Manage database roles and privileges in GitOps style

Overview

grant.rs

Manage Redshift database roles and privileges in GitOps style.

Usage

Install binary from crates.io

cargo install grant

Using grant tool:

$ grant --help

Manage database roles and privileges in GitOps style

USAGE:
    grant <SUBCOMMAND>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

SUBCOMMANDS:
    apply    Apply changes
    gen      Generate project
    help     Prints this message or the help of the given subcommand(s)

Generate project structure

grant gen --target duyet-cluster

# or
mkdir duyet-cluster && cd $_
grant gen --target .

Apply privilege changes

Dry run:

export DB_URL="postgres://postgres:postgres@localhost:5439/postgres"
grant apply --dryrun -f ./examples/example.yaml --conn=$DB_URL

Apply to cluster:

grant apply -f ./examples/example.yaml

# [2021-11-15T03:37:38Z INFO  grant::apply] Try to apply definition from "./examples/example.yaml", dryrun=false, conn=None
# [2021-11-15T03:37:38Z INFO  grant::apply] SQL = GRANT CREATE, TEMP ON DATABASE db1, db2 TO duyet;
# [2021-11-15T03:37:38Z INFO  grant::apply] SQL = GRANT CREATE, USAGE ON SCHEMA  TO duyet;
# [2021-11-15T03:37:38Z INFO  grant::apply] SQL = GRANT CREATE, USAGE ON SCHEMA common, dwh1, dwh2 TO duyet;
# [2021-11-15T03:37:38Z INFO  grant::apply] SQL = GRANT CREATE, TEMP ON DATABASE db1, db2 TO duyet2;
# [2021-11-15T03:37:38Z INFO  grant::apply] SQL = GRANT CREATE, USAGE ON SCHEMA  TO duyet2;
# [2021-11-15T03:37:38Z INFO  grant::apply] SQL = GRANT CREATE, USAGE ON SCHEMA common, dwh1, dwh2 TO duyet2;

Generate random password

$ grant gen-pass

Generated password: q)ItTjN$EXlkF@Tl

Developement

Clone the repo:

git clone https://github.com/duyet/grant.rs && cd grant.rs

Postgres is required for testing, you might need to use the docker-compose.yaml:

docker-compose up -d

Make sure you have connection to postgres://postgres:postgres@localhost:5432/postgres.

To run the unittest:

cargo test

TODO

  • Support store encrypted password in Git
  • Support Postgres
  • Visuallization (who can see what?)

LICENSE

MIT

Comments
  • chore(deps): update postgres docker tag to v15

    chore(deps): update postgres docker tag to v15

    Mend Renovate

    This PR contains the following updates:

    | Package | Update | Change | |---|---|---| | postgres | major | 14 -> 15 |


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 2
  • chore(deps): update actions-rs/toolchain digest to 16499b5

    chore(deps): update actions-rs/toolchain digest to 16499b5

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions-rs/toolchain | action | digest | 88dc235 -> 16499b5 |


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update swatinem/rust-cache action to v2

    chore(deps): update swatinem/rust-cache action to v2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | Swatinem/rust-cache | action | major | v1 -> v2 |


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update actions/checkout action to v3

    chore(deps): update actions/checkout action to v3

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | major | v2 -> v3 |


    Release Notes

    actions/checkout

    v3

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • fix(deps): update rust crate serde_yaml to 0.9

    fix(deps): update rust crate serde_yaml to 0.9

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | serde_yaml | dependencies | minor | 0.8 -> 0.9 |


    Release Notes

    dtolnay/serde-yaml

    v0.9.10

    Compare Source

    • Make Display for Number produce the same representation as serializing (#​316)

    v0.9.9

    Compare Source

    v0.9.8

    Compare Source

    • Fix serialization of TaggedValue when used with to_value (#​313)

    v0.9.7

    Compare Source

    • Allow an empty plain scalar to deserialize as an empty map or seq (#​304)

    v0.9.6

    Compare Source

    • Fix tag not getting serialized in certain map values (#​302)

    v0.9.5

    Compare Source

    v0.9.4

    Compare Source

    • Add serde_yaml::with::singleton_map for serialization of enums as a 1-entry map (#​300)
    • Reject duplicate keys when deserializing Mapping or Value (#​301)

    v0.9.3

    Compare Source

    • Add categories to crates.io metadata
    • Add keywords to crates.io metadata

    v0.9.2

    Compare Source

    • Improve Debug representation of serde_yaml::Error

    v0.9.1

    Compare Source

    • Fix panic on some documents containing syntax error (#​293)
    • Improve error messages that used to contain duplicative line/column information (#​294)

    v0.9.0

    Compare Source

    API documentation: https://docs.rs/serde_yaml/0.9

    Highlights
    • The serde_yaml::Value enum gains a Tagged variant which represents the deserialization of YAML's !Tag syntax. Tagged scalars, sequences, and mappings are all supported.

