activerecord-tenant-level-security 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e847b09c2072b1d43800f05548532cbea63ee65700b80a50f48ce212ce1128c4
-  data.tar.gz: '0884eb072cb058b099b449cbc940a373abb247f6c01a396df64486941b091167'
+  metadata.gz: 60f9c934a6a5bdad1bfb2ac9ea2d3f961edbb099d2611d8630511ab4454bfeb3
+  data.tar.gz: 9f2f5adc688fc7dbc983f108199c18332903e4ed97271fe7ad09275cb836c36a
 SHA512:
-  metadata.gz: a2761438baef9b4e0c3ea159121f28da51f537bb5c70bcb8d4c81b6d22283d2d0bab9eea784ba84d0b68635d68954cc27eb3bc36f56f6c92508914998e548422
-  data.tar.gz: 33e9fbbc489d73f12418e7c53483989b404417051aff14a28ce0aa77598aef9547d89a08a6476e908cdb26972963b876c37a15d79e145f14a6c514f55dfc5310
+  metadata.gz: d96db12fb43d2df0302802d40297be218b77717f671d661ddc8a7c54d2930cdd230666c62980cb54e0750e70fdd53f86a3de8bcd00ec27affc3439164885105b
+  data.tar.gz: f2e30cfe9a512ec32901a8a2d51c98dbd34c7bbe88018844c7c48d6e3c279b91e30598edaa9ef88c8e105336262179d980cdd9dcd64492615ca2ca93cbee612b

data/.circleci/config.yml

@@ -28,6 +28,6 @@ workflows:
       - test:
           matrix:
             parameters:
-              ruby: ['ruby:3.0', 'ruby:3.1', 'ruby:3.2']
-              rails: ['rails_6.0', 'rails_6.1', 'rails_7.0']
-              postgres: ['postgres:11.19', 'postgres:12.14', 'postgres:13.10', 'postgres:14.7', 'postgres:15.2']
+              ruby: ['ruby:3.2', 'ruby:3.3', 'ruby:3.4']
+              rails: ['rails_7.1', 'rails_7.2', 'rails_8.0']
+              postgres: ['postgres:13.21', 'postgres:14.18', 'postgres:15.13', 'postgres:16.9', 'postgres:17.5']

data/CHANGELOG.md

@@ -1,3 +1,29 @@
+## v0.4.0 (2025-05-23)
+
+### Breaking Changes
+
+- [#27](https://github.com/kufu/activerecord-tenant-level-security/pull/27): CI against Ruby 3.4, drop Ruby 3.1, Rails 7.1 
+  - Drop support for Ruby 3.1 and Rails 7.1
+
+## v0.3.0 (2024-08-06)
+
+### Enhancements
+
+### Breaking Changes
+
+- [#18](https://github.com/kufu/activerecord-tenant-level-security/pull/18): CI against Rails 7.1, drop Rails 6.0
+  - Drop support for Rails 6.0
+
+### Enhancements
+
+- [#22](https://github.com/kufu/activerecord-tenant-level-security/pull/22): Enable support for custom column names for tenant-level security policies
+
+### Chores
+
+- [#19](https://github.com/kufu/activerecord-tenant-level-security/pull/19): Modified the sample code in "Sidekiq Integration"
+- [#20](https://github.com/kufu/activerecord-tenant-level-security/pull/20): CI against Ruby 3.3 and PostgreSQL 16, drop Ruby 3.0 and PostgreSQL 11
+- [#21](https://github.com/kufu/activerecord-tenant-level-security/pull/21): Add a guide for using Rails fixtures with RLS in test
+
 ## v0.2.0 (2023-04-14)
 
 This release includes changes to policies created by `create_policy`. Migrations that have already been performed will not be affected, so it is safe to upgrade as-is, but for performance reasons it is recommended to update existing policies to the new format. See https://github.com/kufu/activerecord-tenant-level-security/pull/16 for details.
@@ -28,3 +54,5 @@ This release includes changes to policies created by `create_policy`. Migrations
 ## v0.0.1 (2021-11-10)
 
