npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.21 → 1.0.0-alpha.23 - Mend

@supabase/pg-delta 1.0.0-alpha.21 → 1.0.0-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

package/src/core/objects/aggregate/aggregate.model.ts CHANGED Viewed

@@ -6,6 +6,10 @@ import {
   type PrivilegeProps,
   privilegePropsSchema,
 } from "../base.privilege-diff.ts";
+import {
+  type SecurityLabelProps,
+  securityLabelPropsSchema,
+} from "../security-label.types.ts";
 const AggregateKindSchema = z.enum([
   "n", // normal aggregate
@@ -75,6 +79,7 @@ const aggregatePropsSchema = z.object({
   owner: z.string(),
   comment: z.string().nullable(),
   privileges: z.array(privilegePropsSchema),
+  security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 type AggregatePrivilegeProps = PrivilegeProps;
@@ -122,6 +127,7 @@ export class Aggregate extends BasePgModel {
   public readonly owner: AggregateProps["owner"];
   public readonly comment: AggregateProps["comment"];
   public readonly privileges: AggregatePrivilegeProps[];
+  public readonly security_labels: SecurityLabelProps[];
   constructor(props: AggregateProps) {
     super();
@@ -168,6 +174,7 @@ export class Aggregate extends BasePgModel {
     this.owner = props.owner;
     this.comment = props.comment;
     this.privileges = props.privileges;
+    this.security_labels = props.security_labels ?? [];
   }
   get stableId(): `aggregate:${string}` {
@@ -224,6 +231,7 @@ export class Aggregate extends BasePgModel {
       owner: this.owner,
       comment: this.comment,
       privileges: this.privileges,
+      security_labels: this.security_labels,
     };
   }
 }
@@ -294,7 +302,20 @@ select
       )
       from lateral aclexplode(COALESCE(p.proacl, acldefault('f', p.proowner))) as x(grantor, grantee, privilege_type, is_grantable)
     ), '[]'
-  ) as privileges
+  ) as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = p.oid
+        and sl.classoid = 'pg_proc'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_proc p
   inner join pg_catalog.pg_aggregate a on a.aggfnoid = p.oid

package/src/core/objects/aggregate/changes/aggregate.base.ts CHANGED Viewed

@@ -3,7 +3,11 @@ import type { Aggregate } from "../aggregate.model.ts";
 abstract class BaseAggregateChange extends BaseChange {
   abstract readonly aggregate: Aggregate;
-  abstract readonly scope: "object" | "comment" | "privilege";
+  abstract readonly scope:
+    | "object"
+    | "comment"
+    | "privilege"
+    | "security_label";
   readonly objectType: "aggregate" = "aggregate";
 }

package/src/core/objects/aggregate/changes/aggregate.security-label.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { Aggregate } from "../aggregate.model.ts";
+import {
+  CreateAggregateChange,
+  DropAggregateChange,
+} from "./aggregate.base.ts";
+export type SecurityLabelAggregate =
+  | CreateSecurityLabelOnAggregate
+  | DropSecurityLabelOnAggregate;
+function aggregateIdentity(a: Aggregate): string {
+  return `${a.schema}.${a.name}(${a.identityArguments})`;
+}
+export class CreateSecurityLabelOnAggregate extends CreateAggregateChange {
+  public readonly aggregate: Aggregate;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    aggregate: Aggregate;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.aggregate = props.aggregate;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(
+        this.aggregate.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [this.aggregate.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON AGGREGATE",
+      aggregateIdentity(this.aggregate),
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnAggregate extends DropAggregateChange {
+  public readonly aggregate: Aggregate;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    aggregate: Aggregate;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.aggregate = props.aggregate;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(
+        this.aggregate.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(
+        this.aggregate.stableId,
+        this.securityLabel.provider,
+      ),
+      this.aggregate.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON AGGREGATE",
+      aggregateIdentity(this.aggregate),
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/aggregate/changes/aggregate.types.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import type { CommentAggregate } from "./aggregate.comment.ts";
 import type { CreateAggregate } from "./aggregate.create.ts";
 import type { DropAggregate } from "./aggregate.drop.ts";
 import type { AggregatePrivilege } from "./aggregate.privilege.ts";
+import type { SecurityLabelAggregate } from "./aggregate.security-label.ts";
 /** Union of all aggregate-related change variants (`objectType: "aggregate"`). @category Change Types */
 export type AggregateChange =
@@ -10,4 +11,5 @@ export type AggregateChange =
   | CommentAggregate
   | CreateAggregate
   | DropAggregate
-  | AggregatePrivilege;
+  | AggregatePrivilege
+  | SecurityLabelAggregate;

