[
https://issues.apache.org/jira/browse/CASSANDRA-18068?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17696436#comment-17696436
]
Andres de la Peña edited comment on CASSANDRA-18068 at 3/4/23 12:40 PM:
------------------------------------------------------------------------
The last CI round shows how removing the cluster min version check [breaks
upgrade
tests|https://app.circleci.com/pipelines/github/adelapena/cassandra/2679/workflows/dd588207-d0c2-4315-ab63-42b1436db970/jobs/27482].
That's because the nodes interchange information about the system distributed
keyspaces at startup,
[here|https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/service/StorageService.java#L1289-L1294].
The columns in those keyspaces aren't masked, but [possible mask
deletions|https://github.com/apache/cassandra/blob/7a7c887f7a14b0a5fa04fd7993d84068fcf03eba/src/java/org/apache/cassandra/schema/SchemaKeyspace.java#L719-L721]
are still propagated to the older nodes. When this happens, the older nodes
fail because they don't know anything about the DDM schema elements mentioned
by the deletion.
As an alternative to bringing back the cluster min version check, I'm just
simply disabling DDM on system distributed columns. This should be simpler,
faster and more robust that the cluster min version check.
I don't think we have any plans for masking {{system_distributed}} columns, nor
probably other system columns in general. Note also that users [cannot alter
the schemas of system
keyspaces|https://github.com/apache/cassandra/blob/cassandra-4.1/src/java/org/apache/cassandra/service/ClientState.java#L483-L502],
so they cannot setup masks on them either.
Here is CI again for the rebased+squashed PR, all green:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/2110]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2687/workflows/cf7ad885-2b3b-4164-8064-f45346914291]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2687/workflows/2aa644b2-603b-4f54-bca3-d016d8c4efca]|
was (Author: adelapena):
The last CI round shows how removing the cluster min version check breaks
upgrade tests.
That's because the nodes interchange information about the system distributed
keyspaces at startup,
[here|https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/service/StorageService.java#L1289-L1294].
The columns in those keyspaces aren't masked, but [possible mask
deletions|https://github.com/apache/cassandra/blob/7a7c887f7a14b0a5fa04fd7993d84068fcf03eba/src/java/org/apache/cassandra/schema/SchemaKeyspace.java#L719-L721]
are still propagated to the older nodes. When this happens, the older nodes
fail because they don't know anything about the DDM schema elements mentioned
by the deletion.
As an alternative to bringing back the cluster min version check, I'm just
simply disabling DDM on system distributed columns. This should be simpler,
faster and more robust that the cluster min version check.
I don't think we have any plans for masking {{system_distributed}} columns, nor
probably other system columns in general. Note also that users [cannot alter
the schemas of system
keyspaces|https://github.com/apache/cassandra/blob/cassandra-4.1/src/java/org/apache/cassandra/service/ClientState.java#L483-L502],
so they cannot setup masks on them either.
Here is CI again for the rebased+squashed PR, all green:
||PR||CI||
|[trunk|https://github.com/apache/cassandra/pull/2110]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2687/workflows/cf7ad885-2b3b-4164-8064-f45346914291]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2687/workflows/2aa644b2-603b-4f54-bca3-d016d8c4efca]|
> Allow to attach native masking functions to table columns
> ---------------------------------------------------------
>
> Key: CASSANDRA-18068
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18068
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
> Reporter: Andres de la Peña
> Assignee: Andres de la Peña
> Priority: Normal
> Time Spent: 9h 10m
> Remaining Estimate: 0h
>
> Allow to attach the native masking functions added by CASSANDRA-17941 to
> table columns, as defined by
> [CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking].
>
> {{CREATE TABLE}} statements would look like:
> {code}
> > CREATE TABLE patients (
> id timeuuid PRIMARY KEY,
> name text MASKED WITH partial(2, 1),
> birth date MASKED WITH default()
> );
> > INSERT INTO patients(id, name, birth) VALUES (now(), 'alice', '1982-12-21);
>
> > SELECT name, birth FROM patients;
>
> name | birth
> ---------+------------
> alXXXXe | 1900-01-01
> {code}
> {{ALTER TABLE}} statements would look like:
> {code}
> > ALTER TABLE patients ALTER name MASKED WITH partial(2, 1);
> > ALTER TABLE patients ALTER name WITHOUT MASK;
> {code}
> It won't be possible to use masked columns in the WHERE and IF clauses of
> SELECT and UPDATE statements.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
