npm - @pgpmjs/core - Versions diffs - 3.0.9 → 3.1.1 - Mend

@pgpmjs/core 3.0.9 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/esm/index.js +1 -0
package/esm/init/client.js +27 -79
package/esm/roles/index.js +532 -0
package/index.d.ts +1 -0
package/index.js +1 -0
package/init/client.d.ts +23 -8
package/init/client.js +27 -79
package/package.json +7 -7
package/roles/index.d.ts +38 -0
package/roles/index.js +540 -0
package/esm/init/sql/bootstrap-roles.sql +0 -55
package/esm/init/sql/bootstrap-test-roles.sql +0 -72
package/init/sql/bootstrap-roles.sql +0 -55
package/init/sql/bootstrap-test-roles.sql +0 -72

package/index.js CHANGED Viewed

@@ -37,6 +37,7 @@ var client_1 = require("./migrate/client");
 Object.defineProperty(exports, "PgpmMigrate", { enumerable: true, get: function () { return client_1.PgpmMigrate; } });
 var client_2 = require("./init/client");
 Object.defineProperty(exports, "PgpmInit", { enumerable: true, get: function () { return client_2.PgpmInit; } });
+__exportStar(require("./roles"), exports);
 var hash_1 = require("./migrate/utils/hash");
 Object.defineProperty(exports, "hashFile", { enumerable: true, get: function () { return hash_1.hashFile; } });
 Object.defineProperty(exports, "hashString", { enumerable: true, get: function () { return hash_1.hashString; } });

package/init/client.d.ts CHANGED Viewed

@@ -1,24 +1,39 @@
+import { RoleMapping, TestUserCredentials } from '@pgpmjs/types';
 import { PgConfig } from 'pg-env';
 export declare class PgpmInit {
     private pool;
     private pgConfig;
     constructor(config: PgConfig);
     /**
-     * Bootstrap standard roles (anonymous, authenticated, administrator)
+     * Bootstrap standard roles (anonymous, authenticated, administrator).
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param roles - Role mapping from getConnEnvOptions().roles!
      */
-    bootstrapRoles(): Promise<void>;
+    bootstrapRoles(roles: RoleMapping): Promise<void>;
     /**
-     * Bootstrap test roles (roles only, no users)
+     * Bootstrap test roles (app_user, app_admin with grants to base roles).
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param roles - Role mapping from getConnEnvOptions().roles!
+     * @param connections - Test user credentials from getConnEnvOptions().connections!
      */
-    bootstrapTestRoles(): Promise<void>;
+    bootstrapTestRoles(roles: RoleMapping, connections: TestUserCredentials): Promise<void>;
     /**
-     * Bootstrap database roles with custom username and password
+     * Bootstrap database roles with custom username and password.
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param username - The username to create
+     * @param password - The password for the user
+     * @param roles - Role mapping from getConnEnvOptions().roles!
+     * @param useLocksForRoles - Whether to use advisory locks (from getConnEnvOptions().useLocksForRoles)
      */
-    bootstrapDbRoles(username: string, password: string): Promise<void>;
+    bootstrapDbRoles(username: string, password: string, roles: RoleMapping, useLocksForRoles?: boolean): Promise<void>;
     /**
-     * Remove database roles and revoke grants
+     * Remove database roles and revoke grants.
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param username - The username to remove
+     * @param roles - Role mapping from getConnEnvOptions().roles!
+     * @param useLocksForRoles - Whether to use advisory locks (from getConnEnvOptions().useLocksForRoles)
      */
-    removeDbRoles(username: string): Promise<void>;
+    removeDbRoles(username: string, roles: RoleMapping, useLocksForRoles?: boolean): Promise<void>;
     /**
      * Close the database connection
      */

