db_obfuscation 0.0.1

data/lib/db_obfuscation/obfuscation_strategy.rb

@@ -0,0 +1,22 @@
+require 'db_obfuscation/database'
+
+module DbObfuscation
+  module ObfuscationStrategy
+    def self.strategy(column_name)
+      case column_name.to_sym
+      when /ssn/
+        :ssn_strategy
+      when /email/
+        :email_strategy
+      when :first_name
+        :first_name_strategy
+      when :last_name
+        :last_name_strategy
+      when :name
+        :name_strategy
+      else
+        :default_strategy
+      end
+    end
+  end
+end

data/lib/db_obfuscation/obfuscator.rb

@@ -0,0 +1,65 @@
+require 'ffaker'
+module DbObfuscation
+  module Obfuscator
+    extend self
+
+    def obfuscate(strategy_name)
+      case strategy_name
+      when :address_strategy
+        address
+      when :date_strategy
+        rand(31..240)
+      when :default_strategy
+        FFaker::Lorem.word
+      when :driving_license_strategy
+        FFaker::Identification.drivers_license
+      when :email_strategy
+        FFaker::Internet.safe_email
+      when :first_name_strategy
+        FFaker::Name.first_name
+      when :gender_strategy
+        'Unknown'
+      when :last_name_strategy
+        FFaker::Name.last_name
+      when :medicaid_id_strategy
+        FFaker.numerify('############')
+      when :name_strategy
+        FFaker::Name.name
+      when :nil_strategy
+        nil
+      when :paragraph_strategy
+        FFaker::Lorem.paragraph
+      when :phone_number_strategy
+        FFaker::PhoneNumber.phone_number
+      when :school_strategy
+        FFaker::Education.school
+      when :sentence_strategy
+        FFaker::Lorem.sentence
+      when :ssn_strategy
+        FFaker::SSN.ssn
+      when :suffix_strategy
+        FFaker::Name.suffix
+      when :unique_name_strategy
+        full_name
+      end
+    end
+
+    private
+    def address
+      <<-ADDRESS.gsub(/\s{2,}/,' ').strip
+        #{FFaker::Address.street_address}
+        #{FFaker::Address.city}
+        #{FFaker::AddressUS.state_abbr}
+        #{FFaker::AddressUS.zip_code}
+      ADDRESS
+    end
+
+    def full_name
+      <<-name.gsub(/\s{2,}/,' ').strip
+        #{FFaker::Name.first_name}
+        #{FFaker.letterify('??????????')}
+        #{FFaker::Name.last_name}
+      name
+    end
+  end
+end

data/lib/db_obfuscation/query_builder.rb

@@ -0,0 +1,62 @@
+module DbObfuscation
+  module QueryBuilder
+    class << self
+      def multi_update_sql(table, columns, date_columns=[])
+        <<-SQL.gsub(/\s{2,}/,' ').strip
+          UPDATE "#{table}"
+          #{case_sql(columns, date_columns)}
+          #{where_sql(columns)}
+        SQL
+      end
+
+      def where_sql(columns)
+        column_name = columns.first.keys.last
+        values = columns.map { |column| "'#{column.values.last}'" }.join(',')
+        %Q{WHERE "#{column_name}" IN (#{values})}
+      end
+
+      def case_sql(columns, date_columns)
+        column_names = columns.first.keys
+        constraint_name = column_names.last
+        column_names -= [constraint_name]
+        column_names.each_with_object('SET ') do |name, sql_query|
+          sql_query << %Q("#{name}" = CASE)
+          columns.each_with_object(sql_query) do |column, query|
+            type = (date_columns.include?(name) ? :date : :string)
+            query << when_sql(name, column, constraint_name, type)
+          end
+          sql_query << %Q( ELSE "#{name}" END, )
+        end.chomp(", ")
+      end
+
+      def update_sql(table, id, columns, date_columns=[])
+        "UPDATE #{table} #{column_sql(columns, date_columns)} WHERE id=#{id};"
+      end
+
+      def column_sql(columns, date_columns)
+        columns.each_with_object("SET ") do |column, query|
+          column_name, column_value = column.first, column.last
+          if date_columns.include?(column.first)
+            query << "#{column_name}=#{column_name} + INTERVAL '#{column_value} DAYS', "
+          else
+            query << "#{column_name}=#{column_value}, "
+          end
+        end.chomp(", ")
+      end
+
+      private
+      def when_sql(column, table_row, constraint, type)
+        when_clause = <<-SQL.gsub(/\s{2,}/,' ').chomp
+          WHEN "#{constraint}" = '#{table_row[constraint]}'
+          AND "#{column}" IS NOT NULL
+          SQL
+        if type == :date
+          when_clause << %Q( THEN "#{column}" + INTERVAL '#{table_row[column]} DAYS')
+        else
+          when_clause << %Q( AND "#{column}" != '' THEN #{table_row[column]})
+        end
+        when_clause
+      end
+    end
+  end
+end

