[
https://issues.apache.org/jira/browse/CASSANDRA-18068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17695830#comment-17695830
]
Andres de la Peña edited comment on CASSANDRA-18068 at 3/2/23 5:13 PM:
-----------------------------------------------------------------------
[~blerer] has convinced me on Slack for going back to the previous approach for
the mask placement into the column definition. The key argument for me is that
{{PRIMARY KEY}} is not entirely part of the individual column definition
because it can appear isolated at the end of the list of column definitions.
And the reasoning for putting {{STATIC}} before {{MASKED WITH ...}} is just
that {{STATIC}} is more important than the mask, and it gets a bit lost after
the multi-line mask definition. So I'm reverting the latter change about this
and going back to:
{code:java}
CREATE TABLE t1(k int MASKED WITH mask_replace(-1) PRIMARY KEY);
CREATE TABLE t2(k int,
c int,
s int STATIC MASKED WITH mask_replace(-1),
PRIMARY KEY(k, c));
{code}
[~bereng] please let me know if you agree with us on this.
Another thing pointed out by Benjamin is that we don't support schema updates
during rolling upgrades. Any attempt of creating or altering a table, masked or
not, times out with a schema mismatch. So we don't really need the cluster min
version check nor the entire upgrade test. I have removed both things
[here|https://github.com/apache/cassandra/pull/2110/commits/6e563cbda336f5a4ee9f5083ea1797c9c0c7b643].
Finally, I'm adding [a new
dtest|https://github.com/apache/cassandra/pull/2110/commits/33cef33c9102f2851b940bac177b0b2bf674550e]
to verify that the masks are correctly propagated to other nodes in the
cluster, and that they are correctly loaded from disk at startup.
I think this and the solution for post-ordering address all the remaining
review feedback. Here is a CI run for the latter changes:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/2110]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2679/workflows/dd588207-d0c2-4315-ab63-42b1436db970]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2679/workflows/4fdbab9b-571b-4e7b-abd1-99bab92b531b]|
was (Author: adelapena):
[~blerer] has convinced me on Slack for going back to the previous approach for
the mask placement into the column definition. The key argument is that
{{PRIMARY KEY}} is not entirely part of the individual column definition
because it can appear isolated at the end of the list of column definitions.
And the reasoning for putting {{STATIC}} before {{MASKED WITH ...}} is just
that {{STATIC}} is more important that the mask, and it gets a bit lost after
the multi-line mask definition. So I'm reverting the latter change about this
and going back to:
{code:java}
CREATE TABLE t1(k int MASKED WITH mask_replace(-1) PRIMARY KEY);
CREATE TABLE t2(k int,
c int,
s int STATIC MASKED WITH mask_replace(-1),
PRIMARY KEY(k, c));
{code}
[~bereng] please let me know if you agree with us on this.
Another thing pointed out by Benjamin is that we don't support schema updates
during rolling upgrades. Any attempt of creating or altering a table, masked or
not, times out with a schema mismatch. So we don't really need the cluster min
version check nor the entire upgrade test. I have removed both things
[here|https://github.com/apache/cassandra/pull/2110/commits/6e563cbda336f5a4ee9f5083ea1797c9c0c7b643].
Finally, I'm adding [a new
dtest|https://github.com/apache/cassandra/pull/2110/commits/33cef33c9102f2851b940bac177b0b2bf674550e]
to verify that the masks are correctly propagated to other nodes in the
cluster, and that they are correctly loaded from disk at startup.
I think this and the solution for post-ordering address all the remaining
review feedback. Here is a CI run for the latter changes:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/2110]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2679/workflows/dd588207-d0c2-4315-ab63-42b1436db970]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2679/workflows/4fdbab9b-571b-4e7b-abd1-99bab92b531b]|
> Allow to attach native masking functions to table columns
> ---------------------------------------------------------
>
> Key: CASSANDRA-18068
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18068
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
> Reporter: Andres de la Peña
> Assignee: Andres de la Peña
> Priority: Normal
> Time Spent: 9h 10m
> Remaining Estimate: 0h
>
> Allow to attach the native masking functions added by CASSANDRA-17941 to
> table columns, as defined by
> [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
>
> {{CREATE TABLE}} statements would look like:
> {code}
> > CREATE TABLE patients (
> id timeuuid PRIMARY KEY,
> name text MASKED WITH partial(2, 1),
> birth date MASKED WITH default()
> );
> > INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21);
>
> > SELECT name, birth FROM patients;
>
> name | birth
> ---------+------------
> alXXXXe | 1900-01-01
> {code}
> {{ALTER TABLE}} statements would look like:
> {code}
> > ALTER TABLE patients ALTER name MASKED WITH partial(2, 1);
> > ALTER TABLE patients ALTER name WITHOUT MASK;
> {code}
> It won't be possible to use masked columns in the WHERE and IF clauses of
> SELECT and UPDATE statements.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
