npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.21 → 1.0.0-alpha.23 - Mend

@supabase/pg-delta 1.0.0-alpha.21 → 1.0.0-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

package/dist/core/objects/domain/domain.model.js CHANGED Viewed

@@ -2,6 +2,7 @@ import { sql } from "@ts-safeql/sql-tag";
 import z from "zod";
 import { BasePgModel } from "../base.model.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
+import { securityLabelPropsSchema, } from "../security-label.types.js";
 const domainConstraintPropsSchema = z.object({
     name: z.string(),
     validated: z.boolean(),
@@ -25,6 +26,7 @@ const domainPropsSchema = z.object({
     comment: z.string().nullable(),
     constraints: z.array(domainConstraintPropsSchema),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 /**
  * A domain is a user-defined data type that is based on another underlying type.
@@ -47,6 +49,7 @@ export class Domain extends BasePgModel {
     comment;
     constraints;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -66,6 +69,7 @@ export class Domain extends BasePgModel {
         this.comment = props.comment;
         this.constraints = props.constraints;
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `domain:${this.schema}.${this.name}`;
@@ -90,6 +94,7 @@ export class Domain extends BasePgModel {
             comment: this.comment,
             constraints: this.constraints,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
 }
@@ -152,7 +157,20 @@ export async function extractDomains(pool) {
             )
             from lateral aclexplode(COALESCE(t.typacl, acldefault('T', t.typowner))) as x(grantor, grantee, privilege_type, is_grantable)
           ), '[]'
-        ) as privileges
+        ) as privileges,
+        coalesce(
+          (
+            select json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              order by sl.provider
+            )
+            from pg_catalog.pg_seclabel sl
+            where sl.objoid = t.oid
+              and sl.classoid = 'pg_type'::regclass
+              and sl.objsubid = 0
+          ),
+          '[]'::json
+        ) as security_labels
       from
         pg_catalog.pg_type t
         inner join pg_catalog.pg_type bt on bt.oid = t.typbasetype

package/dist/core/objects/event-trigger/changes/event-trigger.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
 import type { EventTrigger } from "../event-trigger.model.ts";
 declare abstract class BaseEventTriggerChange extends BaseChange {
     abstract readonly eventTrigger: EventTrigger;
-    abstract readonly scope: "object" | "comment";
+    abstract readonly scope: "object" | "comment" | "security_label";
     readonly objectType: "event_trigger";
 }
 export declare abstract class CreateEventTriggerChange extends BaseEventTriggerChange {

package/dist/core/objects/event-trigger/changes/event-trigger.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import type { EventTrigger } from "../event-trigger.model.ts";
+import { CreateEventTriggerChange, DropEventTriggerChange } from "./event-trigger.base.ts";
+export type SecurityLabelEventTrigger = CreateSecurityLabelOnEventTrigger | DropSecurityLabelOnEventTrigger;
+export declare class CreateSecurityLabelOnEventTrigger extends CreateEventTriggerChange {
+    readonly eventTrigger: EventTrigger;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        eventTrigger: EventTrigger;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `eventTrigger:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnEventTrigger extends DropEventTriggerChange {
+    readonly eventTrigger: EventTrigger;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        eventTrigger: EventTrigger;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `eventTrigger:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/event-trigger/changes/event-trigger.security-label.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { quoteLiteral } from "../../base.change.js";
+import { stableId } from "../../utils.js";
+import { CreateEventTriggerChange, DropEventTriggerChange, } from "./event-trigger.base.js";
+export class CreateSecurityLabelOnEventTrigger extends CreateEventTriggerChange {
+    eventTrigger;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.eventTrigger = props.eventTrigger;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.eventTrigger.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.eventTrigger.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON EVENT TRIGGER",
+            this.eventTrigger.name,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnEventTrigger extends DropEventTriggerChange {
+    eventTrigger;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.eventTrigger = props.eventTrigger;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.eventTrigger.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.eventTrigger.stableId, this.securityLabel.provider),
+            this.eventTrigger.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON EVENT TRIGGER",
+            this.eventTrigger.name,
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/event-trigger/changes/event-trigger.types.d.ts CHANGED Viewed

