Skip to content
This repository has been archived by the owner on Nov 30, 2022. It is now read-only.

Update Query Builder to use Masking Strategies on Policy Rules [#47] #31

Merged
merged 3 commits into from
Nov 8, 2021
Merged

Update Query Builder to use Masking Strategies on Policy Rules [#47] #31

merged 3 commits into from
Nov 8, 2021

Conversation

pattisdr
Copy link
Contributor

@pattisdr pattisdr commented Nov 5, 2021
edited
Loading

Purpose

Currently, when the query builder masks data, it replaces it with null values. Instead, update the query builder to use the masking strategies attached to Policy Rules for various data categories. As a first iteration, we'll still only allow null masking policy rules to be created while we get some other pieces in place, but this is a first step to connecting to actual masking strategies.

Future TODO's will include getting masking strategies to work with various data types #37 and have the caller be responsible for generating the key/salt, etc.

Changes

  • Restrict Policy Rules so we can only create ones with a null masking strategy specified (because this is all that technically works right now)
  • Update the generate_update_stmt methods for the SQLQueryConfig and MongoQueryConfig to replace values with those generated by the masking strategy on the rule policies instead of None
  • Dry up a mapping that points data categories to fields on a collection for use in multiple places - node.collection.categories_to_fields
  • Add base QueryConfig.build_rule_target_fields that maps all the rules on the policy to corresponding fields on a collection (via data categories)
  • Add base QueryConfig.update_value_map that pulls masking strategies off rules and takes in an input value, and returns field names mapped to their masked value.

Ticket

https://ethyca.atlassian.net/browse/SOL-220 (old internal ticket)
#47
Resolves #47

@pattisdr pattisdr mentioned this pull request Nov 8, 2021
Closed
@pattisdr pattisdr changed the title Update Query Builder to use Masking Strategies on Policy Rules [SOL-220] Update Query Builder to use Masking Strategies on Policy Rules [#47] Nov 8, 2021
@pattisdr pattisdr marked this pull request as ready for review November 8, 2021 18:41
@stevenbenjamin stevenbenjamin merged commit cb89d26 into main Nov 8, 2021
@stevenbenjamin stevenbenjamin deleted the SOL-220-masking-strategy-to-erasures branch November 8, 2021 18:48
@pattisdr pattisdr mentioned this pull request Nov 17, 2021
Closed
sanders41 pushed a commit that referenced this pull request Sep 22, 2022
@pattisdr
Update Query Builder to use Masking Strategies on Policy Rules [#47] (#…
acf592c 
…31)

* First draft: apply masking strategies on rules to erase data categories instead of null.

* Rename categories_to_fields to fields_by_category and add additional examples.

* Restrict to just null masking strategy for now, while we put some of the other pieces in place to support other strategies.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stevenbenjamin stevenbenjamin stevenbenjamin approved these changes

Assignees

@stevenbenjamin stevenbenjamin

@pattisdr pattisdr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update Query Builder to use Masking Strategies on Policy Rules
2 participants
@pattisdr @stevenbenjamin