package/src/core/objects/base.model.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import z from "zod";
+import { securityLabelPropsSchema } from "./security-label.types.ts";
 import { deepEqual } from "./utils.ts";
 export const columnPropsSchema = z.object({
@@ -18,6 +19,7 @@ export const columnPropsSchema = z.object({
   collation: z.string().nullable(),
   default: z.string().nullable(),
   comment: z.string().nullable(),
+  security_labels: z.array(securityLabelPropsSchema).optional(),
 });
 export type ColumnProps = z.infer<typeof columnPropsSchema>;

package/src/core/objects/domain/changes/domain.base.ts CHANGED Viewed

@@ -3,7 +3,11 @@ import type { Domain } from "../domain.model.ts";
 abstract class BaseDomainChange extends BaseChange {
   abstract readonly domain: Domain;
-  abstract readonly scope: "object" | "comment" | "privilege";
+  abstract readonly scope:
+    | "object"
+    | "comment"
+    | "privilege"
+    | "security_label";
   readonly objectType: "domain" = "domain";
 }

package/src/core/objects/domain/changes/domain.security-label.test.ts ADDED Viewed

@@ -0,0 +1,56 @@
+import { describe, expect, test } from "bun:test";
+import { assertValidSql } from "../../../test-utils/assert-valid-sql.ts";
+import { stableId } from "../../utils.ts";
+import { Domain, type DomainProps } from "../domain.model.ts";
+import {
+  CreateSecurityLabelOnDomain,
+  DropSecurityLabelOnDomain,
+} from "./domain.security-label.ts";
+const makeDomain = (): Domain =>
+  new Domain({
+    schema: "public",
+    name: "email_t",
+    base_type: "text",
+    base_type_schema: "pg_catalog",
+    not_null: false,
+    type_modifier: -1,
+    array_dimensions: 0,
+    collation: null,
+    default_bin: null,
+    default_value: null,
+    owner: "postgres",
+    comment: null,
+    constraints: [],
+    privileges: [],
+  } as DomainProps);
+describe("domain.security-label", () => {
+  test("create serializes", async () => {
+    const domain = makeDomain();
+    const change = new CreateSecurityLabelOnDomain({
+      domain,
+      securityLabel: { provider: "dummy", label: "classified" },
+    });
+    expect(change.scope).toBe("security_label");
+    expect(change.creates).toEqual([
+      stableId.securityLabel(domain.stableId, "dummy"),
+    ]);
+    await assertValidSql(change.serialize());
+    expect(change.serialize()).toBe(
+      "SECURITY LABEL FOR dummy ON DOMAIN public.email_t IS 'classified'",
+    );
+  });
+  test("drop serializes to IS NULL", async () => {
+    const domain = makeDomain();
+    const change = new DropSecurityLabelOnDomain({
+      domain,
+      securityLabel: { provider: "dummy", label: "x" },
+    });
+    await assertValidSql(change.serialize());
+    expect(change.serialize()).toBe(
+      "SECURITY LABEL FOR dummy ON DOMAIN public.email_t IS NULL",
+    );
+  });
+});

package/src/core/objects/domain/changes/domain.security-label.ts ADDED Viewed

@@ -0,0 +1,77 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { Domain } from "../domain.model.ts";
+import { CreateDomainChange, DropDomainChange } from "./domain.base.ts";
+export type SecurityLabelDomain =
+  | CreateSecurityLabelOnDomain
+  | DropSecurityLabelOnDomain;
+export class CreateSecurityLabelOnDomain extends CreateDomainChange {
+  public readonly domain: Domain;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: { domain: Domain; securityLabel: SecurityLabelProps }) {
+    super();
+    this.domain = props.domain;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(this.domain.stableId, this.securityLabel.provider),
+    ];
+  }
+  get requires() {
+    return [this.domain.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON DOMAIN",
+      `${this.domain.schema}.${this.domain.name}`,
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnDomain extends DropDomainChange {
+  public readonly domain: Domain;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: { domain: Domain; securityLabel: SecurityLabelProps }) {
+    super();
+    this.domain = props.domain;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(this.domain.stableId, this.securityLabel.provider),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(this.domain.stableId, this.securityLabel.provider),
+      this.domain.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON DOMAIN",
+      `${this.domain.schema}.${this.domain.name}`,
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/domain/changes/domain.types.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import type { CommentDomain } from "./domain.comment.ts";
 import type { CreateDomain } from "./domain.create.ts";
 import type { DropDomain } from "./domain.drop.ts";
 import type { DomainPrivilege } from "./domain.privilege.ts";
+import type { SecurityLabelDomain } from "./domain.security-label.ts";
 /** Union of all domain-related change variants (`objectType: "domain"`). @category Change Types */
 export type DomainChange =
@@ -10,4 +11,5 @@ export type DomainChange =
   | CommentDomain
   | CreateDomain
   | DropDomain
-  | DomainPrivilege;
+  | DomainPrivilege
+  | SecurityLabelDomain;

