spyglass-cli
spyglass-cli copied to clipboard
spyglasshq
Access management as code.
Initially, just check: Privileges are from a known list (e.g. `usage`, `monitor`, `select`, `insert`, etc.) This helps prevent simple mistakes (e.g. typos) at the expense of requiring us to enumerate...
### Import (Snowflake --> Spyglass) Example query to list grants for database role: ```sql -- first get a list of all databases show databases; -- then get a list of...
We need to address the various ways that `sync` and `apply` commands can collide. ### Scenario: Sync Occurs Before Apply Completion 1. Git push lands with an update such as...
If two Apply actions execute around the same time, the behavior is not currently well-defined.
Currently, auth requires an existing user with password to exist. Alternatively, we can give the user some SQL commands to run to create a separate user with finely scoped permissions.
Sometimes a github action may not correctly apply all changes in the `Apply spyglass configuration to production` action stage. This can be retried in the github UI, but if a...
See #14 and #15 for more info
Currently, `apply` takes an `account-id` parameter. We should remove this requirement by automatically finding the accounts in scope.
Initial support is just password-based auth, but we should enable using the `externalbrowser` method ([docs](https://docs.snowflake.com/en/user-guide/nodejs-driver-use#authentication-options)) as well.