# Redtape
A permission management tool for AWS Redshift, with plans to extend it to other database systems. Inspired by [permifrost](https://gitlab.com/gitlab-data/permifrost/), and [pgbedrock](https://github.com/Squarespace/pgbedrock).
## Installing
### Repo
Clone this repo and install with `poetry`:
```sh
git clone git@github.com:tomasfarias/redtape.git redtape
cd redtape
poetry install
```
### PyPI
Install with `pip`:
```sh
python -m pip install redtape-py
```
## Usage
``` sh
❯ redtape run --help
Usage: redtape run [OPTIONS] [SPEC_FILE]
Run the queries necessary to apply a specification file.
Arguments:
[SPEC_FILE] A specification or a path to a file containing it.
Options:
--dry / --no-dry Print changes but do not run them.
[default: no-dry]
--skip-validate / --no-skip-validate
Skip specification file validation.
[default: no-skip-validate]
--user TEXT Apply operations only to users named as
provided.
--group TEXT Apply operations only to groups named as
provided.
--operation [CREATE|DROP|DROP_FROM_GROUP|GRANT|REVOKE|ADD_TO_GROUP]
Apply only provided operations.
--dbname TEXT A Redshift database name to connect to.
--host TEXT The host where a Redshift cluster is
located.
--port TEXT The port where a Redshift cluster is
located.
--database-user TEXT A user to connect to Redshift. The user
should have user-management permissions.
--password TEXT The passaword of the given Redshift
username.
--connection-string TEXT A connection string to connect to Redshift.
--quiet / --no-quiet Show no output except of validation errors,
run errors, and queries. [default: no-
quiet]
--help Show this message and exit.
```
## Specification file
A YAML specification file is used to define groups, users, and their corresponding privileges.
Sample:
``` yaml
groups:
- name: group_name
privileges:
table:
select:
- table_name
- ...
insert:
- table_name
- ...
update:
- table_name
- ...
drop:
- table_name
- ...
delete:
- table_name
- ...
references:
- table_name
- ...
database:
create:
- database_name
- ...
temporary:
- database_name
- ...
temp:
- database_name
- ...
schema:
create:
- schema_name
- ...
usage:
- schema_name
- ...
function:
execute:
- function_name
- ...
procedure:
execute:
- function_name
- ...
language:
usage:
- language_name
- ...
users:
- name: group_name
is_superuser: boolean
member_of:
- group_name
- ...
password:
type: str
value: str
privileges:
table:
select:
- table_name
- ...
insert:
- table_name
- ...
update:
- table_name
- ...
drop:
- table_name
- ...
delete:
- table_name
- ...
references:
- table_name
- ...
database:
create:
- database_name
- ...
temporary:
- database_name
- ...
temp:
- database_name
- ...
schema:
create:
- schema_name
- ...
usage:
- schema_name
- ...
function:
execute:
- function_name
- ...
procedure:
execute:
- function_name
- ...
language:
usage:
- language_name
- ...
```
# To do
`redtape` should be considered in Alpha status: things may break, and test coverage is low. The following tasks are planned for a 1.0.0 release:
* Increase and track test coverage.
* Documentation.
* Support for wildcard (`*`) in specification file.
* Support for ownership.
* Support for `ASSUMEROLE`.
* Support for `EXTERNAL` objects.
* Complete support for `mypy` static type-checking.
# License
MIT
Raw data
{
"_id": null,
"home_page": null,
"name": "redtape-py",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": null,
"keywords": "redshift, database, privileges",
"author": "Tom\u00e1s Far\u00edas Santana",
"author_email": "tomas@tomasfarias.dev",
"download_url": "https://files.pythonhosted.org/packages/b9/8b/a768009fd8f3f7a990a4243d8b2ce0ab279538e39f29daeef8312cd45023/redtape_py-0.4.2.tar.gz",
"platform": null,
"description": "# Redtape\n\nA permission management tool for AWS Redshift, with plans to extend it to other database systems. Inspired by [permifrost](https://gitlab.com/gitlab-data/permifrost/), and [pgbedrock](https://github.com/Squarespace/pgbedrock).\n\n## Installing\n\n### Repo\n\nClone this repo and install with `poetry`:\n\n```sh\ngit clone git@github.com:tomasfarias/redtape.git redtape\ncd redtape\npoetry install\n```\n\n### PyPI\n\nInstall with `pip`:\n\n```sh\npython -m pip install redtape-py\n```\n\n## Usage\n\n``` sh\n\u276f redtape run --help\nUsage: redtape run [OPTIONS] [SPEC_FILE]\n\n Run the queries necessary to apply a specification file.\n\nArguments:\n [SPEC_FILE] A specification or a path to a file containing it.\n\nOptions:\n --dry / --no-dry Print changes but do not run them.