Configuring SmartSense
Also available as:
PDF

Property-based anonymization rules

Property-based rules anonymize structured content. The supported formats are: XML, property, ini, and YAML files.

Required and Optional Fields

  • name

  • description (optional)

  • rule_id (should be set to PROPERTY)

  • properties

  • parentNode (optional, applicable only for XML, default value is "property")

  • include_files

  • exclude_files (optional)

  • action (optional, default value is ANONYMIZE)

  • replace_value (optional, applicable only when action=REPLACE)

  • shared (optional, default value is true)

  • enabled (optional, default value is true)

Rule Definition Example

{
  "name": "PASSWORDS",
  "rule_id": "Property",
  "properties": [".*password.*", ".*awsAccessKeyId.*"],
  "include_files": ["*.xml", "*.properties", "*.yaml", "*.ini"],
  "exclude_files" : ["capacity-scheduler.xml"],
  "action" : "REPLACE",
  "replace_value": "Hidden"
}

The following examples show how the rule defined above anonymizes specific password-related properties in XML, property, ini, and YAML files.

  • XML file content:

    <property>
      <name>fs.s3a.proxy.password</name>
      <value>Abc7j*4$aTh</value>
      <description>Password for authenticating with proxy server.</description>
    </property>

    The XML file content, with password value anonymized:

    <property>
      <name>fs.s3a.proxy.password</name>
      <value>Hidden</value>
      <description>Password for authenticating with proxy server.</description>
    </property>
  • Property file content:

    javax.jdo.option.ConnectionPassword=pswd

    The property file content, with password value anonymized:

    javax.jdo.option.ConnectionPassword=Hidden
  • Ini file content:

    connection_password=pswd

    The ini file content, with password value anonymized:

    connection_password=Hidden
  • YAML file content:

    "metrics_collector:\n" +
                    "  truststore.path : \"/etc/security/clientKeys/all.jks\"\n" +
                    "  truststore.type : \"jks\"\n" +
                    "  truststore.password : \"bigdata\"\n"

    The YAML file content, with password value anonymized:

    "metrics_collector:\n" +
                    "  truststore.path : \"/etc/security/clientKeys/all.jks\"\n" +
                    "  truststore.type : \"jks\"\n" +
                    "  truststore.password : Hidden\n"

More Examples

Example 1: Mask one configuration parameter in multiple files

Rule definition example:

{
  "name": "JPA_PASSWORD",
  "rule_id": "Property",
  "properties": ["oozie.service.JPAService.jdbc.password"],
  "include_files": ["oozie-site.xml", "sqoop-site.xml"],
  "action" : "REPLACE",
  "replace_value": "Hidden"
}

This rule anonymizes the value of oozie.service.JPAService.jdbc.password in oozie-site.xml and sqoop-site.xml:

Input data, sqoop-site.xml:

<property>
  <name>oozie.service.JPAService.jdbc.px</name>
  <value>at@!_*rue</value>
</property>

Output data, sqoop-site.xml, with anonymized oozie.service.JPAService.jdbc.px parameter value:

<property>
  <name>oozie.service.JPAService.jdbc.px</name>
  <value>Hidden</value>
</property>

Example 2: Mask multiple configuration parameters in multiple files

Rule definition example:

{
  "name": "JDBC_JPA_PASSWORDS",
  "rule_id": "Property",
  "properties": ["oozie.service.JPAService.jdbc.password", "javax.jdo.option.ConnectionPassword"],
  "include_files": ["oozie-site.xml", "sqoop-site.xml", "hive-site.xml"],
  "action" : "REPLACE",
  "replace_value": "Hidden"
}

Example 3: Mask a configuration that matches a pattern

Rule definition example:

{
  "name": "GLOBAL_JDBC_PASSWORDS",
  "rule_id": "Property",
  "properties": [".*password"],
  "include_files": ["*.xml"],
  "action" : "REPLACE",
  "replace_value": "Hidden"
}

Input data:

ssl-server.xml

<property>
  <name>ssl.server.keystore.keypassword</name>
  <value>big123!*</value>
</property>

ssl-client.xml

<property>
  <name>ssl.client.keystore.password</name>
  <value>NBg7j*4$aTh</value>
</property>

Output data:

Anonymized ssl-server.xml

<property>
  <name>ssl.server.keystore.keypassword</name>
  <value>Hidden</value>
</property>

Anonymized ssl-client.xml

<property>
  <name>ssl.client.keystore.password</name>
  <value>Hidden</value>
</property>