pii_safe_schema 1.2.0 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/config.yml +1 -1
- data/.ruby-version +1 -1
- data/CHANGELOG.md +4 -0
- data/README.md +13 -4
- data/lib/pii_safe_schema.rb +52 -2
- data/lib/pii_safe_schema/annotations.rb +6 -2
- data/lib/pii_safe_schema/invalid_column_error.rb +4 -0
- data/lib/pii_safe_schema/pii_column.rb +12 -4
- data/lib/pii_safe_schema/version.rb +1 -1
- data/lib/tasks/pii_safe_schema.rake +21 -1
- data/pii_safe_schema.gemspec +4 -3
- metadata +37 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5a3fe6f6dc02bc520f523874f6111cb00dc9201687f0b7f668dc39e587080bda
|
|
4
|
+
data.tar.gz: c2f2bf99f36d65c806e9b74af88ab55a8c77291e5bd61883a36bd2b2bf2d6b1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 539795ee77529477a46a52df234f0474f5d774f2ded25537520f20d023af8539c5643f3c859e3df56e3181591cea9b854b23030be1d5f4c9344dec6b3b7d7f29
|
|
7
|
+
data.tar.gz: 8ed9a5f69eeeca205128085268198732888632563922be5402129779074f314df3bf18ad54b17a859372fb90c2689a2b140352bd02f9fa9275950b75667deb67
|
data/.circleci/config.yml
CHANGED
data/.ruby-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
2.6.
|
|
1
|
+
2.6.5
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## 1.3.0 - 2019-11-04
|
|
8
|
+
### Added
|
|
9
|
+
- Can pass explicitly annotate PII columns from the command line as arguments when using `rake pii_safe_schema:generate_migrations`.
|
|
10
|
+
|
|
7
11
|
## 1.2.0 - 2019-4-20
|
|
8
12
|
### Added
|
|
9
13
|
- Can pass Datadog Client object as a configuration option.
|
data/README.md
CHANGED
|
@@ -46,7 +46,7 @@ PiiSafeSchema.configure do |config|
|
|
|
46
46
|
some_table: :*, # ignore the whole table
|
|
47
47
|
some_other_table: [:column_1, :column_2] # just those columns
|
|
48
48
|
}
|
|
49
|
-
|
|
49
|
+
|
|
50
50
|
# Pass whatever instance you want here, but it must implement the method
|
|
51
51
|
# #event(title, message, opts = {})
|
|
52
52
|
# which is what datadog-statsd does:
|
|
@@ -60,12 +60,21 @@ end
|
|
|
60
60
|
|
|
61
61
|
## Generating Comment Migrations
|
|
62
62
|
|
|
63
|
-
```
|
|
63
|
+
```bash
|
|
64
64
|
rake pii_safe_schema:generate_migrations
|
|
65
65
|
```
|
|
66
66
|
|
|
67
|
-
This will generate one migration file for each table that should be commented.
|
|
68
|
-
|
|
67
|
+
This will generate one migration file for each table that should be commented. It will create a comment field for each column that it warns you about when you start a rails server or console.
|
|
68
|
+
|
|
69
|
+
### Explicit annotations
|
|
70
|
+
|
|
71
|
+
If the generator fails to identify a PII column, you can specify explicitly what columns in what tables are PII. This is particularly useful if you're installed pii_safe_schema into an existing project.
|
|
72
|
+
|
|
73
|
+
```bash
|
|
74
|
+
rake pii_safe_schema:generate_migrations [table:column:annotation_type] ...
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
Run `rake pii_safe_schema:generate_migrations help` for details
|
|
69
78
|
|
|
70
79
|
## Credits
|
|
71
80
|
|
data/lib/pii_safe_schema.rb
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
require 'pii_safe_schema/invalid_column_error'
|
|
1
2
|
require 'pii_safe_schema/configuration'
|
|
2
3
|
require 'pii_safe_schema/annotations'
|
|
3
4
|
require 'pii_safe_schema/notify'
|
|
@@ -36,7 +37,56 @@ module PiiSafeSchema
|
|
|
36
37
|
Rails.logger.info('PiiSafeSchema: No DB'.red)
|
|
37
38
|
end
|
|
38
39
|
|
|
39
|
-
def self.generate_migrations
|
|
40
|
-
PiiSafeSchema::MigrationGenerator.generate_migrations(
|
|
40
|
+
def self.generate_migrations(additional_pii_columns = [])
|
|
41
|
+
PiiSafeSchema::MigrationGenerator.generate_migrations(
|
|
42
|
+
PiiSafeSchema::PiiColumn.all + additional_pii_columns,
|
|
43
|
+
)
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def self.parse_additional_columns(arguments)
|
|
47
|
+
arguments.map do |str|
|
|
48
|
+
matches = /([a-z_]+):([a-z_]+):([a-z_]+)/i.match(str)
|
|
49
|
+
return print_help! if matches.blank?