package/init/client.js CHANGED Viewed

@@ -2,9 +2,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PgpmInit = void 0;
 const logger_1 = require("@pgpmjs/logger");
-const fs_1 = require("fs");
-const path_1 = require("path");
 const pg_cache_1 = require("pg-cache");
+const roles_1 = require("../roles");
 const log = new logger_1.Logger('init');
 class PgpmInit {
     pool;
@@ -14,13 +13,14 @@ class PgpmInit {
         this.pool = (0, pg_cache_1.getPgPool)(this.pgConfig);
     }
     /**
-     * Bootstrap standard roles (anonymous, authenticated, administrator)
+     * Bootstrap standard roles (anonymous, authenticated, administrator).
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param roles - Role mapping from getConnEnvOptions().roles!
      */
-    async bootstrapRoles() {
+    async bootstrapRoles(roles) {
         try {
             log.info('Bootstrapping PGPM roles...');
-            const sqlPath = (0, path_1.join)(__dirname, 'sql', 'bootstrap-roles.sql');
-            const sql = (0, fs_1.readFileSync)(sqlPath, 'utf-8');
+            const sql = (0, roles_1.generateCreateBaseRolesSQL)(roles);
             await this.pool.query(sql);
             log.success('Successfully bootstrapped PGPM roles');
         }
@@ -30,14 +30,16 @@ class PgpmInit {
         }
     }
     /**
-     * Bootstrap test roles (roles only, no users)
+     * Bootstrap test roles (app_user, app_admin with grants to base roles).
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param roles - Role mapping from getConnEnvOptions().roles!
+     * @param connections - Test user credentials from getConnEnvOptions().connections!
      */
-    async bootstrapTestRoles() {
+    async bootstrapTestRoles(roles, connections) {
         try {
             log.warn('WARNING: This command creates test roles and should NEVER be run on a production database!');
             log.info('Bootstrapping PGPM test roles...');
-            const sqlPath = (0, path_1.join)(__dirname, 'sql', 'bootstrap-test-roles.sql');
-            const sql = (0, fs_1.readFileSync)(sqlPath, 'utf-8');
+            const sql = (0, roles_1.generateCreateTestUsersSQL)(roles, connections);
             await this.pool.query(sql);
             log.success('Successfully bootstrapped PGPM test roles');
         }
@@ -47,58 +49,17 @@ class PgpmInit {
         }
     }
     /**
-     * Bootstrap database roles with custom username and password
+     * Bootstrap database roles with custom username and password.
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param username - The username to create
+     * @param password - The password for the user
+     * @param roles - Role mapping from getConnEnvOptions().roles!
+     * @param useLocksForRoles - Whether to use advisory locks (from getConnEnvOptions().useLocksForRoles)
      */
-    async bootstrapDbRoles(username, password) {
+    async bootstrapDbRoles(username, password, roles, useLocksForRoles = false) {
         try {
             log.info(`Bootstrapping PGPM database roles for user: ${username}...`);
-            const sql = `
-BEGIN;
-DO $do$
-DECLARE
-  v_username TEXT := '${username.replace(/'/g, "''")}';
-  v_password TEXT := '${password.replace(/'/g, "''")}';
-BEGIN
-  BEGIN
-    EXECUTE format('CREATE ROLE %I LOGIN PASSWORD %L', v_username, v_password);
-  EXCEPTION
-    WHEN duplicate_object THEN
-      -- Role already exists; optionally sync attributes here with ALTER ROLE
-      NULL;
-  END;
-END
-$do$;
--- Robust GRANTs under concurrency: GRANT can race on pg_auth_members unique index.
--- Catch unique_violation (23505) and continue so CI/CD concurrent jobs don't fail.
-DO $do$
-DECLARE
-  v_username TEXT := '${username.replace(/'/g, "''")}';
-BEGIN
-  BEGIN
-    EXECUTE format('GRANT %I TO %I', 'anonymous', v_username);
-  EXCEPTION
-    WHEN unique_violation THEN
-      -- Membership was granted concurrently; ignore.
-      NULL;
-    WHEN undefined_object THEN
-      -- One of the roles doesn't exist yet; order operations as needed.
-      RAISE NOTICE 'Missing role when granting % to %', 'anonymous', v_username;
-  END;
-  BEGIN
-    EXECUTE format('GRANT %I TO %I', 'authenticated', v_username);
-  EXCEPTION
-    WHEN unique_violation THEN
-      -- Membership was granted concurrently; ignore.
-      NULL;
-    WHEN undefined_object THEN
-      RAISE NOTICE 'Missing role when granting % to %', 'authenticated', v_username;
-  END;
-END
-$do$;
-COMMIT;
-      `;
+            const sql = (0, roles_1.generateCreateUserSQL)(username, password, roles, useLocksForRoles);
             await this.pool.query(sql);
             log.success(`Successfully bootstrapped PGPM database roles for user: ${username}`);
         }
@@ -108,29 +69,16 @@ COMMIT;
         }
     }
     /**
-     * Remove database roles and revoke grants
+     * Remove database roles and revoke grants.
+     * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+     * @param username - The username to remove
+     * @param roles - Role mapping from getConnEnvOptions().roles!
+     * @param useLocksForRoles - Whether to use advisory locks (from getConnEnvOptions().useLocksForRoles)
      */
-    async removeDbRoles(username) {
+    async removeDbRoles(username, roles, useLocksForRoles = false) {
         try {
             log.info(`Removing PGPM database roles for user: ${username}...`);
-            const sql = `
-BEGIN;
-DO $do$
-BEGIN
-    IF EXISTS (
-        SELECT 1
-        FROM
-            pg_catalog.pg_roles
-        WHERE
-            rolname = '${username}') THEN
-    REVOKE anonymous FROM ${username};
-    REVOKE authenticated FROM ${username};
-    DROP ROLE ${username};
-END IF;
-END
-$do$;
-COMMIT;
-      `;
+            const sql = (0, roles_1.generateRemoveUserSQL)(username, roles, useLocksForRoles);
             await this.pool.query(sql);
             log.success(`Successfully removed PGPM database roles for user: ${username}`);
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pgpmjs/core",
-  "version": "3.0.9",
+  "version": "3.1.1",
   "author": "Constructive <developers@constructive.io>",
   "description": "PGPM Package and Migration Tools",
   "main": "index.js",
@@ -22,7 +22,7 @@
   "scripts": {
     "copy": "npm run copy:pkg; npm run copy:sql",
     "copy:pkg": "makage assets",
-    "copy:sql": "copyfiles -f src/migrate/sql/* dist/migrate/sql && copyfiles -f src/migrate/sql/* dist/esm/migrate/sql && copyfiles -f src/init/sql/* dist/init/sql && copyfiles -f src/init/sql/* dist/esm/init/sql",
+    "copy:sql": "copyfiles -f src/migrate/sql/* dist/migrate/sql && copyfiles -f src/migrate/sql/* dist/esm/migrate/sql",
     "clean": "makage clean",
     "prepack": "npm run build",
     "build": "makage build && npm run copy",
@@ -47,21 +47,21 @@
     "makage": "^0.1.9"
   },
   "dependencies": {
-    "@pgpmjs/env": "^2.8.5",
+    "@pgpmjs/env": "^2.8.7",
     "@pgpmjs/logger": "^1.3.5",
-    "@pgpmjs/server-utils": "^2.8.7",
-    "@pgpmjs/types": "^2.12.5",
+    "@pgpmjs/server-utils": "^2.8.8",
+    "@pgpmjs/types": "^2.12.6",
     "create-gen-app": "^0.6.0",
     "csv-to-pg": "^2.0.10",
     "glob": "^13.0.0",
     "komoji": "^0.7.11",
     "parse-package-name": "^1.0.0",
     "pg": "^8.16.3",
-    "pg-cache": "^1.6.7",
+    "pg-cache": "^1.6.8",
     "pg-env": "^1.2.4",
     "pgsql-deparser": "^17.12.2",
     "pgsql-parser": "^17.9.2",
     "yanse": "^0.1.8"
   },
-  "gitHead": "63d51202de99ec03c329e00e5cd1dff4bc60b367"
+  "gitHead": "248d4056d3191b71bcab5892ef98b09164de9f7f"
 }

