Delphix Products

 View Only

Fixing an Invalid Masking Algorithm

By Lisa Bettcher posted 08-01-2023 02:53:11 PM

  

In the Delphix Continuous Compliance 13 release, we added indicators in the GUI and API to identify an invalid algorithm.

In rare cases, after engine sync import from a previous version or engine upgrade, a note may appear at the top of the algorithms list and an algorithm is highlighted in yellow or red. This indicates that an algorithm is invalid, either incompatible with the current engine version or misconfigured. The algorithm is unusable until the issue is corrected. Some cases can be fixed by editing the algorithm configuration, while others may require assistance from support.

This guide explains how to identify and fix the affected algorithm.

How to identify an invalid algorithm

Using the GUI

  1. Login to the Masking Engine.
  2. Navigate to Home > Settings > Algorithm.
  3. If there is a note above the list of algorithms and an algorithm is highlighted in yellow or red, then it is an invalid algorithm.

    Examples:


Using the API

  1. Login to the API.

  2. Call the GET /algorithms endpoint.
  3. Any results that have one of the following are invalid algorithms:
    1. "isConfigInvalid": true,
      Example a: here is the JSON API output for an algorithm with "isConfigInvalid": true:
          {
            "algorithmName": "A_SL",
            "legacyName": "A_SL",
            "algorithmType": "COMPONENT",
            "createdBy": "admin",
            "maskType": "STRING",
            "isTokenizationSupported": false,
            "frameworkId": 17,
            "pluginId": 7,
            "algorithmExtension": {
              "hashMethod": "SHA256"
            },
            "isConfigInvalid": true
          }

    2. Or, "algorithmType" is not "COMPONENT"
      Example b: here is the JSON API output for an algorithm with an "algorithmType" is not "COMPONENT":
          {
            "algorithmName": "AB_SM",
            "legacyName": "AB_SM",
            "algorithmType": "SEGMENT",
            "createdBy": "deleted-user",
            "description": "",
            "isTokenizationSupported": true,
            "algorithmExtension": {
            ...

How to fix

Using the GUI

Yellow highlight: Invalid configuration, edit to correct

If an algorithm is highlighted in yellow, the algorithm configuration JSON can be corrected. In the GUI, this is done in the Edit Extended Algorithm modal. After an algorithm has been fixed, future edits will use the correct Framework modal.

  1. Click the pencil icon to edit the algorithm.


  2. In the Edit Extended Algorithm modal, scroll down to the bottom and click Validate Configuration. An error banner will explain why the algorithm is invalid.

    • Note: If the error is a missing file, you can upload a file by clicking the gear icon. Choose Upload File in the Select Utility dropdown, select a file, and click Upload. The returned value is the file URI.


  3. Make the changes in Configuration JSON and click Validate Configuration again. If algorithm validation is successful, click Save. For more information:
    • Click the ? Details link at the top to see the configuration JSON fields and descriptions, shown in the "properties" field of the Configuration Schema.
    • Select the framework from API calls for managing algorithms for more information about each field. Configuration JSON is the "algorithmExtension" part of the example JSON.


Red highlight: Unusable algorithm, replace with a new algorithm

If an algorithm is highlighted in red, it was not successfully migrated to the new framework. The algorithm cannot be fixed by editing.

If any algorithm highlighted in red has System in the Provider column, contact support for assistance.

Otherwise, you can re-create the algorithm by clicking Add Algorithm, then delete the old algorithm. See documentation for algorithm frameworks for creating a new algorithm. Additional considerations:

  • The old algorithm’s configuration cannot be viewed in the GUI. If you want to refer to it while re-creating it in the current framework, you will have to use the API to get the original configuration.
  • If the old algorithm is assigned in an inventory, replace it with the new algorithm before deleting. You can also use the API to automatically replace all usages of the old algorithm with the new algorithm.

Using the API

Call the GET /algorithms endpoint.

"isConfigInvalid": true

  1. If an algorithm has "isConfigInvalid": true, the algorithm configuration JSON can be corrected using the PUT /algorithms endpoint. For each algorithm that has "isConfigInvalid": true:
    1. Copy the algorithm's JSON
    2. Paste it into the body of the PUT /algorithms endpoint and enter the algorithmName in the algorithmName box. Execute the request.
    3. The response error message will explain why the algorithm is invalid.
    4. Make the changes in body JSON and execute again. Check that the response code is 200.
  2. Call the GET /algorithms endpoint again. The corrected algorithms should now have "isConfigInvalid": false.

"algorithmType" is not "COMPONENT"

  1. If any algorithm has an "algorithmType" that is not "COMPONENT" and it does not have a "createdBy" field, contact support for assistance.
  2. For each algorithm that has an "algorithmType" that is not "COMPONENT" and it has a "createdBy" field:
    1. Re-create the algorithm using the POST /algorithms endpoint. Refer to specific framework in API calls for managing algorithms.
    2. Replace uses of the old algorithm with the newly created algorithm using the PUT algorithm/{algorithmName}/usage endpoint. See Updating algorithm usage.
    3. Call the DELETE /algorithms/{algorithmName} endpoint to delete the old algorithm.
  3. Call the GET /algorithms endpoint again. All algorithms should now have "algorithmType": "COMPONENT".


#ContinuousComplianceEngine
#invalid_algorithm

0 comments
21 views

Permalink

Related Content