Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Just does not apply the masking policies for me #79

Open
aleenprd opened this issue Oct 18, 2024 · 1 comment
Open

Just does not apply the masking policies for me #79

aleenprd opened this issue Oct 18, 2024 · 1 comment

Comments

@aleenprd
Copy link

aleenprd commented Oct 18, 2024
edited
Loading

package

  - package: entechlog/dbt_snow_mask
    version: 0.2.6

dbt_project.yml

  # Masking Policy
  use_common_masking_policy_db: "True"
  common_masking_policy_db: "UTIL_DB"
  common_masking_policy_schema: "UTILS"
  use_force_applying_masking_policy: "True"

models:
  post-hook: 
  - "{{ dbt_snow_mask.apply_masking_policy('models') }}"
  - 
on-run-start:
  - "{{ dbt_snow_mask.create_masking_policy('models')}}"
  - "{{ dbt_snow_mask.create_masking_policy('sources')}}"

'create_masking_policy_encrypt_sensitive_data file in macros

{% macro create_masking_policy_encrypt_sensitive_data(node_database,node_schema) %}

CREATE MASKING POLICY IF NOT EXISTS {{node_database}}.{{node_schema}}.encrypt_sensitive_data AS (val string) 
    RETURNS string ->
        CASE WHEN CURRENT_ROLE() IN (
            'ACCOUNTADMIN'
        ) THEN val
        ELSE SHA2(val, 256)
    END

{% endmacro %}

yml of model

version: 2
models:
- name: temp_sha2
  columns:
  - name: id
    meta:
      masking_policy: encrypt_sensitive_data

Logs

14:04:03  Running 2 on-run-start hooks
14:04:04  1 of 2 START hook: grouponemodel.on-run-start.0 ................................ [RUN]
14:04:04  1 of 2 OK hook: grouponemodel.on-run-start.0 ................................... [OK in 0.00s]
14:04:05  2 of 2 START hook: grouponemodel.on-run-start.1 ................................ [RUN]
14:04:05  2 of 2 OK hook: grouponemodel.on-run-start.1 ................................... [OK in 0.00s]
14:04:05  
14:04:05  Concurrency: 16 threads (target='local_prod')
14:04:05  
14:04:05  1 of 1 START sql table model intermediate.temp_sha2 ............................ [RUN]
14:04:07  16:04:07 | applying masking policy to model  : UTIL_DB.UTILS.ENCRYPT_SENSITIVE_DATA on GROUPONEDATA_PROD.intermediate.temp_sha2.id [force = True]
14:04:09  16:04:09 | applying masking policy to model  : UTIL_DB.UTILS.ENCRYPT_SENSITIVE_DATA on GROUPONEDATA_PROD.intermediate.temp_sha2.id [force = True]
14:04:09  1 of 1 OK created sql table model intermediate.temp_sha2 ....................... [SUCCESS 1 in 4.65s]
14:04:09  
14:04:09  Finished running 1 table model, 2 project hooks in 0 hours 0 minutes and 10.09 seconds (10.09s).
14:04:10  
14:04:10  Completed successfully
14:04:10  
14:04:10  Done. PASS=1 WARN=0 ERROR=0 SKIP=0 TOTAL=1

It simply does not mask the data. I can manually apply the policy to the columns and it works, but it doesn't get applied by dbt,
@entechlog
Copy link
Owner

Do you see something in dbt logs file related to create_masking_policy ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@entechlog @aleenprd