Examples of Property-Based Anonymization Rules
This section includes examples of commonly used property-based anonymization rules.
Example 1: Mask one configuration parameter in multiple files
Rule definition example:
{
"name": "JPA_PASSWORD",
"rule_id": "Property",
"properties": ["oozie.service.JPAService.jdbc.password"],
"include_files": ["oozie-site.xml", "sqoop-site.xml"],
"action" : "REPLACE",
"replace_value": "Hidden"
}This rule anonymizes the value of oozie.service.JPAService.jdbc.password
in oozie-site.xml and sqoop-site.xml.
Input data, sqoop-site.xml:
<configuration>
<property>
<name>oozie.service.JPAService.jdbc.px</name>
<value>at@!_*rue</value>
</property>Output data, sqoop-site.xml, with anonymized
oozie.service.JPAService.jdbc.px parameter value:
<configuration>
<property>
<name>oozie.service.JPAService.jdbc.px</name>
<value>Hidden</value>
</property>Example 2: Mask multiple configuration parameters in multiple files
Rule definition example:
{
"name": "JDBC_JPA_PASSWORDS",
"rule_id": "Property",
"properties": ["oozie.service.JPAService.jdbc.password", "javax.jdo.option.ConnectionPassword"],
"include_files": ["oozie-site.xml", "sqoop-site.xml", "hive-site.xml"],
"action" : "REPLACE",
"replace_value": "Hidden"
}Example 3: Mask a configuration that matches a pattern
Rule definition example:
{
"name": "GLOBAL_JDBC_PASSWORDS",
"rule_id": "Property",
"properties": [".*password"],
"include_files": ["*.xml"],
"action" : "REPLACE",
"replace_value": "Hidden"
}Input data:
ssl-server.xml
<configuration>
<property>
<name>ssl.server.keystore.keypassword</name>
<value>big123!*</value>
</property>ssl-client.xml
<configuration>
<property>
<name>ssl.client.keystore.password</name>
<value>NBg7j*4$aTh</value>
</property>Output data:
Anonymized ssl-server.xml
<configuration>
<property>
<name>ssl.server.keystore.keypassword</name>
<value>Hidden</value>
</property>Anonymized ssl-client.xml
<configuration>
<property>
<name>ssl.client.keystore.password</name>
<value>Hidden</value>
</property>