Manage data contracts¶
Limited availability
Data contracts can currently only be managed for tables, views, and materialized views.
Initialize a contract¶
To generate a contract for an existing asset in Atlan:
atlan init contract \ # (1)
--asset "Table@CUST_TXN" \ # (2)
--data-source "snowflake" # (3)
- Use
atlan init contract
to initialize a contract. If you provide no other arguments, the CLI will generate a skeletal contract you can fill in yourself. - To pre-populate the contract with information about a dataset, you must provide the type and (technical)
name
of the asset to generate from, in the formatTypeName@name
. - To pre-populate the contract, you must also provide the name of the data source in which to find the asset.
This will generate a contract in your current working directory, using the details from the asset in Atlan as a starting point. (This requires you to first configure the Atlan CLI with details about your tenant.)
Can I manage contracts without Atlan connectivity?
You can also initialize a contract without any connection to Atlan, by leaving out the --asset
and --data-source
arguments. This will provide you a skeletal contract you can then fill in yourself.
Validate contract¶
You can validate the contract file is syntactically correct and refers to an asset known to Atlan:
atlan validate contract \ # (1)
-f "contract.yaml" # (2)
- Use
atlan validate contract
to validate a contract. - You must specify the filename that defines the contract.
Push contract¶
To apply the contract in Atlan, you then need to push the contract:
atlan push contract \ # (1)
-f "contract.yaml" # (2)
- Use
atlan push contract
to push a contract. - You must specify the filename that defines the contract.
Sync metadata¶
To sync metadata from a contract file to the asset governed by the contract in Atlan:
atlan sync contract \ # (1)
-f "contract.yaml" # (2)
- Use
atlan sync contract
to sync metadata contained in a contract to the asset governed by that contract. - You must specify the filename that defines the contract (containing the metadata to be synced).
This command will sync the following from the contract file to the governed asset in Atlan:
description: |- # (1)
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus eu orci non arcu placerat tincidunt eu et ligula.
Nullam non nisi in risus finibus tristique non quis erat. Phasellus hendrerit finibus velit nec dapibus.
Sed non viverra ligula, at dignissim diam. Mauris finibus elementum mi id luctus.
Maecenas sit amet lectus placerat, lobortis turpis dictum, semper magna.
Nullam sollicitudin ipsum eget felis vulputate, sit amet ultrices nisi posuere. Ut facilisis eu enim id maximus.
owners:
users: # (2)
- jdoe
- jsmith
groups: # (3)
- data_producers_group
certification:
status: VERIFIED # (4)
message: ""
announcement:
type: information # (5)
title: ""
description: ""
terms: # (6)
- ""
tags: # (7)
- name: PII
propagate: false
restrict_propagation_through_lineage: false
restrict_propagation_through_hierarchy: false
custom_metadata: # (8)
Data Quality:
Completeness Score: 100
Failed Checks:
- 884438be-82cc-4e04-bfe1-fba59276df38
- afa0e560-a916-4862-a2f2-c491f19f39f5
- Updates the user-managed description of the governed asset.
- Appends individual user owners to the list of existing owning users of the governed asset. Each user should be listed by their username in Atlan.
- Appends group owners to the list of existing owning groups of the governed asset. Each group should be listed by its internal alias name in Atlan.
- Updates the certificate of the governed asset. Must be one of:
VERIFIED
DRAFT
DEPRECATED
- Updates the announcement on the governed asset. Must be one of:
information
warning
issue
-
Appends assigned terms to the list of terms assigned to the governed asset. Each term should be listed by its name in Atlan.
If multiple terms exist with the same name
If multiple terms are found with the same name in Atlan, these will be returned as a conflict (rather than any being added to the asset).
-
Appends tags to the list of tags assigned to the governed asset. Each tag should be listed by its name in Atlan.
- Merges the custom metadata provided with any existing custom metadata on the governed asset. Each custom metadata set and its attributes should be keyed by its name in Atlan.
Managing via CI/CD¶
You can combine the actions above to manage data contracts via automated CI/CD pipelines. For example, a process to automate publication of data contracts could be as follows:
Configure CLI for CI/CD¶
First, configure the CLI within your CI/CD environment.
Separate sensitive and non-sensitive configuration
As a general rule, we recommend removing sensitive information (like the API token) from your configuration file. Instead manage this through an environment variable, which your CI/CD environment can inject into the job that runs the CLI. (For example, in GitHub you can use GitHub Secrets to manage the API token and have it automatically injected as an environment variable in GitHub Actions.)
The non-sensitive configuration details can remain in the configuration file, and the configuration file itself can then be version-controlled in your source code repository, too.
The examples below assume you have stored:
- your tenant's URL in a repository secret named
ATLAN_BASE_URL
- the API token in a repository secret named
ATLAN_API_KEY
Publish contracts from CI/CD¶
Once configured, you can use the CLI to publish any new contracts or changes to existing contracts:
- Commit contract file(s) to your revision control repository.
- Apply any validations or approval processes you like in your revision control repository. (For example, GitHub Actions that are triggered by pull request events.)
- When the committed changes are merged to a particular branch (for example,
main
), trigger an action to publish them to Atlan using the command in the push contract step.
.atlan/config.yaml | |
---|---|
1 2 3 4 5 6 7 8 9 10 11 12 |
|
-
Your repository should configure the CLI. The simplest way to do this is to include the configuration file in your repository (it must be at exactly
.atlan/config.yaml
in your repository to be picked up by the GitHub Action automatically).Leave sensitive information out
Leave the sensitive information (like API token and URL of your tenant) out of the configuration file. These can instead be stored as GitHub Secrets and used via environment variables in the GitHub Action.
-
You may want to enable logging, so you'll have debugging information to review if something goes wrong.
- You will need to define the data sources used by your contracts.
.github/workflows/push-contracts.yml | |
---|---|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
|
- Specify the path where your contract files exist in the GitHub repository, so the action is only triggered when contract files themselves change.
- Configure the CLI with the URL of your tenant, here pulled from a repository secret with the name
ATLAN_BASE_URL
. - Again, this directory may need to change depending on where the contract files are within your GitHub repository.
- Include your API token as the
ATLAN_API_KEY
environment variable, here pulled from a repository secret with the same name.