    • An empty YAML input (or document containing only comments) will deserialize successfully to an empty map, empty sequence, or Serde struct as long as the struct has only optional fields. Previously this would error.

    • A new .apply_merge() method on Value implements YAML's << merge key convention.

    • The Debug representation of serde_yaml::Value has gotten vastly better (https://github.com/dtolnay/serde-yaml/pull/287).

    • Deserialization of borrowed strings now works.

      #[derive(Deserialize, Debug)]
      struct Struct<'a> {
          borrowed: &'a str,
      }
      
      let yaml = "borrowed: 'kölcsönzött'\n";
      let value: Struct = serde_yaml::from_str(yaml)?;
      println!("{:#?}", value);
      
    • Value's and Mapping's methods get and get_mut have been generalized to support a &str argument, as opposed to requiring you to allocate and construct a Value::String for indexing into another existing Value.

    • Mapping exposes more APIs that have become conventional on map data structures, such as .keys(), .values(), .into_keys(), .into_values(), .values_mut(), and .retain(|k, v| …).

    Breaking changes
    • Serialization no longer produces leading ---\n on the serialized output. You can prepend this yourself if your use case demands it.

    • Serialization of enum variants is now based on YAML's !Tag syntax, rather than JSON-style singleton maps.

      #[derive(Serialize, Deserialize)]
      enum Enum {
          Newtype(usize),
          Tuple(usize, usize, usize),
          Struct { x: f64, y: f64 },
      }
      
      - !Newtype 1
      - !Tuple [0, 0, 0]
      - !Struct {x: 1.0, y: 2.0}
      
    • A bunch of non-base-10 edge cases in number parsing have been resolved. For example 0x+1 and ++0x1 are now parsed as strings, whereas they used to be incorrectly treated as numbers.

    • Deserializers obtained through iteration can no longer be iterated further:

      let deserializer = serde_yaml::Deserializer::from_str(multiple_documents);
      for de in deserializer {
          // correct:
          let myvalue = T::deserialize(de)?;
      
          // incorrect: used to produce some questionable result, now produces 0 sub-documents
          for questionable in de {
              let wat = T::deserialize(questionable)?;
          }
      }
      
    • The abandoned yaml-rust crate is no longer used as the YAML backend. The new libyaml-based backend surely has different edge cases and quirks than yaml-rust.

    • Some excessive PartialEq impls have been eliminated.

    • The serde_yaml::to_vec function has been removed. Use serde_yaml::to_writer for doing I/O, or use serde_yaml::to_string + .into_bytes() on the resulting String.

    • The serde_yaml::seed module has been removed. Now that a serde_yaml::Deserializer is publicly available, the same use cases can be addressed via seed.deserialize(Deserializer::from_str(…)) instead.

    Bugfixes
    • Empty values in a mapping are supported, and deserialize to empty string when the corresponding struct field is of type string. Previously they would deserialize to "~" which makes no sense.

    • 128-bit integer deserialization now supports hex and octal input.

    • Serde_yaml now includes a mitigation against a "billion laughs" attack in which malicious input involving YAML anchors and aliases is used to consume an amount of processing or memory that is exponential in the size of the input document. Serde_yaml will quickly produce an error in this situation instead.

    v0.8.26

    Compare Source

    v0.8.25

    Compare Source

    • Add to "encoding" category on crates.io (#​246)

    v0.8.24

    Compare Source

    • Work around indexmap/autocfg not always properly detecting whether a std sysroot crate is available (#​243, thanks @​cuviper)

    v0.8.23

    Compare Source

    • Fix handling of YAML 1.1-style octals that begin with + or - sign (#​228)

    v0.8.22

    Compare Source

    • Switch float serializer to use the same float formatting library as serde_json

    v0.8.21

    Compare Source

    v0.8.20

    Compare Source

    v0.8.19

    Compare Source

    • Add an Entry API for serde_yaml::Mapping (https://docs.rs/serde_yaml/0.8.19/serde_yaml/struct.Mapping.html#method.entry)

    v0.8.18

    Compare Source

    v0.8.17

    Compare Source

    v0.8.16

    Compare Source

    • Add a Serializer and Deserializer type (#​185, #​186)

      let mut buffer = Vec::new();
      let mut ser = serde_yaml::Serializer::new(&mut buffer);
      
      let mut object = BTreeMap::new();
      object.insert("k", 107);
      object.serialize(&mut ser)?;
      
      let de = serde_yaml::Deserializer::from_slice(&buffer);
      let value = Value::deserialize(de)?;
      println!("{:?}", value);
      
