</artifactId>

intg/src/main/java/org/apache/atlas/AtlasConfiguration.java

@@ -111,7 +111,9 @@ public enum AtlasConfiguration {
     ATLAS_AUDIT_DEFAULT_AGEOUT_IGNORE_TTL("atlas.audit.default.ageout.ignore.ttl", false),
     ATLAS_AUDIT_AGING_TTL_TEST_AUTOMATION("atlas.audit.aging.ttl.test.automation", false), //Only for test automation
     RELATIONSHIP_SEARCH_ENABLED("atlas.relationship.search.enabled", false),
-    UI_TASKS_TAB_USE_ENABLED("atlas.tasks.ui.tab.enabled", false);
+    UI_TASKS_TAB_USE_ENABLED("atlas.tasks.ui.tab.enabled", false),
+    ENTITY_AUDIT_FILTER_ENABLED("atlas.entity.audit.filter.enabled", false),
+    DEFAULT_ENTITY_AUDIT_FILTER_ACTION("atlas.entity.audit.filter.default.action", "ACCEPT");
 
     private static final Configuration APPLICATION_PROPERTIES;
 

intg/src/main/java/org/apache/atlas/AtlasErrorCode.java

@@ -183,6 +183,16 @@ public enum AtlasErrorCode {
     BLANK_NAME_ATTRIBUTE(400, "ATLAS-400-00-104", "Name Attribute can't be empty!"),
     BLANK_VALUE_ATTRIBUTE(400, "ATLAS-400-00-105", "Value Attribute can't be empty!"),
 
+    CUSTOM_AUDIT_FILTERS_NOT_ENABLED(400, "ATLAS-400-00-106", "Custom Audit Filters config: {0} is not enabled "),
+    INVALID_RULE_ACTION(400, "ATLAS-400-00-107", "Invalid action. Allowed values are ACCEPT or DISCARD"),
+    MISSING_ATTRIBUTE_NAME_IN_RULE_EXPR(400, "ATLAS-400-00-108", "attributeName is missing/null in specified criteria"),
+    MISSING_ATTRIBUTE_VALUE_IN_RULE_EXPR(400, "ATLAS-400-00-109", "attributeValue is missing/null for attributeName {0}"),
+    MISSING_CRITERIA_CONDITION(400, "ATLAS-400-00-110", "{0} is missing; specify condition along with criteria for multiple conditions"),
+    MISSING_MANDATORY_TYPENAME_IN_RULE_EXPR(400, "ATLAS-400-00-111", "typeName is required for every rule expression"),
+    MISSING_MANDATORY_OPERATOR_IN_RULE_EXPR_CRITERIA(400, "ATLAS-400-00-112", "operator is missing in specified criteria"),
+    INVALID_OPERATOR_ON_ATTRIBUTE(400, "ATLAS-400-00-113", "Operator {0} can not be applied on attribute {1}"),
+    DUPLICATE_TYPENAME_IN_RULE_EXPR(400, "ATLAS-400-00-114", "Duplicate value {0} found for typeName in same rule expression."),
+    DUPLICATE_CONDITION_IN_SAME_RULE_EXPR(400, "ATLAS-400-00-115", "Duplicate condition mentioned in same rule expression object."),
     UNAUTHORIZED_ACCESS(403, "ATLAS-403-00-001", "{0} is not authorized to perform {1}"),
 
     // All Not found enums go here
@@ -226,6 +236,8 @@ public enum AtlasErrorCode {
     GLOSSARY_IMPORT_FAILED(409, "ATLAS-409-00-011", "Glossary import failed"),
     METRICSSTAT_ALREADY_EXISTS(409, "ATLAS-409-00-012", "Metric Statistics already collected at {0}"),
     PENDING_TASKS_ALREADY_IN_PROGRESS(409, "ATLAS-409-00-013", "There are already {0} pending tasks in queue"),
+    RULE_NAME_ALREADY_EXISTS(409, "ATLAS-409-00-014", "Rule with given ruleName {0} already exists"),
+    RULE_EXPRESSION_ALREADY_EXISTS(409, "ATLAS-409-00-015", "Rule expression already exists for rule {0}"),
 
     // All internal errors go here
     INTERNAL_ERROR(500, "ATLAS-500-00-001", "Internal server error {0}"),

intg/src/main/java/org/apache/atlas/model/audit/EntityAuditEventV2.java

@@ -61,6 +61,7 @@ public class EntityAuditEventV2 implements Serializable, Clearable {
     private String              eventKey;
     private AtlasEntity         entity;
     private EntityAuditType     type;
+    private boolean             isDiscarded;
 
     public EntityAuditEventV2() {
     }
@@ -178,6 +179,16 @@ public void setEntityDefinition(String entityDefinition) {
         this.entity = AtlasType.fromJson(entityDefinition, AtlasEntity.class);
     }
 
+    @JsonIgnore
+    public boolean isDiscarded() {
+        return isDiscarded;
+    }
+
+    @JsonIgnore
+    public void setDiscarded(boolean discarded) {
+        isDiscarded = discarded;
+    }
+
     @Override
     public int hashCode() {
         return Objects.hash(entityId, timestamp, user, action, details, eventKey, entity, type);
@@ -213,6 +224,7 @@ public String toString() {
                 ", eventKey='" + eventKey + '\'' +
                 ", entity=" + entity +
                 ", type=" + type +
+                ", isDiscarded=" + isDiscarded +
                 '}';
     }
 
@@ -231,14 +243,15 @@ public AtlasEntityHeader getEntityHeader() {
     @JsonIgnore
     @Override
     public void clear() {
-        entityId  = null;
-        timestamp = 0L;
-        user      = null;
-        action    = null;
-        details   = null;
-        eventKey  = null;
-        entity    = null;
-        type      = null;
+        entityId    = null;
+        timestamp   = 0L;
+        user        = null;
+        action      = null;
+        details     = null;
+        eventKey    = null;
+        entity      = null;
+        type        = null;
+        isDiscarded = false;
     }
 
     private String getJsonPartFromDetails() {