A postgres audit table implementation that works with sqlalchemy and alembic
Project description
SQLAlchemy Postgresql Audit
Description
Enables table change tracking support for tables defined by SQLAlchemy models.
Additionally, provides a flexible mechanism for enriching table change data with additional metadata (such as a request UUID or a username or ID).
Implementation
After registering the relevant SQLAlchemy event listeners, whenever a table is attached to a metadata object, it's info will be checked for specific keys indicating that the table should be audited. If so, a table similar to the source table will be created, with the same name and types (but no constraints or nullability requirements). Additionally, an operation indicator (I, U, D for insert, update, delete) and a DB timestamp will be included as columns. A function and trigger definition are then also defined to insert a row into the audit table whenever a row is inserted, updated, or deleted. For inserts and updates, the row in the audit table is the NEW row representation. For deletes, the row in the audit table is the OLD row. While any typical create_all/drop_all command will create/drop the relevant tables, Audit Tables info dictionary also contains the DDL necessary to create and drop the function and trigger, and any migration mechanism in usage would need to take advantage of this DDL how it sees fit.
In order to enrich the change data with relevant metadata (such as an application user id or a webrequest UUID, etc), the procedure can be configured (via the table info) to reference any number of session local variables. These variables will be written in the audit.*
namespace. Helper functions are provided for setting these these session variables, and it is recommended that you integrate these deeply in your sessionmaking logic.
Installation
pip install sqlalchemy-postgresql-audit
This is only known to be compatible with the postgresql+psycopg2
dialect.
Usage
This package "claims" keys in info
at 'audit.*'.
In order for your table definitions to be ready, you must indicate in the info dictionary to enable the table audit mechanism.
from sqlalchemy import MetaData, Table, Column, String
# Importing this module is sufficient to enable Table event listeners
# However, in order to utilize alembic you should enable `audit` as a sqlalchemy plugin.
import sqlalchemy_postgresql_audit.event_listeners.sqlalchemy
meta = MetaData()
foo = Table(
"foo",
meta,
Column("bar", String),
info={
"audit.options": {
"enabled": True,
}
}
)
This code will result in an additional table definition being added to the meta data object
An example create statement (if you created this table) is:
CREATE TABLE public.foo_audit (
audit_operation VARCHAR(1) NOT NULL,
audit_operation_timestamp TIMESTAMP WITHOUT TIME ZONE NOT NULL,
bar VARCHAR
)
Naming Conventions
You can find the default naming conventions at
from sqlalchemy_postgresql_audit import (
DEFAULT_AUDIT_TABLE_NAMING_CONVENTION,
DEFAULT_AUDIT_TABLE_FUNCTION_NAMING_CONVENTION,
DEFAULT_AUDIT_TABLE_TRIGGER_CONVENTION,
)
These can overridden by passing a naming convention format string to the naming_conventions
dictionary under the relevant audit.table
, audit.function
, or audit.trigger
conventions.
from sqlalchemy import MetaData
from sqlalchemy.util import immutabledict
NAMING_CONVENTIONS = immutabledict(
{
"ix": "ix_%(column_0_label)s",
"uq": "uq_%(table_name)s_%(column_0_name)s",
"ck": "ck_%(table_name)s_%(constraint_name)s",
"fk": "fk_%(table_name)s_%(column_0_name)s_%(referred_table_name)s",
"pk": "pk_%(table_name)s",
"audit.table": "%(table_name)s_audr",
}
)
meta = MetaData(naming_convention=NAMING_CONVENTIONS)
Session Settings
from sqlalchemy import MetaData, Column, Table, String
from sqlalchemy.dialects.postgresql import UUID
meta = MetaData()
foo = Table(
"foo",
meta,
Column("bar", String),
info={
"audit.options": {
"enabled": True,
'session_settings': [
Column('username', String, nullable=False),
Column('app_uuid', UUID),
]
}
},
schema="public",
)
which resulted in the following audit table being created:
CREATE TABLE public.foo_audr (
audit_operation VARCHAR(1) NOT NULL,
audit_operation_timestamp TIMESTAMP WITHOUT TIME ZONE NOT NULL,
username VARCHAR NOT NULL,
app_uuid UUID,
bar VARCHAR
)
Include as a SQLAlchemy plugin
You can include this as a plugin at the audit
name
Via the connection string
from sqlalchemy import create_engine
engine = create_engine("postgresql+psycopg2://user:password@host:port/dbname?plugin=audit")
Via the create_engine option
from sqlalchemy import create_engine
engine = create_engine("postgresql+psycopg2://user:password@host:port/dbname", plugins=['audit'])
Alembic Integration
This library is partially integrated with alembic. Some aspects are not perfect (downgrades drop the triggers and function and don't replace them)
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for sqlalchemy-postgresql-audit-0.2.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | f17abb2c5f7e4aa61991b5f6a502afc9413b470f5c21b3c7f3f96c71c3ac1d35 |
|
MD5 | 480d2bff862883e0f66c8633731eaf93 |
|
BLAKE2b-256 | 62e3a8207f7ae94849f688be4b16133b0cebe33ed115d7d698f29b9f82449921 |
Hashes for sqlalchemy_postgresql_audit-0.2.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 78a061ed1fee9f6c9afeb564fb9746766472d498c6e313b66b30761f81755481 |
|
MD5 | 95dbc40a6475a8095d57dda36c18c94c |
|
BLAKE2b-256 | d2c908c03da5b641f7b0f8570919058508ad04c5fcf4aa6caccf0324763061cf |