    • Support multi-doc serialization (#​187)

      let mut buffer = Vec::new();
      let mut ser = serde_yaml::Serializer::new(&mut buffer);
      
      let mut object = BTreeMap::new();
      object.insert("k", 107);
      object.serialize(&mut ser)?;
      
      object.insert("j", 106);
      object.serialize(&mut ser)?;
      
      assert_eq!(buffer, b"---\nk: 107\n...\n---\nj: 106\nk: 107\n");
      
    • Support multi-doc deserialization (#​189)

      let input = "---\nk: 107\n...\n---\nj: 106\n";
      
      for document in serde_yaml::Deserializer::from_str(input) {
          let value = Value::deserialize(document)?;
          println!("{:?}", value);
      }
      

    v0.8.15

    Compare Source

    • Declare dependency version requirements compatible with minimal-versions lockfile (#​183)

    v0.8.14

    Compare Source

    v0.8.13

    Compare Source

    • Documentation improvements

    v0.8.12

    Compare Source

    • Add serde_yaml::mapping module containing Mapping's various iterator types: Iter, IterMut, IntoIter
    • Fix deserialization of certain strings incorrectly as NaN or infinity; only .nan and .inf and -.inf are YAML's permitted representations for NaN and infinity

    v0.8.11

    Compare Source

    v0.8.10

    Compare Source

    v0.8.9

    Compare Source

    • Add Value::get_mut to index into a &mut Value, returning Option

    v0.8.8

    Compare Source

    • Provide an implementation of Default for serde_yaml::Value which produces Value::Null (#​120, thanks @​macisamuele)

    v0.8.7

    Compare Source

    v0.8.6

    Compare Source

    • 128-bit integer support (#​110)

    v0.8.5

    Compare Source

    v0.8.4

    Compare Source

    • Limit recursion to 128 levels to avoid stack overflows (#​105)

    v0.8.3

    Compare Source

    • Fix possible panic during deserialization (#​101)

    v0.8.2

    Compare Source

    • Documentation improvements

    v0.8.1

    Compare Source

    • Documentation improvements

    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update github/codeql-action action to v2

    chore(deps): update github/codeql-action action to v2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github/codeql-action | action | major | v1 -> v2 |


    Release Notes

    github/codeql-action

    v2

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update actions-rs/toolchain digest to 88dc235

    chore(deps): update actions-rs/toolchain digest to 88dc235

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions-rs/toolchain | action | digest | 16499b5 -> 88dc235 |


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update actions/checkout action to v3

    chore(deps): update actions/checkout action to v3

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | major | v2 -> v3 |


    Release Notes

    actions/checkout

    v3

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update actions/upload-release-asset action to v1.0.2 - autoclosed

    chore(deps): update actions/upload-release-asset action to v1.0.2 - autoclosed

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions/upload-release-asset | action | patch | v1.0.1 -> v1.0.2 |


    Release Notes

    actions/upload-release-asset

    v1.0.2

    Compare Source

    This is a minor update to make the current release have the latest code from master, and additionally allows for a new automation workflow to execute to automate the sliding of the major (v1, v2, v3, etc) version numbers for ease of referencing


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • chore(deps): update predicates requirement from 1 to 2

    chore(deps): update predicates requirement from 1 to 2

    Updates the requirements on predicates to permit the latest version.

    Changelog

    Sourced from predicates's changelog.

