96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# File 'lib/secure_db_fields/db_deployment.rb', line 96
def run(argv)
target = argv.shift
raise OptionParser::MissingArgument, "TARGET must be mysql" if target.nil?
raise OptionParser::InvalidArgument, "TARGET must be mysql" unless target == MYSQL_TARGET
options = { columns: [], output: nil, as: nil, uid_column: "secure_row_uid" }
parser = OptionParser.new do |opts|
opts.banner = "Usage: secure_db_fields db view mysql --table DB.TABLE --field NAME:ENC_COLUMN --view DB.VIEW [OPTIONS]"
opts.on("--table NAME", "source table, optionally database-qualified") { |value| options[:table] = value }
opts.on("--field SPEC", "plaintext:encrypted_column, e.g. phone:phone_enc") { |value| options[:field] = value }
opts.on("--uid-column NAME", "row UID column for AAD (default: secure_row_uid)") { |value| options[:uid_column] = value }
opts.on("--view NAME", "destination view, optionally database-qualified") { |value| options[:view] = value }
opts.on("--columns LIST", "comma-separated plain columns to expose") { |value| options[:columns] = value.split(",").map(&:strip).reject(&:empty?) }
opts.on("--as NAME", "decrypted column alias (default: plaintext field name)") { |value| options[:as] = value }
opts.on("-o", "--output PATH", "write SQL to PATH instead of stdout") { |value| options[:output] = value }
opts.on("-h", "--help", "show this help") { puts opts; return 0 }
end
parser.parse!(argv)
raise OptionParser::InvalidOption, argv.join(" ") unless argv.empty?
sql = ReadableView.new(options).to_sql
if options[:output]
write_text_atomically(options[:output], sql)
puts File.expand_path(options[:output])
else
$stdout.write(sql)
end
0
end
|