data/lib/db_obfuscation/truncation.rb

@@ -0,0 +1,39 @@
+require 'db_obfuscation/database'
+require 'db_obfuscation/filtering/truncation'
+
+module DbObfuscation
+  class Truncation
+
+
+    def self.truncate
+      new.send(:truncate)
+    end
+
+    def self.tables
+      new.send(:tables)
+    end
+
+    private
+
+    def truncate
+      tables.each do |table|
+        begin
+          DbObfuscation.logging.info "Truncating #{table}"
+          DB[table].truncate
+        rescue => e
+          DbObfuscation.logging.error "#{table} encountered #{e.message}"
+          DbObfuscation.logging.error "#{e.backtrace}"
+        end
+
+      end
+    end
+
+    def tables
+      Filtering::Truncation.matches_patterns(DB.tables, patterns)
+    end
+
+    def patterns
+      Config.truncation_patterns
+    end
+  end
+end

data/lib/db_obfuscation/util/trigger.rb

@@ -0,0 +1,83 @@
+require 'db_obfuscation/database'
+
+module DbObfuscation
+  module Util
+    module Trigger
+      extend self
+      def tables
+        query = <<-sql
+            SELECT tables.relname as table_name
+            FROM pg_trigger triggers, pg_class tables
+            WHERE triggers.tgrelid = tables.oid
+            AND tables.relname !~ '^pg_'
+            AND triggers.tgname LIKE '#{prefix}%'
+        sql
+        DbObfuscation::DB[query].map(:table_name)
+      end
+
+      def drop(table)
+        table == :all ? drop_triggers : drop_trigger(table)
+      end
+
+      def disable(table)
+        table == :all ? disable_triggers : disable_trigger(table)
+      end
+
+      def enable(table)
+        table == :all ? enable_triggers : enable_trigger(table)
+      end
+
+      def exists?(table)
+        tables.include?(table.to_s)
+      end
+
+      private
+      def disable_triggers
+        tables.each do |table|
+          disable_trigger(table)
+        end
+      end
+
+      def disable_trigger(table)
+        DbObfuscation::DB.run <<-sql
+          ALTER TABLE #{table}
+          DISABLE TRIGGER #{name(table)}
+        sql
+      end
+
+      def enable_triggers
+        tables.each do |table|
+          enable_trigger(table)
+        end
+      end
+
+      def enable_trigger(table)
+        DbObfuscation::DB.run <<-sql
+          ALTER TABLE #{table}
+          ENABLE TRIGGER #{name(table)}
+        sql
+      end
+
+      def drop_triggers
+        tables.each do |table|
+          drop_trigger(table)
+        end
+      end
+
+      def drop_trigger(table)
+        DbObfuscation::DB.run <<-sql
+          DROP TRIGGER #{name(table)}
+          ON #{table}
+        sql
+      end
+
+      def prefix
+        'audit_'
+      end
+
+      def name(table)
+        "#{prefix}#{table}"
+      end
+    end
+  end
+end

data/lib/db_obfuscation/version.rb

@@ -0,0 +1,4 @@
+module DbObfuscation
+  VERSION = "0.0.1"
+end
+

data/spec/cli/db_dump_spec.rb

@@ -0,0 +1,33 @@
+require 'db_obfuscation/environment'
+require 'db_dump'
+
+module DbObfuscation
+  module Cli
+    describe DbDump do
+
+      it 'dump a db into a dump file' do
+        filename = 'db.yml'
+        db_config = {
+          'username' => 'fake_username',
+          'password' => 'fake_password',
+          'database' => 'fake_database',
+          'host' => 'fake_host'
+        }
+
+        allow(YAML).to receive(:load_file).with(filename).
+          and_return(db_config)
+
+        dump_name = 'dumped_database'
+
+        dump_cmd = <<-dump_cmd.gsub(/\s{2,}/,' ').strip
+      PGPASSWORD=fake_password pg_dump -h fake_host -U fake_username -w
+      -Fc -f dumped_database fake_database
+        dump_cmd
+
+        expect(Kernel).to receive(:system).with(dump_cmd)
+        described_class.dump(filename, dump_name)
+      end
+    end
+
+  end
+end

