feat(data-masking): add custom mask functionalities #5837
Conversation
pull-request-size
bot
added
the
size/L
boring-cyborg
bot
added
documentation
|
Hi @leandrodamascena ! Can I have your help here with mypy? Thanks! |
|
Hi @leandrodamascena! |
github-actions
bot
removed
the
documentation
boring-cyborg
bot
added
the
documentation
There was a problem hiding this comment.
Hey @anafalcao! Another round of review. This is a nice work, we just need to fix some things. 🚀
| def erase(self, data: Sequence | Mapping, fields: list[str] | None = None) -> str | list[str] | tuple[str] | dict: | ||
| return self._apply_action(data=data, fields=fields, action=self.provider.erase) | ||
| @overload | ||
| def erase(self, data: dict[Any, Any], *, masking_rules: dict[str, object]) -> dict[Any, Any]: ... |
There was a problem hiding this comment.
I'm not sure if we need the arg * here. Can you try to remove this method signature and see if mypy complains?
There was a problem hiding this comment.
Tried to remove, but increases the number of mypy errors
There was a problem hiding this comment.
Lets keep this conversation opened until we find a solution for this.
tests/unit/data_masking/_aws_encryption_sdk/test_unit_data_masking.py
Outdated
Show resolved
Hide resolved
github-actions
bot
removed
the
documentation
boring-cyborg
bot
added
the
documentation
anafalcao
force-pushed
the
custom_mask
branch
from
e5e8b6f to
63c7918
Compare
pull-request-size
bot
added
size/XL
|
github-actions
bot
removed
the
documentation
Issue number:
#5826
Summary
This PR enhances the data masking tool by introducing flexible masking options. These new features allow for dynamic, pattern-based, and regex-based masking, providing users with greater control over how sensitive data is obscured in using the
erasemethod.Changes
New flags for
erase():dynamic_mask(bool): Enables dynamic masking behavior when set to True, by maintaining the original length and structure of the text replacing with*.Example: dynamic_mask = True for 'Avenue St' is '****** **'
custom_mask(str): Specifies a simple pattern for masking data. This pattern is applied directly to the input string, replacing all the original characters.For example, with a mask_pattern of "XX-XX" applied to "12345", the result would be "XX-XX".
regex_pattern(str): Defines a regular expression pattern used to identify parts of the input string that should be masked. This allows for more complex and flexible masking rules. It's used in conjunction with mask_format.mask_format(str): Specifies the format to use when replacing parts of the string matched by regex_pattern. It can include placeholders (like \1, \2) to refer to captured groups in the regex pattern, allowing some parts of the original string to be preserved.For example: '[email protected]' could become 'e*****@email.com'
masking_rules(dict): Apply different rules (formats) for each data field.User experience
Previously, users had limited options for masking sensitive data. The
erase()function provided basic masking capabilities, typically replacing entire fields or values with a fixed mask (e.g., '*****').With the new masking options, users now have much more control over how their sensitive data is obscured. The enhanced
erase()function offers a range of flexible masking techniques to suit various use cases, including different techniques for each field:Checklist
If your change doesn't seem to apply, please leave them unchecked.
Is this a breaking change?
RFC issue number:
Checklist:
Acknowledgment
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.