package/roles/index.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+import { RoleMapping, TestUserCredentials } from '@pgpmjs/types';
+/**
+ * Generate SQL to create base roles (anonymous, authenticated, administrator).
+ * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+ * @param roles - Role mapping from getConnEnvOptions().roles!
+ * @throws Error if roles is undefined or missing required properties
+ */
+export declare function generateCreateBaseRolesSQL(roles: RoleMapping): string;
+/**
+ * Generate SQL to create a user with password and grant base roles.
+ * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+ * @param roles - Role mapping from getConnEnvOptions().roles!
+ * @param useLocksForRoles - Whether to use advisory locks (from getConnEnvOptions().useLocksForRoles)
+ */
+export declare function generateCreateUserSQL(username: string, password: string, roles: RoleMapping, useLocksForRoles?: boolean): string;
+/**
+ * Generate SQL to create test users with grants to base roles.
+ * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+ * @param roles - Role mapping from getConnEnvOptions().roles!
+ * @param connections - Test user credentials from getConnEnvOptions().connections!
+ */
+export declare function generateCreateTestUsersSQL(roles: RoleMapping, connections: TestUserCredentials): string;
+/**
+ * Generate SQL to grant a role to a user
+ */
+export declare function generateGrantRoleSQL(role: string, user: string): string;
+/**
+ * Generate SQL to remove a user and revoke grants.
+ * Callers should use getConnEnvOptions() from @pgpmjs/env to get merged values.
+ * @param roles - Role mapping from getConnEnvOptions().roles!
+ * @param useLocksForRoles - Whether to use advisory locks (from getConnEnvOptions().useLocksForRoles)
+ */
+export declare function generateRemoveUserSQL(username: string, roles: RoleMapping, useLocksForRoles?: boolean): string;
+/**
+ * Generate SQL to create a user with grants to specified roles (for test harness)
+ * @param useLocksForRoles - Whether to use advisory locks (from getConnEnvOptions().useLocksForRoles)
+ */
+export declare function generateCreateUserWithGrantsSQL(username: string, password: string, rolesToGrant: string[], useLocksForRoles?: boolean): string;