@@ -2,5 +2,6 @@ import type { AlterEventTrigger } from "./event-trigger.alter.ts";
 import type { CommentEventTrigger } from "./event-trigger.comment.ts";
 import type { CreateEventTrigger } from "./event-trigger.create.ts";
 import type { DropEventTrigger } from "./event-trigger.drop.ts";
+import type { SecurityLabelEventTrigger } from "./event-trigger.security-label.ts";
 /** Union of all event-trigger-related change variants (`objectType: "event_trigger"`). @category Change Types */
-export type EventTriggerChange = AlterEventTrigger | CommentEventTrigger | CreateEventTrigger | DropEventTrigger;
+export type EventTriggerChange = AlterEventTrigger | CommentEventTrigger | CreateEventTrigger | DropEventTrigger | SecurityLabelEventTrigger;

package/dist/core/objects/event-trigger/event-trigger.diff.js CHANGED Viewed

@@ -1,9 +1,11 @@
 import { diffObjects } from "../base.diff.js";
+import { diffSecurityLabels } from "../security-label.types.js";
 import { deepEqual, hasNonAlterableChanges } from "../utils.js";
 import { AlterEventTriggerChangeOwner, AlterEventTriggerSetEnabled, } from "./changes/event-trigger.alter.js";
 import { CreateCommentOnEventTrigger, DropCommentOnEventTrigger, } from "./changes/event-trigger.comment.js";
 import { CreateEventTrigger } from "./changes/event-trigger.create.js";
 import { DropEventTrigger } from "./changes/event-trigger.drop.js";
+import { CreateSecurityLabelOnEventTrigger, DropSecurityLabelOnEventTrigger, } from "./changes/event-trigger.security-label.js";
 /**
  * Diff two sets of event triggers from main and branch catalogs.
  *
@@ -29,6 +31,12 @@ export function diffEventTriggers(ctx, main, branch) {
         if (eventTrigger.comment !== null) {
             changes.push(new CreateCommentOnEventTrigger({ eventTrigger }));
         }
+        for (const label of eventTrigger.security_labels) {
+            changes.push(new CreateSecurityLabelOnEventTrigger({
+                eventTrigger,
+                securityLabel: label,
+            }));
+        }
     }
     for (const eventTriggerId of dropped) {
         changes.push(new DropEventTrigger({ eventTrigger: main[eventTriggerId] }));
@@ -76,6 +84,14 @@ export function diffEventTriggers(ctx, main, branch) {
                 }));
             }
         }
+        // SECURITY LABELS
+        changes.push(...diffSecurityLabels(mainEventTrigger.security_labels, branchEventTrigger.security_labels, (securityLabel) => new CreateSecurityLabelOnEventTrigger({
+            eventTrigger: branchEventTrigger,
+            securityLabel,
+        }), (securityLabel) => new DropSecurityLabelOnEventTrigger({
+            eventTrigger: mainEventTrigger,
+            securityLabel,
+        })));
     }
     return changes;
 }

package/dist/core/objects/event-trigger/event-trigger.model.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel } from "../base.model.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 declare const eventTriggerPropsSchema: z.ZodObject<{
     name: z.ZodString;
     event: z.ZodString;
@@ -15,6 +16,10 @@ declare const eventTriggerPropsSchema: z.ZodObject<{
     tags: z.ZodNullable<z.ZodArray<z.ZodString>>;
     owner: z.ZodString;
     comment: z.ZodNullable<z.ZodString>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 export type EventTriggerProps = z.infer<typeof eventTriggerPropsSchema>;
 export declare class EventTrigger extends BasePgModel {
@@ -26,6 +31,7 @@ export declare class EventTrigger extends BasePgModel {
     readonly tags: EventTriggerProps["tags"];
     readonly owner: EventTriggerProps["owner"];
     readonly comment: EventTriggerProps["comment"];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: EventTriggerProps);
     get stableId(): `eventTrigger:${string}`;
     get identityFields(): {
@@ -39,6 +45,10 @@ export declare class EventTrigger extends BasePgModel {
         tags: string[] | null;
         owner: string;
         comment: string | null;
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
 }
 export declare function extractEventTriggers(pool: Pool): Promise<EventTrigger[]>;

