@objectstack/service-datasource 10.0.0 → 10.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +19 -15
- package/CHANGELOG.md +69 -0
- package/dist/chunk-BI2SYWLC.cjs +9 -0
- package/dist/chunk-BI2SYWLC.cjs.map +1 -0
- package/dist/chunk-XLS4RP7B.js +9 -0
- package/dist/chunk-XLS4RP7B.js.map +1 -0
- package/dist/contracts/index.cjs +7 -1
- package/dist/contracts/index.cjs.map +1 -1
- package/dist/contracts/index.d.cts +59 -1
- package/dist/contracts/index.d.ts +59 -1
- package/dist/contracts/index.js +6 -0
- package/dist/index.cjs +269 -99
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +176 -4
- package/dist/index.d.ts +176 -4
- package/dist/index.js +201 -31
- package/dist/index.js.map +1 -1
- package/package.json +7 -7
- package/src/__tests__/datasource-connection-service.test.ts +294 -0
- package/src/contracts/connect-policy.ts +69 -0
- package/src/contracts/index.ts +11 -0
- package/src/datasource-admin-plugin.ts +37 -40
- package/src/datasource-admin-service.ts +2 -0
- package/src/datasource-connection-service.ts +364 -0
- package/src/index.ts +18 -0
- package/src/logger.ts +2 -0
package/dist/index.d.cts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { IExternalDatasourceService, IntrospectedSchema, RemoteTable, GenerateDraftOpts, ObjectDraft, ImportObjectOpts, ImportObjectResult, SchemaValidationResult, SchemaValidationReport, ICryptoProvider, IHttpServer } from '@objectstack/spec/contracts';
|
|
2
2
|
import { ExternalCatalog } from '@objectstack/spec/data';
|
|
3
3
|
import { Plugin, PluginContext } from '@objectstack/core';
|
|
4
|
-
import { IDatasourceAdminService, TestConnectionResult, SecretInput, DatasourceSummary, DatasourceDraft
|
|
5
|
-
export { DatasourceConnectionSpec, DatasourceDriverHandle, DatasourceOrigin } from './contracts/index.cjs';
|
|
4
|
+
import { IDatasourceDriverFactory, DatasourceConnectPolicy, DatasourceConnectContext, IDatasourceAdminService, TestConnectionResult, SecretInput, DatasourceSummary, DatasourceDraft } from './contracts/index.cjs';
|
|
5
|
+
export { DatasourceConnectDecision, DatasourceConnectSubject, DatasourceConnectionSpec, DatasourceDriverHandle, DatasourceOrigin, allowAllConnectPolicy } from './contracts/index.cjs';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
8
|
* ExternalDatasourceService — implements {@link IExternalDatasourceService}
|
|
@@ -137,6 +137,168 @@ declare class ExternalDatasourceServicePlugin implements Plugin {
|
|
|
137
137
|
interface Logger {
|
|
138
138
|
warn: (message: string, meta?: unknown) => void;
|
|
139
139
|
info?: (message: string, meta?: unknown) => void;
|
|
140
|
+
debug?: (message: string, meta?: unknown) => void;
|
|
141
|
+
error?: (message: string, meta?: unknown) => void;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
/**
|
|
145
|
+
* DatasourceConnectionService — the single "definition → live driver" path
|
|
146
|
+
* (ADR-0062 D1).
|
|
147
|
+
*
|
|
148
|
+
* Given a datasource definition, it: consults the injectable connect policy
|
|
149
|
+
* (D5/epic seam), builds a driver via the host-provided driver factory,
|
|
150
|
+
* resolves any `external.credentialsRef` to a cleartext secret via the
|
|
151
|
+
* `SecretBinder` (D3, wired in Phase 2), opens the connection, and registers
|
|
152
|
+
* the live driver + the datasource *definition* into the ObjectQL engine under
|
|
153
|
+
* the datasource name (the engine routes by `driver.name === <datasource>`).
|
|
154
|
+
*
|
|
155
|
+
* Both origins converge here (D1):
|
|
156
|
+
* - **code-defined** datasources auto-connect at boot via
|
|
157
|
+
* {@link connectDeclared} (gated per D2 — see {@link isDatasourceAddressed}),
|
|
158
|
+
* called from `AppPlugin.start()`.
|
|
159
|
+
* - **runtime** (UI-created) datasources connect via {@link connect}, called
|
|
160
|
+
* from `DatasourceAdminServicePlugin`'s `registerPool` (create/update + boot
|
|
161
|
+
* rehydration).
|
|
162
|
+
*
|
|
163
|
+
* Idempotent: a datasource already registered as a live driver is skipped, so
|
|
164
|
+
* an app's legacy `onEnable` driver registration (the escape hatch, ADR-0062
|
|
165
|
+
* D8) and auto-connect never double-register.
