Cloudera Docs

POST /admin/audit/ API

The POST /admin/audit/ API endpoint can be used to retrieve the entity purge operations that have occurred in a given time period.

To report what entities were purged, use the POST method on the /admin/audit/ endpoint with a payload containing a JSON-formated query for purged entities:
POST /api/atlas/admin/audit/

where the parameters include:

Parameter Format / Value Description
body: auditFilters JSON-formatted query including:
  • username (required)
  • purge operation (required)
  • start time
  • end time
The results can further be controlled with:
  • limit
  • offset
  • sort by (required)
  • sort order
 The payload describes a query that returns PURGE operations performed by a specific user. The query can include a filter for a specific time range, where the start and end times are specified in UNIX epoch time. The query results can also be paged using a result count (limit) and offset so multiple calls can be made to retrieve unique result sets.
header: content type application/json Atlas expects the payload of the call to be in JSON format.
header: authorization Per your environment Atlas requires authentication, which you can provide with a username and password as a parameter in a cURL call (-u username:password) or using cookies or other generated methods to pass appropriate credentials. The user must have Atlas administrator privileges.

The audit filter in this call uses the same syntax as Atlas' search filters. Here are some guidelines that are useful for using this interface for purge auditing:

  • Valid operators for the time criteria include less than (lt), greater than (gt), less than or equal to (lte), greater than or equal to (gte), equal to (eq), and not equal to (neq).
  • Valid operators for the string criteria include like, startsWith, endsWith, contains, isNull, notNull, and equals (eq).
  • The sortOrder can be ASCENDING or DESCENDING.

The response from a POST /admin/audit call is a JSON-formatted list of the purge operations that occurred in the specified time range. The content includes the parameters passed in the purge call and the list of GUIDs for the entities that were successfully purged. If no entities are purged, the response is an empty list [].

For example, a cURL command to return the most recent 10 purge operations might look like the following where the authorization is passed in the call as a username and clear-text password:
curl -X POST 'http://host3.acme.com:31000/api/atlas/admin/audit/' \
-H 'Content-Type: application/json' \
-d '{
    "auditFilters": {
        "condition": "AND",
        "criterion": [
            {
                "attributeName": "userName",
                "operator": "like",
                "attributeValue": "admin"
            },
            {
                "attributeName": "operation",
                "operator": "like",
                "attributeValue": "PURGE"
            }
        ]
    },
    "limit": 10,
    "offset": 0,
    "sortBy": "endTime",
    "sortOrder": "DESCENDING"
}
' -u username:password

The response includes a list of purge operations (this example is shortened to only two entries):

[
    {
        "guid": "d93c7664-6e41-4aa9-aed8-b740b985c9a0",
        "userName": "admin",
        "operation": "PURGE",
        "params": "[ac2772e8-984d-4ab6-9e99-323f1be2d3c0, 90231026-6581-4168-8828-f010aa9b097c]",
        "startTime": 1576261685009,
        "endTime": 1576261685197,
        "clientId": "10.16.1.255",
        "result": "ac2772e8-984d-4ab6-9e99-323f1be2d3c0,ae143e74-48d4-4f4b-8164-192bc842ed3b,dd742369-2a2c-44ee-902c-4d78a55b7100,90231026-6581-4168-8828-f010aa9b097c"
    },
    {
        "guid": "b964079d-1f55-43f3-af7b-3a3701378826",
        "userName": "admin",
        "operation": "PURGE",
        "params": "[35b7aaad-2aaf-4af8-a043-e7b524e1314e]",
        "startTime": 1576028426951,
        "endTime": 1576028427165,
        "clientId": "10.16.1.255",
        "result": "35b7aaad-2aaf-4af8-a043-e7b524e1314e,add45b8a-4bef-4ebb-a8d0-0b8b920f068d"
    },...
]