data/spec/cli/migrator_spec.rb

@@ -0,0 +1,59 @@
+require 'spec_helper'
+require 'migrator'
+require 'db_obfuscation/database'
+
+module DbObfuscation
+  module Cli
+    describe Migrator do
+      describe '.migrate' do
+        before do
+          system("dropdb -e obfuscation_test")
+          system("createdb -e obfuscation_test")
+        end
+
+        it 'creates table in the test database' do
+          expect(DbObfuscation::DB.tables).to eq []
+
+          db_yml = File.expand_path('../../config/database.yml',
+                                    __FILE__)
+          migration_path = File.expand_path('../../test_db_setup/migrations',
+                                            __FILE__)
+
+          described_class.migrate(db_yml, migration_path)
+
+          expect(DbObfuscation::DB.tables).to include :table_1
+          expect(DbObfuscation::DB.tables).to include :table_2
+          expect(DbObfuscation::DB.tables).to include :truncation_table_1
+          expect(DbObfuscation::DB.tables).to include :whitelisted_table_1
+        end
+      end
+
+      describe '.down_migrate' do
+        before do
+          system("dropdb -e obfuscation_test")
+          system("createdb -e obfuscation_test")
+        end
+
+        it 'creates table in the test database' do
+          db_yml = File.expand_path('../../config/database.yml',
+                                    __FILE__)
+          migration_path = File.expand_path('../../test_db_setup/migrations',
+                                            __FILE__)
+
+          described_class.migrate(db_yml, migration_path)
+          expect(DbObfuscation::DB.tables).to include :table_1
+          expect(DbObfuscation::DB.tables).to include :table_2
+          expect(DbObfuscation::DB.tables).to include :truncation_table_1
+          expect(DbObfuscation::DB.tables).to include :whitelisted_table_1
+
+          described_class.down_migrate(db_yml, migration_path)
+
+          expect(DbObfuscation::DB.tables).to eq([:schema_info])
+
+          #rescue operation to keep the test db in a clean state
+          described_class.migrate(db_yml, migration_path)
+        end
+      end
+    end
+  end
+end

data/spec/cli/seeder_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+require 'seeder'
+require 'db_obfuscation/database'
+require 'migrator'
+
+module DbObfuscation
+  module Cli
+    describe Seeder do
+      let(:db_yml) {
+        File.expand_path('../../config/database.yml', __FILE__)
+      }
+      let(:migrations_path) {
+        File.expand_path('../../test_db_setup/migrations', __FILE__)
+      }
+      let(:seeds_path) {
+        File.expand_path('../../test_db_setup/seeds', __FILE__)
+      }
+
+      describe '.seed' do
+        before do
+          Migrator.down_migrate(db_yml, migrations_path)
+          Migrator.migrate(db_yml, migrations_path)
+        end
+
+        it 'seeds the database with seed data' do
+          expect(DbObfuscation::DB[:table_1].all).to eq []
+          Seeder.seed(db_yml, seeds_path)
+          expect(DbObfuscation::DB[:table_1].all).to_not eq([])
+        end
+      end
+    end
+  end
+end

data/spec/config/database.yml

@@ -0,0 +1,5 @@
+adapter: postgres
+host: localhost
+encoding: unicode
+username: ccUser
+database: obfuscation_test

data/spec/config/table_strategies/table_1.yml

@@ -0,0 +1,3 @@
+table_1:
+  field_1: :first_name_strategy
+  date_field: :date_strategy

data/spec/config/table_strategies/table_2.yml

@@ -0,0 +1,4 @@
+table_2:
+  field_1: :default_strategy
+  field_2: :whitelisted
+  date_field: :date_strategy

data/spec/config/table_strategies/truncation_table_1.yml

@@ -0,0 +1,3 @@
+truncation_table_1:
+  field_1: :default_strategy
+  field_2: :default_strategy

data/spec/config/table_strategies/whitelisted_table_1.yml

@@ -0,0 +1,3 @@
+whitelisted_table_1:
+  field_1: :default_strategy
+  field_2: :default_strategy

data/spec/config/truncation_patterns.yml

@@ -0,0 +1,2 @@
+- truncation_table_1
+- audit

data/spec/config/whitelisted_tables.yml

@@ -0,0 +1 @@
+- whitelisted_table_1

data/spec/db_obfuscation/batch_formulator_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+require 'db_obfuscation/batch_formulator'
+
+module DbObfuscation
+  describe BatchFormulator do
+
+    describe '.batch_for' do
+      it 'returns a batch of obfuscated row values for a set of ids' do
+        config = {
+          field_1: :default_strategy,
+          field_2: :default_strategy,
+          date_field: :default_strategy
+        }
+
+        ids = [1,2]
+
+        expected_batch = [
+          { field_1: "'obfuscated_value'",
+            field_2: "'obfuscated_value'",
+            date_field: "'obfuscated_value'",
+            id: 1 },
+          { field_1: "'obfuscated_value'",
+            field_2: "'obfuscated_value'",
+            date_field: "'obfuscated_value'",
+            id: 2 }
+        ]
+
+        allow(DbObfuscation::Obfuscator).to receive(:obfuscate)
+          .and_return('obfuscated_value')
+        obfuscated_batch = described_class.batch_for(config, ids)
+
+        expect(obfuscated_batch).to eq expected_batch
+      end
+    end
+  end
+end