package/src/core/objects/domain/domain.diff.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import {
   filterPublicBuiltInDefaults,
 } from "../base.privilege-diff.ts";
 import type { ObjectDiffContext } from "../diff-context.ts";
+import { diffSecurityLabels } from "../security-label.types.ts";
 import {
   AlterDomainAddConstraint,
   AlterDomainChangeOwner,
@@ -26,6 +27,10 @@ import {
   RevokeDomainPrivileges,
   RevokeGrantOptionDomainPrivileges,
 } from "./changes/domain.privilege.ts";
+import {
+  CreateSecurityLabelOnDomain,
+  DropSecurityLabelOnDomain,
+} from "./changes/domain.security-label.ts";
 import type { DomainChange } from "./changes/domain.types.ts";
 import type { Domain } from "./domain.model.ts";
@@ -67,6 +72,14 @@ export function diffDomains(
     if (newDomain.comment !== null) {
       changes.push(new CreateCommentOnDomain({ domain: newDomain }));
     }
+    for (const label of newDomain.security_labels) {
+      changes.push(
+        new CreateSecurityLabelOnDomain({
+          domain: newDomain,
+          securityLabel: label,
+        }),
+      );
+    }
     // For unvalidated constraints, CREATE DOMAIN cannot specify NOT VALID.
     // Add them after creation and validate to match branch state semantics.
     // For already validated constraints, they are emitted inline in CREATE DOMAIN.
@@ -255,6 +268,26 @@ export function diffDomains(
       }
     }
+    // SECURITY LABELS
+    changes.push(
+      ...diffSecurityLabels<
+        CreateSecurityLabelOnDomain | DropSecurityLabelOnDomain
+      >(
+        mainDomain.security_labels,
+        branchDomain.security_labels,
+        (securityLabel) =>
+          new CreateSecurityLabelOnDomain({
+            domain: branchDomain,
+            securityLabel,
+          }),
+        (securityLabel) =>
+          new DropSecurityLabelOnDomain({
+            domain: mainDomain,
+            securityLabel,
+          }),
+      ),
+    );
     // PRIVILEGES
     // Filter out PUBLIC's built-in default USAGE privilege from main catalog
     // (PostgreSQL grants it automatically, so we shouldn't compare it)

package/src/core/objects/domain/domain.model.ts CHANGED Viewed

@@ -6,6 +6,10 @@ import {
   type PrivilegeProps,
   privilegePropsSchema,
 } from "../base.privilege-diff.ts";
+import {
+  type SecurityLabelProps,
+  securityLabelPropsSchema,
+} from "../security-label.types.ts";
 const domainConstraintPropsSchema = z.object({
   name: z.string(),
@@ -31,6 +35,7 @@ const domainPropsSchema = z.object({
   comment: z.string().nullable(),
   constraints: z.array(domainConstraintPropsSchema),
   privileges: z.array(privilegePropsSchema),
+  security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 export type DomainConstraintProps = z.infer<typeof domainConstraintPropsSchema>;
@@ -58,6 +63,7 @@ export class Domain extends BasePgModel {
   public readonly comment: DomainProps["comment"];
   public readonly constraints: DomainConstraintProps[];
   public readonly privileges: DomainPrivilegeProps[];
+  public readonly security_labels: SecurityLabelProps[];
   constructor(props: DomainProps) {
     super();
@@ -80,6 +86,7 @@ export class Domain extends BasePgModel {
     this.comment = props.comment;
     this.constraints = props.constraints;
     this.privileges = props.privileges;
+    this.security_labels = props.security_labels ?? [];
   }
   get stableId(): `domain:${string}` {
@@ -107,6 +114,7 @@ export class Domain extends BasePgModel {
       comment: this.comment,
       constraints: this.constraints,
       privileges: this.privileges,
+      security_labels: this.security_labels,
     };
   }
 }
@@ -170,7 +178,20 @@ export async function extractDomains(pool: Pool): Promise<Domain[]> {
             )
             from lateral aclexplode(COALESCE(t.typacl, acldefault('T', t.typowner))) as x(grantor, grantee, privilege_type, is_grantable)
           ), '[]'
-        ) as privileges
+        ) as privileges,
+        coalesce(
+          (
+            select json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              order by sl.provider
+            )
+            from pg_catalog.pg_seclabel sl
+            where sl.objoid = t.oid
+              and sl.classoid = 'pg_type'::regclass
+              and sl.objsubid = 0
+          ),
+          '[]'::json
+        ) as security_labels
       from
         pg_catalog.pg_type t
         inner join pg_catalog.pg_type bt on bt.oid = t.typbasetype

