Database sanitation tool
database-sanitizer
is a tool which retrieves an database dump from
relational database and performs sanitation on the retrieved data
according to rules defined in a configuration file. Currently the
sanitation tool supports both PostgreSQL and MySQL databases.
Installation
database-sanitizer
can be installed from PyPI with pip like this:
$ pip install database-sanitizer
If you are using MySQL, you need to install the package like this
instead, so that additional requirements are included:
$ pip install database-sanitizer[MySQL]
Usage
Once the package has been installed, database-sanitizer
can be used
like this:
$ database-sanitizer <DATABASE-URL>
Command line argument DATABASE-URL
needs to be provided so the tool
knows how to retrieve the dump from the database. With PostgreSQL, it
would be something like this:
$ database-sanitizer postgres://user:password@host/database
However, unless an configuration file is provided, no sanitation will be
performed on the retrieved database dump, which leads us to the next
section which will be...
Configuration
Rules for the sanitation can be given in a configuration file written in
YAML. Path to the configuration file is then given to the command line
utility with --config
argument (-c
for shorthand) like this:
$ database-sanitizer -c config.yml postgres://user:password@host/database
The configuration file uses following kind of syntax:
config:
addons:
- some.other.package
- yet.another.package
extra_parameters:
mysqldump:
- "--single-transaction"
pg_dump:
- "--exclude-table=something"
strategy:
user:
first_name: name.first_name
last_name: name.last_name
secret_key: string.empty
access_log: skip_rows
In the example configuration above, there are first listed two "addon
packages", which are names of Python packages where the sanitizer will
be looking for sanitizer functions. They are completely optional and can
be omitted, in which case only sanitizer functions defined in package
called sanitizers
and built-in sanitizers will be used instead.
It's also possible to define extra parameters to pass to the dump tool (
mysqldump
or pg_dump
). By default, mysqldump
will include the
--single-transaction
extra parameter. You can disable this by defining the
extra parameters in the config file explicitly, e.g. with an empty array []
.
The strategy
portion of the configuration contains the actual
sanitation rules. First you define name of the database table (in the
example that would be user
) followed by column names in that table
which each one mapped to sanitation function name. The name of the
sanitation function consists from two parts separated from each other by
a dot: Python module name and name of the actual function, which will
be prefixed with sanitize_
, so name.first_name
would be a function
called sanitize_first_name
in a file called name.py
.
Table content can be left out completely from the sanitized dump by
setting table strategy to skip_rows
(check access_log
table in the
example config). This will leave out all INSERT INTO
(MySQL) or COPY
(PostgreSQL) statements from the sanitized dump file. CREATE TABLE
statements will not be removed.