Feature/snowcap (#270)

secure/titan/README.md → secure/snowcap/README.md

@@ -1,6 +1,6 @@
 # Securing Snowflake Objects
 
-Using Titan allows us to create Snowflake objects and to also apply permissions to them
+Using Snowcap allows us to create Snowflake objects and to also apply permissions to them
 
 ## Running Plan
 
@@ -10,7 +10,4 @@ First run `plan.sh` to see the changes that will be applied to Snowflake
 
 First run `apply.sh` will apply all changes to Snowflake
 
-### Titan Docs
-https://titan-core.gitbook.io/titan-core
-
-https://github.com/datacoves/titan/tree/rc/docs
+### Snowcap Docs

secure/titan/apply.sh → secure/snowcap/apply.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-secure_path=/config/workspace/secure/titan
+secure_path=/config/workspace/secure/snowcap
 cd $secure_path
 
 if [ -f .env ]; then
@@ -18,8 +18,12 @@ fi
 
 export $(cat .env | xargs)
 
-uvx --from titan-core@git+https://github.com/datacoves/titan.git@rc \
+uvx --from snowcap@git+https://github.com/datacoves/snowcap.git \
     --refresh \
-    titan apply \
+    snowcap apply \
     --config resources/ \
     --sync_resources role,grant,role_grant
+
+
+uvx --from snowcap@git+https://github.com/datacoves/titan.git \
+    snowcap --version

secure/titan/plan.sh → secure/snowcap/plan.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-secure_path=/config/workspace/secure/titan
+secure_path=/config/workspace/secure/snowcap
 cd $secure_path
 
 if [ -f .env ]; then
@@ -18,8 +18,8 @@ fi
 
 export $(cat .env | xargs)
 
-uvx --from titan-core@git+https://github.com/datacoves/titan.git@rc \
+uvx --from snowcap@git+https://github.com/datacoves/snowcap.git \
     --refresh \
-    titan plan \
+    snowcap plan \
     --config resources/ \
     --sync_resources role,grant,role_grant

secure/snowcap/resources/account.yml

@@ -0,0 +1,3 @@
+account_parameters:
+  - name: CORTEX_ENABLED_CROSS_REGION
+    value: AWS_US

secure/titan/resources/users.yml → secure/snowcap/resources/users.yml

@@ -1,25 +1,20 @@
-# Users should not be created on titan since keypairs can be lost on every run
-# users:
-#   - name: svc_airbyte
-#     owner: SECURITYADMIN
-#     type: SERVICE
-#   - name: svc_airflow
-#     owner: SECURITYADMIN
-#     type: SERVICE
-#   - name: svc_balboa_ci
-#     owner: SECURITYADMIN
-#     type: SERVICE
-#   - name: svc_fivetran
-#     owner: SECURITYADMIN
-#     type: SERVICE
-
-# create or replace user svc_fivetran
-#     type = 'service'
-#     default_warehouse = 'wh_loading'
-#     rsa_public_key = ''
+role_grants:
+  - to_user: alejandro
+    roles:
+      - analyst
 
+  - to_user: jesus
+    roles:
+      - analyst
+      - loader
+      - transformer_dbt
+      - accountadmin
+      - securityadmin
+
+  - to_user: ian
+    roles:
+      - analyst
 
-role_grants:
   - to_user: gomezn
     roles:
       - analyst
@@ -36,7 +31,11 @@ role_grants:
       - accountadmin
       - securityadmin
 
-
+  - to_user: stephen
+    roles:
+      - analyst
+      - accountadmin
+      - securityadmin
 
   - to_user: svc_airbyte
     roles:
@@ -51,6 +50,10 @@ role_grants:
     roles:
       - transformer_dbt
 
+  - to_user: svc_datacoves
+    roles:
+      - securityadmin
+
   - to_user: svc_fivetran
     roles:
       - loader