|
|
166
|
+
*/
|
|
167
|
+
|
|
168
|
+
/** A datasource definition this service can connect (code- or runtime-origin). */
|
|
169
|
+
interface ConnectableDatasource {
|
|
170
|
+
name: string;
|
|
171
|
+
label?: string;
|
|
172
|
+
driver: string;
|
|
173
|
+
schemaMode?: 'managed' | 'external' | 'validate-only';
|
|
174
|
+
config?: Record<string, unknown>;
|
|
175
|
+
external?: (Record<string, unknown> & {
|
|
176
|
+
credentialsRef?: string;
|
|
177
|
+
validation?: {
|
|
178
|
+
onMismatch?: 'fail' | 'warn' | 'ignore';
|
|
179
|
+
};
|
|
180
|
+
}) | undefined;
|
|
181
|
+
pool?: Record<string, unknown>;
|
|
182
|
+
active?: boolean;
|
|
183
|
+
origin?: 'code' | 'runtime';
|
|
184
|
+
/**
|
|
185
|
+
* ADR-0062 D2(c): explicit opt-in to auto-connect even for a managed,
|
|
186
|
+
* unrouted datasource. Defaults to false.
|
|
187
|
+
*/
|
|
188
|
+
autoConnect?: boolean;
|
|
189
|
+
}
|
|
190
|
+
/** Minimal object shape used for the D2 routing gate + post-connect schema sync. */
|
|
191
|
+
interface DatasourceBoundObject {
|
|
192
|
+
name?: string;
|
|
193
|
+
/** The object's explicit `datasource` binding (ADR-0015 federation). */
|
|
194
|
+
datasource?: string;
|
|
195
|
+
}
|
|
196
|
+
/** Engine surface this service drives (the ObjectQL `'data'` engine). */
|
|
197
|
+
interface ConnectionEngineLike {
|
|
198
|
+
registerDriver?: (driver: unknown, isDefault?: boolean) => void;
|
|
199
|
+
registerDatasourceDef?: (def: {
|
|
200
|
+
name: string;
|
|
201
|
+
schemaMode?: string;
|
|
202
|
+
external?: {
|
|
203
|
+
allowWrites?: boolean;
|
|
204
|
+
};
|
|
205
|
+
}) => void;
|
|
206
|
+
getDriverByName?: (name: string) => unknown;
|
|
207
|
+
/**
|
|
208
|
+
* Register read metadata (DDL-free) for a federated object so its physical
|
|
209
|
+
* remote table/columns resolve for queries. Idempotent; called per bound
|
|
210
|
+
* external object after the driver is registered, because boot schema-sync
|
|
211
|
+
* ran before this driver existed (ADR-0015 §18; matches what the legacy
|
|
212
|
+
* `onEnable` bridge does manually).
|
|
213
|
+
*/
|
|
214
|
+
syncObjectSchema?: (objectName: string) => Promise<void>;
|
|
215
|
+
}
|
|
216
|
+
/** Secret dereference surface (the `SecretBinder.resolve`, Phase 2 / D3). */
|
|
217
|
+
interface ConnectionSecretResolver {
|
|
218
|
+
resolve?: (credentialsRef: string) => Promise<string | undefined>;
|
|
219
|
+
}
|
|
220
|
+
interface DatasourceConnectionServiceConfig {
|
|
221
|
+
/** Resolve the host driver factory (lazy — may be registered after init). */
|
|
222
|
+
factory: () => IDatasourceDriverFactory | undefined;
|
|
223
|
+
/** Resolve the ObjectQL engine (lazy). */
|
|
224
|
+
engine: () => ConnectionEngineLike | undefined;
|
|
225
|
+
/** Dereference `credentialsRef` → cleartext (Phase 2). Optional in Phase 1. */
|
|
226
|
+
secrets?: ConnectionSecretResolver;
|
|
227
|
+
/** Injectable connect policy. Defaults to {@link allowAllConnectPolicy}. */
|
|
228
|
+
policy?: DatasourceConnectPolicy;
|
|
229
|
+
logger?: Logger;
|
|
230
|
+
}
|
|
231
|
+
/** Outcome of a single {@link DatasourceConnectionService.connect} attempt. */
|
|
232
|
+
type ConnectStatus = 'connected' | 'already-registered' | 'skipped-policy' | 'skipped-no-infra' | 'skipped-unsupported' | 'failed-credentials' | 'failed-degraded';
|
|
233
|
+
interface ConnectResult {
|
|
234
|
+
name: string;
|
|
235
|
+
status: ConnectStatus;
|
|
236
|
+
reason?: string;
|
|
237
|
+
}
|
|
238
|
+
/**
|
|
239
|
+
* ADR-0062 D2 — is this declared datasource "meaningfully addressed", such that
|
|
240
|
+
* auto-connecting it is safe and intended?