package/dist/core/objects/event-trigger/event-trigger.model.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { sql } from "@ts-safeql/sql-tag";
 import z from "zod";
 import { BasePgModel } from "../base.model.js";
+import { securityLabelPropsSchema, } from "../security-label.types.js";
 const EventTriggerEnabledSchema = z.enum([
     "O", // ORIGIN - trigger fires in origin mode
     "D", // DISABLED - trigger does not fire
@@ -16,6 +17,7 @@ const eventTriggerPropsSchema = z.object({
     tags: z.array(z.string()).nullable(),
     owner: z.string(),
     comment: z.string().nullable(),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 export class EventTrigger extends BasePgModel {
     name;
@@ -26,6 +28,7 @@ export class EventTrigger extends BasePgModel {
     tags;
     owner;
     comment;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -38,6 +41,7 @@ export class EventTrigger extends BasePgModel {
         this.tags = props.tags;
         this.owner = props.owner;
         this.comment = props.comment;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `eventTrigger:${this.name}`;
@@ -56,6 +60,7 @@ export class EventTrigger extends BasePgModel {
             tags: this.tags,
             owner: this.owner,
             comment: this.comment,
+            security_labels: this.security_labels,
         };
     }
 }
@@ -75,7 +80,20 @@ select
   et.evtenabled as enabled,
   et.evttags as tags,
   et.evtowner::regrole::text as owner,
-  obj_description(et.oid, 'pg_event_trigger') as comment
+  obj_description(et.oid, 'pg_event_trigger') as comment,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = et.oid
+        and sl.classoid = 'pg_event_trigger'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from pg_catalog.pg_event_trigger et
 join pg_catalog.pg_proc p on p.oid = et.evtfoid
 left join extension_oids e on e.objid = et.oid

package/dist/core/objects/extract-with-retry.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+export interface ExtractRetryOptions {
+    /**
+     * Number of retry attempts to make when a `pg_get_*def()` call returns NULL
+     * for at least one row. Total attempts is `retries + 1`. Negative values are
+     * clamped to 0. When this option is undefined the value is read from the
+     * `PGDELTA_EXTRACT_RETRIES` environment variable, falling back to a default
+     * of 1 (i.e. the first attempt plus one retry, 2 attempts total).
+     */
+    retries?: number;
+    /**
+     * Delay between retry attempts in milliseconds; the actual wait is
+     * `backoffMs * attemptNumber` (linear). Defaults to 50. Set to 0 in tests.
+     */
+    backoffMs?: number;
+}
+export declare function resolveExtractRetries(option?: number): number;
+/**
+ * Runs `query()` up to `retries + 1` times, retrying as long as at least one
+ * row in the result satisfies `hasNullDefinition`. The retry exists because
+ * `pg_get_<x>def()` can return NULL transiently when the underlying catalog
+ * row is dropped concurrently or the catalog state is in flux; in practice a
+ * second attempt either no longer sees the dropped row or succeeds in
+ * resolving the definition.
+ *
+ * Returns the rows from the first attempt with no offenders, or — once
+ * retries are exhausted — the rows from the final attempt (still containing
+ * offenders). The caller is responsible for the final filter so this helper
+ * works for both flat schemas (definition on the row) and nested schemas
+ * (definition on a child collection, e.g. table constraints).
+ */
+export declare function extractWithDefinitionRetry<TRow>(params: {
+    label: string;
+    query: () => Promise<TRow[]>;
+    hasNullDefinition: (row: TRow) => boolean;
+    options?: ExtractRetryOptions;
+}): Promise<TRow[]>;

package/dist/core/objects/extract-with-retry.js ADDED Viewed

@@ -0,0 +1,51 @@
+import debug from "debug";
+const log = debug("pg-delta:extract");
+const DEFAULT_RETRIES = 1;
+const DEFAULT_BACKOFF_MS = 50;
+export function resolveExtractRetries(option) {
+    if (typeof option === "number" && Number.isFinite(option)) {
+        return Math.max(0, Math.floor(option));
+    }
+    const envVal = process.env.PGDELTA_EXTRACT_RETRIES;
+    if (envVal !== undefined && envVal !== "") {
+        const n = Number(envVal);
+        if (Number.isFinite(n))
+            return Math.max(0, Math.floor(n));
+    }
+    return DEFAULT_RETRIES;
+}
+const sleep = (ms) => ms > 0 ? new Promise((r) => setTimeout(r, ms)) : Promise.resolve();
+/**
+ * Runs `query()` up to `retries + 1` times, retrying as long as at least one
+ * row in the result satisfies `hasNullDefinition`. The retry exists because
+ * `pg_get_<x>def()` can return NULL transiently when the underlying catalog
+ * row is dropped concurrently or the catalog state is in flux; in practice a
+ * second attempt either no longer sees the dropped row or succeeds in
+ * resolving the definition.
+ *
+ * Returns the rows from the first attempt with no offenders, or — once
+ * retries are exhausted — the rows from the final attempt (still containing
+ * offenders). The caller is responsible for the final filter so this helper
+ * works for both flat schemas (definition on the row) and nested schemas
+ * (definition on a child collection, e.g. table constraints).
+ */
+export async function extractWithDefinitionRetry(params) {
+    const retries = resolveExtractRetries(params.options?.retries);
+    const backoffMs = params.options?.backoffMs ?? DEFAULT_BACKOFF_MS;
+    const maxAttempts = retries + 1;
+    let rows = [];
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+        rows = await params.query();
+        const offenders = rows.filter(params.hasNullDefinition).length;
+        if (offenders === 0)
+            return rows;
+        if (attempt < maxAttempts) {
+            log("%s: pg_get_*def() returned NULL for %d row(s) on attempt %d/%d; retrying", params.label, offenders, attempt, maxAttempts);
+            await sleep(backoffMs * attempt);
+        }
+        else {
+            log("%s: pg_get_*def() returned NULL for %d row(s) after %d attempt(s); skipping", params.label, offenders, maxAttempts);
+        }
+    }
+    return rows;
+}

