Skip to content

Feat/theodw 2355 embed anonymisation raw to std dev#2442

Merged
stef-solirius merged 52 commits intomainfrom
feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV
Apr 8, 2026
Merged

Feat/theodw 2355 embed anonymisation raw to std dev#2442
stef-solirius merged 52 commits intomainfrom
feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV

Conversation

@stef-solirius
Copy link
Copy Markdown
Collaborator

@stef-solirius stef-solirius commented Apr 2, 2026
edited
Loading

https://pins-ds.atlassian.net/browse/THEODW-2355

Key Changes

1. Anonymisation Integration in Standardisation Processes

  • Service Bus Standardisation (service_bus_standardisation_process.py):

    • Added environment detection via Util.is_non_production_environment()
    • Integrated AnonymisationEngine to automatically anonymise sensitive fields based on Purview classifications
    • Applied only in DEV/TEST environments to protect sensitive data during development

  • Horizon Standardisation (horizon_standardisation_process.py):

    • Added same anonymisation logic for Horizon entities
    • Fixed entity name filtering to process only specified files (prevents "No definition found" errors)
    • Entity-specific seed column configuration support

2. Enhanced Anonymisation Engine (odw/core/anonymisation/)

  • Deterministic Anonymisation:

    • NI Numbers now generated deterministically using seed columns (previously random)
    • All masking strategies use consistent seed-based hashing for reproducible results

  • Improved Credential Resolution:

    • Added support for Synapse linked service (ls_kv) for secure credential retrieval
    • Enhanced fallback mechanism: env vars → Key Vault via linked service → direct vault access → DefaultAzureCredential
    • Workspace identity token support via mssparkutils.credentials.getToken()

  • Configuration Enhancements (config.py):

    • Added seed_column for default anonymisation seed
    • Added entity_seed_columns for per-entity seed column overrides
    • Policy-driven anonymisation via YAML configuration

  • Strategy Improvements (base.py):

    • All strategies now use native Spark column expressions (removed Python UDFs for better performance)
    • Email masking preserves domain while masking local part
    • Name masking keeps first and last characters intelligently
    • Birthdate shifts dates deterministically within ±14 days

  • Asset FQN Fixes:

    • Corrected Service Bus timestamp format in asset qualified names
    • Fixed Horizon file path construction

3. Bug Fixes

  • JSON Syntax: Fixed trailing comma in py_etl_orchestrator.json
  • Environment Detection: Fixed Spark config key for environment detection
  • File Filtering: Added entity name filtering in HorizonStandardisationProcess.load_data() to prevent loading unwanted files

4. Testing

  • Added comprehensive unit tests for anonymisation strategies
  • Added integration tests for standardisation processes with anonymisation
  • Tests cover both Service Bus and Horizon entities

5. Documentation

  • Updated anonymisation README with:
    • Seed column configuration details
    • Deterministic transformation behavior
    • Configuration examples
    • Per-entity seed column override documentation

Environment Scope

  • Limited to DEV/TEST environments only - anonymisation is skipped in production
  • Environment detection via Spark configuration: spark.executorEnv.environment
  • Configurable via anonymisation policy YAML file in odw-config/anonymisation/policy.yaml