|
|
241
|
+
*
|
|
242
|
+
* Returns true when:
|
|
243
|
+
* - (a) it is external (`schemaMode !== 'managed'`), OR
|
|
244
|
+
* - (b) some object **explicitly** binds to it (`object.datasource === name`), OR
|
|
245
|
+
* - (c) it sets `autoConnect: true`.
|
|
246
|
+
*
|
|
247
|
+
* Deliberately NOT triggered by a `datasourceMapping` rule alone. A managed
|
|
248
|
+
* datasource that is only *mapped* (namespace/package/default) but has no live
|
|
249
|
+
* driver historically falls through to the `default` driver at query time
|
|
250
|
+
* (`engine.getDriver` step 4) — e.g. `examples/app-crm`'s `crm_primary`
|
|
251
|
+
* (`:memory:`, mapped + default-fallback, no `onEnable`). Connecting it would
|
|
252
|
+
* divert those objects to a fresh, empty connection and silently change app
|
|
253
|
+
* behavior. So mapping-only routing to a *managed* datasource is treated as
|
|
254
|
+
* decorative, keeping existing apps byte-for-byte unchanged (D2's load-bearing
|
|
255
|
+
* backward-compat guarantee). External datasources and explicit
|
|
256
|
+
* `object.datasource` bindings never resolved to `default` (they throw when
|
|
257
|
+
* unregistered), so auto-connecting them is a strict improvement, not a change.
|
|
258
|
+
*/
|
|
259
|
+
declare function isDatasourceAddressed(ds: Pick<ConnectableDatasource, 'name' | 'schemaMode' | 'autoConnect'>, ctx: {
|
|
260
|
+
objects?: readonly DatasourceBoundObject[];
|
|
261
|
+
}): boolean;
|
|
262
|
+
declare class DatasourceConnectionService {
|
|
263
|
+
private readonly cfg;
|
|
264
|
+
private readonly policy;
|
|
265
|
+
private readonly logger?;
|
|
266
|
+
constructor(cfg: DatasourceConnectionServiceConfig);
|
|
267
|
+
/**
|
|
268
|
+
* Auto-connect the declared (code-defined) datasources that pass the D2 gate.
|
|
269
|
+
* Called from `AppPlugin.start()` with the app bundle's datasources + objects.
|
|
270
|
+
* Each connected external datasource also has its bound objects' read metadata
|
|
271
|
+
* synced so they are immediately queryable with zero app code.
|
|
272
|
+
*/
|
|
273
|
+
connectDeclared(input: {
|
|
274
|
+
datasources: readonly ConnectableDatasource[];
|
|
275
|
+
objects?: readonly DatasourceBoundObject[];
|
|
276
|
+
}): Promise<ConnectResult[]>;
|
|
277
|
+
/**
|
|
278
|
+
* Build + connect + register a single datasource's live driver. The shared
|
|
279
|
+
* core used by both auto-connect and the runtime-admin pool registration.
|
|
280
|
+
*
|
|
281
|
+
* Failure policy (ADR-0062 D5): an `external` datasource with
|
|
282
|
+
* `validation.onMismatch: 'fail'` fails fast (re-throws, bricking boot as
|
|
283
|
+
* intended); everything else degrades with a warning so an optional replica's
|
|
284
|
+
* connectivity blip never bricks boot.
|
|
285
|
+
*/
|
|
286
|
+
connect(record: ConnectableDatasource, opts?: {
|
|
287
|
+
objects?: readonly string[];
|
|
288
|
+
context?: DatasourceConnectContext;
|
|
289
|
+
}): Promise<ConnectResult>;
|
|
290
|
+
/** Gracefully disconnect a previously-registered datasource pool. */
|
|
291
|
+
disconnect(name: string): Promise<void>;
|
|
292
|
+
/**
|
|
293
|
+
* Apply the D5 connect-failure policy (also covers D3 credential failures). A
|
|
294
|
+
* code-defined `external` datasource with `onMismatch:'fail'` auto-connected at
|
|
295
|
+
* boot re-throws (fail-fast, bricking boot as intended). Runtime-admin
|
|
296
|
+
* create/update + boot rehydration always degrade-with-warning — a UI action
|
|
297
|
+
* or a replica blip must never brick the running server (preserves the
|
|
298
|
+
* pre-ADR-0062 admin behavior). Either way the datasource is left unconnected
|
|
299
|
+
* with a clear message — never a silent skip.