 Initial release 🥳
+
+

data/README.md

@@ -1,4 +1,5 @@
 # activerecord-tenant-level-security
+
 [![CircleCI](https://circleci.com/gh/kufu/activerecord-tenant-level-security/tree/master.svg?style=svg)](https://circleci.com/gh/kufu/activerecord-tenant-level-security/tree/master)
 [![gem-version](https://img.shields.io/gem/v/activerecord-tenant-level-security.svg)](https://rubygems.org/gems/activerecord-tenant-level-security)
 [![License](https://img.shields.io/github/license/kufu/activerecord-tenant-level-security.svg?color=blue)](https://github.com/kufu/activerecord-tenant-level-security/blob/master/LICENSE.txt)
@@ -50,12 +51,17 @@ class CreateEmployee < ActiveRecord::Migration[6.0]
       t.string :name
     end
 
+    # By default, "tenant_id" is used as a partition key.
     create_policy :employees
+
+    # You can also use a column other than "tenant_id" by passing the "partition_key" option.
+    # create_policy :employees, partition_key: :company_id
+    # And you can also specify the partition key as a string.
   end
 end
 ```
 
-When testing, be aware of the database user you are connecting to. The default user `postgres` has the `BYPASSRLS` attribute and therefore bypass the RLS. You must create a user who does not have these privileges in order for your application to connect.
+When experimenting, be aware of the database user you are trying to connect with. The default user `postgres` has the `BYPASSRLS` attribute and therefore bypasses the RLS. You must create a user who does not have these privileges in order for your application to connect.
 
 If you want to use this gem, you first need to register a callback which gets the current tenant. This callback is invoked when checking out a new connection from a connection pool. Create an initializer and tell how it should resolve the current tenant like the following:
 
@@ -119,6 +125,10 @@ Sidekiq.configure_server do |config|
   config.server_middleware do |chain|
     chain.add TenantLevelSecurity::Sidekiq::Middleware::Server
   end
+
+  config.client_middleware do |chain|
+    chain.add TenantLevelSecurity::Sidekiq::Middleware::Client
+  end
 end
 ```
 
@@ -130,6 +140,57 @@ Active Record 6+ adds support for [multiple databases](https://guides.rubyonrail
 
 In multiple databases, Active Record creates a connection pool for each connection, but `TenantLevelSecurity.switch` only switches for the current connection.
 
+## Testing with Rails Fixtures
+
+When testing a Rails app with multiple tenants, you might have fixtures for different tenants that need loading into
+your database. However, Row-Level Security (RLS) might block this because it restricts data access. In order to bypass
+RLS for loading these fixtures, you need to use a special database configuration.
+
+In your database configuration in `config/database.yml`, add a `bypass_rls` cd config. This must use a superuser
+database account, which can load fixtures without RLS restrictions. Do not forget to set `database_tasks: false` to
+prevent Rails from messing with your primary database during setup or teardown tasks.
+
+```yml
+# config/database.yml
+test:
+  primary:
+    <<: *default
+    database: ...
+    username: non_super_user_without_bypass_rls
+  bypass_rls:
+    <<: *default
+    database: ...
+    database_tasks: false # So that the primary db is not re-created or dropped when running rake db:create or db:drop.
+    username: postgres    # This user must have the superuser privileges.
+```
+
+Then in your test setup in `test/test_helper.rb`, make sure to use the `bypass_rls` configuration for loading fixtures.
+This involves connecting to the database with superuser privileges before running tests, especially important for
+parallel tests to ensure each test process works with the correct database instance.
+
+```ruby
+# test/test_helper.rb
+
+# Set up the `test_setup` role so we can utilize the `bypass_rls` config:
+ActiveRecord::Base.connects_to database: { test_setup: :bypass_rls }
+
+class ActiveSupport::TestCase
+  # When running the tests in parallel, Rails automatically updates the primary db config but not the configs with
+  # the `database_tasks: false` option. We need to ensure that the `bypass_rls` config also points to the same db as
+  # the `primary` config.
+  parallelize_setup do |index|
+    ActiveRecord::Base.configurations.configs_for(env_name: "test", include_hidden: true).each do |config|
+      config._database = "#{config.database}-#{index}" unless config.database.end_with?("-#{index}")
+    end
+  end
+
+  # Run setup_fixtures in the test setup to bypass RLS:
+  def setup_fixtures
+    ActiveRecord::Base.connected_to(role: :test_setup) { super }
+  end
+end
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/activerecord-tenant-level-security.gemspec

