add MASKING POLICY

2025-12-17 16:41:26 +00:00 · 2025-11-20 10:37:36 -08:00
parent 0384c28f0d
commit a776e6d596
4 changed files with 29 additions and 2 deletions
--- a/README.md
+++ b/README.md
@@ -91,7 +91,7 @@ Inside this directory create a directory structure like:
 Where 
 - **database_name_*:** is the database name of your project, 
 - **schema_name_*:** are schemas inside the database, 
- **object_type:** is type of the object only 1 of the following (VIEWS, FUNCTIONS, PROCEDURES, FILE_FORMATS, TABLES, SEQUENCES, STAGES, STREAMS, TASKS, STREAMLITS, PIPES, ALERTS, DYNAMIC_TABLES),
+- **object_type:** is type of the object only 1 of the following (VIEWS, FUNCTIONS, PROCEDURES, FILE_FORMATS, TABLES, SEQUENCES, STAGES, STREAMS, TASKS, STREAMLITS, PIPES, ALERTS, DYNAMIC_TABLES, MASKING_POLICIES),
 - **object_name_*.sql:** are individual database object scripts.
 - **config.yml:** is a configuration file used to configure DLSync behavior.
 - **parameter-[profile-*].properties:** is parameter to value map file. This is going to be used by corresponding individual instances of your database.
--- a/example_scripts/main/example_db/MAIN_SCHEMA/MASKING_POLICIES/EMAIL_MASK.SQL
+++ b/example_scripts/main/example_db/MAIN_SCHEMA/MASKING_POLICIES/EMAIL_MASK.SQL
@@ -0,0 +1,7 @@
+CREATE OR REPLACE MASKING POLICY ${EXAMPLE_DB}.${MAIN_SCHEMA}.EMAIL_MASK AS (val STRING) 
+RETURNS STRING ->
+    CASE
+        WHEN CURRENT_ROLE() IN ('ADMIN', 'ANALYST') THEN val
+        ELSE '***MASKED***'
+    END;
+
--- a/src/main/java/com/snowflake/dlsync/models/ScriptObjectType.java
+++ b/src/main/java/com/snowflake/dlsync/models/ScriptObjectType.java
@@ -1,7 +1,7 @@
 package com.snowflake.dlsync.models;

 public enum ScriptObjectType {
-    VIEWS("VIEW"),FUNCTIONS("FUNCTION"),PROCEDURES("PROCEDURE"),FILE_FORMATS("FILE FORMAT"),TABLES("TABLE"),STREAMS("STREAM"),SEQUENCES("SEQUENCE"),STAGES("STAGE"),TASKS("TASK"),STREAMLITS("STREAMLIT"),PIPES("PIPE"),ALERTS("ALERT"),DYNAMIC_TABLES("DYNAMIC TABLE");
+    VIEWS("VIEW"),FUNCTIONS("FUNCTION"),PROCEDURES("PROCEDURE"),FILE_FORMATS("FILE FORMAT"),TABLES("TABLE"),STREAMS("STREAM"),SEQUENCES("SEQUENCE"),STAGES("STAGE"),TASKS("TASK"),STREAMLITS("STREAMLIT"),PIPES("PIPE"),ALERTS("ALERT"),DYNAMIC_TABLES("DYNAMIC TABLE"),MASKING_POLICIES("MASKING POLICY");

    private final String singular;
    private ScriptObjectType(String type) {
--- a/src/test/java/com/snowflake/dlsync/parser/SqlTokenizerTest.java
+++ b/src/test/java/com/snowflake/dlsync/parser/SqlTokenizerTest.java
@@ -586,6 +586,26 @@ class SqlTokenizerTest {
        assertEquals(content, script.getContent(), "Script content should match the input content");
    }

+    @Test
+    void parseScriptTypeMaskingPolicy() {
+        String filePath = "db_scripts/db1/schema1/MASKING_POLICIES/EMAIL_MASK.SQL";
+        String name = "EMAIL_MASK.SQL";
+        String scriptType = "MASKING_POLICIES";
+        String content = "CREATE OR REPLACE MASKING POLICY db1.schema1.EMAIL_MASK AS (val STRING) RETURNS STRING -> CASE WHEN CURRENT_ROLE() IN ('ADMIN') THEN val ELSE '***MASKED***' END;";
+
+        Set<Script> scripts = SqlTokenizer.parseScript(filePath, name, scriptType, content);
+
+        assertNotNull(scripts, "Scripts should not be null");
+        assertEquals(1, scripts.size(), "There should be exactly one script parsed");
+
+        Script script = scripts.iterator().next();
+        assertEquals("EMAIL_MASK", script.getObjectName(), "Object name should be EMAIL_MASK");
+        assertEquals("db1".toUpperCase(), script.getDatabaseName(), "Database name should be db1");
+        assertEquals("schema1".toUpperCase(), script.getSchemaName(), "Schema name should be schema1");
+        assertEquals(ScriptObjectType.MASKING_POLICIES, script.getObjectType(), "Object type should be MASKING_POLICIES");
+        assertEquals(content, script.getContent(), "Script content should match the input content");
+    }
+
    @Test
    void parseScriptUnsupportedObjectType() {
        String filePath = "db_scripts/db1/schema1/UNKNOWN/OBJECT1.SQL";