    [2.1.0] - 2021-11-22

    Fixed

    • Report user's value (the actual)
      • Having the caller own this means you won't get intermediates like file paths
      • We already show it for the diff predicate
      • Now we show it in each leaf predicate (like Eq) and when adapting it (like taking a path and loading its file)
    • Remove redundant result with eq_file assertions
    • Clarify that the constant in Eq and Ord predicates is the expected value

    [2.0.3] - 2021-10-07

    [2.0.2] - 2021-08-16

    Added

    • All predicates now implement Send and Sync when it's appropriate

    [2.0.1] - 2021-07-26

    Changed

    • Upgraded float-cmp

    [2.0.0] - 2021-07-03

    Breaking Changes

    • predicates::str::diff was removed
    • predicates::str::similar was renamed to diff
    • The difference feature flag was renamed to diff
    • diff().split and diff().distance were removed

    Fixes

    • Shrink the output of Diffs because its redundant
    • Moved off of an unmaintained Diff library

    [1.0.8] - 2021-04-28

    [1.0.7] - 2021-01-29

    [1.0.6] - 2020-12-28

    Fixed

    • NamePredicate now adds itself to the Case returned by find_case.

    [1.0.5] - 2020-07-18

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • Refactor these functions

    Refactor these functions

    https://github.com/duyet/grant.rs/blob/479888f0d1305e5388b4fdb724f4661626d34e5f/src/apply.rs#L15-L20


    This issue was generated by todo based on a TODO comment in 479888f0d1305e5388b4fdb724f4661626d34e5f when #3 was merged. cc @duyet.
    todo :spiral_notepad: 
    opened by todo[bot] 1
  • chore(deps): update env_logger requirement from 0.9 to 0.10

    chore(deps): update env_logger requirement from 0.9 to 0.10

    Updates the requirements on env_logger to permit the latest version.

    Changelog

    Sourced from env_logger's changelog.

    0.10.0 - 2022-11-24

    MSRV changed to 1.60 to hide optional dependencies

    Fixes

    • Resolved soundness issue by switching from atty to is-terminal

    Breaking Changes

    To open room for changing dependencies:

    • Renamed termcolor feature to color
    • Renamed atty feature to auto-color

    0.9.3 - 2022-11-07

    • Fix a regression from v0.9.2 where env_logger would fail to compile with the termcolor feature turned off.

    0.9.2 - 2022-11-07

    • Fix and un-deprecate Target::Pipe, which was basically not working at all before and deprecated in 0.9.1.

    0.9.0 -- 2022-07-14

    Breaking Changes

    • Default message format now prints the target instead of the module

    Improvements

    • Added a method to print the module instead of the target
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • fix(deps): update rust crate env_logger to 0.10

    fix(deps): update rust crate env_logger to 0.10

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | env_logger | dependencies | minor | 0.9 -> 0.10 |


    Release Notes

    rust-cli/env_logger

    v0.10.0

    Compare Source

    MSRV changed to 1.60 to hide optional dependencies

    Fixes
    • Resolved soundness issue by switching from atty to is-terminal
    Breaking Changes

    To open room for changing dependencies:

    • Renamed termcolor feature to color
    • Renamed atty feature to auto-color

    v0.9.3

    Compare Source

    • Fix a regression from v0.9.2 where env_logger would fail to compile with the termcolor feature turned off.

    v0.9.2

    Compare Source

    • Fix and un-deprecate Target::Pipe, which was basically not working at all before and deprecated in 0.9.1.

    v0.9.1

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    opened by renovate[bot] 1
  • Row Level Security

    Row Level Security

    Hi, great project! Keen to use it! Could we add support to RLS Policies?

    • https://aws.amazon.com/blogs/big-data/achieve-fine-grained-data-security-with-row-level-access-control-in-amazon-redshift/
    • https://aws.amazon.com/blogs/big-data/achieve-finer-grained-data-security-with-column-level-access-control-in-amazon-redshift/
    • https://aws.amazon.com/blogs/database/multi-tenant-data-isolation-with-postgresql-row-level-security
    opened by dnascimento 0
  • Support SuperUser role

    Support SuperUser role

    We need to create a role SUPERUSER to create custom plpython3u function

    relate to this topic: https://dba.stackexchange.com/questions/37336/cannot-create-function-in-plpython3u-permission-denied

