Execute job
Compliance Engines limit any syncing operations while a profiling or masking job is running. When using DCT job move, execute, or migrate operations, please ensure that the target Compliance Engine is in an idle state. Future Compliance enhancements to DCT will remove this limitation.
The Execute endpoint creates a duplicate of a job while maintaining a single reference for both job instances. This operation supports Horizontal Scale workflows, as DCT will maintain a singular reference for all instances of a job across any number of connected Compliance engines.
As part of this endpoint, DCT will maintain all of these job instances in sync, so they can all be controlled from a single configuration point (it's recommended to dedicate a select engine or set of engines to the creation and updating of masking jobs and dependencies) and any changes are automatically propagated to the other job instances at the time of the next job execute operation. This enables users to identify a masking job on a configuration engine, copy it over to a dedicated compute engine (or set of engines), and run that job at a regular cadence through DCT. Whenever the job needs to be updated, the user simply updates the job on the configuration engine.
Since all jobs connected via the job execute operation are under a single reference, every time a job is run, its run statistics will report back to DCT and will be recorded under that singular job reference.
Executing a MaskingJob requires only a reference to a target engine as input. DCT will take care of syncing the job to the target engine and executing it. DCT will create and manage the environment where the job is copied onto.
Example of executing a MaskingJob on engine with ID 2:
curl -X 'POST' \
'https://<APPLIANCE_ADDRESS>/v3/masking-jobs/d53812ce-9186-485d-a388-44bc52087ead/execute' \
-H 'accept: application/json' \
-H 'Authorization: <API_KEY>' \
-H 'Content-Type: application/json' \
-d '{
"engine_id": "2"
}'
This will return a DCT job that can be further polled for status updates. The job will only transition to the COMPLETED state when the entirety of the sync and execution has completed on the target engine.
When a MaskingJob is executed via DCT and the job is synced to the target engine, the default Connector is used for execution. Masking job sync never copies credentials, for security reasons. Since having credentials set on the target connector is required for execution, DCT enables this by allowing users to store connector credentials within DCT itself. A DCT MaskingJob now contains properties for the connector credentials. The expectation is that users will pre-store the credentials by using the UPDATE API on the MaskingJob. MaskingJob execution has a hard requirement that credentials be saved within a MaskingJob prior to allowing execution.
Example of updating a MaskingJob with connector credentials:
curl -X 'PATCH' \
'https://<APPLIANCE_ADDRESS>/v3/masking-jobs/d53812ce-9186-485d-a388-44bc52087ead' \
-H 'accept: application/json' \
-H 'Authorization: <API_KEY>' \
-H 'Content-Type: application/json' \
-d '{
"connector_username": "user123",
"connector_password": "password123"
}'
Once a MaskingJob execution has been initiated, the EXECUTION APIs can be used to view and cancel running executions as well as search through execution history. Note that canceling an execution is a best-effort action that does not interrupt any of the job sync that may occur prior to the execution.
Example of searching for executions of a particular MaskingJob:
'https://<APPLIANCE_ADDRESS>/v3/executions/search' \
-H 'accept: application/json' \
-H 'Authorization: <API_KEY>' \
-H 'Content-Type: application/json' \
-d '{
"filter_expression": "masking_job_id eq '\''d53812ce-9186-485d-a388-44bc52087ead'\''"
}'
Example of canceling an execution if and only if it is in the RUNNING state (denoted by the expected_status query parameter):
curl -X 'POST' \
'https://<APPLIANCE_ADDRESS>/v3/executions/11397caa-6006-4eba-b575-ae3ad00c3762/cancel' \
-H 'accept: */*' \
-H 'Authorization: <API_KEY>' \
-H 'Content-Type: application/json' \
-d '{
"expected_status": "QUEUED"
}'
User interface
Execute a compliance job with the Execute action, available in the action menu on the top right corner of the job details page. This will open a window that lists Compliance engines with which a job needs to be executed. Once selected, click the "Execute" button to start the job on the selected engine. The screenshot below shows a selected engine.