npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.22 → 1.0.0-alpha.23 - Mend

@supabase/pg-delta 1.0.0-alpha.22 → 1.0.0-alpha.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (220) hide show

package/src/core/objects/materialized-view/changes/materialized-view.security-label.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { MaterializedView } from "../materialized-view.model.ts";
+import {
+  CreateMaterializedViewChange,
+  DropMaterializedViewChange,
+} from "./materialized-view.base.ts";
+export type SecurityLabelMaterializedView =
+  | CreateSecurityLabelOnMaterializedView
+  | DropSecurityLabelOnMaterializedView;
+export class CreateSecurityLabelOnMaterializedView extends CreateMaterializedViewChange {
+  public readonly materializedView: MaterializedView;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    materializedView: MaterializedView;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.materializedView = props.materializedView;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(
+        this.materializedView.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [this.materializedView.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON MATERIALIZED VIEW",
+      `${this.materializedView.schema}.${this.materializedView.name}`,
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnMaterializedView extends DropMaterializedViewChange {
+  public readonly materializedView: MaterializedView;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    materializedView: MaterializedView;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.materializedView = props.materializedView;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(
+        this.materializedView.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(
+        this.materializedView.stableId,
+        this.securityLabel.provider,
+      ),
+      this.materializedView.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON MATERIALIZED VIEW",
+      `${this.materializedView.schema}.${this.materializedView.name}`,
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/materialized-view/changes/materialized-view.types.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import type { CommentMaterializedView } from "./materialized-view.comment.ts";
 import type { CreateMaterializedView } from "./materialized-view.create.ts";
 import type { DropMaterializedView } from "./materialized-view.drop.ts";
 import type { MaterializedViewPrivilege } from "./materialized-view.privilege.ts";
+import type { SecurityLabelMaterializedView } from "./materialized-view.security-label.ts";
 /** Union of all materialized-view-related change variants (`objectType: "materialized_view"`). @category Change Types */
 export type MaterializedViewChange =
@@ -10,4 +11,5 @@ export type MaterializedViewChange =
   | CommentMaterializedView
   | CreateMaterializedView
   | DropMaterializedView
-  | MaterializedViewPrivilege;
+  | MaterializedViewPrivilege
+  | SecurityLabelMaterializedView;

package/src/core/objects/materialized-view/materialized-view.diff.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import {
   emitColumnPrivilegeChanges,
 } from "../base.privilege-diff.ts";
 import type { ObjectDiffContext } from "../diff-context.ts";
+import { diffSecurityLabels } from "../security-label.types.ts";
 import { deepEqual, hasNonAlterableChanges } from "../utils.ts";
 import {
   AlterMaterializedViewChangeOwner,
@@ -22,6 +23,10 @@ import {
   RevokeGrantOptionMaterializedViewPrivileges,
   RevokeMaterializedViewPrivileges,
 } from "./changes/materialized-view.privilege.ts";
+import {
+  CreateSecurityLabelOnMaterializedView,
+  DropSecurityLabelOnMaterializedView,
+} from "./changes/materialized-view.security-label.ts";
 import type { MaterializedViewChange } from "./changes/materialized-view.types.ts";
 import type { MaterializedView } from "./materialized-view.model.ts";
@@ -88,6 +93,17 @@ export function diffMaterializedViews(
       }
     }
+    // Security labels on the matview itself (columns of matviews are not
+    // supported targets of SECURITY LABEL, so we only label the relation).
+    for (const label of mv.security_labels) {
+      changes.push(
+        new CreateSecurityLabelOnMaterializedView({
+          materializedView: mv,
+          securityLabel: label,
+        }),
+      );
+    }
     // PRIVILEGES: For created objects, compare against default privileges state
     // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
     // so objects are created with the default privileges state in effect.
@@ -241,6 +257,27 @@ export function diffMaterializedViews(
           );
         }
       }
+      // SECURITY LABELS
+      changes.push(
+        ...diffSecurityLabels<
+          | CreateSecurityLabelOnMaterializedView
+          | DropSecurityLabelOnMaterializedView
+        >(
+          mainMaterializedView.security_labels,
+          branchMaterializedView.security_labels,
+          (securityLabel) =>
+            new CreateSecurityLabelOnMaterializedView({
+              materializedView: branchMaterializedView,
+              securityLabel,
+            }),
+          (securityLabel) =>
+            new DropSecurityLabelOnMaterializedView({
+              materializedView: mainMaterializedView,
+              securityLabel,
+            }),
+        ),
+      );
       // COMMENT changes on columns
       const mainCols = new Map(
         mainMaterializedView.columns.map((c) => [c.name, c]),

package/src/core/objects/materialized-view/materialized-view.model.ts CHANGED Viewed

