From 068958f831ee9dabff9f1913c2c86b777fa00b33 Mon Sep 17 00:00:00 2001 From: Noel Gomez Date: Thu, 5 Feb 2026 13:59:05 -0800 Subject: [PATCH 1/2] rename titan to snowcap --- secure/{titan => snowcap}/.env.sample | 0 secure/{titan => snowcap}/README.md | 7 ++----- secure/{titan => snowcap}/apply.sh | 10 +++++++--- secure/{titan => snowcap}/plan.sh | 6 +++--- secure/{titan => snowcap}/resources/databases.yml | 0 .../resources/object_templates/database.yml | 0 .../resources/object_templates/schema.yml | 0 .../resources/object_templates/warehouses.yml | 0 secure/{titan => snowcap}/resources/roles__base.yml | 0 .../{titan => snowcap}/resources/roles__functional.yml | 0 secure/{titan => snowcap}/resources/schemas.yml | 0 secure/{titan => snowcap}/resources/stages.yml | 0 secure/{titan => snowcap}/resources/users.yml | 0 secure/{titan => snowcap}/resources/warehouses.yml | 0 14 files changed, 12 insertions(+), 11 deletions(-) rename secure/{titan => snowcap}/.env.sample (100%) rename secure/{titan => snowcap}/README.md (50%) rename secure/{titan => snowcap}/apply.sh (69%) rename secure/{titan => snowcap}/plan.sh (79%) rename secure/{titan => snowcap}/resources/databases.yml (100%) rename secure/{titan => snowcap}/resources/object_templates/database.yml (100%) rename secure/{titan => snowcap}/resources/object_templates/schema.yml (100%) rename secure/{titan => snowcap}/resources/object_templates/warehouses.yml (100%) rename secure/{titan => snowcap}/resources/roles__base.yml (100%) rename secure/{titan => snowcap}/resources/roles__functional.yml (100%) rename secure/{titan => snowcap}/resources/schemas.yml (100%) rename secure/{titan => snowcap}/resources/stages.yml (100%) rename secure/{titan => snowcap}/resources/users.yml (100%) rename secure/{titan => snowcap}/resources/warehouses.yml (100%) diff --git a/secure/titan/.env.sample b/secure/snowcap/.env.sample similarity index 100% rename from secure/titan/.env.sample rename to secure/snowcap/.env.sample diff --git a/secure/titan/README.md b/secure/snowcap/README.md similarity index 50% rename from secure/titan/README.md rename to secure/snowcap/README.md index 11e07830..4d0494af 100644 --- a/secure/titan/README.md +++ b/secure/snowcap/README.md @@ -1,6 +1,6 @@ # Securing Snowflake Objects -Using Titan allows us to create Snowflake objects and to also apply permissions to them +Using Snowcap allows us to create Snowflake objects and to also apply permissions to them ## Running Plan @@ -10,7 +10,4 @@ First run `plan.sh` to see the changes that will be applied to Snowflake First run `apply.sh` will apply all changes to Snowflake -### Titan Docs -https://titan-core.gitbook.io/titan-core - -https://github.com/datacoves/titan/tree/rc/docs +### Snowcap Docs diff --git a/secure/titan/apply.sh b/secure/snowcap/apply.sh similarity index 69% rename from secure/titan/apply.sh rename to secure/snowcap/apply.sh index 061ddfbe..551dccc2 100755 --- a/secure/titan/apply.sh +++ b/secure/snowcap/apply.sh @@ -1,5 +1,5 @@ #!/bin/bash -secure_path=/config/workspace/secure/titan +secure_path=/config/workspace/secure/snowcap cd $secure_path if [ -f .env ]; then @@ -18,8 +18,12 @@ fi export $(cat .env | xargs) -uvx --from titan-core@git+https://github.com/datacoves/titan.git@rc \ +uvx --from snowcap@git+https://github.com/datacoves/snowcap.git \ --refresh \ - titan apply \ + snowcap apply \ --config resources/ \ --sync_resources role,grant,role_grant + + +uvx --from snowcap@git+https://github.com/datacoves/titan.git \ + snowcap --version diff --git a/secure/titan/plan.sh b/secure/snowcap/plan.sh similarity index 79% rename from secure/titan/plan.sh rename to secure/snowcap/plan.sh index 689b2521..71e6b237 100755 --- a/secure/titan/plan.sh +++ b/secure/snowcap/plan.sh @@ -1,5 +1,5 @@ #!