diff --git a/secure/titan/.env.sample b/secure/snowcap/.env.sample similarity index 100% rename from secure/titan/.env.sample rename to secure/snowcap/.env.sample diff --git a/secure/titan/README.md b/secure/snowcap/README.md similarity index 50% rename from secure/titan/README.md rename to secure/snowcap/README.md index 11e07830..4d0494af 100644 --- a/secure/titan/README.md +++ b/secure/snowcap/README.md @@ -1,6 +1,6 @@ # Securing Snowflake Objects -Using Titan allows us to create Snowflake objects and to also apply permissions to them +Using Snowcap allows us to create Snowflake objects and to also apply permissions to them ## Running Plan @@ -10,7 +10,4 @@ First run `plan.sh` to see the changes that will be applied to Snowflake First run `apply.sh` will apply all changes to Snowflake -### Titan Docs -https://titan-core.gitbook.io/titan-core - -https://github.com/datacoves/titan/tree/rc/docs +### Snowcap Docs diff --git a/secure/titan/apply.sh b/secure/snowcap/apply.sh similarity index 69% rename from secure/titan/apply.sh rename to secure/snowcap/apply.sh index 061ddfbe..551dccc2 100755 --- a/secure/titan/apply.sh +++ b/secure/snowcap/apply.sh @@ -1,5 +1,5 @@ #!/bin/bash -secure_path=/config/workspace/secure/titan +secure_path=/config/workspace/secure/snowcap cd $secure_path if [ -f .env ]; then @@ -18,8 +18,12 @@ fi export $(cat .env | xargs) -uvx --from titan-core@git+https://github.com/datacoves/titan.git@rc \ +uvx --from snowcap@git+https://github.com/datacoves/snowcap.git \ --refresh \ - titan apply \ + snowcap apply \ --config resources/ \ --sync_resources role,grant,role_grant + + +uvx --from snowcap@git+https://github.com/datacoves/titan.git \ + snowcap --version diff --git a/secure/titan/plan.sh b/secure/snowcap/plan.sh similarity index 79% rename from secure/titan/plan.sh rename to secure/snowcap/plan.sh index 689b2521..71e6b237 100755 --- a/secure/titan/plan.sh +++ b/secure/snowcap/plan.sh @@ -1,5 +1,5 @@ #!/bin/bash -secure_path=/config/workspace/secure/titan +secure_path=/config/workspace/secure/snowcap cd $secure_path if [ -f .env ]; then @@ -18,8 +18,8 @@ fi export $(cat .env | xargs) -uvx --from titan-core@git+https://github.com/datacoves/titan.git@rc \ +uvx --from snowcap@git+https://github.com/datacoves/snowcap.git \ --refresh \ - titan plan \ + snowcap plan \ --config resources/ \ --sync_resources role,grant,role_grant diff --git a/secure/snowcap/resources/account.yml b/secure/snowcap/resources/account.yml new file mode 100644 index 00000000..a57e656d --- /dev/null +++ b/secure/snowcap/resources/account.yml @@ -0,0 +1,3 @@ +account_parameters: + - name: CORTEX_ENABLED_CROSS_REGION + value: AWS_US diff --git a/secure/titan/resources/databases.yml b/secure/snowcap/resources/databases.yml similarity index 100% rename from secure/titan/resources/databases.yml rename to secure/snowcap/resources/databases.yml diff --git a/secure/titan/resources/object_templates/database.yml b/secure/snowcap/resources/object_templates/database.yml similarity index 100% rename from secure/titan/resources/object_templates/database.yml rename to secure/snowcap/resources/object_templates/database.yml diff --git a/secure/titan/resources/object_templates/schema.yml b/secure/snowcap/resources/object_templates/schema.yml similarity index 100% rename from secure/titan/resources/object_templates/schema.yml rename to secure/snowcap/resources/object_templates/schema.yml diff --git a/secure/titan/resources/object_templates/warehouses.yml b/secure/snowcap/resources/object_templates/warehouses.yml similarity index 100% rename from secure/titan/resources/object_templates/warehouses.yml rename to secure/snowcap/resources/object_templates/warehouses.yml diff --git a/secure/titan/resources/roles__base.yml b/secure/snowcap/resources/roles__base.yml similarity index 100% rename from secure/titan/resources/roles__base.yml rename to secure/snowcap/resources/roles__base.yml diff --git a/secure/titan/resources/roles__functional.yml b/secure/snowcap/resources/roles__functional.yml similarity index 100% rename from secure/titan/resources/roles__functional.yml rename to secure/snowcap/resources/roles__functional.yml diff --git a/secure/titan/resources/schemas.yml b/secure/snowcap/resources/schemas.yml similarity index 100% rename from secure/titan/resources/schemas.yml rename to secure/snowcap/resources/schemas.yml diff --git a/secure/titan/resources/stages.yml b/secure/snowcap/resources/stages.yml similarity index 100% rename from secure/titan/resources/stages.yml rename to secure/snowcap/resources/stages.yml diff --git a/secure/titan/resources/users.yml b/secure/snowcap/resources/users.yml similarity index 51% rename from secure/titan/resources/users.yml rename to secure/snowcap/resources/users.yml index 789c5367..1fec6600 100644 --- a/secure/titan/resources/users.yml +++ b/secure/snowcap/resources/users.yml @@ -1,25 +1,20 @@ -# Users should not be created on titan since keypairs can be lost on every run -# users: -# - name: svc_airbyte -# owner: SECURITYADMIN -# type: SERVICE -# - name: svc_airflow -# owner: SECURITYADMIN -# type: SERVICE -# - name: svc_balboa_ci -# owner: SECURITYADMIN -# type: SERVICE -# - name: svc_fivetran -# owner: SECURITYADMIN -# type: SERVICE - -# create or replace user svc_fivetran -# type = 'service' -# default_warehouse = 'wh_loading' -# rsa_public_key = '' +role_grants: + - to_user: alejandro + roles: + - analyst + - to_user: jesus + roles: + - analyst + - loader + - transformer_dbt + - accountadmin + - securityadmin + + - to_user: ian + roles: + - analyst -role_grants: - to_user: gomezn roles: - analyst @@ -36,7 +31,11 @@ role_grants: - accountadmin - securityadmin - + - to_user: stephen + roles: + - analyst + - accountadmin + - securityadmin - to_user: svc_airbyte roles: @@ -51,6 +50,10 @@ role_grants: roles: - transformer_dbt + - to_user: svc_datacoves + roles: + - securityadmin + - to_user: svc_fivetran roles: - loader diff --git a/secure/titan/resources/warehouses.yml b/secure/snowcap/resources/warehouses.yml similarity index 100% rename from secure/titan/resources/warehouses.yml rename to secure/snowcap/resources/warehouses.yml