@@ -14,6 +14,11 @@ import {
   type ExtractRetryOptions,
   extractWithDefinitionRetry,
 } from "../extract-with-retry.ts";
+import {
+  normalizeSecurityLabels,
+  type SecurityLabelProps,
+  securityLabelPropsSchema,
+} from "../security-label.types.ts";
 import { ReplicaIdentitySchema } from "../table/table.model.ts";
 const materializedViewPropsSchema = z.object({
@@ -35,6 +40,7 @@ const materializedViewPropsSchema = z.object({
   comment: z.string().nullable(),
   columns: z.array(columnPropsSchema),
   privileges: z.array(privilegePropsSchema),
+  security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 // pg_get_viewdef(oid) can return NULL when the underlying matview (or its
@@ -68,6 +74,7 @@ export class MaterializedView extends BasePgModel implements TableLikeObject {
   public readonly comment: MaterializedViewProps["comment"];
   public readonly columns: MaterializedViewProps["columns"];
   public readonly privileges: MaterializedViewPrivilegeProps[];
+  public readonly security_labels: SecurityLabelProps[];
   constructor(props: MaterializedViewProps) {
     super();
@@ -93,6 +100,7 @@ export class MaterializedView extends BasePgModel implements TableLikeObject {
     this.comment = props.comment;
     this.columns = props.columns;
     this.privileges = props.privileges;
+    this.security_labels = props.security_labels ?? [];
   }
   get stableId(): `materializedView:${string}` {
@@ -124,6 +132,7 @@ export class MaterializedView extends BasePgModel implements TableLikeObject {
       comment: this.comment,
       columns: this.columns,
       privileges: this.privileges,
+      security_labels: this.security_labels,
     };
   }
@@ -148,6 +157,7 @@ export class MaterializedView extends BasePgModel implements TableLikeObject {
       data: {
         ...this.dataFields,
         columns: normalizeColumns(),
+        security_labels: normalizeSecurityLabels(this.security_labels),
       },
     };
   }
@@ -252,7 +262,20 @@ select
       join lateral aclexplode(src.acl) as x(grantor, grantee, privilege_type, is_grantable) on true
       group by x.grantee, x.privilege_type
     ) as grp
-  ), '[]') as privileges
+  ), '[]') as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = c.oid
+        and sl.classoid = 'pg_class'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_class c
   left outer join extension_oids e on c.oid = e.objid
@@ -275,7 +298,5 @@ order by
   const validatedRows = mvRows.filter(
     (row): row is MaterializedViewProps => row.definition !== null,
   );
-  return validatedRows.map(
-    (row: MaterializedViewProps) => new MaterializedView(row),
-  );
+  return validatedRows.map((row) => new MaterializedView(row));
 }

package/src/core/objects/procedure/changes/procedure.base.ts CHANGED Viewed

@@ -3,7 +3,11 @@ import type { Procedure } from "../procedure.model.ts";
 abstract class BaseProcedureChange extends BaseChange {
   abstract readonly procedure: Procedure;
-  abstract readonly scope: "object" | "comment" | "privilege";
+  abstract readonly scope:
+    | "object"
+    | "comment"
+    | "privilege"
+    | "security_label";
   readonly objectType: "procedure" = "procedure";
 }

package/src/core/objects/procedure/changes/procedure.security-label.ts ADDED Viewed