|
|
300
|
+
*/
|
|
301
|
+
private handleFailure;
|
|
140
302
|
}
|
|
141
303
|
|
|
142
304
|
/**
|
|
@@ -176,6 +338,8 @@ interface StoredDatasource {
|
|
|
176
338
|
}) | undefined;
|
|
177
339
|
pool?: Record<string, unknown>;
|
|
178
340
|
active?: boolean;
|
|
341
|
+
/** Force a live connection at boot even when managed + unrouted (ADR-0062 D2(c)). */
|
|
342
|
+
autoConnect?: boolean;
|
|
179
343
|
origin?: 'code' | 'runtime';
|
|
180
344
|
/** Package that defines a code-origin datasource, when known. */
|
|
181
345
|
definedIn?: string;
|
|
@@ -276,6 +440,13 @@ interface DatasourceAdminServicePluginOptions {
|
|
|
276
440
|
secrets?: SecretBinder;
|
|
277
441
|
/** Override the driver factory (defaults to the `'datasource-driver-factory'` service). */
|
|
278
442
|
driverFactory?: IDatasourceDriverFactory;
|
|
443
|
+
/**
|
|
444
|
+
* Host-injectable connect policy consulted before opening any datasource
|
|
445
|
+
* connection (ADR-0062 D5 / epic #2163 seam). Open-core default is permissive
|
|
446
|
+
* (allow); a multi-tenant host binds a stricter, fail-closed policy. Shared by
|
|
447
|
+
* both code-defined auto-connect and runtime-admin pool registration.
|
|
448
|
+
*/
|
|
449
|
+
connectPolicy?: DatasourceConnectPolicy;
|
|
279
450
|
logger?: Logger;
|
|
280
451
|
}
|
|
281
452
|
/**
|
|
@@ -301,6 +472,8 @@ declare class DatasourceAdminServicePlugin implements Plugin {
|
|
|
301
472
|
dependencies: string[];
|
|
302
473
|
private service?;
|
|
303
474
|
private config?;
|
|
475
|
+
/** Shared "definition → live driver" path (ADR-0062 D1); also exposed as the `'datasource-connection'` service. */
|
|
476
|
+
private connection?;
|
|
304
477
|
private readonly options;
|
|
305
478
|
constructor(options?: DatasourceAdminServicePluginOptions);
|
|
306
479
|
init(ctx: PluginContext): Promise<void>;
|
|
@@ -318,7 +491,6 @@ declare class DatasourceAdminServicePlugin implements Plugin {
|
|
|
318
491
|
*/
|
|
319
492
|
private rehydratePools;
|
|
320
493
|
destroy(): Promise<void>;
|
|
321
|
-
private toSpec;
|
|
322
494
|
/** Probe a connection via the driver factory: build → connect → ping → close. */
|
|
323
495
|
private probe;
|
|
324
496
|
}
|
|
@@ -439,4 +611,4 @@ declare function createDatasourceSecretBinder(deps: DatasourceSecretBinderDeps):
|
|
|
439
611
|
*/
|
|
440
612
|
declare function registerDatasourceAdminRoutes(server: IHttpServer, ctx: PluginContext, basePath?: string): void;
|
|
441
613
|
|
|
442
|
-
export { DatasourceAdminService, type DatasourceAdminServiceConfig, DatasourceAdminServicePlugin, type DatasourceAdminServicePluginOptions, DatasourceDraft, type DatasourceLike, type DatasourceSecretBinder, type DatasourceSecretBinderDeps, DatasourceSummary, ExternalDatasourceService, type ExternalDatasourceServiceConfig, ExternalDatasourceServicePlugin, type ExternalDatasourceServicePluginOptions, IDatasourceAdminService, IDatasourceDriverFactory, type Logger$1 as Logger, type ObjectLike, type ProbeInput, type SecretBinder, SecretInput, type SecretStoreEngineLike, type StoredDatasource, TestConnectionResult, createDatasourceSecretBinder, createDefaultDatasourceDriverFactory, parseCredentialsRef, registerDatasourceAdminRoutes, toCredentialsRef };
|
|
614
|
+
