grant/
lib.rs

1//! An open-source project that aims to manage Redshift database roles and privileges in GitOps style, written in Rust.
2//!
3//! [**Home**](https://github.com/duyet/grant.rs) | [**Documentation**](https://docs.rs/grant)
4//!
5//! _This project is still in the early stages of development and is not ready for any kind of production use or any alpha/beta testing._
6//!
7//! # Usage
8//!
9//! Install binary from crates.io
10//!
11//! ```bash
12//! cargo install grant
13//! ```
14//!
15//! Using `grant` tool:
16//!
17//! ```bash
18//! $ grant --help
19//!
20//! grant 0.0.1-beta.3
21//! Manage database roles and privileges in GitOps style
22//!
23//! USAGE:
24//!     grant <SUBCOMMAND>
25//!
26//! FLAGS:
27//!     -h, --help       Prints help information
28//!     -V, --version    Prints version information
29//!
30//! SUBCOMMANDS:
31//!     apply       Apply a configuration to a redshift by file name. Yaml format are accepted
32//!     gen         Generate sample configuration file
33//!     gen-pass    Generate random password
34//!     help        Prints this message or the help of the given subcommand(s)
35//!     inspect     Inspect current database cluster with connection info from configuration file
36//!     validate    Validate a configuration file or a target directory that contains configuration files
37//! ```
38//!
39//! ## Generate project structure
40//!
41//! ```bash
42//! grant gen --target ./cluster
43//!
44//! Creating path: "./cluster"
45//! Generated: "./cluster/config.yml"
46//! ```
47//!
48//! ## Apply privilege changes
49//!
50//! Content of `./examples/example.yaml`:
51//!
52//! ```yaml
53//! connection:
54//!   type: "postgres"
55//!   # support environment variables, e.g. postgres://${HOSTNAME}:5432
56//!   url: "postgres://postgres@localhost:5432/postgres"
57//!
58//! roles:
59//!   - name: role_database_level
60//!     type: database
61//!     grants:
62//!       - CREATE
63//!       - TEMP
64//!     databases:
65//!       - postgres
66//!
67//!   - name: role_schema_level
68//!     type: schema
69//!     grants:
70//!       - CREATE
71//!     databases:
72//!       - postgres
73//!     schemas:
74//!       - public
75//!   - name: role_all_schema
76//!     type: table
77//!     grants:
78//!       - SELECT
79//!       - INSERT
80//!       - UPDATE
81//!     databases:
82//!       - postgres
83//!     schemas:
84//!       - public
85//!     tables:
86//!       - ALL # include all table
87//!       - +public_table # can add `+` to mark included tables
88//!       - -secret_table # add `-` to exclude this table
89//!
90//! users:
91//!   - name: duyet
92//!     password: 1234567890 # password in plaintext
93//!     roles:
94//!       - role_database_level
95//!       - role_all_schema
96//!       - role_schema_level
97//!   - name: duyet2
98//!     password: md58243e8f5dfb84bbd851de920e28f596f # support md5 style: grant gen-pass -u duyet2
99//!     roles:
100//!       - role_database_level
101//!       - role_all_schema
102//!       - role_schema_level
103//! ```
104//!
105//! Apply this config to cluster:
106//!
107//! ```bash
108//! grant apply -f ./examples/example.yaml
109//!
