Skip to content

Commit f5cf305

Browse files
adhakal321adhakal321
committed
added masking policies
1 parent 775db77 commit f5cf305

File tree

1 file changed

+51
-1
lines changed

1 file changed

+51
-1
lines changed

tasks/database-permissions/action.yml

+51-1
Original file line numberDiff line numberDiff line change
@@ -65,6 +65,32 @@ runs:
6565
OWNERSHIP_ROLE: ${{ inputs.target-ownership }}
6666
working-directory: ${{ inputs.working-directory }}
6767

68+
- name: Get Masking Policies
69+
shell: bash
70+
run: |
71+
~/snowflake/snowsql \
72+
-a $SNOWSQL_ACCOUNT \
73+
-u $SNOWSQL_USER \
74+
-d $SNOWSQL_DATABASE \
75+
-w $SNOWSQL_WAREHOUSE \
76+
-r $SNOWSQL_ROLE \
77+
-q "SHOW MASKING POLICIES IN DATABASE ${{ inputs.target-database }}" \
78+
-o output_file=./maskingpolicies.json \
79+
-o output_format=json \
80+
-o friendly=false
81+
env:
82+
SNOWSQL_ACCOUNT: ${{ inputs.snowflake-account }}
83+
SNOWSQL_USER: ${{ inputs.snowflake-username }}
84+
SNOWSQL_PWD: ${{ inputs.snowflake-password }}
85+
SNOWSQL_DATABASE: ${{ inputs.target-database}}
86+
SNOWSQL_ROLE: ${{ inputs.snowflake-role }}
87+
SNOWSQL_WAREHOUSE: ${{ inputs.snowflake-warehouse }}
88+
OWNERSHIP_ROLE: ${{ inputs.target-ownership }}
89+
working-directory: ${{ inputs.working-directory }}
90+
91+
92+
93+
6894
- name: Update Schema Permissions Script
6995
shell: pwsh
7096
run: |
@@ -96,6 +122,31 @@ runs:
96122
OWNERSHIP_ROLE: ${{ inputs.target-ownership }}
97123
working-directory: ${{ inputs.working-directory }}
98124

125+
126+
127+
- name: Update Maskingpolicy Permissions Script
128+
shell: pwsh
129+
run: |
130+
$statements = [Collections.Generic.List[string]]::New()
131+
$new_role = "${{ inputs.target-ownership }}"
132+
$fileName = "./maskingpolicies.json"
133+
134+
$schemaObjects = Get-Content -Raw -Path $fileName | ConvertFrom-Json
135+
136+
$schemaObjects | ForEach-Object {
137+
$schema= $_.SCHEMA_NAME.toLower()
138+
$policy= $_.NAME.toLower()
139+
140+
$statements.Add(-JOIN("GRANT OWNERSHIP ON MASKING POLICY ", $schema , ".",$policy, " TO ROLE " , $new_role," REVOKE CURRENT GRANTS;"))
141+
}
142+
$statements | Out-File -Append database-permissions.sql -Encoding utf8
143+
144+
env:
145+
OWNERSHIP_ROLE: ${{ inputs.target-ownership }}
146+
working-directory: ${{ inputs.working-directory }}
147+
148+
149+
99150
- name: Archive Permission Details
100151
uses: actions/upload-artifact@v3
101152
with:
@@ -122,4 +173,3 @@ runs:
122173
SNOWSQL_ROLE: ${{ inputs.snowflake-role }}
123174
SNOWSQL_WAREHOUSE: ${{ inputs.snowflake-warehouse }}
124175
working-directory: ${{ inputs.working-directory }}
125-

0 commit comments

Comments
 (0)