export { type ConnectResult, type ConnectStatus, type ConnectableDatasource, type ConnectionEngineLike, type ConnectionSecretResolver, DatasourceAdminService, type DatasourceAdminServiceConfig, DatasourceAdminServicePlugin, type DatasourceAdminServicePluginOptions, type DatasourceBoundObject, DatasourceConnectContext, DatasourceConnectPolicy, DatasourceConnectionService, type DatasourceConnectionServiceConfig, DatasourceDraft, type DatasourceLike, type DatasourceSecretBinder, type DatasourceSecretBinderDeps, DatasourceSummary, ExternalDatasourceService, type ExternalDatasourceServiceConfig, ExternalDatasourceServicePlugin, type ExternalDatasourceServicePluginOptions, IDatasourceAdminService, IDatasourceDriverFactory, type Logger$1 as Logger, type ObjectLike, type ProbeInput, type SecretBinder, SecretInput, type SecretStoreEngineLike, type StoredDatasource, TestConnectionResult, createDatasourceSecretBinder, createDefaultDatasourceDriverFactory, isDatasourceAddressed, parseCredentialsRef, registerDatasourceAdminRoutes, toCredentialsRef };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { IExternalDatasourceService, IntrospectedSchema, RemoteTable, GenerateDraftOpts, ObjectDraft, ImportObjectOpts, ImportObjectResult, SchemaValidationResult, SchemaValidationReport, ICryptoProvider, IHttpServer } from '@objectstack/spec/contracts';
|
|
2
2
|
import { ExternalCatalog } from '@objectstack/spec/data';
|
|
3
3
|
import { Plugin, PluginContext } from '@objectstack/core';
|
|
4
|
-
import { IDatasourceAdminService, TestConnectionResult, SecretInput, DatasourceSummary, DatasourceDraft
|
|
5
|
-
export { DatasourceConnectionSpec, DatasourceDriverHandle, DatasourceOrigin } from './contracts/index.js';
|
|
4
|
+
import { IDatasourceDriverFactory, DatasourceConnectPolicy, DatasourceConnectContext, IDatasourceAdminService, TestConnectionResult, SecretInput, DatasourceSummary, DatasourceDraft } from './contracts/index.js';
|
|
5
|
+
export { DatasourceConnectDecision, DatasourceConnectSubject, DatasourceConnectionSpec, DatasourceDriverHandle, DatasourceOrigin, allowAllConnectPolicy } from './contracts/index.js';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
8
|
* ExternalDatasourceService — implements {@link IExternalDatasourceService}
|
|
@@ -137,6 +137,168 @@ declare class ExternalDatasourceServicePlugin implements Plugin {
|
|
|
137
137
|
interface Logger {
|
|
138
138
|
warn: (message: string, meta?: unknown) => void;
|
|
139
139
|
info?: (message: string, meta?: unknown) => void;
|
|
140
|
+
debug?: (message: string, meta?: unknown) => void;
|
|
141
|
+
error?: (message: string, meta?: unknown) => void;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
/**
|
|
145
|
+
* DatasourceConnectionService — the single "definition → live driver" path
|
|
146
|
+
* (ADR-0062 D1).
|
|
147
|
+
*
|
|
148
|
+
* Given a datasource definition, it: consults the injectable connect policy
|
|
149
|
+
* (D5/epic seam), builds a driver via the host-provided driver factory,
|
|
150
|
+
* resolves any `external.credentialsRef` to a cleartext secret via the
|
|
151
|
+
* `SecretBinder` (D3, wired in Phase 2), opens the connection, and registers
|
|
152
|
+
* the live driver + the datasource *definition* into the ObjectQL engine under
|
|
153
|
+
* the datasource name (the engine routes by `driver.name === <datasource>`).
|
|
154
|
+
*
|
|
155
|
+
* Both origins converge here (D1):
|
|
156
|
+
* - **code-defined** datasources auto-connect at boot via
|
|
157
|
+
* {@link connectDeclared} (gated per D2 — see {@link isDatasourceAddressed}),
|
|
158
|
+
* called from `AppPlugin.start()`.
|
|
159
|
+
* - **runtime** (UI-created) datasources connect via {@link connect}, called
|
|
160
|
+
* from `DatasourceAdminServicePlugin`'s `registerPool` (create/update + boot
|
|
161
|
+
* rehydration).
|
|
162
|
+
*
|
|
163
|
+
* Idempotent: a datasource already registered as a live driver is skipped, so
|
|
164
|
+
* an app's legacy `onEnable` driver registration (the escape hatch, ADR-0062
|
|
165
|
+
* D8) and auto-connect never double-register.