@@ -0,0 +1,105 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { Procedure } from "../procedure.model.ts";
+import {
+  CreateProcedureChange,
+  DropProcedureChange,
+} from "./procedure.base.ts";
+export type SecurityLabelProcedure =
+  | CreateSecurityLabelOnProcedure
+  | DropSecurityLabelOnProcedure;
+function targetKeyword(p: Procedure): "FUNCTION" | "PROCEDURE" {
+  return p.kind === "p" ? "PROCEDURE" : "FUNCTION";
+}
+function procedureIdentity(p: Procedure): string {
+  return `${p.schema}.${p.name}(${(p.argument_types ?? []).join(",")})`;
+}
+export class CreateSecurityLabelOnProcedure extends CreateProcedureChange {
+  public readonly procedure: Procedure;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    procedure: Procedure;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.procedure = props.procedure;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(
+        this.procedure.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [this.procedure.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON",
+      targetKeyword(this.procedure),
+      procedureIdentity(this.procedure),
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnProcedure extends DropProcedureChange {
+  public readonly procedure: Procedure;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    procedure: Procedure;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.procedure = props.procedure;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(
+        this.procedure.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(
+        this.procedure.stableId,
+        this.securityLabel.provider,
+      ),
+      this.procedure.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON",
+      targetKeyword(this.procedure),
+      procedureIdentity(this.procedure),
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/procedure/changes/procedure.types.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import type { CommentProcedure } from "./procedure.comment.ts";
 import type { CreateProcedure } from "./procedure.create.ts";
 import type { DropProcedure } from "./procedure.drop.ts";
 import type { ProcedurePrivilege } from "./procedure.privilege.ts";
+import type { SecurityLabelProcedure } from "./procedure.security-label.ts";
 /** Union of all procedure-related change variants (`objectType: "procedure"`). @category Change Types */
 export type ProcedureChange =
@@ -10,4 +11,5 @@ export type ProcedureChange =
   | CommentProcedure
   | CreateProcedure
   | DropProcedure
-  | ProcedurePrivilege;
+  | ProcedurePrivilege
+  | SecurityLabelProcedure;

package/src/core/objects/procedure/procedure.diff.ts CHANGED Viewed

@@ -5,6 +5,7 @@ import {
   filterPublicBuiltInDefaults,
 } from "../base.privilege-diff.ts";
 import type { ObjectDiffContext } from "../diff-context.ts";
+import { diffSecurityLabels } from "../security-label.types.ts";
 import { deepEqual, hasNonAlterableChanges } from "../utils.ts";
 import {
   AlterProcedureChangeOwner,
@@ -26,6 +27,10 @@ import {
   RevokeGrantOptionProcedurePrivileges,
   RevokeProcedurePrivileges,
 } from "./changes/procedure.privilege.ts";
+import {
+  CreateSecurityLabelOnProcedure,
+  DropSecurityLabelOnProcedure,
+} from "./changes/procedure.security-label.ts";
 import type { ProcedureChange } from "./changes/procedure.types.ts";
 import type { Procedure } from "./procedure.model.ts";
@@ -66,6 +71,14 @@ export function diffProcedures(
     if (proc.comment !== null) {
       changes.push(new CreateCommentOnProcedure({ procedure: proc }));
     }
+    for (const label of proc.security_labels) {
+      changes.push(
+        new CreateSecurityLabelOnProcedure({
+          procedure: proc,
+          securityLabel: label,
+        }),
+      );
+    }
     // PRIVILEGES: For created objects, compare against default privileges state
     // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
@@ -225,6 +238,26 @@ export function diffProcedures(
         }
       }
+      // SECURITY LABELS
+      changes.push(
+        ...diffSecurityLabels<
+          CreateSecurityLabelOnProcedure | DropSecurityLabelOnProcedure
+        >(
+          mainProcedure.security_labels,
+          branchProcedure.security_labels,
+          (securityLabel) =>
+            new CreateSecurityLabelOnProcedure({
+              procedure: branchProcedure,
+              securityLabel,
+            }),
+          (securityLabel) =>
+            new DropSecurityLabelOnProcedure({
+              procedure: mainProcedure,
+              securityLabel,
+            }),
+        ),
+      );
       // SECURITY DEFINER/INVOKER
       if (mainProcedure.security_definer !== branchProcedure.security_definer) {
         changes.push(

