Added a masking functionality to clone configurations

Author: HHMagnus

core/build.gradle

@@ -3,7 +3,8 @@ plugins {
 }
 
 dependencies {
-    api 'org.postgresql:postgresql:42.7.9'
+    implementation 'org.postgresql:postgresql:42.7.9'
+    implementation 'org.apache.commons:commons-csv:1.14.1'
 
     testImplementation 'org.testcontainers:postgresql:1.21.4'
     testImplementation 'org.testcontainers:junit-jupiter:1.21.4'

core/src/main/java/dev/mhh/cloner/api/CloneConfiguration.java

@@ -5,14 +5,16 @@
 import dev.mhh.cloner.impl.builder.CloneConfigurationBuilderImpl;
 
 import java.io.Serializable;
-import java.util.List;
+import java.util.Map;
+import java.util.Optional;
 import java.util.function.Function;
 
 public record CloneConfiguration<T extends Serializable>(
         TableConfig<T> rootTable,
         String idColumnName,
         String schema,
-        Function<T, String> idToDatabaseStringFunction
+        Function<T, String> idToDatabaseStringFunction,
+        Map<String, TableMasker> tableMaskers
 ) implements Serializable {
     public static <T extends Serializable> CloneConfigurationBuilder<T> builder(
             final String tableName,
@@ -21,4 +23,8 @@ public static <T extends Serializable> CloneConfigurationBuilder<T> builder(
     ) {
         return new CloneConfigurationBuilderImpl<>(tableName, columnName, columnClass);
     }
+
+    public Optional<TableMasker> tableMasker(final String tableName) {
+        return Optional.ofNullable(tableMaskers.get(tableName));
+    }
 }

core/src/main/java/dev/mhh/cloner/api/CloneError.java

@@ -15,7 +15,20 @@ public enum CloneError {
     PG_CONNECTION_UNWRAP_FAILED("Failed to unwrap the PGConnection. Did you pass a PGConnection?"),
     COPY_API_FAILED("Failed to get the copy API from the PGConnection"),
     ZIP_ENTRY_CREATION_FAILED("Failed to create a ZIP entry"),
-    COPY_OUT_FAILED("Failed to copy data out from the database"),
+    COPY_OUT_DIRECT_FAILED("Failed to copy data out from the database without masking"),
+    COPY_OUT_MASKED_FAILED("Failed to copy data out from the database with masking"),
+    COPY_OUT_READ_HEADER_FAILED("Failed to read the header row from the COPY output"),
+    COPY_OUT_HEADER_EMPTY("The header row from the COPY output was empty"),
+    COPY_OUT_WRITE_HEADER_FAILED("Failed to write the header row to the ZIP output"),
+    COPY_OUT_HEADER_PARSER_FAILED("Failed to parse the header row from the COPY output"),
+    COPY_OUT_HEADER_PARSER_CLOSE_FAILED("Failed to close the header parser after parsing the COPY output"),
+    COPY_OUT_READ_ROW_FAILED("Failed to read a row from the COPY output"),
+    COPY_OUT_ROW_PARSER_FAILED("Failed to parse a row from the COPY output"),
+    COPY_OUT_ROW_PARSER_CLOSE_FAILED("Failed to close the row parser after parsing a COPY output row"),
+    COPY_OUT_PRINTER_CREATION_FAILED("Failed to create a printer for the COPY output"),
+    COPY_OUT_PRINT_ROW_FAILED("Failed to print a masked row to a String"),
+    COPY_OUT_PRINTER_CLOSE_FAILED("Failed to close the printer after printing a masked row"),
+    COPY_OUT_WRITE_ROW_FAILED("Failed to write a row to the ZIP output"),
     ZIP_ENTRY_CLOSE_FAILED("Failed to close a ZIP entry"),
     ZIP_FINISH_FAILED("Failed to finish the ZIP output stream"),
     ZIP_ENTRY_NEXT_FAILED("Failed to get the next ZIP entry"),