|
|
166
|
+
*/
|
|
167
|
+
|
|
168
|
+
/** A datasource definition this service can connect (code- or runtime-origin). */
|
|
169
|
+
interface ConnectableDatasource {
|
|
170
|
+
name: string;
|
|
171
|
+
label?: string;
|
|
172
|
+
driver: string;
|
|
173
|
+
schemaMode?: 'managed' | 'external' | 'validate-only';
|
|
174
|
+
config?: Record<string, unknown>;
|
|
175
|
+
external?: (Record<string, unknown> & {
|
|
176
|
+
credentialsRef?: string;
|
|
177
|
+
validation?: {
|
|
178
|
+
onMismatch?: 'fail' | 'warn' | 'ignore';
|
|
179
|
+
};
|
|
180
|
+
}) | undefined;
|
|
181
|
+
pool?: Record<string, unknown>;
|
|
182
|
+
active?: boolean;
|
|
183
|
+
origin?: 'code' | 'runtime';
|
|
184
|
+
/**
|
|
185
|
+
* ADR-0062 D2(c): explicit opt-in to auto-connect even for a managed,
|
|
186
|
+
* unrouted datasource. Defaults to false.
|
|
187
|
+
*/
|
|
188
|
+
autoConnect?: boolean;
|
|
189
|
+
}
|
|
190
|
+
/** Minimal object shape used for the D2 routing gate + post-connect schema sync. */
|
|
191
|
+
interface DatasourceBoundObject {
|
|
192
|
+
name?: string;
|
|
193
|
+
/** The object's explicit `datasource` binding (ADR-0015 federation). */
|
|
194
|
+
datasource?: string;
|
|
195
|
+
}
|
|
196
|
+
/** Engine surface this service drives (the ObjectQL `'data'` engine). */
|
|
197
|
+
interface ConnectionEngineLike {
|
|
198
|
+
registerDriver?: (driver: unknown, isDefault?: boolean) => void;
|
|
199
|
+
registerDatasourceDef?: (def: {
|
|
200
|
+
name: string;
|
|
201
|
+
schemaMode?: string;
|
|
202
|
+
external?: {
|
|
203
|
+
allowWrites?: boolean;
|
|
204
|
+
};
|
|
205
|
+
}) => void;
|
|
206
|
+
getDriverByName?: (name: string) => unknown;
|
|
207
|
+
/**
|
|
208
|
+
* Register read metadata (DDL-free) for a federated object so its physical
|
|
209
|
+
* remote table/columns resolve for queries. Idempotent; called per bound
|
|
210
|
+
* external object after the driver is registered, because boot schema-sync
|
|
211
|
+
* ran before this driver existed (ADR-0015 §18; matches what the legacy
|
|
212
|
+
* `onEnable` bridge does manually).
|
|
213
|
+
*/
|
|
214
|
+
syncObjectSchema?: (objectName: string) => Promise<void>;
|
|
215
|
+
}
|
|
216
|
+
/** Secret dereference surface (the `SecretBinder.resolve`, Phase 2 / D3). */
|
|
217
|
+
interface ConnectionSecretResolver {
|
|
218
|
+
resolve?: (credentialsRef: string) => Promise<string | undefined>;
|
|
219
|
+
}
|
|
220
|
+
interface DatasourceConnectionServiceConfig {
|
|
221
|
+
/** Resolve the host driver factory (lazy — may be registered after init). */
|
|
222
|
+
factory: () => IDatasourceDriverFactory | undefined;
|
|
223
|
+
/** Resolve the ObjectQL engine (lazy). */
|
|
224
|
+
engine: () => ConnectionEngineLike | undefined;
|
|
225
|
+
/** Dereference `credentialsRef` → cleartext (Phase 2). Optional in Phase 1. */
|
|
226
|
+
secrets?: ConnectionSecretResolver;
|
|
227
|
+
/** Injectable connect policy. Defaults to {@link allowAllConnectPolicy}. */
|
|
228
|
+
policy?: DatasourceConnectPolicy;
|
|
229
|
+
logger?: Logger;
|
|
230
|
+
}
|
|
231
|
+
/** Outcome of a single {@link DatasourceConnectionService.connect} attempt. */
|
|
232
|
+
type ConnectStatus = 'connected' | 'already-registered' | 'skipped-policy' | 'skipped-no-infra' | 'skipped-unsupported' | 'failed-credentials' | 'failed-degraded';
|
|
233
|
+
interface ConnectResult {
|
|
234
|
+
name: string;
|
|
235
|
+
status: ConnectStatus;
|
|
236
|
+
reason?: string;
|
|
237
|
+
}
|
|
238
|
+
/**
|
|
239
|
+
* ADR-0062 D2 — is this declared datasource "meaningfully addressed", such that
|
|
240
|
+
* auto-connecting it is safe and intended?
|
|
241
|
+
*
|
|
242
|
+
* Returns true when:
|
|
243
|
+
* - (a) it is external (`schemaMode !== 'managed'`), OR
|
|
244
|
+
* - (b) some object **explicitly** binds to it (`object.datasource === name`), OR
|
|
245
|
+
* - (c) it sets `autoConnect: true`.