@@ -24,12 +24,11 @@ Gem::Specification.new do |spec|
   end
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "activerecord", ">= 6.0"
-  spec.add_dependency "activesupport", ">= 6.0"
+  spec.add_dependency "activerecord", ">= 7.1"
+  spec.add_dependency "activesupport", ">= 7.1"
   spec.add_dependency "pg", ">= 1.0"
 
   spec.add_development_dependency "bundler", ">= 2.0"
   spec.add_development_dependency "rake", ">= 10.0"
   spec.add_development_dependency "rspec", ">= 3.0"
-  spec.add_development_dependency "appraisal", "~> 2.4"
 end

data/gemfiles/rails_7.1.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 7.1.1"
+
+gemspec path: "../"

data/gemfiles/rails_7.2.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 7.2.2"
+
+gemspec path: "../"

data/gemfiles/rails_8.0.gemfile

@@ -0,0 +1,5 @@
+source "https://rubygems.org"
+
+gem "rails", "~> 8.0.0"
+
+gemspec path: "../"

data/lib/activerecord-tenant-level-security/schema_dumper.rb

@@ -19,7 +19,8 @@ module TenantLevelSecurity
     def policies_in_database
       query = <<~SQL
         SELECT
-          tablename
+          tablename,
+          qual
         FROM
           pg_policies
         WHERE
@@ -28,23 +29,41 @@ module TenantLevelSecurity
           tablename;
       SQL
       results = ActiveRecord::Base.connection.execute(query)
-      table_names = results.map { |x| x["tablename"] }
+      results.map do |result|
+        table_name = result["tablename"]
+        partition_key = convert_qual_to_partition_key(result["qual"])
+        Policy.new(table_name: table_name, partition_key: partition_key)
+      end
+    end
+
+    private
+
+    def convert_qual_to_partition_key(qual)
+      matched = qual.match(/^\((.+?) = /)
+      # This error can occur if the specification of the 'tenant_policy' in PostgreSQL
+      #   or the 'create_policy' method changes
+      raise "Failed to parse partition key from 'pg_policies.qual': #{qual}" unless matched
 
-      table_names.map { |t| Policy.new(t) }
+      matched[1]
     end
 
     class Policy
-      def initialize(table_name)
+      def initialize(table_name:, partition_key:)
         @table_name = table_name
+        @partition_key = partition_key
       end
 
       def to_schema
-        %(  create_policy "#{table_name}")
+        schema = %(  create_policy "#{table_name}")
+        if partition_key != TenantLevelSecurity::DEFAULT_PARTITION_KEY
+          schema += %(, partition_key: "#{partition_key}")
+        end
+        schema
       end
 
       private
 
-      attr_reader :table_name
+      attr_reader :table_name, :partition_key
     end
   end
 end

data/lib/activerecord-tenant-level-security/schema_statements.rb

@@ -1,36 +1,38 @@
 module TenantLevelSecurity
   module SchemaStatements
-    def create_policy(table_name)
+    def create_policy(table_name, partition_key: TenantLevelSecurity::DEFAULT_PARTITION_KEY)
+      quoted_table_name = quote_table_name(table_name)
+      quoted_partition_key = quote_column_name(partition_key)
       execute <<~SQL
-        ALTER TABLE #{table_name} ENABLE ROW LEVEL SECURITY;
-        ALTER TABLE #{table_name} FORCE ROW LEVEL SECURITY;
+        ALTER TABLE #{quoted_table_name} ENABLE ROW LEVEL SECURITY;
+        ALTER TABLE #{quoted_table_name} FORCE ROW LEVEL SECURITY;
       SQL
-      tenant_id_data_type = get_tenant_id_data_type(table_name)
+      tenant_id_data_type = get_tenant_id_data_type(table_name, partition_key)
       execute <<~SQL
-        CREATE POLICY tenant_policy ON #{table_name}
+        CREATE POLICY tenant_policy ON #{quoted_table_name}
           AS PERMISSIVE
           FOR ALL
           TO PUBLIC
-          USING (tenant_id = NULLIF(current_setting('tenant_level_security.tenant_id'), '')::#{tenant_id_data_type})
-          WITH CHECK (tenant_id = NULLIF(current_setting('tenant_level_security.tenant_id'), '')::#{tenant_id_data_type})
+          USING (#{quoted_partition_key} = NULLIF(current_setting('tenant_level_security.tenant_id'), '')::#{tenant_id_data_type})
+          WITH CHECK (#{quoted_partition_key} = NULLIF(current_setting('tenant_level_security.tenant_id'), '')::#{tenant_id_data_type})
       SQL
     end
 
