Skip to main content Skip to complementary content

tPatternMasking properties for Apache Spark Batch

These properties are used to configure tPatternMasking running in the Spark Batch Job framework.

The Spark Batch tPatternMasking component belongs to the Data Quality family.

The component in this framework is available in all Talend Platform products with Big Data and in Talend Data Fabric.

Basic settings

Schema and Edit Schema

A schema is a row description. It defines the number of fields (columns) to be processed and passed on to the next component. When you create a Spark Job, avoid the reserved word line when naming the fields.

Click Sync columns to retrieve the schema from the previous component connected in the Job.

Click Edit schema to make changes to the schema. If the current schema is of the Repository type, three options are available:

  • View schema: choose this option to view the schema only.

  • Change to built-in property: choose this option to change the schema to Built-in for local changes.

  • Update repository connection: choose this option to change the schema stored in the repository and decide whether to propagate the changes to all the Jobs upon completion.

    If you just want to propagate the changes to the current Job, you can select No upon completion and choose this schema metadata again in the Repository Content window.

The output schema of this component contains read-only columns:
  • TWEAK: Is generated when the Use tweaks with FF1 Encryption check box is selected. This column contains the tweak necessary to decrypt the data.
  • ORIGINAL_MARK: Identifies by true or false if the record is an original record or a substitute record respectively.

 

Built-In: You create and store the schema locally for this component only.

 

Repository: You have already created the schema and stored it in the Repository. You can reuse it in various projects and Job designs.

Modifications

Define in the table what fields to change and how to change them:

Column to mask: Select the column from the input flow for which you want to generate similar data by modifying its values.

You can mask data from different columns but you need to follow the order of the fields you want to mask.

Each column is processed sequentially, meaning that data masking operations will be performed on the data from the first column, the second column, and so on.

In a colum, each data field is a fixed length field, except the last data field.

For fixed length fields, each value must contain the same number of characters, for example: "30001,30002,30003" or "FR,EN".

In a column, the last Enumeration or Enumeration from file data field is a variable length field.

For variable length fields, each value might not always contain the same number of characters, for example: "30001,300023,30003" or "FR,ENG".

Field type: Select the field type the data belongs to.

  • Interval: When selected, set a range of numeric values used for masking purposes in the Range field, using the following syntax: "<min>,<max>".

    The number of masked characters from the input data corresponds to the number of characters of the maximum value.

    For example, "1,999" will be interpreted as "001,999", which means that three characters from the input data will be masked by a value randomly selected from the defined range of values.

  • Enumeration: When selected, enter a comma-separated list of values to be used for masking data in the Values field, using the following syntax: "value1,value2,value3".

    Each value must contain the same number of characters. For example: "30001,30002,30003" or "FR,EN".

  • Enumeration from file: When selected, set the path to the CSV file containing a list of values to be used for masking data in the Path field. The file must contain one value per row, each value must be unique and the values must have the same number of characters.
    You can select a file on:
    • The local system.
    • Amazon S3, in local Spark mode or connected to EMR, using tS3Configuration. S3N and S3A file systems are supported.
    • Azure Blob Storage, in local Spark mode or connected to Azure HDInsight or Databricks, using tAzureFSConfiguration.
    • Azure Data Lake Storage, in local Spark mode or connected to Azure HDInsight, using tAzureFSConfiguration.
    • Google Cloud Storage, in local Spark mode or connected to Dataproc, using tGSConfiguration.
    • HDFS, in local Spark mode or connected to Azure HDInsight, using tHDFSConfiguration.
    Set the file path as follows:
    • In local mode:
      • Apache Spark 3.1 and earlier: prefix://file path or file:///file path.
      • Apache Spark 3.2 and later: file:///file path.
    • In Standalone and Yarn modes: prefix://file path.
    • If the file is on a cluster, hdfs://hdpnameservice1/file path.
    • If the file is on Azure Blob Storage and you are connected to Azure HDInsight or Databricks, wasbs://<container_name>@<storage_account_name>.blob.core.windows.net/<folder>/<file_name>" .

    Paths to folders are not supported.

  • Date pattern (YYYYMMDD): When selected, set a range of years in the Date Range field, using the following syntax: "<min_year>,<max_year>".

    Years can only have four digits, for example: "1900,2100".

    The input dates to be masked must follow the YYYYMMDD pattern, for example: 20180101.

    For example, if the input date is 20180101 and the value in the Date Range is "1900,2100", 19221221 could be the output date.

In the Values, Path, Range and Date Range, values must be enclosed in double quotes.

When the input data is invalid, meaning that a value does not match the pattern defined in the component, the generated value is null.

Advanced settings

Method

The component uses Format-Preserving Encryption (FPE) methods to generate masked output values in the same format as the input values.

