spyglasshq / spyglass-cli

Access management as code.
https://spyglass.software
MIT License
26 stars 1 forks source link
access-control access-management data-engineering database-security iam security snowflake spyglass

spyglass-ascii

GitHub Workflow Status (with branch) GitHub commit activity GitHub GitHub milestone

Manage your Snowflake access controls as code.


🚣‍♂️ Before Spyglass: Permissions are managed manually across scripts, snowsight worksheets, and one-off requests.

Screen Shot 2023-03-20 at 11 47 17 AM

🚤 After Spyglass: Permissions are managed centrally in git and automatically synced to Snowflake.

Screen Shot 2023-03-20 at 11 38 02 AM

Overview

For a detailed explanation, see our Introducing Snowflake Access-as-Code post.

Basic usage of this tool looks like:

1. Import your current Snowflake objects/roles to YAML.

┌───────────┐     spyglass import / sync      ┌──────────┐
│ Snowflake │ ──────────────────────────────► │   YAML   │
└───────────┘                                 └──────────┘

2. Manage them as code.

┌───────────┐          make changes           ┌──────────┐
│           │ ──────────────────────────────► │          │
│ Data User │        spyglass verify          │   YAML   │
│           │ ──────────────────────────────► │          │
└───────────┘                                 └──────────┘

3. Automatically sync objects/roles between your Git repo and Snowflake.

┌───────────┐        spyglass apply           ┌──────────┐
│ Snowflake │ ◄────────────────────────────── │   YAML   │
└───────────┘                                 └──────────┘

Getting Started

Install the CLI using npm:

sudo npm install -g spyglass-cli@latest

Basic Usage

See How do I set up the CLI? #43.

See the Reference Documentation for details on the configuration.

CI/CD Usage

See How do I set up github actions / workflows? #42.

Query Usage

For getting insight into "who can access what?", see Announcing Queries (alpha) #45.

Getting Help and Contributing

We love working with the community, here's a few ways to get involved:

  1. Discussions - For FAQs, Q&A, feature requests, ideas, announcements, and sharing your use cases.
  2. Issues - For bug reports and concrete work items.
  3. Email - If all else fails, or if you'd just like to chat, let us know at devs@spyglass.software.
  4. Slack - For early partners, we're working on Slack for real time feedback and support. If you're interested, reach out to demo@spyglass.software.

Security

For submitting security issues, see SECURITY.md

For our security guidance to users, see Security Best Practices #96

Usage Analytics

We constantly improve this software, but we need your help! By default, we log anonymous analytics such as: commands invoked, errors, and software versions. We never log any personally-identifiable user information.

To opt out, you can run spyglass config:set disableAnalytics true. See https://github.com/spyglasshq/spyglass-cli/issues/9 and logging.ts for more information.

Roadmap

As of Q1 '23, Spyglass has full support for Snowflake. Support for other analytics databases (BigQuery, Databricks, Redshift, Oracle, etc.) is planned to follow.

Check out the Milestones page to track further progress.