pub async fn reconcile_named_object(
client: &Client,
executor: &DeploymentExecutor<'_>,
name: &str,
grants: &[GrantPrivilegesStatement<Raw>],
kind: &GrantNamedObjectKind,
) -> Result<(), CliError>Expand description
Reconcile grants for a named infrastructure object (cluster or network policy).
Three-step algorithm:
- Apply all desired GRANTs idempotently (GRANT is a no-op if already present).
- Query the live grant state and default-privilege grants from the catalog.
- Compute the set difference (current - desired - protected) and REVOKE stale grants.