Added PiiBolt and PresidioRedacter implementation

[klockla]

This PR adds a bolt which allows removal of Personally Identifiable Information (PII).
The PiiBolt is to be used with a class implementing the PiiInterface and which will provide the actual implementation of PII.

This PR implements also the PresidioRedactor class which uses Microsoft Presidio
( https://microsoft.github.io/presidio/ ) as a PII back-end.
It can be configured for different PII entities (names, phones, location, etc...) and different languages according to how you deployed the back-end.

[rzo1]

Hi @klockla,

Thanks for the PR and for proposing an abstraction for PII removal during crawls. I’ve added a few comments.

I also have a couple of questions:

What was the reasoning behind choosing a bolt instead of a (parse) filter for the redaction step?

Since this is a larger contribution, we’ll likely need an ICLA
before we can accept it.

[rzo1]

Why package private?

[jnioche]

and why in core?

[klockla]

and why in core?

My idea was to have the abstraction layer in core and the specific implementation(s) in external. Please let me know where to move it

[klockla]

Why package private?

This is the default value of the metadata field that may contain the language. It can be configured through "pii.language.field" in the topology's configuration.

I see this as being at the same level as for instance queueMode in SimpleFetcherBolt or emitOutlinks in JSoupParserBolt
so why it shouldn't be private ?

[rzo1]

I was looking at OutputCollector _collector; :)

[klockla]

ok, will change it to protected

[jnioche]

@klockla it can stay in core actually, since it will be extended by classes in modules

[rzo1]

Unsure if we should default to a redacted html here, if the original content was empty. Why not just return (similar to pii is disabled). Any reason for this?

[rzo1]

Is this needed? Shouldn't we fallback or just default to something instead of raising a hard exception here; triggering a re-try in the topology?

[rzo1]

Should we make some of the properties configurable or re-use existing configuration, i.e. user-agent, timeouts or a like?

[klockla]

For user-agent I don't think it is needed, this is just used for the calls to the Presidio REST API
If you see any timeout property, I could reuse please let me know

[rzo1]

See https://github.com/apache/stormcrawler/blob/main/core/src/main/java/org/apache/stormcrawler/protocol/okhttp/HttpProtocol.java#L140

[rzo1]

In addition, see build output.

[klockla]

Hi @klockla,

Thanks for the PR and for proposing an abstraction for PII removal during crawls. I’ve added a few comments.

I also have a couple of questions:

What was the reasoning behind choosing a bolt instead of a (parse) filter for the redaction step?

Since this is a larger contribution, we’ll likely need an ICLA before we can accept it.

Hi @rzo1

I didn't really think about implementing it as a parse filter but as the process (text analysis by the NLP engine in Presidio) is quite consuming, I think it may be better to have this in a separate bolt to have better measures about tuple processing time/latency.

I will fix the points related to your other comments and will need to have a look at this ICLA thing.

[jnioche]

I didn't really think about implementing it as a parse filter but as the process (text analysis by the NLP engine in Presidio) is quite consuming, I think it may be better to have this in a separate bolt to have better measures about tuple processing time/latency.

I haven't looked at the details yet but I agree with @rzo1 that this feels like it should be a ParseFilter.

We log processing times in ParseFilters but could extend that to send proper metrics

[rzo1]

@jzonthemtn Could you take a look, particularly regarding how well the abstraction in "core" interoperates with other PII-redaction engines (such as Philter)?

[jnioche]

@jzonthemtn Could you take a look, particularly regarding how well the abstraction in "core" interoperates with other PII-redaction engines (such as Philter)?

https://github.com/philterd/philter

[rzo1]

I reached out to @jzonthemtn via ASF Slack with the essence:

I think it could work [...]

so there would be the possibility to integrate another implementation on the long run.

[rzo1]

I haven't looked at the details yet but I agree with @rzo1 that this feels like it should be a ParseFilter.

I thought a bit about it (over the last weekend) and I think implementing this as a separate bolt would be ok, as it allows the NLP processing to run as an independent step, enabling better isolation, scaling, and more precise measurement of tuple processing time without impacting the parsing bolt (at all). This also allows redaction to be treated as an isolated use case, separate from the core parsing logic. So I would be ok with a bolt in that case.