package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../../base.change.ts";
 import type { ForeignTable } from "../foreign-table.model.ts";
 declare abstract class BaseForeignTableChange extends BaseChange {
     abstract readonly foreignTable: ForeignTable;
-    abstract readonly scope: "object" | "comment" | "privilege";
+    abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
     readonly objectType: "foreign_table";
 }
 export declare abstract class CreateForeignTableChange extends BaseForeignTableChange {

package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../../security-label.types.ts";
+import type { ForeignTable } from "../foreign-table.model.ts";
+import { CreateForeignTableChange, DropForeignTableChange } from "./foreign-table.base.ts";
+export type SecurityLabelForeignTable = CreateSecurityLabelOnForeignTable | DropSecurityLabelOnForeignTable;
+export declare class CreateSecurityLabelOnForeignTable extends CreateForeignTableChange {
+    readonly foreignTable: ForeignTable;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        foreignTable: ForeignTable;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `foreignTable:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnForeignTable extends DropForeignTableChange {
+    readonly foreignTable: ForeignTable;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        foreignTable: ForeignTable;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `foreignTable:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.security-label.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { quoteLiteral } from "../../../base.change.js";
+import { stableId } from "../../../utils.js";
+import { CreateForeignTableChange, DropForeignTableChange, } from "./foreign-table.base.js";
+export class CreateSecurityLabelOnForeignTable extends CreateForeignTableChange {
+    foreignTable;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.foreignTable = props.foreignTable;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.foreignTable.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.foreignTable.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON FOREIGN TABLE",
+            `${this.foreignTable.schema}.${this.foreignTable.name}`,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnForeignTable extends DropForeignTableChange {
+    foreignTable;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.foreignTable = props.foreignTable;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.foreignTable.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.foreignTable.stableId, this.securityLabel.provider),
+            this.foreignTable.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON FOREIGN TABLE",
+            `${this.foreignTable.schema}.${this.foreignTable.name}`,
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.types.d.ts CHANGED Viewed

@@ -3,5 +3,6 @@ import type { CommentForeignTable } from "./foreign-table.comment.ts";
 import type { CreateForeignTable } from "./foreign-table.create.ts";
 import type { DropForeignTable } from "./foreign-table.drop.ts";
 import type { ForeignTablePrivilege } from "./foreign-table.privilege.ts";
+import type { SecurityLabelForeignTable } from "./foreign-table.security-label.ts";
 /** Union of all foreign-table-related change variants (`objectType: "foreign_table"`). @category Change Types */
-export type ForeignTableChange = AlterForeignTable | CommentForeignTable | CreateForeignTable | DropForeignTable | ForeignTablePrivilege;
+export type ForeignTableChange = AlterForeignTable | CommentForeignTable | CreateForeignTable | DropForeignTable | ForeignTablePrivilege | SecurityLabelForeignTable;

package/dist/core/objects/foreign-data-wrapper/foreign-table/foreign-table.diff.js CHANGED Viewed

