Permifrost

Manage Snowflake Permissions

Permifrost Project{:.btn .btn-purple-inv}

PyPI{:.btn .btn-purple-inv}

Permifrost

Permifrost is a Python tool for managing permissions on a Snowflake data warehouse. The main documentation for using the tool is available in the project and on PyPI.

Caveats

✅ What Permifrost is and what it is doing

  • Supports Snowflake only
  • Permifrost takes care of roles and privileges only
  • Objects that exist but are not in the config file do not lead to errors
  • Is a fully open-source package and everyone can contribute

❌ What Permifrost is not and what it is not doing

  • Object creation and deletion is not managed by permifrost
    • That is, if entire roles are removed from the roles.yml file, it will not delete them from Snowflake

Contributing

Development

Follow these steps to create and prepare your virtual environment.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# create a virtualenv
python -m venv ~/.venv/permifrost

# activate your virtualenv
source ~/.venv/permifrost/bin/activate

# install dependencies
pip install -r requirements.txt

# pip3 install all the development dependencies
pip install -e '.[dev]'

Once you’ve committed your changes, submit a merge request and update the default template.

Communication

  • For any additional question, contribution or ide, feel free to open a new issue in the Permifrost project and, if needed, tag @gitlab-data/permifrost_maintainers (the project maintainers)
  • If you prefer to announce or ask, Slack channel #tools-permifrost is also a good option.

Release Process

The release process is described in the template Release process for Permifrost with using Release Permifrost template. For real life example, use Release 0.15.1 as a template.

We set a goal to release a new version of Permifrost at least twice per year. Meanwhile, check our release history.

Versioning

Permifrost uses Semantic Versioning 2.0.0 as its version number scheme.

Workflow

Permifrost uses tags to create its artifacts. Pushing a new tag to the repository will publish it as docker images and a PyPI package. For details, refer to the Release guideline.

Below is the entire workflow for Permifrost contribution and development:

graph TD

    ISSUE--Tag permifrost maintainers--> VAL
    VAL--permifrost::1 Accepting Merge Requests-->MR
    MR--permifrost::2 In-Progress--> MRD
    MRD--permifrost::3 In-Review-->APR
    APR--Yes-->APR_YES[Adding to chanelog]
    APR--Work needed-->MR
    END((End))
    subgraph Community
        RFC((Request for change))
        RFC--Create an issue-->ISSUE[Issue]
        MR[Merge request]
        MRD[Work is done]
    end  
    subgraph Permifost maintainer
        VAL[Validate issue]
        APR{Code is approved?}
        APR_YES--Release-->PyPi[PyPi]
        PyPi--share info about new release-->END
    end
Last modified April 9, 2024: Add more use cases and details about Permifrost (a439f9f4)
View page source - Edit this page - please contribute. Creative Commons License