110//! [2021-12-06T14:37:03Z INFO  grant::connection] Connected to database: postgres://postgres@localhost:5432/postgres
111//! [2021-12-06T14:37:03Z INFO  grant::apply] Summary:
112//!     ┌────────────┬────────────────────────────┐
113//!     │ User       │ Action                     │
114//!     │ ---        │ ---                        │
115//!     │ duyet      │ no action (already exists) │
116//!     │ duyet2     │ no action (already exists) │
117//!     └────────────┴────────────────────────────┘
118//! [2021-12-12T13:48:22Z INFO  grant::apply] Success: GRANT CREATE, TEMP ON DATABASE postgres TO duyet;
119//! [2021-12-12T13:48:22Z INFO  grant::apply] Success: GRANT CREATE ON SCHEMA public TO duyet;
120//! [2021-12-12T13:48:22Z INFO  grant::apply] Success: GRANT SELECT, INSERT, UPDATE ON ALL TABLES IN SCHEMA public TO duyet;
121//! [2021-12-12T13:48:22Z INFO  grant::apply] Success: GRANT CREATE, TEMP ON DATABASE postgres TO duyet2;
122//! [2021-12-12T13:48:22Z INFO  grant::apply] Success: GRANT CREATE ON SCHEMA public TO duyet2;
123//! [2021-12-12T13:48:22Z INFO  grant::apply] Success: GRANT SELECT, INSERT, UPDATE ON ALL TABLES IN SCHEMA public TO duyet2;
124//! [2021-12-12T13:48:22Z INFO  grant::apply] Summary:
125//!     ┌────────┬─────────────────────┬──────────────────────┬─────────┐
126//!     │ User   │ Role Name           │ Detail               │ Status  │
127//!     │ ---    │ ---                 │ ---                  │ ---     │
128//!     │ duyet  │ role_database_level │ database["postgres"] │ updated │
129//!     │ duyet  │ role_schema_level   │ schema["public"]     │ updated │
130//!     │ duyet  │ role_table_level    │ table["ALL"]         │ updated │
131//!     │ duyet2 │ role_database_level │ database["postgres"] │ updated │
132//!     │ duyet2 │ role_schema_level   │ schema["public"]     │ updated │
133//!     │ duyet2 │ role_table_level    │ table["ALL"]         │ updated │
134//!     └────────┴─────────────────────┴──────────────────────┴─────────┘
135//! ```
136//!
137//! ## Generate random password
138//!
139//! ```bash
140//! $ grant gen-pass
141//!
142//! Generated password: q)ItTjN$EXlkF@Tl
143//! ```
144//!
145//! ```bash
146//! $ grant gen-pass --user duyet
147//!
148//! Generated password: o^b3aD1L$xLm%#~U
149//! Generated MD5 (user: duyet): md58243e8f5dfb84bbd851de920e28f596f
150//! ```
151//!
152//! ## Inspect the current cluster
153//!
154//! ```bash
155//! $ grant inspect -f examples/example.yaml
156//!
157//! [2021-11-29T07:46:44Z INFO  grant::inspect] Current users in postgres://postgres@localhost:5432/postgres:
158//!     ┌────────────┬──────────┬───────┬──────────┐
159//!     │ User       │ CreateDB │ Super │ Password │
160//!     │ ---        │ ---      │ ---   │ ---      │
161//!     │ postgres   │ true     │ true  │ ******** │
162//!     │ duyet      │ false    │ false │ ******** │
163//!     └────────────┴──────────┴───────┴──────────┘
164//! ```
165//!
166//! # Developement
167//!
168//! Clone the repo:
169//!
170//! ```bash
171//! git clone https://github.com/duyet/grant.rs && cd grant.rs
172//! ```
173//!
174//! Postgres is required for testing, you might need to use the `docker-compose.yaml`:
175//!
176//! ```bash
177//! docker-compose up -d
178//! ```
179//!
180//! Make sure you have connection to `postgres://postgres:postgres@localhost:5432/postgres`.
181//!
182//! On the MacOS, the easiest way is install [Postgres.app](https://postgresapp.com).
183//!
184//! To run the unittest:
185//!
186//! ```bash
187//! cargo test
188//! ```
189//!
190//! # TODO
191//!
192//! - [x] Support reading connection info from environment variables
193//! - [ ] Support store encrypted password in Git
194//! - [x] Support Postgres and Redshift
195//! - [ ] Support change password
196//! - [ ] Visuallization (who can see what?)
197//! - [ ] Apply show more detail about diff changes
198//! - [ ] Inspect show more detail about user privileges
199//!
200//! # LICENSE
201//!
202//! MIT
203
204pub mod apply;
205pub mod cli;
206pub mod config;
207pub mod connection;
208pub mod gen;
209pub mod inspect;
210pub mod validate;
211
212pub use cli::Cli;
213pub use config::Config;
214pub use connection::DbConnection;
215
216pub use apply::*;
217pub use gen::*;
218pub use inspect::*;
219pub use validate::*;