Merge branch 'beta' into feat/add-lineage-vertical-node-count

atlanhq · Jul 24, 2024 · f7d1eb2 · f7d1eb2
2 parents d793a93 + 9371085
commit f7d1eb2
Show file tree

Hide file tree

Showing 172 changed files with 11,919 additions and 2,770 deletions.
diff --git a/.github/workflows/chart-release-dispatcher.yaml b/.github/workflows/chart-release-dispatcher.yaml
@@ -8,6 +8,7 @@ on:
       - master
       - staging
       - beta
+      - staging
     types:
       - completed
 
@@ -25,13 +26,41 @@ jobs:
         id: extract_branch
         run: |
           echo "branch=${{ github.event.workflow_run.head_branch }}" >> $GITHUB_OUTPUT
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.my_pat }}
+          ref: ${{ steps.extract_branch.outputs.branch }}
+          fetch-depth: 0
+
+      - name: Get SHA of the branch
+        id: get_sha
+        run: |
+          branch_name=${{ steps.extract_branch.outputs.branch }}
+          sha=$(git rev-parse "refs/heads/$branch_name")
+          echo "GIT_SHA: $sha"
+          echo "sha=${sha}" >> $GITHUB_OUTPUT
 
       - name: Extract Repository Name
         id: extract_repo_name
         run: |
           repo_name=$(basename $GITHUB_REPOSITORY)
           echo "repo_name=${repo_name}" >> $GITHUB_OUTPUT
 
+      - name: Get PR url and PR User
+        id: get_pr_url_user
+        run: |
+          head_sha=$(curl -s -H "Authorization: Bearer ${{ secrets.my_pat }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}/jobs" | jq -r '.jobs[0].head_sha')
+          echo "Head SHA: $head_sha"
+          pr_url=$(curl -s -H "Authorization: Bearer ${{ secrets.my_pat }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/search/issues?q=sha:$head_sha+type:pr" | jq -r '.items[0].html_url')
+          pr_user=$(curl -s -H "Authorization: Bearer ${{ secrets.my_pat }}" -H "Accept: application/vnd.github.v3+json" "https://api.github.com/search/issues?q=sha:$head_sha+type:pr" | jq -r '.items[0].user.login')
+          echo "pr_url=$pr_url" >> $GITHUB_OUTPUT
+          echo "pr_user=$pr_user" >> $GITHUB_OUTPUT
+
+      - name: echo PR_URL and PR_USER
+        run: |
+          echo "${{ steps.get_pr_url_user.outputs.pr_url }}"
+          echo "${{ steps.get_pr_url_user.outputs.pr_user }}"
       - name: Repository Dispatch
         uses: peter-evans/repository-dispatch@v2
         with:
@@ -42,6 +71,8 @@ jobs:
             {
               "repo": {
                 "name": "${{ steps.extract_repo_name.outputs.repo_name }}",
-                "branch": "${{ steps.extract_branch.outputs.branch }}"
+                "branch": "${{ steps.extract_branch.outputs.branch }}",
+                "pr_url": "${{ steps.get_pr_url_user.outputs.pr_url }}",
+                "pr_user": "${{ steps.get_pr_url_user.outputs.pr_user }}"
               }
-            }
+            }
diff --git a/.github/workflows/github-actions-pr-jira.yaml b/.github/workflows/github-actions-pr-jira.yaml
@@ -0,0 +1,14 @@
+name: GitHub-Jira Link Action
+run-name: ${{ github.actor }} is ensuring Jira ID is present in PR title
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened]
+    branches: [main, staging, master, beta, develop, prod, development]
+
+jobs:
+  Enforce-GitHub-Jira-Link-Action:
+    runs-on: ubuntu-latest
+    if: ${{ !contains(fromJson('["main", "staging", "master", "beta", "develop", "prod", "development"]'), github.event.pull_request.head.ref) }}
+    steps:
+      - name: Enforce Pull Request Title includes Jira Issue Key
+        uses: ryanvade/[email protected]
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -25,6 +25,7 @@ on:
       - beta
       - development
       - master
+      - staging
       - lineageondemand
 
 jobs:
@@ -51,16 +52,6 @@ jobs:
         run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
         id: get_branch
 
