{"id":14065560,"url":"https://github.com/tokern/lakecli","last_synced_at":"2025-03-21T00:32:14.740Z","repository":{"id":49505314,"uuid":"217448520","full_name":"tokern/lakecli","owner":"tokern","description":"A CLI to manage and monitor permissions in AWS Lake Formation","archived":false,"fork":false,"pushed_at":"2023-02-08T01:16:33.000Z","size":747,"stargazers_count":25,"open_issues_count":8,"forks_count":7,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-03-15T01:57:06.309Z","etag":null,"topics":["aws","aws-glue","aws-lake-formation","permissions","sql"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tokern.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-25T04:07:58.000Z","updated_at":"2024-05-28T01:36:46.505Z","dependencies_parsed_at":"2024-05-28T01:36:41.368Z","dependency_job_id":null,"html_url":"https://github.com/tokern/lakecli","commit_stats":{"total_commits":21,"total_committers":3,"mean_commits":7.0,"dds":"0.47619047619047616","last_synced_commit":"53adaa70a1bcbdcbdbc0680e5338b99ffa940e99"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokern%2Flakecli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokern%2Flakecli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokern%2Flakecli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tokern%2Flakecli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tokern","download_url":"https://codeload.github.com/tokern/lakecli/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244717391,"owners_count":20498283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-glue","aws-lake-formation","permissions","sql"],"created_at":"2024-08-13T07:04:33.651Z","updated_at":"2025-03-21T00:32:14.720Z","avatar_url":"https://github.com/tokern.png","language":"Python","readme":"[![CircleCI](https://circleci.com/gh/tokern/lakecli.svg?style=svg)](https://circleci.com/gh/tokern/lakecli)\n[![codecov](https://codecov.io/gh/tokern/lakecli/branch/master/graph/badge.svg)](https://codecov.io/gh/tokern/lakecli)\n[![PyPI](https://img.shields.io/pypi/v/lakecli.svg)](https://pypi.python.org/pypi/lakecli)\n[![image](https://img.shields.io/pypi/l/lakecli.svg)](https://pypi.org/project/lakecli/)\n[![image](https://img.shields.io/pypi/pyversions/lakecli.svg)](https://pypi.org/project/lakecli/)\n\n# Introduction\n\nLakeCLI is a SQL interface (CLI) for managing [AWS Lake Formation](https://aws.amazon.com/lake-formation/) and \n[AWS Glue](https://aws.amazon.com/glue) permissions. \n\n# Features\n\nLakeCLI provides an *information schema* and supports SQL GRANT/REVOKE statements. These features help administrators\n* Use familiar SQL features to view and manage permissions\n* Write scripts to automate on-boarding and removing permissions.\n* Write scripts to monitor \u0026 alert permissions to ensure best practices and policies are followed.\n\n## Information Schema\nLakeCLI provides two tables:\n\n1. *database_privileges*\n2. *table_privileges*\n\n### Database Privileges\n| Column | Description |\n|--------|-------------|\n| id | Primary Key | \n| schema_name | Name of the Schema | \n| principal | AWS IAM Role or User |\n| permission | Permission type (Described in a later section) |\n| grant | Boolean. Describes if the principal is allowed to grant permission to others | \n\n### Table Privileges\n| Column | Description |\n|--------|-------------|\n| id | Primary Key | \n| schema_name | Schema Name of the Table | \n| table_name  | Name of the Table |\n| principal | AWS IAM Role or User |\n| permission | Permission type (Described in a later section) |\n| grant | Boolean. Describes if the principal is allowed to grant permission to others | \n\n## GRANT/REVOKE Statements\n\n    GRANT/REVOKE { { PERMISSION TYPE }\n        [, ...] }\n        ON { [ TABLE | DATABASE ] name }\n        TO role_specification\n\n### Permission Types\n\n* ALL\n* SELECT\n* ALTER\n* DROP\n* DELETE\n* INSERT\n* CREATE_DATABASE\n* CREATE_TABLE\n* DATA_LOCATION_ACCESS\n\n# Examples\n\n## Table Privileges\n\n    \\r:iamdb\u003e SELECT * FROM table_privileges;\n    +----+-------------+----------------+--------------+------------+-------+\n    | id | schema_name | table_name     | principal    | permission | grant |\n    +----+-------------+----------------+--------------+------------+-------+\n    | 1  | taxidata    | raw_misc       | role/lakecli | ALL        | 1     |\n    | 2  | taxidata    | raw_misc       | role/lakecli | ALTER      | 1     |\n    | 3  | taxidata    | raw_misc       | role/lakecli | DELETE     | 1     |\n    +----+-------------+----------------+--------------+------------+-------+\n\n## Database Privileges\n\n    \\r:iamdb\u003e SELECT * FROM database_privileges;\n    +----+-------------+--------------------------------+--------------+-------+\n    | id | schema_name | principal                      | permission   | grant |\n    +----+-------------+--------------------------------+--------------+-------+\n    | 9  | taxilake    | role/LakeFormationWorkflowRole | CREATE_TABLE | 1     |\n    | 10 | taxilake    | role/LakeFormationWorkflowRole | DROP         | 1     |\n    | 11 | default     | user/datalake_user             | ALTER        | 0     |\n    | 12 | default     | user/datalake_user             | CREATE_TABLE | 0     |\n    | 13 | default     | user/datalake_user             | DROP         | 0     |\n    +----+-------------+--------------------------------+--------------+-------+\n\n## GRANT\n\n    \\r:iamdb\u003e grant SELECT ON TABLE 'taxidata'.'raw_misc' TO 'user/datalake_user';\n    GRANT\n    Time: 1.467s\n    \n## REVOKE\n\n    \\r:iamdb\u003e revoke SELECT ON TABLE 'taxidata'.'raw_misc' TO 'user/datalake_user';\n    REVOKE\n    Time: 1.450s\n\n# Quick Start\n\n## Install\n\n``` bash\n$ pip install lakecli\n```\n\n## Config\n\nA config file is automatically created at `~/.lakecli/lakeclirc` at first launch (run lakecli). \nSee the file itself for a description of all available options.\n\nBelow 4 variables are required. \n\n``` text\n# AWS credentials\naws_access_key_id = ''\naws_secret_access_key = ''\nregion = '' # e.g us-west-2, us-east-1\naccount_id = ''\n```\n\nor you can also use environment variables:\n\n``` bash\n$ export AWS_ACCESS_KEY_ID=YOUR_ACCESS_KEY_ID\n$ export AWS_SECRET_ACCESS_KEY=YOUR_SECRET_ACCESS_KEY\n$ export AWS_DEFAULT_REGION=us-west-2\n$ export AWS_ACCOUNT_ID=ACCOUNT_ID\n```\n\n# Features\n\n- Auto-completes as you type for SQL keywords as well as tables and columns in the database.\n- Syntax highlighting.\n- Smart-completion will suggest context-sensitive completion.\n    - `SELECT * FROM \u003ctab\u003e` will only show table names.\n    - `SELECT * FROM users WHERE \u003ctab\u003e` will only show column names.\n- Pretty prints tabular data and various table formats.\n- Some special commands. e.g. Favorite queries.\n- Alias support. Column completions will work even when table names are aliased.\n\n# Usages\n\n```bash\n$ lakecli --help\nUsage: lakecli [OPTIONS]\n\n  A Athena terminal client with auto-completion and syntax highlighting.\n\n  Examples:\n    - lakecli\n    - lakecli my_database\n\nOptions:\n  -e, --execute TEXT            Execute a command (or a file) and quit.\n  -r, --region TEXT             AWS region.\n  --aws-access-key-id TEXT      AWS access key id.\n  --aws-secret-access-key TEXT  AWS secretaccess key.\n  --aws-account-id TEXT         Amazon Account ID.\n  --lake-cli-rc FILE            Location of lake_cli_rc file.\n  --profile TEXT                AWS profile\n  --scan / --no-scan\n  --help                        Show this message and exit.\n```\n\n# Credits\n\nLakeCLI is based on [AthenaCLI](https://github.com/dbcli/athenacli) and the excellent [DBCli](https://www.dbcli.com/) \nproject. A big thanks to all of them for providing a great foundation to build SQL CLI projects.\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftokern%2Flakecli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftokern%2Flakecli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftokern%2Flakecli/lists"}