CASSANDRA-18071 trunk: Allow to use user-defined functions (UDF) as masking functions #2156
Conversation
src/java/org/apache/cassandra/cql3/statements/schema/DropFunctionStatement.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Not only. We would need something similar for authentication, but we can't use callOnInstance on upgrade tests. Also, as it's mentioned on that conversation we would also need a custom load balancing policy since the upgrade test involves multiple nodes. And, since upgrade tests are more sensitive to OOMs and timeouts, we would need to split the test. I have given it a go on top of 18069, on this commit. Some repeated runs can be found here.
test/unit/org/apache/cassandra/cql3/functions/masking/ColumnMaskWithUDFTest.java
Outdated
Show resolved
Hide resolved
Allows to attach the native masking functions added by CASSANDRA-17941 to the definitions of table columns in the schema, as defined by CEP-20. The functions masking a column can be specified on CREATE TABLE queries, right at the end of the column definition. The mask of a column can also be changed or dropped with an ALTER TABLE query. Once a column is masked, SELECT queries will always return the masked value of the column. That masking is done on the coordinator, at the end of the query execution. Thus, masking won't affect any filters or ordering, which would be based on the clear values of the masked columns. Column masks are stored on the system table system_schema.column_masks. patch by Andrés de la Peña; reviewed by Benjamin Lerer and Berenguer Blasi for CASSANDRA-18068
adelapena
force-pushed
the
18071-trunk
branch
3 times, most recently
from
85fe09f to
bea876f
Compare
The new permission allows to see the clear data of columns with an attached mask. Superusers have it by default, whereas regular users don't have it. patch by Andrés de la Peña; reviewed by Benjamin Lerer and Berenguer Blasi for CASSANDRA-18069
The new permission allows to run SELECT queries restricting the clear values of masked columns. Superusers have it by default, whereas regular users don't have it. patch by Andrés de la Peña; reviewed by Benjamin Lerer and Berenguer Blasi for CASSANDRA-18070
patch by Andrés de la Peña; reviewed by Benjamin Lerer and Berenguer Blasi for CASSANDRA-18071
blerer
left a comment
blerer
left a comment
There was a problem hiding this comment.
Could you add a test that use an UDF from another keyspace?
| String dependentMasks = keyspace.tables.stream() | ||
| .filter(table -> hasDependingMask(table, function)) | ||
| .map(table -> table.name) | ||
| .collect(joining(", ")); |
There was a problem hiding this comment.
The approach that is mostly use within the code base is to delegate that type of call to the classes themselves. See dependentAggregates bellow.
There was a problem hiding this comment.
I have just tried to do that with two new KeyspaceMetadata#tablesUsingFunction(Function) and TableMetadata#dependsOn(Function) methods.
That's already tested here. |
belliottsmith
force-pushed
the
trunk
branch
2 times, most recently
from
df3eb40 to
54e39a9
Compare
3 participants
Thanks for sending a pull request! Here are some tips if you're new here:
Commit messages should follow the following format:
The Cassandra Jira