-      - name: Create Maven Settings
-        uses: s4u/[email protected]
-        with:
-          servers: |
-            [{
-                "id": "github",
-                "username": "atlan-ci",
-                "password": "${{ secrets.my_pat }}"
-            }]
-
       - name: Build with Maven
         run: |
           branch_name=${{ steps.get_branch.outputs.branch }} 
@@ -77,7 +68,7 @@ jobs:
         shell: bash
 
       - name: Get version tag
-        run: echo "##[set-output name=version;]$(echo `git ls-remote https://${{ secrets.my_pat }}@github.com/atlanhq/${REPOSITORY_NAME}.git ${{ steps.get_branch.outputs.branch }} | awk '{ print $1}' | cut -c1-7`)abcd"
+        run: echo "##[set-output name=version;]$(echo `git ls-remote https://${{ secrets.ORG_PAT_GITHUB }}@github.com/atlanhq/${REPOSITORY_NAME}.git refs/heads/${{ steps.get_branch.outputs.branch }} | awk '{ print $1}' | cut -c1-7`)abcd"
         id: get_version
 
       - name: Set up Buildx 
@@ -89,7 +80,7 @@ jobs:
         with:
           registry: ghcr.io
           username: $GITHUB_ACTOR
-          password: ${{ secrets.my_pat }}
+          password: ${{ secrets.ORG_PAT_GITHUB }}
 
       - name: Build and push
         id: docker_build
@@ -104,7 +95,6 @@ jobs:
           tags: |
             ghcr.io/atlanhq/${{ github.event.repository.name }}-${{ steps.get_branch.outputs.branch }}:latest
             ghcr.io/atlanhq/${{ github.event.repository.name }}-${{ steps.get_branch.outputs.branch }}:${{ steps.get_version.outputs.version }}
-
       - name: Scan Image
         uses: aquasecurity/trivy-action@master
         with:

diff --git a/.github/workflows/trivy-docker-scan.yml b/.github/workflows/trivy-docker-scan.yml
@@ -29,7 +29,7 @@ jobs:
           output: 'trivy-results-docker.sarif'
           exit-code: '1'
           #ignore-unfixed: true
-          severity: 'CRITICAL,HIGH,MEDIUM'
+          severity: 'CRITICAL,HIGH'
 
       - name: Upload Trivy Docker Scan Results To GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2

diff --git a/README.txt b/README.txt
@@ -71,4 +71,4 @@ Build Process
    distro/target/apache-atlas-<version>-storm-hook.tar.gz
    distro/target/apache-atlas-<version>-falcon-hook.tar.gz
 
-4. For more details on installing and running Apache Atlas, please refer to https://atlas.apache.org/#/Installation.
+4. For more details on installing and running Apache Atlas, please refer to https://atlas.apache.org/#/Installation
diff --git a/addons/models/0000-Area0/0010-base_model.json b/addons/models/0000-Area0/0010-base_model.json
@@ -616,7 +616,7 @@
       ],
       "description": "Model to store auth service in Atlas",
       "serviceType": "atlan",
-      "typeVersion": "1.1",
+      "typeVersion": "1.2",
       "attributeDefs": [
         {
           "name": "authServiceType",
@@ -640,6 +640,17 @@
           "skipScrubbing": true,
           "includeInNotification": true
         },
+        {
+          "name": "abacService",
+          "typeName": "string",
+          "indexType": "STRING",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": true,
+          "isUnique": false,
+          "skipScrubbing": true,
+          "includeInNotification": true
+        },
         {
           "name": "authServiceIsEnabled",
           "typeName": "boolean",
@@ -681,9 +692,19 @@
         "Asset"
       ],
       "serviceType": "atlan",
-      "typeVersion": "1.1",
+      "typeVersion": "1.2",
       "attributeDefs":
       [
+        {
+          "name": "policyFilterCriteria",
+          "typeName": "string",
+          "cardinality": "SINGLE",
+          "isIndexable": false,
+          "isOptional": true,
+          "isUnique": false,
+          "skipScrubbing": true,
+          "includeInNotification": true
+        },
         {
           "name": "policyType",
           "typeName": "AuthPolicyType",
@@ -1041,6 +1062,29 @@
           "includeInNotification": false
         }
       ]
+    },
+    {
+      "name": "StakeholderTitle",
+      "description": "Instance of a stakeholder title for Domains in Atlan",
+      "superTypes": [
+        "Asset"
+      ],
+      "serviceType": "atlan",
+      "typeVersion": "1.0",
+      "attributeDefs": [
+        {
+          "name": "stakeholderTitleDomainQualifiedNames",
+          "description": "qualified name array representing the Domains for which this StakeholderTitle is applicable",
+          "typeName": "array<string>",
+          "indexType": "STRING",
+          "isOptional": true,
+          "cardinality": "SET",
+          "isUnique": false,
+          "isIndexable": false,
+          "skipScrubbing": true,
+          "includeInNotification": false
+        }
+      ]
     }
   ],
   "relationshipDefs": [