package/src/core/objects/event-trigger/changes/event-trigger.base.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import type { EventTrigger } from "../event-trigger.model.ts";
 abstract class BaseEventTriggerChange extends BaseChange {
   abstract readonly eventTrigger: EventTrigger;
-  abstract readonly scope: "object" | "comment";
+  abstract readonly scope: "object" | "comment" | "security_label";
   readonly objectType = "event_trigger" as const;
 }

package/src/core/objects/event-trigger/changes/event-trigger.security-label.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { EventTrigger } from "../event-trigger.model.ts";
+import {
+  CreateEventTriggerChange,
+  DropEventTriggerChange,
+} from "./event-trigger.base.ts";
+export type SecurityLabelEventTrigger =
+  | CreateSecurityLabelOnEventTrigger
+  | DropSecurityLabelOnEventTrigger;
+export class CreateSecurityLabelOnEventTrigger extends CreateEventTriggerChange {
+  public readonly eventTrigger: EventTrigger;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    eventTrigger: EventTrigger;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.eventTrigger = props.eventTrigger;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(
+        this.eventTrigger.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [this.eventTrigger.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON EVENT TRIGGER",
+      this.eventTrigger.name,
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnEventTrigger extends DropEventTriggerChange {
+  public readonly eventTrigger: EventTrigger;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    eventTrigger: EventTrigger;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.eventTrigger = props.eventTrigger;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(
+        this.eventTrigger.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(
+        this.eventTrigger.stableId,
+        this.securityLabel.provider,
+      ),
+      this.eventTrigger.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON EVENT TRIGGER",
+      this.eventTrigger.name,
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/event-trigger/changes/event-trigger.types.ts CHANGED Viewed

@@ -2,10 +2,12 @@ import type { AlterEventTrigger } from "./event-trigger.alter.ts";
 import type { CommentEventTrigger } from "./event-trigger.comment.ts";
 import type { CreateEventTrigger } from "./event-trigger.create.ts";
 import type { DropEventTrigger } from "./event-trigger.drop.ts";
+import type { SecurityLabelEventTrigger } from "./event-trigger.security-label.ts";
 /** Union of all event-trigger-related change variants (`objectType: "event_trigger"`). @category Change Types */
 export type EventTriggerChange =
   | AlterEventTrigger
   | CommentEventTrigger
   | CreateEventTrigger
-  | DropEventTrigger;
+  | DropEventTrigger
+  | SecurityLabelEventTrigger;

package/src/core/objects/event-trigger/event-trigger.diff.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { diffObjects } from "../base.diff.ts";
 import type { ObjectDiffContext } from "../diff-context.ts";
+import { diffSecurityLabels } from "../security-label.types.ts";
 import { deepEqual, hasNonAlterableChanges } from "../utils.ts";
 import {
   AlterEventTriggerChangeOwner,
@@ -11,6 +12,10 @@ import {
 } from "./changes/event-trigger.comment.ts";
 import { CreateEventTrigger } from "./changes/event-trigger.create.ts";
 import { DropEventTrigger } from "./changes/event-trigger.drop.ts";
+import {
+  CreateSecurityLabelOnEventTrigger,
+  DropSecurityLabelOnEventTrigger,
+} from "./changes/event-trigger.security-label.ts";
 import type { EventTriggerChange } from "./changes/event-trigger.types.ts";
 import type { EventTrigger } from "./event-trigger.model.ts";
@@ -49,6 +54,14 @@ export function diffEventTriggers(
     if (eventTrigger.comment !== null) {
       changes.push(new CreateCommentOnEventTrigger({ eventTrigger }));
     }
+    for (const label of eventTrigger.security_labels) {
+      changes.push(
+        new CreateSecurityLabelOnEventTrigger({
+          eventTrigger,
+          securityLabel: label,
+        }),
+      );
+    }
   }
   for (const eventTriggerId of dropped) {
@@ -121,6 +134,26 @@ export function diffEventTriggers(
         );
       }
     }
+    // SECURITY LABELS
+    changes.push(
+      ...diffSecurityLabels<
+        CreateSecurityLabelOnEventTrigger | DropSecurityLabelOnEventTrigger
+      >(
+        mainEventTrigger.security_labels,
+        branchEventTrigger.security_labels,
+        (securityLabel) =>
+          new CreateSecurityLabelOnEventTrigger({
+            eventTrigger: branchEventTrigger,
+            securityLabel,
+          }),
+        (securityLabel) =>
+          new DropSecurityLabelOnEventTrigger({
+            eventTrigger: mainEventTrigger,
+            securityLabel,
+          }),
+      ),
+    );
   }
   return changes;