    Or grant this USAGE ON LANGUAGE plpythonu

    opened by hungtg7 0
  • Dependency Dashboard

    Dependency Dashboard

    This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

    Open

    These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

    Detected dependencies

    cargo
    Cargo.toml
    • structopt ^0.3
    • anyhow 1.0
    • indoc 1.0
    • log 0.4
    • env_logger 0.9
    • rand 0.8
    • postgres 0.19
    • serde 1.0
    • serde_yaml 0.9
    • ascii_table 4
    • md5 0.7
    • walkdir 2
    • ansi_term 0.12
    • envmnt 0.10
    • term_size 0.3
    • assert_cmd 2.0
    • predicates 2
    • tempfile 3
    docker-compose
    docker-compose.yaml
    • postgres 15
    github-actions
    .github/workflows/build-test.yaml
    • actions/checkout v3
    • actions-rs/toolchain v1
    • Swatinem/rust-cache v2
    • actions/checkout v3
    • actions-rs/toolchain v1
    • Swatinem/rust-cache v2
    .github/workflows/post-release.yaml
    • actions/checkout v3
    • actions/create-release v1
    • actions/checkout v3
    • actions-rs/toolchain v1
    • actions/upload-release-asset v1.0.2
    .github/workflows/rust-clippy.yml
    • actions/checkout v3
    • actions-rs/toolchain v1@16499b5e05bf2e26879000db0c1d13f7e13fa3af
    • github/codeql-action v2

    • [ ] Check this box to trigger a request for Renovate to run again on this repository
    opened by renovate[bot] 0
  • revoke if privileges on db are not in configuration

    revoke if privileges on db are not in configuration

    https://github.com/duyet/grant.rs/blob/e2e906349670f296decb30efe859dd3c1d06672d/src/apply.rs#L130-L135


    This issue was generated by todo based on a TODO comment in e2e906349670f296decb30efe859dd3c1d06672d. It's been assigned to @duyet because they committed the code.
    todo :spiral_notepad: 
    opened by todo[bot] 0
Releases(0.0.1-beta.5)
  • 0.0.1-beta.5(May 29, 2022)

  • 0.0.1-beta.4(Jan 20, 2022)

    What's Changed

    • chore: add test, refactor trait by @duyet in https://github.com/duyet/grant-rs/pull/17
    • feat: inspect perms from current db, schemas, tables by @duyet in https://github.com/duyet/grant-rs/pull/18
    • chore(inspect): refactor to improve performance by @duyet in https://github.com/duyet/grant-rs/pull/19
    • feat: gen-pass support --no-special (no special characters) by @duyet in https://github.com/duyet/grant-rs/pull/20
    • feat: support flag users[*].update_password to force update password by @duyet in https://github.com/duyet/grant-rs/pull/21

    Full Changelog: https://github.com/duyet/grant-rs/compare/0.0.1-beta.3...0.0.1-beta.4

    Installation

    Install via Homebrew:

    brew tap duyet/tap
    brew install grant
    

    Install via Cargo:

    cargo install grant
    
    Source code(tar.gz)
    Source code(zip)
    grant-0.0.1-beta.4-x86_64-apple-darwin.tar.gz(1.43 MB)
  • 0.0.1-beta.3(Dec 13, 2021)

    What's Changed

    • feat: support connection from environment variables.
    • feat: generate password and md5(pass + user).
    • chore: improve performance and stability.
    • chore(deps): update dependencies.

    Full Changelog: https://github.com/duyet/grant.rs/compare/0.0.1-beta.2...0.0.1-beta.3

    Installation

    Install via Homebrew:

    brew tap duyet/tap
    brew install grant
    

    Install via Cargo:

    cargo install grant
    
    Source code(tar.gz)
    Source code(zip)
    grant-0.0.1-beta.3-x86_64-apple-darwin.tar.gz(1.41 MB)
  • 0.0.1-beta.2(Dec 7, 2021)

Owner
Duyet Le
Data Engineer @ Fossil (Web, Data Engineering, NLP, Cloud)
Duyet Le
A Distributed SQL Database - Building the Database in the Public to Learn Database Internals

Table of Contents Overview Usage TODO MVCC in entangleDB SQL Query Execution in entangleDB entangleDB Raft Consensus Engine What I am trying to build

Sarthak Dalabehera 38 Jan 2, 2024
rust_arango enables you to connect with ArangoDB server, access to database, execute AQL query, manage ArangoDB in an easy and intuitive way, both async and plain synchronous code with any HTTP ecosystem you love.

rust_arango enables you to connect with ArangoDB server, access to database, execute AQL query, manage ArangoDB in an easy and intuitive way, both async and plain synchronous code with any HTTP ecosystem you love.

Foretag 3 Mar 24, 2022
Query is a Rust server for your remote SQLite databases and a CLI to manage them.

