pgroles-core

Core manifest, diff, SQL rendering, and export primitives for pgroles.

This crate contains the pure data-model and planning logic behind the pgroles CLI and operator. It does not connect to PostgreSQL itself.

What It Includes

• YAML manifest parsing and expansion
• Normalized role graph types
• Convergent diff planning
• Version-aware SQL rendering via SqlContext
• Export of live state back into a flat manifest

What It Does Not Include

• Database introspection
• CLI argument parsing
• Kubernetes reconciliation

Typical Use

use pgroles_core::{diff, manifest, model::RoleGraph, sql};

let yaml = r#"
roles:
  - name: analytics
    login: true
"#;

let policy = manifest::parse_manifest(yaml)?;
let expanded = manifest::expand_manifest(&policy)?;
let desired = RoleGraph::from_expanded(&expanded, policy.default_owner.as_deref())?;
let current = RoleGraph::default();

let changes = diff::diff(&current, &desired);
let sql = sql::render_all_with_context(
    &changes,
    &sql::SqlContext { pg_major_version: 16 },
);
assert!(sql.contains("CREATE ROLE"));
# Ok::<(), Box<dyn std::error::Error>>(())

Related Crates

• pgroles-inspect: build the current RoleGraph from a live database
• pgroles-cli: end-user CLI built on this crate

Full project documentation: https://github.com/hardbyte/pgroles