core/src/main/java/dev/mhh/cloner/api/TableMasker.java

@@ -0,0 +1,17 @@
+package dev.mhh.cloner.api;
+
+import java.util.List;
+
+public interface TableMasker {
+    record Row(List<String> headers, List<String> values) {
+        public boolean mask(final String header, final String value) {
+            final var index = headers.indexOf(header);
+            if (index == -1) {
+                return false;
+            }
+            values.set(index, value);
+            return true;
+        }
+    }
+    Row mask(Row row);
+}

core/src/main/java/dev/mhh/cloner/api/builder/CloneConfigurationBuilder.java

@@ -1,6 +1,7 @@
 package dev.mhh.cloner.api.builder;
 
 import dev.mhh.cloner.api.CloneConfiguration;
+import dev.mhh.cloner.api.TableMasker;
 
 import java.io.Serializable;
 import java.util.List;
@@ -39,27 +40,35 @@ public interface CloneConfigurationBuilder<T extends Serializable> extends Clone
      */
     CloneConfigurationBuilder<T> idsToDatabaseStringFunction(final Function<T, String> idsToDatabaseStringFunction);
 
+    /**
+     * Defines a masker used to mask sensitive data in the clone.
+     * @param tableName the table name to apply the masker to
+     * @param tableMasker the masker to use
+     * @return this builder for fluent chaining
+     */
+    CloneConfigurationBuilder<T> masker(String tableName, TableMasker tableMasker);
+
     @Override
     CloneConfigurationBuilder<T> joinByJoinTableForeignKey(String tableName, String foreignKey, Consumer<CloneConfigurationSubBuilder<T>> subTables);
 
     @Override
-    default CloneConfigurationBuilder<T> joinByJoinTableForeignKey(String tableName, String foreignKey) {
+    default CloneConfigurationBuilder<T> joinByJoinTableForeignKey(final String tableName, final String foreignKey) {
         return joinByJoinTableForeignKey(tableName, foreignKey, _ -> {});
     }
 
     @Override
     CloneConfigurationBuilder<T> joinByMainTableForeignKey(String tableName, String foreignKey, Consumer<CloneConfigurationSubBuilder<T>> subTables);
 
     @Override
-    default CloneConfigurationBuilder<T> joinByMainTableForeignKey(String tableName, String foreignKey) {
+    default CloneConfigurationBuilder<T> joinByMainTableForeignKey(final String tableName, final String foreignKey) {
         return joinByMainTableForeignKey(tableName, foreignKey, _ -> {});
     }
 
     @Override
     CloneConfigurationBuilder<T> joinByMatchingColumns(String tableName, String mainTableColumn, String joinedTableColumn, Consumer<CloneConfigurationSubBuilder<T>> subTables);
 
     @Override
-    default CloneConfigurationBuilder<T> joinByMatchingColumns(String tableName, String mainTableColumn, String joinedTableColumn) {
+    default CloneConfigurationBuilder<T> joinByMatchingColumns(final String tableName, final String mainTableColumn, final String joinedTableColumn) {
         return joinByMatchingColumns(tableName, mainTableColumn, joinedTableColumn, _ -> {});
     }
 

core/src/main/java/dev/mhh/cloner/impl/ClonerImpl.java

@@ -5,6 +5,7 @@
 import dev.mhh.cloner.api.CloneException;
 import dev.mhh.cloner.api.Cloner;
 import dev.mhh.cloner.api.verification.ConfigurationVerifier;
+import dev.mhh.cloner.impl.mask.CloneMasker;
 import dev.mhh.cloner.impl.select.CloneConfigurationTransformer;
 import dev.mhh.cloner.impl.select.DeletePreviousTransformer;
 import org.postgresql.PGConnection;
@@ -60,11 +61,8 @@ public void exportClone(
                     CloneError.ZIP_ENTRY_CREATION_FAILED
             );
 