|
|
50
|
+
|
|
51
|
+
suggestion = Annotations.comment(matches[3])
|
|
52
|
+
return print_help! if suggestion.blank?
|
|
53
|
+
|
|
54
|
+
PiiColumn.from_column_name(table: matches[1], column: matches[2], suggestion: suggestion)
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def self.print_help!(do_exit: true) # rubocop:disable Metrics/MethodLength
|
|
59
|
+
puts <<~HELPMSG # rubocop:disable Rails/Output
|
|
60
|
+
Usage:
|
|
61
|
+
rake pii_safe_schema:generate_migrations [table:column:annotation_type] ...
|
|
62
|
+
|
|
63
|
+
Arguments:
|
|
64
|
+
[table:column:annotation_type] # A column to manually annotate. Can be repeated.
|
|
65
|
+
# annotation_type can be "email", "phone", "ip_address",
|
|
66
|
+
# "geolocation", "address", "postal_code", "name",
|
|
67
|
+
# "sensitive_data", or "encrypted_data"
|
|
68
|
+
|
|
69
|
+
Description:
|
|
70
|
+
Generates a migration to add PII annotation comments to appropriate columns on a table.
|
|
71
|
+
Uses a series of regular expressions to find sensitive fields.
|
|
72
|
+
|
|
73
|
+
Optionally supply arguments to annotate columns explicitly
|
|
74
|
+
|
|
75
|
+
Example:
|
|
76
|
+
rake pii_safe_schema:generate_migrations signatures:signatory_name:name signatures:landline:phone
|
|
77
|
+
|
|
78
|
+
Will generate a migration with the following, assuming automatic regex had no matches:
|
|
79
|
+
|
|
80
|
+
class ChangeCommentsInSignatures < ActiveRecord::Migration[5.2]
|
|
81
|
+
def change
|
|
82
|
+
safety_assured do
|
|
83
|
+
change_column :signatures, :signatory_name, :string, comment: '{"pii":{"obfuscate":"name_obfuscator"}}'
|
|
84
|
+
change_column :signatures, :landline, :string, comment: '{"pii":{"obfuscate":"phone_obfuscator"}}'
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
HELPMSG
|
|
89
|
+
|
|
90
|
+
exit(1) if do_exit # rubocop:disable Rails/Exit
|
|
41
91
|
end
|
|
42
92
|
end
|
|
@@ -70,14 +70,18 @@ module PiiSafeSchema
|
|
|
70
70
|
nil
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
+
def self.comment(annotation_type)
|
|
74
|
+
COLUMNS.dig(annotation_type.to_sym, :comment)
|
|
75
|
+
end
|
|
76
|
+
|
|
73
77
|
def apply_recommendation?(column, pii_info)
|
|
74
78
|
!encrypted?(column) &&
|
|
75
|
-
pii_info[:regexp].match(column.name) &&
|
|
79
|
+
pii_info[:regexp].match?(column.name) &&
|
|
76
80
|
column.comment != pii_info[:comment].to_json
|
|
77
81
|
end
|
|
78
82
|
|
|
79
83
|
def encrypted?(column)
|
|
80
|
-
COLUMNS[:encrypted_data][:regexp].match(column.name)
|
|
84
|
+
COLUMNS[:encrypted_data][:regexp].match?(column.name)
|
|
81
85
|
end
|
|
82
86
|
|
|
83
87
|
def apply_encrypted_recommendation?(column)
|
|
@@ -3,10 +3,6 @@ module PiiSafeSchema
|
|
|
3
3
|
extend PiiSafeSchema::Annotations
|
|
4
4
|
attr_reader :table, :column, :suggestion
|
|
5
5
|
|
|
6
|
-
def self.all
|
|
7
|
-
find_and_create
|
|
8
|
-
end
|
|
9
|
-
|
|
10
6
|
def initialize(table:, column:, suggestion:)
|
|
11
7
|
@table = table.to_sym
|
|
12
8
|
@column = column
|
|
@@ -14,6 +10,18 @@ module PiiSafeSchema
|
|
|
14
10
|
end
|
|
15
11
|
|
|
16
12
|
class << self
|
|
13
|
+
def all
|
|
14
|
+
find_and_create
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def from_column_name(table:, column:, suggestion:)
|
|
18
|
+
unless connection.columns(table.to_s).find { |c| c.name == column.to_s }
|
|
19
|
+
raise InvalidColumnError, "column \"#{column}\" does not exist for table \"#{table}\""
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
new(table: table, column: column, suggestion: suggestion)
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
private
|
|
18
26
|
|
|
19
27
|
def find_and_create
|
|
@@ -1,5 +1,25 @@
|
|
|
1
1
|
namespace :pii_safe_schema do
|
|
2
2
|
task generate_migrations: :environment do
|
|
3
|
-
PiiSafeSchema.
