CLI for Athena Database and AWS Lake Formation. With auto-completion and syntax highlighting.
Project description
Introduction
LakeCLI is a SQL interface (CLI) for managing AWS Lake Formation and AWS Glue permissions.
Features
LakeCLI provides an information schema and supports SQL GRANT/REVOKE statements. These features help administrators
- Use familiar SQL features to view and manage permissions
- Write scripts to automate on-boarding and removing permissions.
- Write scripts to monitor & alert permissions to ensure best practices and policies are followed.
Information Schema
LakeCLI provides two tables:
- database_privileges
- table_privileges
Database Privileges
| Column | Description |
|---|---|
| id | Primary Key |
| schema_name | Name of the Schema |
| principal | AWS IAM Role or User |
| permission | Permission type (Described in a later section) |
| grant | Boolean. Describes if the principal is allowed to grant permission to others |
Table Privileges
| Column | Description |
|---|---|
| id | Primary Key |
| schema_name | Schema Name of the Table |
| table_name | Name of the Table |
| principal | AWS IAM Role or User |
| permission | Permission type (Described in a later section) |
| grant | Boolean. Describes if the principal is allowed to grant permission to others |
GRANT/REVOKE Statements
GRANT/REVOKE { { PERMISSION TYPE }
[, ...] }
ON { [ TABLE | DATABASE ] name }
TO role_specification
Permission Types
- ALL
- SELECT
- ALTER
- DROP
- DELETE
- INSERT
- CREATE_DATABASE
- CREATE_TABLE
- DATA_LOCATION_ACCESS
Examples
Table Privileges
\r:iamdb> SELECT * FROM table_privileges;
+----+-------------+----------------+--------------+------------+-------+
| id | schema_name | table_name | principal | permission | grant |
+----+-------------+----------------+--------------+------------+-------+
| 1 | taxidata | raw_misc | role/lakecli | ALL | 1 |
| 2 | taxidata | raw_misc | role/lakecli | ALTER | 1 |
| 3 | taxidata | raw_misc | role/lakecli | DELETE | 1 |
+----+-------------+----------------+--------------+------------+-------+
Database Privileges
\r:iamdb> SELECT * FROM database_privileges;
+----+-------------+--------------------------------+--------------+-------+
| id | schema_name | principal | permission | grant |
+----+-------------+--------------------------------+--------------+-------+
| 9 | taxilake | role/LakeFormationWorkflowRole | CREATE_TABLE | 1 |
| 10 | taxilake | role/LakeFormationWorkflowRole | DROP | 1 |
| 11 | default | user/datalake_user | ALTER | 0 |
| 12 | default | user/datalake_user | CREATE_TABLE | 0 |
| 13 | default | user/datalake_user | DROP | 0 |
+----+-------------+--------------------------------+--------------+-------+
GRANT
\r:iamdb> grant SELECT ON TABLE 'taxidata'.'raw_misc' TO 'user/datalake_user';
GRANT
Time: 1.467s
REVOKE
\r:iamdb> revoke SELECT ON TABLE 'taxidata'.'raw_misc' TO 'user/datalake_user';
REVOKE
Time: 1.450s
Quick Start
Install
$ pip install lakecli
Config
A config file is automatically created at ~/.lakecli/lakeclirc at first launch (run lakecli).
See the file itself for a description of all available options.
Below 4 variables are required.
# AWS credentials
aws_access_key_id = ''
aws_secret_access_key = ''
region = '' # e.g us-west-2, us-east-1
account_id = ''
or you can also use environment variables:
$ export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID
$ export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY
$ export AWS_DEFAULT_REGION=us-west-2
$ export AWS_ACCOUNT_ID=ACCOUNT_ID
Features
- Auto-completes as you type for SQL keywords as well as tables and columns in the database.
- Syntax highlighting.
- Smart-completion will suggest context-sensitive completion.
SELECT * FROM <tab>will only show table names.SELECT * FROM users WHERE <tab>will only show column names.
- Pretty prints tabular data and various table formats.
- Some special commands. e.g. Favorite queries.
- Alias support. Column completions will work even when table names are aliased.
Usages
$ lakecli --help
Usage: lakecli [OPTIONS]
A Athena terminal client with auto-completion and syntax highlighting.
Examples:
- lakecli
- lakecli my_database
Options:
-e, --execute TEXT Execute a command (or a file) and quit.
-r, --region TEXT AWS region.
--aws-access-key-id TEXT AWS access key id.
--aws-secret-access-key TEXT AWS secretaccess key.
--aws-account-id TEXT Amazon Account ID.
--lake-cli-rc FILE Location of lake_cli_rc file.
--profile TEXT AWS profile
--scan / --no-scan
--help Show this message and exit.
Credits
LakeCLI is based on AthenaCLI and the excellent DBCli project. A big thanks to all of them for providing a great foundation to build SQL CLI projects.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
lakecli-0.2.0.tar.gz
(46.8 kB
view details)
Built Distribution
File details
Details for the file lakecli-0.2.0.tar.gz.
File metadata
- Download URL: lakecli-0.2.0.tar.gz
- Upload date:
- Size: 46.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 59a5ae3a441909e0346810969f0b7e91342167359ca0bffa7d1207dcdb151179 |
|
| MD5 | 4f317a01c4121f82f2cf1f019db02854 |
|
| BLAKE2b-256 | c03b1303b85e0058721784ce8b5213efc18a47d22c9cd2333f77139c0ca589dc |
File details
Details for the file lakecli-0.2.0-py2.py3-none-any.whl.
File metadata
- Download URL: lakecli-0.2.0-py2.py3-none-any.whl
- Upload date:
- Size: 61.8 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 147e61db063503369436c9feba9d1b12c88e7e9b38313f2f51c82cbf0d07a82a |
|
| MD5 | 656cda532e142595882a5fa24029639a |
|
| BLAKE2b-256 | 082da9aa76ffdb30f7eff86f3ed3cb2a6e112d25d69c93222a4537aff8d94e5e |
