Add more tests for column masking#10437
Conversation
There was a problem hiding this comment.
it would be worth for the readability of the test scenario to perform the query without any column masking
There was a problem hiding this comment.
I don't quite get the purpose of this masking.
The column comment has the value nstructions sleep furiously among .
Why do you check for password in this text?
There was a problem hiding this comment.
I want to mask some values in comment column (in this case the password value) and also to use comment column as a reference for the decision about masking other columns (we called it "conditional masking")
In a real example there is a json payload column with some attributes that should be masked and a country attribute that used as a reference for masking other columns.
There was a problem hiding this comment.
The column comment has the value
nstructions sleep furiously among.
This value doesn't contain a password substring. So, I guess the masking is pointless in this case. Or am I missing something?
There was a problem hiding this comment.
I found that issue happens in InlineProjections#inlineProjections
Maybe it relates on how column masks are added
There was a problem hiding this comment.
The column comment has the value
nstructions sleep furiously among.This value doesn't contain a
passwordsubstring. So, I guess the masking is pointless in this case. Or am I missing something?
You are right. That's why I added the last test (L293:L337)
There was a problem hiding this comment.
I had a look again on the test and I am sorry to say that I still don't quite understand why isn't there any masking in the result of the queries.
Shouldn't the test demonstrate that the * is masking the content of the returned columns on which the masking should apply?
There was a problem hiding this comment.
Shouldn't the test demonstrate that the
*is masking the content of the returned columns on which the masking should apply?
You are right. I fixed it now. Take a look on the tests with orderkey = 39 (L293:L337)
There was a problem hiding this comment.
The column comment has the value
nstructions sleep furiously among.This value doesn't contain a
passwordsubstring. So, I guess the masking is pointless in this case. Or am I missing something?
That's right. masking is pointless for this specific row, but I added it to demonstrate the issue when adding the masking on orderstatus while refering clerk (L291)
There was a problem hiding this comment.
I see now.
The purpose of the test is currently just to demonstrate that the masking doesn't work properly. Thank you for the patience in trying to explain the purpose of the tests.
guyco33
force-pushed
the
issue_10370
branch
2 times, most recently
from
e7f93e4 to
13b91b4
Compare
There was a problem hiding this comment.
Fails with Symbol clerk already has assignment
There was a problem hiding this comment.
Fails with Symbol clerk already has assignment
| } | ||
|
|
||
| @Test | ||
| public void testMultipleMasksOnSameColumn() |
There was a problem hiding this comment.
Removing this test, since AC doesn't allow to have more than one masking per column.
kokosing
left a comment
kokosing
left a comment
There was a problem hiding this comment.
The change is good. Please squash the commits and change the PR title and description as well as commit message to focus on a bug fix (not adding tests).
|
Fixed by #12262 |
3 participants
Tests are failing due to #10370