The FPE methods are bijective methods, except when using tweaks.

The Basic method is the default algorithm.

Information noteNote: As the masking methods are stronger, it is recommended to use the FF1 algorithms rather than the Basic method.

The FF1 with AES method is based on the Advanced Encryption Standard in CBC mode. The FF1 with SHA-2 method depends on the secure hash function HMAC-256.

You can use those methods only if the number of possible values the component can generate from the input pattern is greater than or equal to 1,000,000.

Information noteNote: Java 8u161 is the minimum required version to use the FF1 with AES method. To be able to use this FPE method with Java versions earlier than 8u161, download the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files from Oracle website.

The FF1 with AES and FF1 with SHA-2 methods require a password to be specified in the Password or 256-bit key for FF1 methods field of the Advanced settings to generate unique masked values.
FF1 settings

Password or 256-bit key for FF1 methods: Set the password or secret key required for the FF1 with AES and FF1 with SHA-2 methods to generate unique masked values. If the password is not set, a random password is created at each Job execution. When using the FF1 with AES and FF1 with SHA-2 methods and a password, the seed from the Seed for random generator field is not used.

You can get the 256-bit key using:
  • Online tools
  • OpenSSL: openssl rand -base64 32

Use tweaks with FF1 Encryption: Select this check box to use tweaks. A unique tweak is generated for each record and applies to all data of a record. If bijective masking is necessary, do not use this feature. For more information about tweaks, see the data masking functions.

Use a column containing the tweaks: Available when Use tweaks with FF1 Encryption check box is selected. Select this check box to use an input column as the input for tweaks which must be 32 digit hexadecimal strings.

Column containing the tweaks: Available when the Use a column containing the tweaks check box is selected. Select the column that contains the tweaks.

Key derivation function : Select the key derivation function. Jobs created from Talend Studio 8.0 R2022-04 run using PBKDF2 with 300,000 iterations.

When you import a Job prior to Talend Studio 8.0 R2022-04, you can run the Job using 300,000 iterations. The results will be different than using 65,536 iterations.

Seed for random generator

Set a random number if you want to generate the same sample of substitute data in each execution of the Job. The seed is not set by default.

If you do not set the seed, the component creates a new random seed for each Job execution. Repeating the execution with a different seed will result in a different sample being generated.
Encoding

Select the encoding from the list or select Custom and define it manually. If you select Custom and leave the field empty, the supported encodings depend on the JVM that you are using. This field is compulsory for the file encoding.

Output the original row

Select this check box to output original data rows in addition to the substitute data. Outputting both the original and substitute data can be useful in debug or test processes.

Null input returns null

This check box is selected by default. When selected, the component outputs null when input values are null.

When cleared, and when the input data is null, the input data are sent to the "Invalid" output flow.

From Talend Studio R2024-08 onwards, when Null input returns null is selected and the input data is null, the masking function is not applied, null is returned and the input data are sent to the main flow.

Empty input returns an empty output

When this check box is selected, empty values are left unchanged in the output data. Otherwise, the selected functions are applied to the input data.
Send invalid data to "Invalid" output flow
This check box is selected by default.
  • Selected: When the data can be masked, they are sent to the main flow. Otherwise, the data are sent to the "Invalid" output flow.
  • Cleared: The data are sent to the main flow.
Invalid data are any values that do not match the pattern.

Usage

Usage rule

This component is used as an intermediate step.

This component, along with the Spark Batch component Palette it belongs to, appears only when you are creating a Spark Batch Job.

Spark Connection

In the Spark Configuration tab in the Run view, define the connection to a given Spark cluster for the whole Job. In addition, since the Job expects its dependent jar files for execution, you must specify the directory in the file system to which these jar files are transferred so that Spark can access these files:
  • Yarn mode (Yarn client or Yarn cluster):

    • When using Google Dataproc, specify a bucket in the Google Storage staging bucket field in the Spark configuration tab.

    • When using HDInsight, specify the blob to be used for Job deployment in the Windows Azure Storage configuration area in the Spark configuration tab.

    • When using Altus, specify the S3 bucket or the Azure Data Lake Storage for Job deployment in the Spark configuration tab.

    • When using on-premises distributions, use the configuration component corresponding to the file system your cluster is using. Typically, this system is HDFS and so use tHDFSConfiguration.

  • Standalone mode: use the configuration component corresponding to the file system your cluster is using, such as tHDFSConfiguration Apache Spark Batch or tS3Configuration Apache Spark Batch.

    If you are using Databricks without any configuration component present in your Job, your business data is written directly in DBFS (Databricks Filesystem).

This connection is effective on a per-Job basis.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here