\n [default: no-dry]\n --skip-validate / --no-skip-validate\n Skip specification file validation.\n [default: no-skip-validate]\n --user TEXT Apply operations only to users named as\n provided.\n --group TEXT Apply operations only to groups named as\n provided.\n --operation [CREATE|DROP|DROP_FROM_GROUP|GRANT|REVOKE|ADD_TO_GROUP]\n Apply only provided operations.\n --dbname TEXT A Redshift database name to connect to.\n --host TEXT The host where a Redshift cluster is\n located.\n --port TEXT The port where a Redshift cluster is\n located.\n --database-user TEXT A user to connect to Redshift. The user\n should have user-management permissions.\n --password TEXT The passaword of the given Redshift\n username.\n --connection-string TEXT A connection string to connect to Redshift.\n --quiet / --no-quiet Show no output except of validation errors,\n run errors, and queries. [default: no-\n quiet]\n --help Show this message and exit.\n```\n\n## Specification file\n\nA YAML specification file is used to define groups, users, and their corresponding privileges.\n\nSample:\n\n``` yaml\ngroups:\n - name: group_name\n privileges:\n table:\n select:\n - table_name\n - ...\n insert:\n - table_name\n - ...\n update:\n - table_name\n - ...\n drop:\n - table_name\n - ...\n delete:\n - table_name\n - ...\n references:\n - table_name\n - ...\n\n database:\n create:\n - database_name\n - ...\n temporary:\n - database_name\n - ...\n temp:\n - database_name\n - ...\n\n schema:\n create:\n - schema_name\n - ...\n usage:\n - schema_name\n - ...\n\n function:\n execute:\n - function_name\n - ...\n\n procedure:\n execute:\n - function_name\n - ...\n\n language:\n usage:\n - language_name\n - ...\n\nusers:\n - name: group_name\n is_superuser: boolean\n member_of:\n - group_name\n - ...\n password:\n type: str\n value: str\n privileges:\n table:\n select:\n - table_name\n - ...\n insert:\n - table_name\n - ...\n update:\n - table_name\n - ...\n drop:\n - table_name\n - ...\n delete:\n - table_name\n - ...\n references:\n - table_name\n - ...\n\n database:\n create:\n - database_name\n - ...\n temporary:\n - database_name\n - ...\n temp:\n - database_name\n - ...\n\n schema:\n create:\n - schema_name\n - ...\n usage:\n - schema_name\n - ...\n\n function:\n execute:\n - function_name\n - ...\n\n procedure:\n execute:\n - function_name\n - ...\n\n language:\n usage:\n - language_name\n - ...\n```\n\n# To do\n\n`redtape` should be considered in Alpha status: things may break, and test coverage is low. The following tasks are planned for a 1.0.0 release:\n* Increase and track test coverage.\n* Documentation.\n* Support for wildcard (`*`) in specification file.\n* Support for ownership.\n* Support for `ASSUMEROLE`.\n* Support for `EXTERNAL` objects.\n* Complete support for `mypy` static type-checking.\n\n# License\n\nMIT\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A permission management tool for AWS Redshift.",
"version": "0.4.2",
"project_urls": null,
"split_keywords": [
"redshift",
" database",
" privileges"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "3993763f7cc953cabd9c1775b6b84566d976c163066ece2516c09c501333ea5c",
"md5": "a20745653df528f114ae4a088bdae69c",
"sha256": "dbfb60caaa26ee5f2c24bdc95fe36dc9624ef7a0789bb2a74442cbc5e5f53911"
},
"downloads": -1,
"filename": "redtape_py-0.4.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "a20745653df528f114ae4a088bdae69c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 24142,
"upload_time": "2024-03-23T00:14:31",
"upload_time_iso_8601": "2024-03-23T00:14:31.683830Z",
"url": "https://files.pythonhosted.org/packages/39/93/763f7cc953cabd9c1775b6b84566d976c163066ece2516c09c501333ea5c/redtape_py-0.4.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b98ba768009fd8f3f7a990a4243d8b2ce0ab279538e39f29daeef8312cd45023",
"md5": "6e6a010cb447f36ef17c7279668843d2",
"sha256": "84c261f79869d8a4af1b9034e782f7120949a0a702c65143f43107437a065345"
},
"downloads": -1,
"filename": "redtape_py-0.4.2.tar.gz",
"has_sig": false,
"md5_digest": "6e6a010cb447f36ef17c7279668843d2",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 22540,
"upload_time": "2024-03-23T00:14:33",
"upload_time_iso_8601": "2024-03-23T00:14:33.007486Z",
"url": "https://files.pythonhosted.org/packages/b9/8b/a768009fd8f3f7a990a4243d8b2ce0ab279538e39f29daeef8312cd45023/redtape_py-0.4.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-23 00:14:33",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "redtape-py"
}
JSON