Module grants

Expand description

Shared helpers for grant reconciliation across apply commands.

Enums§

GrantNamedObjectKind: The kind of named infrastructure object for grant reconciliation.
GrantObjectKind: The kind of database object for grant reconciliation.

build_grant_target 🔒: Build a GrantTargetSpecification for a single named object.
desired_grants: Extract (grantee, privilege_type) pairs from parsed GRANT statements.
execute_revocations: Execute REVOKE statements for stale grants, printing status for each.
parse_privilege 🔒: Parse a privilege type string (e.g. "SELECT") into a Privilege enum value.
reconcile: Reconcile grants for a single object: apply desired grants, revoke stale ones.
reconcile_named_object: Reconcile grants for a named infrastructure object (cluster or network policy).
stale_grant_revocations: Compute REVOKE statements for grants that exist in current but not in desired and not in protected (3-way set difference).