Conditional Masking Policy does not need {{masked_column}} in its body

[Stchena]

Conditional Masking Policy does not need {{masked_column}} in its body

Description:

After introducing #62 and using the change for a while I discovered that the masking policies' bodies don't really need the specific column name.

You can quite literally name it whatever and as long as you pass a proper column name during `ALTER TABLE ALTER COLUMN

Example:

I create a masking policy called default_string_mp_pii for the column email. Its signature visible after executing DESCRIBE MASKING POLICY default_string_mp_pii is then seen as containing (EMAIL STRING, ...).

When I then create or replace the exact same masking policy on column vulnerable_last_name, the masking policy's entry is lost, instead being replaced by the new signature containing VULNERABLE_LAST_NAME STRING, ...).

This jinja part is absolutely not needed and I feel it should be removed - instead relying on a generic "variable"-style name which will be the same regardless of column the masking policy is being applied to.

Proposed Solution:

• Change {{masked_column}} to masked_column in masking policy DDL. This will prevent dbt from overwriting this parameter on each call.
• remove the use of conditionally_masked_column in create_masking_policy.sql. It is not needed.
• Remove the setting of conditionally_masked_column in get_masking_policy_list_for.... It is not needed.

Benefits:

• Cleaner Masking Policy Auditing .
• Easier DDL definition.

Challenges:

• Removing the parameter might break compatibility, but as far as I remember, I made it an optional parameter...

Additional Information:

When I find some time, I can fix it.