|
|
246
|
+
*
|
|
247
|
+
* Deliberately NOT triggered by a `datasourceMapping` rule alone. A managed
|
|
248
|
+
* datasource that is only *mapped* (namespace/package/default) but has no live
|
|
249
|
+
* driver historically falls through to the `default` driver at query time
|
|
250
|
+
* (`engine.getDriver` step 4) — e.g. `examples/app-crm`'s `crm_primary`
|
|
251
|
+
* (`:memory:`, mapped + default-fallback, no `onEnable`). Connecting it would
|
|
252
|
+
* divert those objects to a fresh, empty connection and silently change app
|
|
253
|
+
* behavior. So mapping-only routing to a *managed* datasource is treated as
|
|
254
|
+
* decorative, keeping existing apps byte-for-byte unchanged (D2's load-bearing
|
|
255
|
+
* backward-compat guarantee). External datasources and explicit
|
|
256
|
+
* `object.datasource` bindings never resolved to `default` (they throw when
|
|
257
|
+
* unregistered), so auto-connecting them is a strict improvement, not a change.
|
|
258
|
+
*/
|
|
259
|
+
declare function isDatasourceAddressed(ds: Pick<ConnectableDatasource, 'name' | 'schemaMode' | 'autoConnect'>, ctx: {
|
|
260
|
+
objects?: readonly DatasourceBoundObject[];
|
|
261
|
+
}): boolean;
|
|
262
|
+
declare class DatasourceConnectionService {
|
|
263
|
+
private readonly cfg;
|
|
264
|
+
private readonly policy;
|
|
265
|
+
private readonly logger?;
|
|
266
|
+
constructor(cfg: DatasourceConnectionServiceConfig);
|
|
267
|
+
/**
|
|
268
|
+
* Auto-connect the declared (code-defined) datasources that pass the D2 gate.
|
|
269
|
+
* Called from `AppPlugin.start()` with the app bundle's datasources + objects.
|
|
270
|
+
* Each connected external datasource also has its bound objects' read metadata
|
|
271
|
+
* synced so they are immediately queryable with zero app code.
|
|
272
|
+
*/
|
|
273
|
+
connectDeclared(input: {
|
|
274
|
+
datasources: readonly ConnectableDatasource[];
|
|
275
|
+
objects?: readonly DatasourceBoundObject[];
|
|
276
|
+
}): Promise<ConnectResult[]>;
|
|
277
|
+
/**
|
|
278
|
+
* Build + connect + register a single datasource's live driver. The shared
|
|
279
|
+
* core used by both auto-connect and the runtime-admin pool registration.
|
|
280
|
+
*
|
|
281
|
+
* Failure policy (ADR-0062 D5): an `external` datasource with
|
|
282
|
+
* `validation.onMismatch: 'fail'` fails fast (re-throws, bricking boot as
|
|
283
|
+
* intended); everything else degrades with a warning so an optional replica's
|
|
284
|
+
* connectivity blip never bricks boot.
|
|
285
|
+
*/
|
|
286
|
+
connect(record: ConnectableDatasource, opts?: {
|
|
287
|
+
objects?: readonly string[];
|
|
288
|
+
context?: DatasourceConnectContext;
|
|
289
|
+
}): Promise<ConnectResult>;
|
|
290
|
+
/** Gracefully disconnect a previously-registered datasource pool. */
|
|
291
|
+
disconnect(name: string): Promise<void>;
|
|
292
|
+
/**
|
|
293
|
+
* Apply the D5 connect-failure policy (also covers D3 credential failures). A
|
|
294
|
+
* code-defined `external` datasource with `onMismatch:'fail'` auto-connected at
|
|
295
|
+
* boot re-throws (fail-fast, bricking boot as intended). Runtime-admin
|
|
296
|
+
* create/update + boot rehydration always degrade-with-warning — a UI action
|
|
297
|
+
* or a replica blip must never brick the running server (preserves the
|
|
298
|
+
* pre-ADR-0062 admin behavior). Either way the datasource is left unconnected
|
|
299
|
+
* with a clear message — never a silent skip.