/bin/bash -secure_path=/config/workspace/secure/titan +secure_path=/config/workspace/secure/snowcap cd $secure_path if [ -f .env ]; then @@ -18,8 +18,8 @@ fi export $(cat .env | xargs) -uvx --from titan-core@git+https://github.com/datacoves/titan.git@rc \ +uvx --from snowcap@git+https://github.com/datacoves/snowcap.git \ --refresh \ - titan plan \ + snowcap plan \ --config resources/ \ --sync_resources role,grant,role_grant diff --git a/secure/titan/resources/databases.yml b/secure/snowcap/resources/databases.yml similarity index 100% rename from secure/titan/resources/databases.yml rename to secure/snowcap/resources/databases.yml diff --git a/secure/titan/resources/object_templates/database.yml b/secure/snowcap/resources/object_templates/database.yml similarity index 100% rename from secure/titan/resources/object_templates/database.yml rename to secure/snowcap/resources/object_templates/database.yml diff --git a/secure/titan/resources/object_templates/schema.yml b/secure/snowcap/resources/object_templates/schema.yml similarity index 100% rename from secure/titan/resources/object_templates/schema.yml rename to secure/snowcap/resources/object_templates/schema.yml diff --git a/secure/titan/resources/object_templates/warehouses.yml b/secure/snowcap/resources/object_templates/warehouses.yml similarity index 100% rename from secure/titan/resources/object_templates/warehouses.yml rename to secure/snowcap/resources/object_templates/warehouses.yml diff --git a/secure/titan/resources/roles__base.yml b/secure/snowcap/resources/roles__base.yml similarity index 100% rename from secure/titan/resources/roles__base.yml rename to secure/snowcap/resources/roles__base.yml diff --git a/secure/titan/resources/roles__functional.yml b/secure/snowcap/resources/roles__functional.yml similarity index 100% rename from secure/titan/resources/roles__functional.yml rename to secure/snowcap/resources/roles__functional.yml diff --git a/secure/titan/resources/schemas.yml b/secure/snowcap/resources/schemas.yml similarity index 100% rename from secure/titan/resources/schemas.yml rename to secure/snowcap/resources/schemas.yml diff --git a/secure/titan/resources/stages.yml b/secure/snowcap/resources/stages.yml similarity index 100% rename from secure/titan/resources/stages.yml rename to secure/snowcap/resources/stages.yml diff --git a/secure/titan/resources/users.yml b/secure/snowcap/resources/users.yml similarity index 100% rename from secure/titan/resources/users.yml rename to secure/snowcap/resources/users.yml diff --git a/secure/titan/resources/warehouses.yml b/secure/snowcap/resources/warehouses.yml similarity index 100% rename from secure/titan/resources/warehouses.yml rename to secure/snowcap/resources/warehouses.yml From 103a409b11ed34101e4ee0ea3afa3ce560baec74 Mon Sep 17 00:00:00 2001 From: Noel Gomez Date: Wed, 11 Feb 2026 16:46:26 -0800 Subject: [PATCH 2/2] enable cortex and add users to snowcap --- secure/snowcap/resources/account.yml | 3 ++ secure/snowcap/resources/users.yml | 45 +++++++++++++++------------- 2 files changed, 27 insertions(+), 21 deletions(-) create mode 100644 secure/snowcap/resources/account.yml diff --git a/secure/snowcap/resources/account.yml b/secure/snowcap/resources/account.yml new file mode 100644 index 00000000..a57e656d --- /dev/null +++ b/secure/snowcap/resources/account.yml @@ -0,0 +1,3 @@ +account_parameters: + - name: CORTEX_ENABLED_CROSS_REGION + value: AWS_US diff --git a/secure/snowcap/resources/users.yml b/secure/snowcap/resources/users.yml index 789c5367..1fec6600 100644 --- a/secure/snowcap/resources/users.yml +++ b/secure/snowcap/resources/users.yml @@ -1,25 +1,20 @@ -# Users should not be created on titan since keypairs can be lost on every run -# users: -# - name: svc_airbyte -# owner: SECURITYADMIN -# type: SERVICE -# - name: svc_airflow -# owner: SECURITYADMIN -# type: SERVICE -# - name: svc_balboa_ci -# owner: SECURITYADMIN -# type: SERVICE -# - name: svc_fivetran -# owner: SECURITYADMIN -# type: SERVICE - -# create or replace user svc_fivetran -# type = 'service' -# default_warehouse = 'wh_loading' -# rsa_public_key = '' +role_grants: + - to_user: alejandro + roles: + - analyst + - to_user: jesus + roles: + - analyst + - loader + - transformer_dbt + - accountadmin + - securityadmin + + - to_user: ian + roles: + - analyst -role_grants: - to_user: gomezn roles: - analyst @@ -36,7 +31,11 @@ role_grants: - accountadmin - securityadmin - + - to_user: stephen + roles: + - analyst + - accountadmin + - securityadmin - to_user: svc_airbyte roles: @@ -51,6 +50,10 @@ role_grants: roles: - transformer_dbt + - to_user: svc_datacoves + roles: + - securityadmin + - to_user: svc_fivetran roles: - loader