Skip to content

Commit

Permalink
#46: Adding FORCE in applying masking policies (#47)
Browse files Browse the repository at this point in the history
* #46: Adding FORCE in applying masking policies

* #46: Minor fix after the integration tests

* #46: typo error

Co-authored-by: Dat Nguyen <dat@infinitelambda>
  • Loading branch information
il-dat and Dat Nguyen authored Oct 27, 2022
1 parent 307c8ab commit e0206e7
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 5 deletions.
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,14 @@ vars:
masking_policy: mp_encrypt_pii
```

- Decide you force applying masking policy to avoid unsetting them before re-applying again - it helps to remove handy stuff whenever the masking policy definition is relocated to another database/schema:
**Example** : var block in dbt_project.yml to enable using force

```yaml
vars:
use_force_applying_masking_policy: "True"
```

- Create a new `.sql` file with the name `create_masking_policy_<masking-policy-name-from-meta>.sql` and the sql for masking policy definition. Its important for macro to follow this naming standard.

**Example** : create_masking_policy_mp_encrypt_pii.sql
Expand Down
1 change: 1 addition & 0 deletions dbt_project.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ macro-paths: ["macros"]
log-path: "logs"

vars:
use_force_applying_masking_policy: "False"
use_common_masking_policy_db: "False"
create_masking_policy_schema: "True"
common_masking_policy_db:
Expand Down
3 changes: 2 additions & 1 deletion integration_tests/dbt_project.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ clean-targets:
- "logs"

#vars:
# use_force_applying_masking_policy: "True"
# use_common_masking_policy_db: "True"
# common_masking_policy_db: "DEMO_DB"
# common_masking_policy_schema: "COMPLIANCE"
Expand All @@ -42,7 +43,7 @@ snapshots:
- "{{ dbt_snow_mask.apply_masking_policy('snapshots') }}"

dbt_snow_mask_integration_tests:
staging:
pii:
database: "DEV_ENTECHLOG_DEMO_DB"
schema: staging

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,9 @@

{% for masking_policy_in_db in masking_policy_list['MASKING_POLICY'] %}
{% if masking_policy_db|upper ~ '.' ~ masking_policy_schema|upper ~ '.' ~ masking_policy_name|upper == masking_policy_in_db %}
{{ log(modules.datetime.datetime.now().strftime("%H:%M:%S") ~ " | " ~ operation_type ~ "ing masking policy to model : " ~ masking_policy_db|upper ~ '.' ~ masking_policy_schema|upper ~ '.' ~ masking_policy_name|upper ~ " on " ~ database ~ '.' ~ schema ~ '.' ~ alias ~ '.' ~ column, info=True) }}
{{ log(modules.datetime.datetime.now().strftime("%H:%M:%S") ~ " | " ~ operation_type ~ "ing masking policy to model : " ~ masking_policy_db|upper ~ '.' ~ masking_policy_schema|upper ~ '.' ~ masking_policy_name|upper ~ " on " ~ database ~ '.' ~ schema ~ '.' ~ alias ~ '.' ~ column ~ ' [force = ' ~ var('use_force_applying_masking_policy','False') ~ ']', info=True) }}
{% set query %}
alter {{materialization}} {{database}}.{{schema}}.{{alias}} modify column {{column}} set masking policy {{masking_policy_db}}.{{masking_policy_schema}}.{{masking_policy_name}};
alter {{materialization}} {{database}}.{{schema}}.{{alias}} modify column {{column}} set masking policy {{masking_policy_db}}.{{masking_policy_schema}}.{{masking_policy_name}} {% if var('use_force_applying_masking_policy','False')|upper in ['TRUE','YES'] %} force {% endif %};
{% endset %}
{% do run_query(query) %}
{% endif %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,10 +58,10 @@

{% for masking_policy_in_db in masking_policy_list['MASKING_POLICY'] %}
{% if masking_policy_db|upper ~ '.' ~ masking_policy_schema|upper ~ '.' ~ masking_policy_name|upper == masking_policy_in_db %}
{{ log(modules.datetime.datetime.now().strftime("%H:%M:%S") ~ " | " ~ operation_type ~ "ing masking policy to source : " ~ masking_policy_db|upper ~ '.' ~ masking_policy_schema|upper ~ '.' ~ masking_policy_name|upper ~ " on " ~ database ~ '.' ~ schema ~ '.' ~ identifier ~ '.' ~ column, info=True) }}
{{ log(modules.datetime.datetime.now().strftime("%H:%M:%S") ~ " | " ~ operation_type ~ "ing masking policy to source : " ~ masking_policy_db|upper ~ '.' ~ masking_policy_schema|upper ~ '.' ~ masking_policy_name|upper ~ " on " ~ database ~ '.' ~ schema ~ '.' ~ identifier ~ '.' ~ column ~ ' [force = ' ~ var('use_force_applying_masking_policy','False') ~ ']', info=True) }}
{% set query %}
{% if operation_type == "apply" %}
alter {{materialization}} {{database}}.{{schema}}.{{identifier}} modify column {{column}} set masking policy {{masking_policy_db}}.{{masking_policy_schema}}.{{masking_policy_name}}
alter {{materialization}} {{database}}.{{schema}}.{{identifier}} modify column {{column}} set masking policy {{masking_policy_db}}.{{masking_policy_schema}}.{{masking_policy_name}} {% if var('use_force_applying_masking_policy','False')|upper in ['TRUE','YES'] %} force {% endif %}
{% elif operation_type == "unapply" %}
alter {{materialization}} {{database}}.{{schema}}.{{identifier}} modify column {{column}} unset masking policy
{% endif %}
Expand Down

0 comments on commit e0206e7

Please sign in to comment.