Module grants 

Shared helpers for grant reconciliation across apply commands.

Enums

GrantNamedObjectKind

The kind of named infrastructure object for grant reconciliation.

GrantObjectKind

The kind of database object for grant reconciliation.

Functions

desired_grants

Extract (grantee, privilege_type) pairs from parsed GRANT statements.

execute_revocations

Execute REVOKE statements for stale grants, printing status for each.

reconcile

Reconcile grants for a single object: apply desired grants, revoke stale ones.

reconcile_named_object

Reconcile grants for a named infrastructure object (cluster or network policy).

stale_grant_revocations

Compute REVOKE statements for grants that exist in current but not in desired and not in protected (3-way set difference).