grant.rs
An open-source project that aims to manage Redshift database roles and privileges in GitOps style, written in Rust.
This project is still in the early stages of development and is not ready for any kind of production use or any alpha/beta testing.
Usage
Install binary from crates.io
Using grant
tool:
)
Generate project structure
Apply privilege changes
Content of ./examples/example.yaml
:
connection:
type: "postgres"
# support environment variables, e.g. postgres://${HOSTNAME}:5432
url: "postgres://postgres@localhost:5432/postgres"
roles:
- name: role_database_level
type: database
grants:
- CREATE
- TEMP
databases:
- postgres
- name: role_schema_level
type: schema
grants:
- CREATE
databases:
- postgres
schemas:
- public
- name: role_all_schema
type: table
grants:
- SELECT
- INSERT
- UPDATE
databases:
- postgres
schemas:
- public
tables:
- ALL
users:
- name: duyet
password: 1234567890 # password in plaintext
roles:
- role_database_level
- role_all_schema
- role_schema_level
- name: duyet2
password: md58243e8f5dfb84bbd851de920e28f596f # support md5 style: grant gen-pass -u duyet2
roles:
- role_database_level
- role_all_schema
- role_schema_level
Apply this config to cluster:
Generate random password
)
)
Inspect the current cluster
Developement
Clone the repo:
&&
Postgres is required for testing, you might need to use the docker-compose.yaml
:
Make sure you have connection to postgres://postgres:postgres@localhost:5432/postgres
.
On the MacOS, the easiest way is install Postgres.app.
To run the unittest:
TODO
- Support reading connection info from environment variables
- Support store encrypted password in Git
- Support Postgres and Redshift
- Support change password
- Visuallization (who can see what?)
- Apply show more detail about diff changes
- Inspect show more detail about user privileges
LICENSE
MIT