-            final var copyOut = "copy (" + select.sqlSelect() + ") to stdout with csv header";
-            CloneException.wrapKnownExceptions(
-                    () -> copyManager.copyOut(copyOut, zos),
-                    CloneError.COPY_OUT_FAILED
-            );
+            final var copyOutSql = "copy (" + select.sqlSelect() + ") to stdout with csv header";
+            CloneMasker.copyOut(copyManager, zos, select.tableName(), copyOutSql, configuration);
 
             CloneException.wrapKnownExceptions(
                     zos::closeEntry,

core/src/main/java/dev/mhh/cloner/impl/builder/CloneConfigurationBuilderImpl.java

@@ -1,6 +1,7 @@
 package dev.mhh.cloner.impl.builder;
 
 import dev.mhh.cloner.api.CloneConfiguration;
+import dev.mhh.cloner.api.TableMasker;
 import dev.mhh.cloner.api.builder.CloneConfigurationBuilder;
 import dev.mhh.cloner.api.builder.CloneConfigurationSubBuilder;
 import dev.mhh.cloner.api.table.*;
@@ -21,6 +22,7 @@ public final class CloneConfigurationBuilderImpl<T extends Serializable>
     private String idColumnName = "id";
     private String schema = "public";
     private Function<T, String> idsToDatabaseStringFunction;
+    private final Map<String, TableMasker> tableMaskers = new TreeMap<>();
 
     public CloneConfigurationBuilderImpl(
             final String tableName,
@@ -51,10 +53,20 @@ public CloneConfigurationBuilder<T> schema(final String schema) {
     }
 
     @Override
-    public CloneConfigurationBuilder<T> idsToDatabaseStringFunction(Function<T, String> idsToDatabaseStringFunction) {
+    public CloneConfigurationBuilder<T> idsToDatabaseStringFunction(final Function<T, String> idsToDatabaseStringFunction) {
+        Objects.requireNonNull(idsToDatabaseStringFunction, "idsToDatabaseStringFunction must not be null");
         this.idsToDatabaseStringFunction = idsToDatabaseStringFunction;
         return this;
     }
+
+    @Override
+    public CloneConfigurationBuilder<T> masker(final String tableName, final TableMasker tableMasker) {
+        Objects.requireNonNull(tableName, "tableName must not be null");
+        Objects.requireNonNull(tableMasker, "tableMasker must not be null");
+        this.tableMaskers.put(tableName, tableMasker);
+        return this;
+    }
+
     @Override
     public CloneConfigurationBuilder<T> joinByJoinTableForeignKey(
             final String tableName,
@@ -123,6 +135,6 @@ public CloneConfiguration<T> build() {
                 joins
         );
         final var idToDatabaseString = idToDatabaseString();
-        return new CloneConfiguration<T>(rootTable, idColumnName, schema, idToDatabaseString);
+        return new CloneConfiguration<T>(rootTable, idColumnName, schema, idToDatabaseString, tableMaskers);
     }
 }

