Technical preview function is in a state that it can be tried. The development is complete, there is documentation and there are samples, tutorials and hands-on labs as appropriate.
The community is looking for feedback on the function before declaring it stable. This feedback may result in changes to the external interfaces.
Governance Action Framework (GAF)¶
The governance action framework (GAF) provides the interfaces and base implementations for components (called governance action services) that take action to:
- detect, report and eventually correct a situation that is harmful to the data or the organization in some way or
- to enhance the metadata to improve its use.
The governance action framework can be used for three purposes:
- Provide the complete implementation and orchestration of a governance process.
- Provide coordination between processes run by specialized governance systems. For example, coordinating a DevOps pipeline with a data movement and quality process and security incident management.
- Provide contextual metadata plus an audit trail of actions managed by an external governance process.
A governance action describes a specific governance activity that needs to be performed on one or more metadata elements, or their counterparts in the digital landscape.
A governance action is represented as a metadata entity in the open metadata repositories and linked to:
- The source (cause) of the governance action.
- The target elements that need to be acted upon.
- The governance engine that will run the governance service that implements the desired behavior.
GovernanceAction metadata entity is used to coordinate the desired activity in the governance engine, record its current state and act as a record of the activity for future audits.
Governance services produce output strings called guards that indicate specific conditions or outcomes. These guards can be used to trigger new governance actions. Triggered governance actions are linked to their predecessor so it possible to trace through the governance actions that ran.
The governance action process defines the flow of governance actions. It uses governance action types to build up a template of possible governance actions linked via the guards. When the process runs, its linked governance action types control the triggering of new governance actions.
If the start date of the governance action is in the future, the engine host services running in the same engine host as the nominated governance engine will schedule the governance service to run soon after the requested start date. If the start date is left blank, the requested governance service is run as soon as possible.
Governance action process¶
A governance action process defines a prescribed sequence of governance actions. Its definition consists of a linked set of governance action types. Each governance action type describes which governance action service to run from which governance action engine along with the request type and request parameters to pass. The linkage between the governance action types shows the guards that must be true to initiate the next governance action in the flow.
- The 0461 governance action engines model shows how the request type links the governance action engine to the governance action service via the
- The 0470 incident reporting model shows the structure of the incident report. It is a Referenceable so it can support comments and have governance actions linked to it.
- Governance action processes are defined using the Governance Engine OMAS.
- The Open Metadata Engine Services (OMES) provide the mechanisms that support the different types of governance action engines. These engines run the governance action services that execute the governance actions defined by the governance action process.
Governance action type¶
A governance action type is a template for a governance action. A set of linked governance action types form the definition of a governance action process.
Governance action types are defined through the Governance Engine OMAS and this OMAS also coordinates the creation of a governance action from the governance action type as part of its execution of the governance action process.
The governance action type is defined in the 0462 governance action type model.
An incident report describes a situation that is out of line with the governance definitions (such as policies and rules). It provides a focus point to coordinate efforts to resolve the situation.
As the incident is handled, details of the cause, affected resources and actions taken are attached to the incident report to create a complete record of the incident for future analysis.
Incident reports are typically created by governance watchdog services.
Governance action services¶
A governance action service is a specialized connector that performs monitoring of metadata changes, validation of metadata, triage of issues, assessment and/or remediation activities on request.
There are five types of governance action services, each of which supports a specialist governance activity (see subsections).
These are often used in conjunction with the open discovery services from the Open Discovery Framework (ODF). Collectively they are called the governance services and they can be linked together into governance action processes.
Some governance action services invoke functions in external engines that are working with data and related assets. The GAF offers embeddable functions and APIs to simplify the implementation of governance action services, and their integration into the broader digital landscape, whilst being resilient and with good performance.
Watchdog governance service¶
The watchdog governance service monitors changes in the metadata and initiates one of the following as a result:
One example of a watchdog governance service is to monitor for new assets. Another example is to monitor the addition of open discovery reports and take action on their content.
Verification governance service¶
Verification governance services test the properties of specific open metadata elements to ensure they are set up correctly and do not indicate a situation where governance activity is required. The results returned from the verification governance service can be used to trigger other governance services as part of a governance action process.
The verification services may also publish guards to report on any errors it finds.
For example, it may check that a new asset has an owner, is set up with zones and includes a connection and a schema.
Triage governance service¶
Triage governance services run triage rules to determine how to manage a situation. This could be to initiate an external workflow, wait for manual decision or initiate a remediation request through either an external workflow or by creating a
ToDo for a specific person.
Remediation governance service¶
The remediation governance services perform updates to metadata. Examples of remediation services are duplicate linking and consolidation.
Provisioning governance service¶
A provisioning governance service invokes a provisioning service whenever a provisioning request is made. Typically, the provisioning service is an external service. It may also create lineage metadata to describe the work of the provisioning engine.
Implementing governance action services¶
Governance action services are open connectors that support the interfaces defined by the GAF. They may produce audit log records and exceptions, and they may make changes to metadata through the Open Metadata Access Services (OMAS).
A governance action service is passed a context as it is started. This provides access to the request type and associated parameters (name-value pairs) used to invoke the governance action service, along with a client to access open metadata through the Governance Engine OMAS.
This context is then specialized for each type of governance action service. Details of the specific context for each service can be found in the links above to the various governance action service types.
Configuring governance action services¶
A collection of related governance action services are grouped into governance action engines for deployment. The governance action engine maps governance action request types to the governance action service that should be invoked along with.
These definitions are created through the Governance Engine OMAS and are stored in the open metadata repositories.
Governance action engines are hosted in an Open Metadata Engine Service (OMES) running on one or more engine hosts. The Open Metadata Types used to define the governance action engines are located in 0461 governance action engines.
Running governance action services¶
Governance action engines are hosted by the Governance Action OMES.
The engine services run in dedicated OMAG Server called the engine host. You can find instructions for configuring the engine services in the engine host in the administration guide.
The Governance Engine OMAS provides the services for:
- setting up the definitions of a governance action engine.
- configuring governance action processes.
- managing governance actions and incident reports.
A governance pack is a collection of pre-defined governance engines and services definitions plus governance service implementations.
A team can use the governance pack to distribute the governance engine function to different metadata ecosystems.