Upgrade
Currently there's no way to upgrade easily from a version to another.
The operation ALTER EXTENSION ... UPDATE ...
is not supported.
You need to drop and recreate the extension after every upgrade.
Upgrade to version 2.0 and further versions
With version 2, the entire core library was rewritten in Rust. This is a major change that brings new features, better performances and improved stability.
However the changes are mostly internal and for the most part the public interface of the extension does not change. A masking policy written with version 1.3 should work with version 2.0 !
!!! warning New RPM repository !
Version 2.0 is not available on the PGDG RPM repository.
If you installed PostgreSQL Anonymizer 1.x using the RPM package, you need
to install the Dalibo Labs repository with the following command:
`dnf install https://yum.dalibo.org/labs/dalibo-labs-4-1.noarch.rpm`
Upgrade to version 1.3 and further versions
Starting with version 1.3, the extension enforces a series of security checks and it will refuse some masking rules that were previously accepted.
Here's a few example of the changes you may need to make to your masking policy
Using custom masking functions
If you have developed custom masking functions, you now need to place them
inside a dedicated schema and declare that this schema is trusted
For example, let's say you have a function remove_phone
that delete phone
numbers from a JSONB
field
First create a schema:
CREATE SCHEMA IF NOT EXISTS my_masks;
Then a superuser must declare it as trusted:
SECURITY LABEL FOR anon ON SCHEMA my_masks IS 'TRUSTED';
Now you can write the function:
CREATE OR REPLACE FUNCTION my_masks.remove_phone(j JSONB)
RETURNS JSONB
AS $$
SELECT j - ARRAY['phone']
$$
LANGUAGE SQL ;
And finally use it in a masking rule:
SECURITY LABEL FOR anon ON COLUMN player.personal_details
IS 'MASKED WITH FUNCTION my_masks.remove_phone(personal_details)';
See the Write your own Masks ! section of the doc for more details...
Using pg_catalog
functions
With version 1.3 and later, the pg_catalog
schema is not longer trusted because
it contains system administration functions that should not be used
as masking functions.
However the extension provides bindings to some useful and safe commodity
functions from the pg_catalog
schema.
For instance, the following rule
SECURITY LABEL FOR anon ON COLUMN employee.phone
IS 'MASKED WITH FUNCTION md5(phone)'
SECURITY LABEL FOR anon ON COLUMN employee.phone
IS 'MASKED WITH FUNCTION anon.md5(phone)'
See the [Using pg_catalog
functions] section of the doc for more details...
Operators
The MASKED WITH FUNCTION
syntax is now more strict and in particular operators
are not allowed as a masking value.
For instance, until version 1.3
SECURITY LABEL FOR anon ON COLUMN player.name
IS 'MASKED WITH FUNCTION anon.fake_first_name() || anon.fake_last_name()';
Now operators must be replaced by an actual function. For instance, the ||
operator would be replaced by anon.concat
SECURITY LABEL FOR anon ON COLUMN player.name
IS 'MASKED WITH FUNCTION anon.concat(anon.fake_first_name(),anon.fake_last_name())';
Conditional masking rules
The MASKED WITH VALUE CASE WHEN ...
was never an intended feature but it
work by accident.
Until version 1.3, the syntax below was accepted:
SECURITY LABEL FOR anon ON COLUMN player.score
IS 'MASKED WITH VALUE CASE WHEN score IS NULL
THEN NULL
ELSE anon.random_int_between(0,100)
END';
The CASE
syntax is now rejected and can be replaced by the anon.ternary()
function:
SECURITY LABEL FOR anon ON COLUMN player.score
IS 'MASKED WITH FUNCTION anon.ternary(score IS NULL,
NULL,
anon.random_int_between(0,100)
)';
See the Conditional Masking section of the doc for more details...