I’m proposing a change to the way pbs_snapshot --obfuscate works:
- pbs_snapshot --obfuscate has many issues: it doesn’t obfuscate everything, there are bugs with obfuscating special attributes (like it only obfuscates the first entry in managers, acl attributes etc.), the obfuscated string has the same length as the original string, which could be decrypted back to the original, etc.
- pbs_snapshot uses a PTL utility called pbs_anonutils.py which contains code that is somewhat complicated to develop. It’s designed to have separate routines to obfuscate specific kinds of outputs (tabular, long format, resourcedef, accounting logs, etc.), and was not written for obfuscating snapshots as a whole.
- To use the existing architecture of pbs_anonutils to obfuscate new outputs like json would have required either writing specialized routines for those outputs, or re-writing existing routines to be more generic, which would have meant essentially re-writing pbs_anonutils.
Please review the document and provide feedback. Thanks!