|
|
3
|
+
PiiSafeSchema.print_help! if ARGV[2] == 'help'
|
|
4
|
+
|
|
5
|
+
if ARGV.length == 1
|
|
6
|
+
PiiSafeSchema.generate_migrations
|
|
7
|
+
else
|
|
8
|
+
additional_columns = PiiSafeSchema.parse_additional_columns(ARGV[1..])
|
|
9
|
+
PiiSafeSchema.generate_migrations(additional_columns)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
rescue ActiveRecord::StatementInvalid, PiiSafeSchema::InvalidColumnError => e
|
|
13
|
+
raise e if e.class == ActiveRecord::StatementInvalid && e.cause.class != PG::UndefinedTable
|
|
14
|
+
|
|
15
|
+
puts <<~HEREDOC
|
|
16
|
+
Unable to generate PII annotation migration. Either the underlying table or column does not exist:
|
|
17
|
+
|
|
18
|
+
#{e.message}
|
|
19
|
+
|
|
20
|
+
Please create the table & columns first, running their migrations, before attempting to use the pii_safe_schema generator.
|
|
21
|
+
HEREDOC
|
|
22
|
+
ensure
|
|
23
|
+
exit(0) # forces rake to stop after this and not assume args are tasks
|
|
4
24
|
end
|
|
5
25
|
end
|
data/pii_safe_schema.gemspec
CHANGED
|
@@ -19,9 +19,9 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
20
20
|
s.require_paths = ['lib']
|
|
21
21
|
|
|
22
|
-
s.add_dependency 'activesupport', '>= 5'
|
|
22
|
+
s.add_dependency 'activesupport', '>= 5', '< 7'
|
|
23
23
|
s.add_dependency 'colorize'
|
|
24
|
-
s.add_dependency 'rails', '>= 5'
|
|
24
|
+
s.add_dependency 'rails', '>= 5', '< 7'
|
|
25
25
|
|
|
26
26
|
s.add_development_dependency 'bundler', '>= 1.16'
|
|
27
27
|
s.add_development_dependency 'bundler-audit'
|
|
@@ -30,13 +30,14 @@ Gem::Specification.new do |s|
|
|
|
30
30
|
s.add_development_dependency 'git'
|
|
31
31
|
s.add_development_dependency 'guard-rspec'
|
|
32
32
|
s.add_development_dependency 'pry'
|
|
33
|
+
s.add_development_dependency 'rails', '>= 5.2.3', '< 7'
|
|
33
34
|
s.add_development_dependency 'rake', '>= 10.0'
|
|
34
35
|
s.add_development_dependency 'rspec', '< 4', '>= 3.0'
|
|
35
36
|
s.add_development_dependency 'rspec-collection_matchers'
|
|
36
37
|
s.add_development_dependency 'rspec-its'
|
|
37
38
|
s.add_development_dependency 'rubocop'
|
|
38
39
|
s.add_development_dependency 'simplecov'
|
|
39
|
-
s.add_development_dependency 'sqlite3
|
|
40
|
+
s.add_development_dependency 'sqlite3'
|
|
40
41
|
s.add_development_dependency 'ws-style'
|
|
41
42
|
|
|
42
43
|
# Required by activerecord-safer_migrations
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pii_safe_schema
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexi Garrow
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-11-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -17,6 +17,9 @@ dependencies:
|
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '5'
|
|
20
|
+
- - "<"
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: '7'
|
|
20
23
|
type: :runtime
|
|
21
24
|
prerelease: false
|
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -24,6 +27,9 @@ dependencies:
