[jira] [Commented] (CASSANDRA-18316) Add feature flag for dynamic data masking
[
https://issues.apache.org/jira/browse/CASSANDRA-18316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17701384#comment-17701384
]
Andres de la Peña commented on CASSANDRA-18316:
---
Committed to [the feature branch|https://github.com/apache/cassandra/pull/2193]
for CASSANDRA-17940 as
[5968af4d9051a68bb9e4f1748cd4654610231f1e|https://github.com/apache/cassandra/pull/2193/commits/5968af4d9051a68bb9e4f1748cd4654610231f1e].
Thanks for the review.
> Add feature flag for dynamic data masking
> -
>
> Key: CASSANDRA-18316
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18316
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Fix For: 5.x
>
>
> Dynamic data masking
> ([CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking])
> is a new feature, so it will need a feature flag in {{cassandra.yaml}}.
> Something like:
> {code}
> # If enabled, dynamic data masking allows to attach CQL masking functions to
> the columns of a table.
> # Users without the UNMASK permission will see an obscured version of the
> values of the columns with an attached mask.
> # If dynamic data masking is disabled it won't be allowed to create new
> column masks, although it will still be possible
> # to drop any previously existing masks. Also, any existing mask will be
> ignored at query time, so all users will see
> # the clear values of the masked columns.
> dynamic_data_masking_enabled: false
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18316) Add feature flag for dynamic data masking
[
https://issues.apache.org/jira/browse/CASSANDRA-18316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17699569#comment-17699569
]
Andres de la Peña commented on CASSANDRA-18316:
---
Thanks for the review. Indeed we'll need a rebase and final CI and review
rounds before merging the feature branch.
> Add feature flag for dynamic data masking
> -
>
> Key: CASSANDRA-18316
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18316
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Fix For: 5.x
>
>
> Dynamic data masking
> ([CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking])
> is a new feature, so it will need a feature flag in {{cassandra.yaml}}.
> Something like:
> {code}
> # If enabled, dynamic data masking allows to attach CQL masking functions to
> the columns of a table.
> # Users without the UNMASK permission will see an obscured version of the
> values of the columns with an attached mask.
> # If dynamic data masking is disabled it won't be allowed to create new
> column masks, although it will still be possible
> # to drop any previously existing masks. Also, any existing mask will be
> ignored at query time, so all users will see
> # the clear values of the masked columns.
> dynamic_data_masking_enabled: false
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18316) Add feature flag for dynamic data masking
[
https://issues.apache.org/jira/browse/CASSANDRA-18316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17699544#comment-17699544
]
Berenguer Blasi commented on CASSANDRA-18316:
-
It's quite a small one. I'm +1 on it to merge into the feature branch. But I
will still need one pass when everything merges into the main feature branch.
> Add feature flag for dynamic data masking
> -
>
> Key: CASSANDRA-18316
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18316
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Fix For: 5.x
>
>
> Dynamic data masking
> ([CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking])
> is a new feature, so it will need a feature flag in {{cassandra.yaml}}.
> Something like:
> {code}
> # If enabled, dynamic data masking allows to attach CQL masking functions to
> the columns of a table.
> # Users without the UNMASK permission will see an obscured version of the
> values of the columns with an attached mask.
> # If dynamic data masking is disabled it won't be allowed to create new
> column masks, although it will still be possible
> # to drop any previously existing masks. Also, any existing mask will be
> ignored at query time, so all users will see
> # the clear values of the masked columns.
> dynamic_data_masking_enabled: false
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Commented] (CASSANDRA-18316) Add feature flag for dynamic data masking
[
https://issues.apache.org/jira/browse/CASSANDRA-18316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17698557#comment-17698557
]
Andres de la Peña commented on CASSANDRA-18316:
---
Here is the patch adding the feature flag, on top of the other DDM patches:
||Patch||CI||
|[trunk|https://github.com/apache/cassandra/compare/trunk...adelapena:18316-trunk]|[j8|https://app.circleci.com/pipelines/github/adelapena/cassandra/2707/workflows/87f8fae7-8d4b-4838-9280-a9b3ee67f026]
[j11|https://app.circleci.com/pipelines/github/adelapena/cassandra/2707/workflows/78c1d6e0-aa96-4775-b6ff-771768940809]|
It forbids creating new masks if the yaml property
{{dynamic_data_masking_enabled}} is disabled. If DDM is disabled but there are
previously existing masks, those masks will be kept but they won't be applied.
Any existing masks can be dropped even if DDM is disabled, so users have a way
to get rid of the masks if they have disabled them due to some problem. This is
the same we do with, for example, {{{}user_defined_functions_enabled{}}}.
I'm intentionally not exposing the feature flag through JMX, so a malicious
user can’t disable it and expose the clear values.
[~Bereng] / [~blerer] would any of you have cycles to take a look? This should
be the last bit on DDM.
> Add feature flag for dynamic data masking
> -
>
> Key: CASSANDRA-18316
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18316
> Project: Cassandra
> Issue Type: New Feature
> Components: Feature/Dynamic Data Masking
>Reporter: Andres de la Peña
>Assignee: Andres de la Peña
>Priority: Normal
> Fix For: 5.x
>
>
> Dynamic data masking
> ([CEP-20|https://cwiki.apache.org/confluence/display/CASSANDRA/CEP-20%3A+Dynamic+Data+Masking])
> is a new feature, so it will need a feature flag in {{cassandra.yaml}}.
> Something like:
> {code}
> # If enabled, dynamic data masking allows to attach CQL masking functions to
> the columns of a table.
> # Users without the UNMASK permission will see an obscured version of the
> values of the columns with an attached mask.
> # If dynamic data masking is disabled it won't be allowed to create new
> column masks, although it will still be possible
> # to drop any previously existing masks. Also, any existing mask will be
> ignored at query time, so all users will see
> # the clear values of the masked columns.
> dynamic_data_masking_enabled: false
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