package/src/core/objects/procedure/procedure.model.ts CHANGED Viewed

@@ -10,6 +10,10 @@ import {
   type ExtractRetryOptions,
   extractWithDefinitionRetry,
 } from "../extract-with-retry.ts";
+import {
+  type SecurityLabelProps,
+  securityLabelPropsSchema,
+} from "../security-label.types.ts";
 const FunctionKindSchema = z.enum([
   "f", // function
@@ -68,6 +72,7 @@ const procedurePropsSchema = z.object({
   owner: z.string(),
   comment: z.string().nullable(),
   privileges: z.array(privilegePropsSchema),
+  security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 // pg_get_functiondef(oid) can return NULL when the function (its pg_proc
@@ -112,6 +117,7 @@ export class Procedure extends BasePgModel {
   public readonly owner: ProcedureProps["owner"];
   public readonly comment: ProcedureProps["comment"];
   public readonly privileges: ProcedurePrivilegeProps[];
+  public readonly security_labels: SecurityLabelProps[];
   constructor(props: ProcedureProps) {
     super();
@@ -148,6 +154,7 @@ export class Procedure extends BasePgModel {
     this.owner = props.owner;
     this.comment = props.comment;
     this.privileges = props.privileges;
+    this.security_labels = props.security_labels ?? [];
   }
   get stableId(): `procedure:${string}` {
@@ -192,6 +199,7 @@ export class Procedure extends BasePgModel {
       owner: this.owner,
       comment: this.comment,
       privileges: this.privileges,
+      security_labels: this.security_labels,
     };
   }
 }
@@ -265,7 +273,20 @@ select
       )
       from lateral aclexplode(COALESCE(p.proacl, acldefault('f', p.proowner))) as x(grantor, grantee, privilege_type, is_grantable)
     ), '[]'
-  ) as privileges
+  ) as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = p.oid
+        and sl.classoid = 'pg_proc'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_proc p
   inner join pg_catalog.pg_language l on l.oid = p.prolang
@@ -283,5 +304,5 @@ order by
   const validatedRows = procedureRows.filter(
     (row): row is ProcedureProps => row.definition !== null,
   );
-  return validatedRows.map((row: ProcedureProps) => new Procedure(row));
+  return validatedRows.map((row) => new Procedure(row));
 }

package/src/core/objects/publication/changes/publication.base.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import type { Publication } from "../publication.model.ts";
 abstract class BasePublicationChange extends BaseChange {
   abstract readonly publication: Publication;
-  abstract readonly scope: "object" | "comment";
+  abstract readonly scope: "object" | "comment" | "security_label";
   readonly objectType = "publication" as const;
 }

package/src/core/objects/publication/changes/publication.security-label.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { Publication } from "../publication.model.ts";
+import {
+  CreatePublicationChange,
+  DropPublicationChange,
+} from "./publication.base.ts";
+export type SecurityLabelPublication =
+  | CreateSecurityLabelOnPublication
+  | DropSecurityLabelOnPublication;
+export class CreateSecurityLabelOnPublication extends CreatePublicationChange {
+  public readonly publication: Publication;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    publication: Publication;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.publication = props.publication;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(
+        this.publication.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [this.publication.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON PUBLICATION",
+      this.publication.name,
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnPublication extends DropPublicationChange {
+  public readonly publication: Publication;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    publication: Publication;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.publication = props.publication;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(
+        this.publication.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(
+        this.publication.stableId,
+        this.securityLabel.provider,
+      ),
+      this.publication.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON PUBLICATION",
+      this.publication.name,
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/publication/changes/publication.types.ts CHANGED Viewed

@@ -10,6 +10,7 @@ import type {
 import type { CommentPublication } from "./publication.comment.ts";
 import type { CreatePublication } from "./publication.create.ts";
 import type { DropPublication } from "./publication.drop.ts";
+import type { SecurityLabelPublication } from "./publication.security-label.ts";
 /** Union of all publication-related change variants (`objectType: "publication"`). @category Change Types */
 export type PublicationChange =
@@ -22,4 +23,5 @@ export type PublicationChange =
   | AlterPublicationSetOwner
   | CommentPublication
   | CreatePublication
-  | DropPublication;
+  | DropPublication
+  | SecurityLabelPublication;