|
|
|
24
27
|
- - ">="
|
|
25
28
|
- !ruby/object:Gem::Version
|
|
26
29
|
version: '5'
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '7'
|
|
27
33
|
- !ruby/object:Gem::Dependency
|
|
28
34
|
name: colorize
|
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -45,6 +51,9 @@ dependencies:
|
|
|
45
51
|
- - ">="
|
|
46
52
|
- !ruby/object:Gem::Version
|
|
47
53
|
version: '5'
|
|
54
|
+
- - "<"
|
|
55
|
+
- !ruby/object:Gem::Version
|
|
56
|
+
version: '7'
|
|
48
57
|
type: :runtime
|
|
49
58
|
prerelease: false
|
|
50
59
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -52,6 +61,9 @@ dependencies:
|
|
|
52
61
|
- - ">="
|
|
53
62
|
- !ruby/object:Gem::Version
|
|
54
63
|
version: '5'
|
|
64
|
+
- - "<"
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: '7'
|
|
55
67
|
- !ruby/object:Gem::Dependency
|
|
56
68
|
name: bundler
|
|
57
69
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -150,6 +162,26 @@ dependencies:
|
|
|
150
162
|
- - ">="
|
|
151
163
|
- !ruby/object:Gem::Version
|
|
152
164
|
version: '0'
|
|
165
|
+
- !ruby/object:Gem::Dependency
|
|
166
|
+
name: rails
|
|
167
|
+
requirement: !ruby/object:Gem::Requirement
|
|
168
|
+
requirements:
|
|
169
|
+
- - ">="
|
|
170
|
+
- !ruby/object:Gem::Version
|
|
171
|
+
version: 5.2.3
|
|
172
|
+
- - "<"
|
|
173
|
+
- !ruby/object:Gem::Version
|
|
174
|
+
version: '7'
|
|
175
|
+
type: :development
|
|
176
|
+
prerelease: false
|
|
177
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
178
|
+
requirements:
|
|
179
|
+
- - ">="
|
|
180
|
+
- !ruby/object:Gem::Version
|
|
181
|
+
version: 5.2.3
|
|
182
|
+
- - "<"
|
|
183
|
+
- !ruby/object:Gem::Version
|
|
184
|
+
version: '7'
|
|
153
185
|
- !ruby/object:Gem::Dependency
|
|
154
186
|
name: rake
|
|
155
187
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -241,7 +273,7 @@ dependencies:
|
|
|
241
273
|
- !ruby/object:Gem::Version
|
|
242
274
|
version: '0'
|
|
243
275
|
- !ruby/object:Gem::Dependency
|
|
244
|
-
name: sqlite3
|
|
276
|
+
name: sqlite3
|
|
245
277
|
requirement: !ruby/object:Gem::Requirement
|
|
246
278
|
requirements:
|
|
247
279
|
- - ">="
|
|
@@ -320,6 +352,7 @@ files:
|
|
|
320
352
|
- lib/pii_safe_schema.rb
|
|
321
353
|
- lib/pii_safe_schema/annotations.rb
|
|
322
354
|
- lib/pii_safe_schema/configuration.rb
|
|
355
|
+
- lib/pii_safe_schema/invalid_column_error.rb
|
|
323
356
|
- lib/pii_safe_schema/migration_generator.rb
|
|
324
357
|
- lib/pii_safe_schema/notifiers/data_dog.rb
|
|
325
358
|
- lib/pii_safe_schema/notifiers/std_out.rb
|
|
@@ -347,7 +380,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
347
380
|
- !ruby/object:Gem::Version
|
|
348
381
|
version: '0'
|
|
349
382
|
requirements: []
|
|
350
|
-
rubygems_version: 3.0.
|
|
383
|
+
rubygems_version: 3.0.3
|
|
351
384
|
signing_key:
|
|
352
385
|
specification_version: 4
|
|
353
386
|
summary: Schema migration tool for checking and adding comments on PII columns.
|