@@ -1,10 +1,12 @@
 import { diffObjects } from "../../base.diff.js";
 import { diffPrivileges, emitObjectPrivilegeChanges, filterPublicBuiltInDefaults, } from "../../base.privilege-diff.js";
+import { diffSecurityLabels } from "../../security-label.types.js";
 import { AlterForeignTableAddColumn, AlterForeignTableAlterColumnDropDefault, AlterForeignTableAlterColumnDropNotNull, AlterForeignTableAlterColumnSetDefault, AlterForeignTableAlterColumnSetNotNull, AlterForeignTableAlterColumnType, AlterForeignTableChangeOwner, AlterForeignTableDropColumn, AlterForeignTableSetOptions, } from "./changes/foreign-table.alter.js";
 import { CreateCommentOnForeignTable, DropCommentOnForeignTable, } from "./changes/foreign-table.comment.js";
 import { CreateForeignTable } from "./changes/foreign-table.create.js";
 import { DropForeignTable } from "./changes/foreign-table.drop.js";
 import { GrantForeignTablePrivileges, RevokeForeignTablePrivileges, RevokeGrantOptionForeignTablePrivileges, } from "./changes/foreign-table.privilege.js";
+import { CreateSecurityLabelOnForeignTable, DropSecurityLabelOnForeignTable, } from "./changes/foreign-table.security-label.js";
 /**
  * Diff two sets of foreign tables from main and branch catalogs.
  *
@@ -30,6 +32,12 @@ export function diffForeignTables(ctx, main, branch) {
         if (createdTable.comment !== null) {
             changes.push(new CreateCommentOnForeignTable({ foreignTable: createdTable }));
         }
+        for (const label of createdTable.security_labels) {
+            changes.push(new CreateSecurityLabelOnForeignTable({
+                foreignTable: createdTable,
+                securityLabel: label,
+            }));
+        }
         // PRIVILEGES: For created objects, compare against default privileges state
         const effectiveDefaults = ctx.defaultPrivilegeState.getEffectiveDefaults(ctx.currentUser, "foreign_table", createdTable.schema ?? "");
         const creatorFilteredDefaults = createdTable.owner !== ctx.currentUser
@@ -148,6 +156,14 @@ export function diffForeignTables(ctx, main, branch) {
                 changes.push(new CreateCommentOnForeignTable({ foreignTable: branchTable }));
             }
         }
+        // SECURITY LABELS
+        changes.push(...diffSecurityLabels(mainTable.security_labels, branchTable.security_labels, (securityLabel) => new CreateSecurityLabelOnForeignTable({
+            foreignTable: branchTable,
+            securityLabel,
+        }), (securityLabel) => new DropSecurityLabelOnForeignTable({
+            foreignTable: mainTable,
+            securityLabel,
+        })));
         // PRIVILEGES
         const mainPrivilegesFiltered = filterPublicBuiltInDefaults("foreign_table", mainTable.privileges);
         const branchPrivilegesFiltered = filterPublicBuiltInDefaults("foreign_table", branchTable.privileges);

package/dist/core/objects/foreign-data-wrapper/foreign-table/foreign-table.model.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel, type TableLikeObject } from "../../base.model.ts";
 import { type PrivilegeProps } from "../../base.privilege-diff.ts";
+import { type SecurityLabelProps } from "../../security-label.types.ts";
 /**
  * All properties exposed by CREATE FOREIGN TABLE statement are included in diff output.
  * https://www.postgresql.org/docs/17/sql-createforeigntable.html
@@ -36,6 +37,10 @@ declare const foreignTablePropsSchema: z.ZodObject<{
         collation: z.ZodNullable<z.ZodString>;
         default: z.ZodNullable<z.ZodString>;
         comment: z.ZodNullable<z.ZodString>;
+        security_labels: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            provider: z.ZodString;
+            label: z.ZodString;
+        }, z.z.core.$strip>>>;
     }, z.z.core.$strip>>;
     privileges: z.ZodArray<z.ZodObject<{
         grantee: z.ZodString;
@@ -43,6 +48,10 @@ declare const foreignTablePropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 type ForeignTablePrivilegeProps = PrivilegeProps;
 export type ForeignTableProps = z.infer<typeof foreignTablePropsSchema>;
@@ -55,6 +64,7 @@ export declare class ForeignTable extends BasePgModel implements TableLikeObject
     readonly comment: ForeignTableProps["comment"];
     readonly columns: ForeignTableProps["columns"];
     readonly privileges: ForeignTablePrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: ForeignTableProps);
     get stableId(): `foreignTable:${string}`;
     get identityFields(): {
@@ -83,6 +93,10 @@ export declare class ForeignTable extends BasePgModel implements TableLikeObject
             collation: string | null;
             default: string | null;
             comment: string | null;
+            security_labels?: {
+                provider: string;
+                label: string;
+            }[] | undefined;
         }[];
         privileges: {
             grantee: string;
@@ -90,6 +104,10 @@ export declare class ForeignTable extends BasePgModel implements TableLikeObject
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
     stableSnapshot(): {
         identity: {
@@ -100,6 +118,10 @@ export declare class ForeignTable extends BasePgModel implements TableLikeObject
             columns: {
                 [x: string]: unknown;
             }[];
+            security_labels: {
+                provider: string;
+                label: string;
+            }[];
             owner: string;
             server: string;
             options: string[] | null;