@sqldoc/ns-anon 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +30 -0
  2. package/src/__tests__/anon.test.ts +94 -0
  3. package/src/index.ts +63 -0
package/package.json ADDED
@@ -0,0 +1,30 @@
1
+ {
2
+ "type": "module",
3
+ "name": "@sqldoc/ns-anon",
4
+ "version": "0.0.1",
5
+ "description": "PostgreSQL Anonymizer namespace for sqldoc -- generates SECURITY LABEL statements",
6
+ "exports": {
7
+ ".": {
8
+ "types": "./src/index.ts",
9
+ "import": "./src/index.ts",
10
+ "default": "./src/index.ts"
11
+ }
12
+ },
13
+ "main": "./src/index.ts",
14
+ "types": "./src/index.ts",
15
+ "files": [
16
+ "src",
17
+ "package.json"
18
+ ],
19
+ "peerDependencies": {
20
+ "@sqldoc/core": "0.0.1"
21
+ },
22
+ "devDependencies": {
23
+ "typescript": "^5.9.3",
24
+ "vitest": "^4.1.0",
25
+ "@sqldoc/core": "0.0.1"
26
+ },
27
+ "scripts": {
28
+ "test": "vitest run"
29
+ }
30
+ }
package/src/__tests__/anon.test.ts ADDED
@@ -0,0 +1,94 @@
1
+ import type { TagContext } from '@sqldoc/core'
2
+ import { describe, expect, it } from 'vitest'
3
+ import plugin from '../index'
4
+
5
+ function makeCtx(overrides: Partial<TagContext> = {}): TagContext {
6
+ return {
7
+ target: 'column',
8
+ objectName: 'users',
9
+ columnName: 'email',
10
+ tag: { name: 'mask', args: ['anon.fake_email()'] },
11
+ namespaceTags: [],
12
+ siblingTags: [],
13
+ fileTags: [],
14
+ astNode: null,
15
+ fileStatements: [],
16
+ config: {},
17
+ filePath: 'test.sql',
18
+ ...overrides,
19
+ }
20
+ }
21
+
22
+ describe('ns-anon plugin', () => {
23
+ it('exports apiVersion === 1', () => {
24
+ expect(plugin.apiVersion).toBe(1)
25
+ })
26
+
27
+ it('exports name === "anon"', () => {
28
+ expect(plugin.name).toBe('anon')
29
+ })
30
+
31
+ it('has mask, fake, and $self tag entries', () => {
32
+ expect(plugin.tags).toHaveProperty('mask')
33
+ expect(plugin.tags).toHaveProperty('fake')
34
+ expect(plugin.tags).toHaveProperty('$self')
35
+ })
36
+
37
+ describe('onTag', () => {
38
+ it('@anon.mask produces SECURITY LABEL statement', () => {
39
+ const ctx = makeCtx({
40
+ objectName: 'users',
41
+ columnName: 'last_name',
42
+ tag: { name: 'mask', args: ['anon.fake_last_name()'] },
43
+ })
44
+ const result = plugin.onTag!(ctx) as any
45
+ expect(result.sql).toEqual([
46
+ {
47
+ sql: `SECURITY LABEL FOR anon ON COLUMN "users"."last_name" IS 'MASKED WITH FUNCTION anon.fake_last_name()';`,
48
+ },
49
+ ])
50
+ })
51
+
52
+ it('@anon.fake produces SECURITY LABEL statement', () => {
53
+ const ctx = makeCtx({
54
+ objectName: 'users',
55
+ columnName: 'email',
56
+ tag: { name: 'fake', args: ['anon.fake_email()'] },
57
+ })
58
+ const result = plugin.onTag!(ctx) as any
59
+ expect(result.sql).toEqual([
60
+ {
61
+ sql: `SECURITY LABEL FOR anon ON COLUMN "users"."email" IS 'MASKED WITH FUNCTION anon.fake_email()';`,
62
+ },
63
+ ])
64
+ })
65
+
66
+ it('@anon.$self with no args on table returns undefined', () => {
67
+ const ctx = makeCtx({
68
+ target: 'table',
69
+ columnName: undefined,
70
+ tag: { name: '$self', args: {} },
71
+ })
72
+ const result = plugin.onTag!(ctx)
73
+ expect(result).toBeUndefined()
74
+ })
75
+
76
+ it('mask with missing columnName returns undefined', () => {
77
+ const ctx = makeCtx({
78
+ columnName: undefined,
79
+ tag: { name: 'mask', args: ['anon.fake_last_name()'] },
80
+ })
81
+ const result = plugin.onTag!(ctx)
82
+ expect(result).toBeUndefined()
83
+ })
84
+
85
+ it('fake with missing columnName returns undefined', () => {
86
+ const ctx = makeCtx({
87
+ columnName: undefined,
88
+ tag: { name: 'fake', args: ['anon.fake_email()'] },
89
+ })
90
+ const result = plugin.onTag!(ctx)
91
+ expect(result).toBeUndefined()
92
+ })
93
+ })
94
+ })
package/src/index.ts ADDED
@@ -0,0 +1,63 @@
1
+ import type { NamespacePlugin, TagContext, TagOutput } from '@sqldoc/core'
2
+
3
+ const plugin: NamespacePlugin = {
4
+ apiVersion: 1,
5
+ name: 'anon',
6
+ tags: {
7
+ mask: {
8
+ description: 'Mask this column using a PostgreSQL Anonymizer function',
9
+ targets: ['column'],
10
+ args: [{ type: 'string' }],
11
+ },
12
+ fake: {
13
+ description: 'Generate fake data for this column using a PostgreSQL Anonymizer function',
14
+ targets: ['column'],
15
+ args: [{ type: 'string' }],
16
+ },
17
+ $self: {
18
+ description: 'Mark this table as containing anonymizable data',
19
+ targets: ['table'],
20
+ },
21
+ },
22
+
23
+ onTag(ctx: TagContext): TagOutput | undefined {
24
+ const { tag, objectName, columnName } = ctx
25
+
26
+ switch (tag.name) {
27
+ case 'mask': {
28
+ if (!columnName) return undefined
29
+ const fnExpr = Array.isArray(tag.args) ? tag.args[0] : undefined
30
+ if (!fnExpr) return undefined
31
+ return {
32
+ sql: [
33
+ {
34
+ sql: `SECURITY LABEL FOR anon ON COLUMN "${objectName}"."${columnName}" IS 'MASKED WITH FUNCTION ${fnExpr}';`,
35
+ },
36
+ ],
37
+ docs: {
38
+ columns: [{ header: 'Anonymization', object: objectName, column: columnName, value: `Masked: ${fnExpr}` }],
39
+ },
40
+ }
41
+ }
42
+ case 'fake': {
43
+ if (!columnName) return undefined
44
+ const fnExpr = Array.isArray(tag.args) ? tag.args[0] : undefined
45
+ if (!fnExpr) return undefined
46
+ return {
47
+ sql: [
48
+ {
49
+ sql: `SECURITY LABEL FOR anon ON COLUMN "${objectName}"."${columnName}" IS 'MASKED WITH FUNCTION ${fnExpr}';`,
50
+ },
51
+ ],
52
+ docs: {
53
+ columns: [{ header: 'Anonymization', object: objectName, column: columnName, value: `Fake: ${fnExpr}` }],
54
+ },
55
+ }
56
+ }
57
+ default:
58
+ return undefined
59
+ }
60
+ },
61
+ }
62
+
63
+ export default plugin