Query Query is a Rust server for your remote SQLite databases and a CLI to manage them. Table Of Contents Run A Query Server CLI Install Use The Insta

Víctor García 6 Oct 6, 2023
Rust API to manage user accounts 🦦

Autha Autha, pronounced Otter ?? , is the service that manages user accounts and the associated delegation. ☄️ Autha is an OAuth2 server designed with

Gravitalia 14 Dec 22, 2022
Skybase is an extremely fast, secure and reliable real-time NoSQL database with automated snapshots and SSL

Skybase The next-generation NoSQL database What is Skybase? Skybase (or SkybaseDB/SDB) is an effort to provide the best of key/value stores, document

Skybase 1.4k Dec 29, 2022
Skytable is an extremely fast, secure and reliable real-time NoSQL database with automated snapshots and TLS

Skytable is an effort to provide the best of key/value stores, document stores and columnar databases, that is, simplicity, flexibility and queryability at scale. The name 'Skytable' exemplifies our vision to create a database that has limitless possibilities. Skytable was previously known as TerrabaseDB (and then Skybase) and is also nicknamed "STable", "Sky" and "SDB" by the community.

Skytable 1.4k Dec 29, 2022
ReefDB is a minimalistic, in-memory and on-disk database management system written in Rust, implementing basic SQL query capabilities and full-text search.

ReefDB ReefDB is a minimalistic, in-memory and on-disk database management system written in Rust, implementing basic SQL query capabilities and full-

Sacha Arbonel 75 Jun 12, 2023
AgateDB is an embeddable, persistent and fast key-value (KV) database written in pure Rust

AgateDB is an embeddable, persistent and fast key-value (KV) database written in pure Rust. It is designed as an experimental engine for the TiKV project, and will bring aggressive optimizations for TiKV specifically.

TiKV Project 535 Jan 9, 2023
🐸Slippi DB ingests Slippi replays and puts the data into a SQLite database for easier parsing.

The primary goal of this project is to make it easier to analyze large amounts of Slippi data. Its end goal is to create something similar to Ballchasing.com but for Melee.

Max Timkovich 20 Jan 2, 2023
FeOphant - A SQL database server written in Rust and inspired by PostreSQL.

A PostgreSQL inspired SQL database written in Rust.

Christopher Hotchkiss 27 Dec 7, 2022
Scalable and encrypted embedded database with 3-tier caching

Infinitree is a versioned, embedded database that uses uniform, encrypted blobs to store data.

Symmetree Research Labs 116 Dec 27, 2022
The spatial message broker and database for real-time multiplayer experiences. Official Rust implementation.

WorldQL Server Rust implementation of WorldQL, the spatial message broker and database for real-time multiplayer experiences Setup Instructions ⚠️ Thi

null 214 Jan 2, 2023
tectonicdb is a fast, highly compressed standalone database and streaming protocol for order book ticks.

tectonicdb crate docs.rs crate.io tectonicdb tdb-core tdb-server-core tdb-cli tectonicdb is a fast, highly compressed standalone database and streamin

Ricky Han 525 Dec 23, 2022
open source training courses about distributed database and distributed systemes

Welcome to learn Talent Plan Courses! Talent Plan is an open source training program initiated by PingCAP. It aims to create or combine some open sour

PingCAP 8.3k Dec 30, 2022
Distributed, version controlled, SQL database with cryptographically verifiable storage, queries and results. Think git for postgres.

SDB - SignatureDB Distributed, version controlled, SQL database with cryptographically verifiable storage, queries and results. Think git for postgres

Fremantle Industries 5 Apr 26, 2022
The rust client for CeresDB. CeresDB is a high-performance, distributed, schema-less, cloud native time-series database that can handle both time-series and analytics workloads.

The rust client for CeresDB. CeresDB is a high-performance, distributed, schema-less, cloud native time-series database that can handle both time-series and analytics workloads.

null 12 Nov 18, 2022
Grsql is a great tool to allow you set up your remote sqlite database as service and CRUD(create/read/update/delete) it using gRPC.

Grsql is a great tool to allow you set up your remote sqlite database as service and CRUD (create/ read/ update/ delete) it using gRPC. Why Create Thi

Bruce Yuan 33 Dec 16, 2022
A fast and simple in-memory database with a key-value data model written in Rust

Segment Segment is a simple & fast in-memory database with a key-value data model written in Rust. Features Dynamic keyspaces Keyspace level control o

Segment 61 Jan 5, 2023
A template project for building a database-driven microservice in Rust and run it in the WasmEdge sandbox.

Secure & lightweight microservice with a database backend In this repo, we demonstrate a microservice written in Rust, and connected to a MySQL databa

Second State 222 Feb 19, 2023