|
|
300
|
+
*/
|
|
301
|
+
private handleFailure;
|
|
140
302
|
}
|
|
141
303
|
|
|
142
304
|
/**
|
|
@@ -176,6 +338,8 @@ interface StoredDatasource {
|
|
|
176
338
|
}) | undefined;
|
|
177
339
|
pool?: Record<string, unknown>;
|
|
178
340
|
active?: boolean;
|
|
341
|
+
/** Force a live connection at boot even when managed + unrouted (ADR-0062 D2(c)). */
|
|
342
|
+
autoConnect?: boolean;
|
|
179
343
|
origin?: 'code' | 'runtime';
|
|
180
344
|
/** Package that defines a code-origin datasource, when known. */
|
|
181
345
|
definedIn?: string;
|
|
@@ -276,6 +440,13 @@ interface DatasourceAdminServicePluginOptions {
|
|
|
276
440
|
secrets?: SecretBinder;
|
|
277
441
|
/** Override the driver factory (defaults to the `'datasource-driver-factory'` service). */
|
|
278
442
|
driverFactory?: IDatasourceDriverFactory;
|
|
443
|
+
/**
|
|
444
|
+
* Host-injectable connect policy consulted before opening any datasource
|
|
445
|
+
* connection (ADR-0062 D5 / epic #2163 seam). Open-core default is permissive
|
|
446
|
+
* (allow); a multi-tenant host binds a stricter, fail-closed policy. Shared by
|
|
447
|
+
* both code-defined auto-connect and runtime-admin pool registration.
|
|
448
|
+
*/
|
|
449
|
+
connectPolicy?: DatasourceConnectPolicy;
|
|
279
450
|
logger?: Logger;
|
|
280
451
|
}
|
|
281
452
|
/**
|
|
@@ -301,6 +472,8 @@ declare class DatasourceAdminServicePlugin implements Plugin {
|
|
|
301
472
|
dependencies: string[];
|
|
302
473
|
private service?;
|
|
303
474
|
private config?;
|
|
475
|
+
/** Shared "definition → live driver" path (ADR-0062 D1); also exposed as the `'datasource-connection'` service. */
|
|
476
|
+
private connection?;
|
|
304
477
|
private readonly options;
|
|
305
478
|
constructor(options?: DatasourceAdminServicePluginOptions);
|
|
306
479
|
init(ctx: PluginContext): Promise<void>;
|
|
@@ -318,7 +491,6 @@ declare class DatasourceAdminServicePlugin implements Plugin {
|
|
|
318
491
|
*/
|
|
319
492
|
private rehydratePools;
|
|
320
493
|
destroy(): Promise<void>;
|
|
321
|
-
private toSpec;
|
|
322
494
|
/** Probe a connection via the driver factory: build → connect → ping → close. */
|
|
323
495
|
private probe;
|
|
324
496
|
}
|
|
@@ -439,4 +611,4 @@ declare function createDatasourceSecretBinder(deps: DatasourceSecretBinderDeps):
|
|
|
439
611
|
*/
|
|
440
612
|
declare function registerDatasourceAdminRoutes(server: IHttpServer, ctx: PluginContext, basePath?: string): void;
|
|
441
613
|
|
|
442
|
-
export { DatasourceAdminService, type DatasourceAdminServiceConfig, DatasourceAdminServicePlugin, type DatasourceAdminServicePluginOptions, DatasourceDraft, type DatasourceLike, type DatasourceSecretBinder, type DatasourceSecretBinderDeps, DatasourceSummary, ExternalDatasourceService, type ExternalDatasourceServiceConfig, ExternalDatasourceServicePlugin, type ExternalDatasourceServicePluginOptions, IDatasourceAdminService, IDatasourceDriverFactory, type Logger$1 as Logger, type ObjectLike, type ProbeInput, type SecretBinder, SecretInput, type SecretStoreEngineLike, type StoredDatasource, TestConnectionResult, createDatasourceSecretBinder, createDefaultDatasourceDriverFactory, parseCredentialsRef, registerDatasourceAdminRoutes, toCredentialsRef };
|
|
614
|
+
export { type ConnectResult, type ConnectStatus, type ConnectableDatasource, type ConnectionEngineLike, type ConnectionSecretResolver, DatasourceAdminService, type DatasourceAdminServiceConfig, DatasourceAdminServicePlugin, type DatasourceAdminServicePluginOptions, type DatasourceBoundObject, DatasourceConnectContext, DatasourceConnectPolicy, DatasourceConnectionService, type DatasourceConnectionServiceConfig, DatasourceDraft, type DatasourceLike, type DatasourceSecretBinder, type DatasourceSecretBinderDeps, DatasourceSummary, ExternalDatasourceService, type ExternalDatasourceServiceConfig, ExternalDatasourceServicePlugin, type ExternalDatasourceServicePluginOptions, IDatasourceAdminService, IDatasourceDriverFactory, type Logger$1 as Logger, type ObjectLike, type ProbeInput, type SecretBinder, SecretInput, type SecretStoreEngineLike, type StoredDatasource, TestConnectionResult, createDatasourceSecretBinder, createDefaultDatasourceDriverFactory, isDatasourceAddressed, parseCredentialsRef, registerDatasourceAdminRoutes, toCredentialsRef };
|