@stef-solirius
Added anonymisation package to Standardisation processes, included un…
8f5548e 
…it tests and integration tests
@stef-solirius
Temporary enabled for Dev only
1c0a093
@stef-solirius
Adding notebook: package_test
5cdebb6
@stef-solirius
Updating notebook: package_test
2901893
@stef-solirius
Updating notebook: package_test
cebac98
@stef-solirius
Updating notebook: py_etl_orchestrator
6fbd333
@stef-solirius
Updating notebook: package_test
483ecc1
@stef-solirius
Changes in the Strategies, fixing issue with DF
519d9d2
@stef-solirius
Updating notebook: package_test
6862575
@stef-solirius
Updating notebook: py_etl_orchestrator
615ac25
@stef-solirius
Fixed the env dectection bug
111383a
@stef-solirius
Merge branch 'feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV' of h…
1e4bc91 
…ttps://github.com/Planning-Inspectorate/odw-synapse-workspace into feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV
@stef-solirius
Updating notebook: package_test
9328cb7
@stef-solirius
Added a SparkSessions validation guard
ab406e4
@stef-solirius
Merge branch 'feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV' of h…
3e0ed59 
…ttps://github.com/Planning-Inspectorate/odw-synapse-workspace into feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV
@stef-solirius
Updating notebook: package_test
7d4bef4
@stef-solirius
Updating notebook: package_test
6ef01f2
@stef-solirius
Moved to getSecretWithLS path to retrieve valid credentials
cd3c0e8
@stef-solirius
Merge branch 'feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV' of h…
d773414 
…ttps://github.com/Planning-Inspectorate/odw-synapse-workspace into feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV
@stef-solirius
Updating notebook: package_test
95482b8
@stef-solirius
Fixed path
0be3a9b
@stef-solirius
Fixed path take 2
d7e3a34
@stef-solirius
Updating notebook: package_test
67d0763
@stef-solirius
FIxed the FQN names for SB
532771b
@stef-solirius
Fixed JSON Syntax error
3901237
@stef-solirius
Updating notebook: package_test
9d2d216
@stef-solirius
Fixed FQN name syntax
0281cae
@stef-solirius
Merge branch 'feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV' of h…
54427d7 
…ttps://github.com/Planning-Inspectorate/odw-synapse-workspace into feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV
@stef-solirius
Updating notebook: py_etl_orchestrator
588e96c
@stef-solirius
Changed HorizonStandardisationProcess
86f4089
stef-solirius and others added 12 commits April 2, 2026 13:31
@stef-solirius
Added classification
7a2ac5d
@stef-solirius
Merge branch 'feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV' of h…
f34dbd5 
…ttps://github.com/Planning-Inspectorate/odw-synapse-workspace into feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV
@stef-solirius
Updated the ReadME.md
eb8799e
@stef-solirius
Adding sqlscript: SQL script 1
479ce1f
@stef-solirius
Undo the SQL script
9adf4d8
@stef-solirius
Limited to apply for DEV environemnt for now
0bf5530
@stef-solirius
Updating notebook: py_etl_orchestrator
cfbd580
@stef-solirius
Deleting notebook: package_test
1b562cd
@Fred83200 @stef-solirius
Commiting cherry pick
58251b9
@Fred83200 @stef-solirius
Adding tests to prove save_pipeline_logs is bugged
e252069
@Fred83200 @stef-solirius
test save_pipeline_logs updated
313d3fc
@stef-solirius
Merge branch 'feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV' of h…
beed08a 
…ttps://github.com/Planning-Inspectorate/odw-synapse-workspace into feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV
stef-solirius and others added 8 commits April 2, 2026 15:19
@stef-solirius
Merge branch 'main' into feat/THEODW-2355-Embed-anonymisation-raw-to-…
4ea1f53 
…std-DEV
@stef-solirius
Fix linting errors: remove unused imports
e9358ef
@stef-solirius
Apply ruff formatting to fix code style issues
4c5af90
@stef-solirius
Fix test expectations for LoggingUtil.save_pipeline_logs after bug fix
325797c 
Update test cases to expect correct single-argument log_info calls after
fixing the bug where log_info was called with two arguments. The logging_util.py
fix was already committed, but the tests were not updated to match.

Changes:
- Renamed tests to reflect corrected behavior instead of buggy behavior
- Updated assertions to expect log_info called with formatted strings
- Tests now verify graceful exception handling instead of expecting TypeError
@stef-solirius
Remove unused pytest import to fix linting error
dc7c07d 
The pytest import was no longer needed after refactoring tests to not use pytest.raises.
All tests still pass and ruff linting is now clean.
@stef-solirius
Delete docs/anonymisation/QUICKSTART.md
18c4fc9
@stef-solirius
Migrate codebase to pydantic 1.10 for Synapse compatibility
acb107b 
- Downgrade pydantic from ^2.12.5 to 1.10.0 in pyproject.toml
- Replace model_dump(mode='json') with json() in py_etl_orchestrator
- Replace model_dump_json() with json() in test_etl_process.py
- Verified all ETL process tests pass with pydantic 1.10
@stef-solirius
Merge branch 'main' into feat/THEODW-2355-Embed-anonymisation-raw-to-…
1c8bd5b 
…std-DEV
@stef-solirius stef-solirius merged commit a90eb64 into main Apr 8, 2026
9 checks passed
@stef-solirius stef-solirius deleted the feat/THEODW-2355-Embed-anonymisation-raw-to-std-DEV branch April 8, 2026 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fred83200 Fred83200 Fred83200 approved these changes

@HarrisonBoyleThomas HarrisonBoyleThomas Awaiting requested review from HarrisonBoyleThomas HarrisonBoyleThomas is a code owner

@KranthiRayipudi KranthiRayipudi Awaiting requested review from KranthiRayipudi KranthiRayipudi is a code owner

@harriet-stuart-wd harriet-stuart-wd Awaiting requested review from harriet-stuart-wd harriet-stuart-wd is a code owner

@prathapA100 prathapA100 Awaiting requested review from prathapA100 prathapA100 is a code owner

@raamvar raamvar Awaiting requested review from raamvar raamvar is a code owner

@KalyaniNik KalyaniNik Awaiting requested review from KalyaniNik KalyaniNik is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stef-solirius @Fred83200