Fetch tables metadata... takes more time than a full database dump.

I have filters in place for only 4 tables I need out of 100+ but this still takes longer than I expect.

@evgeniy-r I am facing an issue while using the cli with my db. I am not sure that whether I am using the config correctly, can you help me rectify the issue.

thank you in advance.

Background

I have a database with multiple schemas and I want to copy over the schema default$default and the tables under that schema. Of course, I also anonymize certain fields in the tables.

config.yml

tables:
  - name: default$default.Profile
    rules:
      firstName:
        first_name: {}
        ...
        ...
filter:
  schema:
    only:
      - default$default

Output

$ ./bin/pg_datanymizer -f backup.sql -c anonymizer/config.yml --accept_invalid_certs $POSTGRES_CONNECTION_STRING
Prepare data scheme...
pg_dump error. Command:
pg_dump --section pre-data -t default$default <POSTGRES_CONNECTION_STRING>
Output:
pg_dump: error: no matching tables were found

Hi @evgeniy-r , I am facing some issues while using the key-value store. please correct me if I am using it wrong. User is connected to Profile with a foreign key in the User table. So I am using profile_id while storing the data to the store and then while retrieving I am just using the id from the Profile table.

Config

tables:
  - name: User
    rules:
      phone:
        template:
          format: "{{ _1 }}{{ store_write(key='user_phonenumbers.' ~ prev.profile_id, value=_1) }}"
          rules:
            - phone:
                format: "+############"
                uniq: true
  - name: Profile
    rules:
      phone:
        # reading phone numbers from `user_phonenumbers` stored in `User`
        template:
          format: "{{ store_read(key='user_phonenumbers.' ~ prev.id) }}"

Output

...
Prepare to dump table: default$default.Profile
Error: Failed transform Failed to render 'TemplateTransformerTemplate'
ERROR: Job failed: exit code 1
FATAL: exit code 1         

Just to confirm that whether the template is giving an error on reading, I tried removing the template under Profile and replaced it with phone to randomize it and it works that way. So I am quite sure that there is something wrong - either how I am implementing it or with the anonymizer.

I am trying to use datanymizer in the environment that requires SSL connection (Heroku postgres). It fails with an error:

$ docker run --rm -v /Users/f213/prj/education/dev-db:/app -w /app datanymizer/pg_datanymizer "postgres://user:pwd@<REDACTED>.eu-west-1.compute.amazonaws.com:5432/<REDACTED>?sslmode=require"
Error: error performing TLS handshake: no TLS implementation configured

Caused by:
    no TLS implementation configured

Any chances this great project will support SSL?

When I run pg_datanymizer against a GCP managed sql instance, I only get a data dump, it does not add any create statements for the relations.

Running pg_dump directly against the same database with the same credentials gives a full dump as expected.

The command I am running is pg_datanymizer db --config /app/config.yml --host cloud-sql-proxy --username <redacted> --password <redacted> --file /app/dump.sql --port 5432

The config just has table rules, no filters or anything like that.

Would appreciate any guidance on this.

Hi 👋

What do you think about adding the update-informer crate to the project to print a message if there is a newer version of datanymizer?

update-informer has support of GitHub releases.

It appears to impact fields that I have configuration for:

tables:
  - name: user
    rules:
      name:
        person_name: {}
      birthdate:
        datetime:
          from: 1980-01-01T00:00:00+00:00
          to: 2021-07-24T00:00:00+00:00

When loading the dump I see this error:

COPY 0
ERROR:  invalid input syntax for type timestamp with time zone: "Vanessa Wyman"
CONTEXT:  COPY user, line 1, column birthdate: "Vanessa Wyman"

COPY public.user("id", "firebase_uid", "created_at", "updated_at", "username", "bio", "verified", "flagged", "private_account", "avatar_image_id", "user_role_type", "avatar_foreground_color", "avatar_background_light_color", "avatar_background_dark_color", "name", "birthdate", "last_seen", "google_iap_uid") FROM STDIN;
2afa72c2-f06a-4bcd-88e8-6bac7b32fa80	ANDROID- 17	2021-06-14 19:09:17.508424+00	2021-06-14 19:09:17.508424+00	somename	\N	f	f	f	\N	USER	\N	\N	\N	\N	Vanessa Wyman	2004-01-13T00:14:00+00:00	\N

Using pg_dump and pg_restore you can exclude owner/priv information using --no-owner and --no-privileges. Using psql < dump to do restores as documented, doesn't allow this type of thing. Is this possible without having to manually text process the dump file?

✓ Checklist:

• [x] This PR has been added to CHANGELOG.md (at the top of the list);
• [x] Tests for the changes have been added (for bug fixes / features);
• [x] Docs have been added / updated (for bug fixes / features).

See issue #146 for more information

Hi! Is it possible to make it work to change data in-place (without dump-restore cycle)? We already have automated backups-to-staging restoration cycle (postgres, basebackups) and would like to use this tool to make data masking in-place.

Possible syntax (look at tr):

tables:
  - name: users
    rules:
      login:
        username: {}
      preferences:
        template:
          format: '{"some_complex_json": {"field": "{{tr.login}}"}}'

Tera allows also tr["login"].

The name tr means "transformed row". We can use tr_row or transformed_row instead (it might be too long).

We can also use just row, but what if in the future we decide to use the values ​​of the original row too?

I have tried running the following command

./bin/pg_datanymizer -f backup.sql -c ./test.yml postgresql://postgres:[email protected]:5432/postgres

where the test.yml is

tables:
  - name: Profile
    rules:
      firstName:
        first_name: {}
      lastName:
        last_name: {}

Also i have tried running this on the following OS / Environments:

• macOS 12.4
• Ubuntu 20.04
• Node:16.15-alpine (docker engine, both on macOS 12.4 and Ubuntu 20.04)

Anonymizer throws error when dealing with table with generated columns

Error: db error: ERROR: column "tsv" is a generated column DETAIL: Generated columns cannot be used in COPY.

pg_dump on its own works fine.

postgresql and pg_dump version is 12.12 pg_datanymizer version is 0.6.0

Hi, thanks so much for your great tool it's very useful !

Do you plan to implement "archive" mode for pg_restore ? the fact is, when the database is big, it could take a lot of time to be restored, and using the -j option of pg_restore and more coul be very benefit to gain performance.

Thanks !

This PR wants to add a new tera filter function for repeated sha256 hashes with an optional salt.

This intends not to be a solution for highly confidential secret, rather to provide a way of having a value in the output that can be verified when the salt is known.

For highly confidential values a more flexible hash should be used.

✓ Checklist:

• [ ] This PR has been added to CHANGELOG.md (at the top of the list);
• [X] Tests for the changes have been added (for bug fixes / features);
• [ ] Docs have been added / updated (for bug fixes / features).

Hello and thank you for this tool. It works pretty neat. <3

My goal is to dump anonymized version of sensitive data in such a way that the value can be verified, given the original value. It is a common use case in our place to hmac(secret, value) or just sha(salt + value) to hide the field in a dump or log a pseudoanonymized value.

Generating random values works in many places, but we need either a hash transformer or a tera filter capable for generating such hashes, that are 1 => 1 associations.

I went ahead and implemented a sha256 transformer and then looked for tera filters to do the same for comparison. (But this is not working as simply as the transformer Trait)

I would like to open a PR and get some review done. What do you think?