[
https://issues.apache.org/jira/browse/CASSANDRA-18071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17687903#comment-17687903
]
Andres de la Peña commented on CASSANDRA-18071:
-----------------------------------------------
Here is the patch adding support for using UDFs as masking functions attached
to the schema:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/2156]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2638/workflows/97141ccf-2b0d-428f-8712-f29efb5d0f3e]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2638/workflows/48600cf0-152d-4e73-99b9-bad8ad7cdff0]|
The patch is based on CASSANDRA-18068, CASSANDRA-18069 and CASSANDRA-18070.
Attaching UDFs to table columns makes the table schema depend on the existence
of the UDF. Thus, dropping the function will be forbidden while there are any
masks using that function. This mimics the way we deal the dependency between
UDAs and UDFs. An alternative approach would have been just silently dropping
the masks when we remove the function. However, I think that could have easily
led to accidental data exposures.
At the moment the UDFs used for masking a column should belong to the same
keyspace as the table the masked column belongs too. Supporting UDFs in other
keyspaces could be slightly trickier for the dependency between UDFs and masks,
since we should prevent dropping entire keyspaces if they contain a UDF that is
used by a mask in another keyspace. I think that type of dependencies between
keyspaces are not ideal, and they should remain as isolated as possible. Note
that we do the same for UDAs, where the depending UDFs should be on the same
keyspace.
> Allow to use user-defined functions (UDF) as masking functions
> --------------------------------------------------------------
>
> Key: CASSANDRA-18071
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18071
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
> Reporter: Andres de la Peña
> Assignee: Andres de la Peña
> Priority: Normal
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Allow to attach user-defined functions (UDF) to tables so they can be used as
> masking functions, as defined by
> [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
> This will be similar to the native data masking functions introduced by
> CASSANDRA-17941 and attached to tables by CASSANDRA-18068.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