-    def remove_policy(table_name)
+    def remove_policy(table_name, *args)
+      quoted_table_name = quote_table_name(table_name)
       execute <<~SQL
-        ALTER TABLE #{table_name} NO FORCE ROW LEVEL SECURITY;
-        ALTER TABLE #{table_name} DISABLE ROW LEVEL SECURITY;
+        ALTER TABLE #{quoted_table_name} NO FORCE ROW LEVEL SECURITY;
+        ALTER TABLE #{quoted_table_name} DISABLE ROW LEVEL SECURITY;
       SQL
       execute <<~SQL
-        DROP POLICY tenant_policy ON #{table_name}
+        DROP POLICY tenant_policy ON #{quoted_table_name}
       SQL
     end
 
     private
-    def get_tenant_id_data_type(table_name)
-      tenant_id_column = columns(table_name)
-        .find{|column| column.name == 'tenant_id'}
-      raise "tenant_id column is missing in #{table_name}" if tenant_id_column.nil?
+    def get_tenant_id_data_type(table_name, partition_key)
+      tenant_id_column = columns(table_name).find { |column| column.name == partition_key.to_s }
+      raise "#{partition_key} column is missing in #{table_name}" if tenant_id_column.nil?
 
       tenant_id_column.sql_type
     end

data/lib/activerecord-tenant-level-security/tenant_level_security.rb

@@ -1,4 +1,6 @@
 module TenantLevelSecurity
+  DEFAULT_PARTITION_KEY = 'tenant_id'.freeze
+
   class << self
     # The current_tenant_id sets the default tenant from the outside.
     # Be sure to register in advance as `TenantLevelSecurity.current_tenant_id { id }` with initializers.

data/lib/activerecord-tenant-level-security/version.rb

@@ -1,3 +1,3 @@
 module TenantLevelSecurity
-  VERSION = '0.2.0'
+  VERSION = '0.4.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activerecord-tenant-level-security
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - SmartHR
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-14 00:00:00.000000000 Z
+date: 2025-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -94,20 +94,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: appraisal
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.4'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.4'
 description: An Active Record extension for Multitenancy with PostgreSQL Row Level
   Security
 email:
@@ -119,7 +105,6 @@ files:
 - ".circleci/config.yml"
 - ".gitignore"
 - ".rspec"
-- Appraisals
 - CHANGELOG.md
 - CODE_OF_CONDUCT.jp.md
 - CODE_OF_CONDUCT.md
@@ -130,9 +115,9 @@ files:
 - activerecord-tenant-level-security.gemspec
 - bin/console
 - bin/setup
-- gemfiles/rails_6.0.gemfile
-- gemfiles/rails_6.1.gemfile
-- gemfiles/rails_7.0.gemfile
+- gemfiles/rails_7.1.gemfile
+- gemfiles/rails_7.2.gemfile
+- gemfiles/rails_8.0.gemfile
 - lib/activerecord-tenant-level-security.rb
 - lib/activerecord-tenant-level-security/command_recorder.rb
 - lib/activerecord-tenant-level-security/schema_dumper.rb
@@ -146,7 +131,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/kufu/activerecord-tenant-level-security
   source_code_uri: https://github.com/kufu/activerecord-tenant-level-security
-  changelog_uri: https://github.com/kufu/activerecord-tenant-level-security/blob/v0.2.0/CHANGELOG.md
+  changelog_uri: https://github.com/kufu/activerecord-tenant-level-security/blob/v0.4.0/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -162,7 +147,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: An Active Record extension for Multitenancy with PostgreSQL Row Level Security

data/Appraisals

@@ -1,11 +0,0 @@
-appraise "rails-6.0" do
-  gem "rails", "~> 6.0.4"
-end
-
-appraise "rails-6.1" do
-  gem "rails", "~> 6.1.4"
-end
-
-appraise "rails-7.0" do
-  gem "rails", "~> 7.0.2"
-end

data/gemfiles/rails_6.0.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 6.0.4"
-
-gemspec path: "../"

data/gemfiles/rails_6.1.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 6.1.4"
-
-gemspec path: "../"

data/gemfiles/rails_7.0.gemfile

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 7.0.2"
-
-gemspec path: "../"