core/src/main/java/dev/mhh/cloner/impl/mask/CloneMasker.java

@@ -0,0 +1,112 @@
+package dev.mhh.cloner.impl.mask;
+
+import dev.mhh.cloner.api.CloneConfiguration;
+import dev.mhh.cloner.api.CloneError;
+import dev.mhh.cloner.api.CloneException;
+import dev.mhh.cloner.api.TableMasker;
+import org.apache.commons.csv.CSVFormat;
+import org.apache.commons.csv.CSVParser;
+import org.apache.commons.csv.CSVPrinter;
+import org.postgresql.copy.CopyManager;
+import org.postgresql.copy.CopyOut;
+
+import java.io.Serializable;
+import java.nio.charset.StandardCharsets;
+import java.util.zip.ZipOutputStream;
+
+public class CloneMasker {
+    public static <T extends Serializable> void copyOut(
+            final CopyManager copyManager,
+            final ZipOutputStream zos,
+            final String tableName,
+            final String copyOutSql,
+            final CloneConfiguration<T> cloneConfiguration
+    ) throws CloneException {
+        final var maskerOpt = cloneConfiguration.tableMasker(tableName);
+        if (maskerOpt.isEmpty()) {
+            CloneException.wrapKnownExceptions(
+                    () -> copyManager.copyOut(copyOutSql, zos),
+                    CloneError.COPY_OUT_DIRECT_FAILED
+            );
+            return;
+        }
+        final var masker = maskerOpt.get();
+
+        final var copyOut = CloneException.wrapKnownExceptions(
+                () -> copyManager.copyOut(copyOutSql),
+                CloneError.COPY_OUT_MASKED_FAILED
+        );
+
+        maskCopyOut(zos, copyOut, masker);
+    }
+
+    private static void maskCopyOut(
+            final ZipOutputStream zos,
+            final CopyOut copyOut,
+            final TableMasker masker
+    ) throws CloneException {
+        final var headerRow = CloneException.wrapKnownExceptions(
+                () -> copyOut.readFromCopy(),
+                CloneError.COPY_OUT_READ_HEADER_FAILED
+        );
+
+        if (headerRow == null) {
+            throw CloneError.COPY_OUT_HEADER_EMPTY.toException();
+        }
+
+        CloneException.wrapKnownExceptions(
+                () -> zos.write(headerRow),
+                CloneError.COPY_OUT_WRITE_HEADER_FAILED
+        );
+
+        final var headerLine = new String(headerRow, StandardCharsets.UTF_8);
+
+        final var headerParser = CloneException.wrapKnownExceptions(
+                () -> CSVParser.parse(headerLine, CSVFormat.POSTGRESQL_CSV),
+                CloneError.COPY_OUT_HEADER_PARSER_FAILED
+        );
+        final var headers = headerParser.getRecords().getFirst().toList();
+        CloneException.wrapKnownExceptions(
+                headerParser::close,
+                CloneError.COPY_OUT_HEADER_PARSER_CLOSE_FAILED
+        );
+
+        byte[] row;
+        while((row = CloneException.wrapKnownExceptions(
+                () -> copyOut.readFromCopy(),
+                CloneError.COPY_OUT_READ_ROW_FAILED
+        )) != null) {
+            final var line = new String(row, StandardCharsets.UTF_8);
+            final var parser = CloneException.wrapKnownExceptions(
+                    () -> CSVParser.parse(line, CSVFormat.POSTGRESQL_CSV),
+                    CloneError.COPY_OUT_ROW_PARSER_FAILED
+            );
+            final var values = parser.getRecords().getFirst().toList();
+            CloneException.wrapKnownExceptions(
+                    parser::close,
+                    CloneError.COPY_OUT_ROW_PARSER_CLOSE_FAILED
+            );
+
+            final var maskerRow = new TableMasker.Row(headers, values);
+            masker.mask(maskerRow);
+
+            final var stringBuilder = new StringBuilder();
+            final var printer = CloneException.wrapKnownExceptions(
+                    () -> new CSVPrinter(stringBuilder, CSVFormat.POSTGRESQL_CSV),
+                    CloneError.COPY_OUT_PRINTER_CREATION_FAILED
+            );
+            CloneException.wrapKnownExceptions(
+                    () -> printer.printRecord(maskerRow.values()),
+                    CloneError.COPY_OUT_PRINT_ROW_FAILED
+            );
+            CloneException.wrapKnownExceptions(
+                    () -> printer.close(),
+                    CloneError.COPY_OUT_PRINTER_CLOSE_FAILED
+            );
+            CloneException.wrapKnownExceptions(
+                    () -> zos.write(stringBuilder.toString().getBytes(StandardCharsets.UTF_8)),
+                    CloneError.COPY_OUT_WRITE_ROW_FAILED
+            );
+        }
+    }
+}

core/src/main/java/module-info.java

@@ -1,6 +1,7 @@
 module dev.mhh.cloner {
     requires java.sql;
     requires org.postgresql.jdbc;
+    requires org.apache.commons.csv;
     exports dev.mhh.cloner.api;
     exports dev.mhh.cloner.api.table;
     exports dev.mhh.cloner.api.verification;