diff --git a/addons/override-policies/glossary_policies.json b/addons/override-policies/glossary_policies.json
@@ -0,0 +1,113 @@
+{
+    "entities":
+    [
+        {
+            "typeName": "AuthPolicy",
+            "customAttributes": {
+                "internalId": 28
+            },
+            "attributes":
+            {
+                "name": "READ_GLOSSARY",
+                "qualifiedName": "READ_GLOSSARY",
+                "policyCategory": "bootstrap",
+                "policySubCategory": "default",
+                "policyServiceName": "atlas",
+                "policyType": "allow",
+                "policyPriority": 1,
+                "policyUsers":
+                [],
+                "policyGroups":
+                [],
+                "policyRoles":
+                [
+                    "$admin",
+                    "$api-token-default-access"
+                ],
+                "policyResourceCategory": "ENTITY",
+                "policyResources":
+                [
+                    "entity-type:AtlasGlossary",
+                    "entity-classification:*",
+                    "entity:*"
+                ],
+                "policyActions":
+                [
+                    "entity-read"
+                ]
+            }
+        },
+        {
+            "typeName": "AuthPolicy",
+            "customAttributes": {
+                "internalId": 29
+            },
+            "attributes":
+            {
+                "name": "READ_TERM",
+                "qualifiedName": "READ_TERM",
+                "policyCategory": "bootstrap",
+                "policySubCategory": "default",
+                "policyServiceName": "atlas",
+                "policyType": "allow",
+                "policyPriority": 1,
+                "policyUsers":
+                [],
+                "policyGroups":
+                [],
+                "policyRoles":
+                [
+                    "$admin",
+                    "$api-token-default-access"
+                ],
+                "policyResourceCategory": "ENTITY",
+                "policyResources":
+                [
+                    "entity-type:AtlasGlossaryTerm",
+                    "entity-classification:*",
+                    "entity:*"
+                ],
+                "policyActions":
+                [
+                    "entity-read"
+                ]
+            }
+        },
+        {
+            "typeName": "AuthPolicy",
+            "customAttributes": {
+                "internalId": 30
+            },
+            "attributes":
+            {
+                "name": "READ_CATEGORY",
+                "qualifiedName": "READ_CATEGORY",
+                "policyCategory": "bootstrap",
+                "policySubCategory": "default",
+                "policyServiceName": "atlas",
+                "policyType": "allow",
+                "policyPriority": 1,
+                "policyUsers":
+                [],
+                "policyGroups":
+                [],
+                "policyRoles":
+                [
+                    "$admin",
+                    "$api-token-default-access"
+                ],
+                "policyResourceCategory": "ENTITY",
+                "policyResources":
+                [
+                    "entity-type:AtlasGlossaryCategory",
+                    "entity-classification:*",
+                    "entity:*"
+                ],
+                "policyActions":
+                [
+                    "entity-read"
+                ]
+            }
+        }
+    ]
+}
diff --git a/addons/policies/bootstrap_admin_policies.json b/addons/policies/bootstrap_admin_policies.json
@@ -49,6 +49,31 @@
           "admin-task-cud"
         ]
       }
+    },
+    {
+      "typeName": "AuthPolicy",
+      "attributes": {
+        "name": "ADMIN_ALLOW_FEATURE_FLAG_CUD",
+        "qualifiedName": "ADMIN_ALLOW_FEATURE_FLAG_CUD",
+        "policyCategory": "bootstrap",
+        "policySubCategory": "default",
+        "policyServiceName": "atlas",
+        "policyType": "allow",
+        "policyPriority": 1,
+        "policyUsers": [
+          "service-account-atlan-argo",
+          "service-account-atlan-backend"
+        ],
+        "policyGroups": [],
+        "policyRoles": [],
+        "policyResourceCategory": "ADMIN",
+        "policyResources": [
+          "atlas-service:*"
+        ],
+        "policyActions": [
+          "admin-featureFlag-cud"
+        ]
+      }
     }
   ]
 }