npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.22 → 1.0.0-alpha.24 - Mend

@supabase/pg-delta 1.0.0-alpha.22 → 1.0.0-alpha.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/src/core/objects/sequence/sequence.model.ts CHANGED Viewed

@@ -6,6 +6,10 @@ import {
   type PrivilegeProps,
   privilegePropsSchema,
 } from "../base.privilege-diff.ts";
+import {
+  type SecurityLabelProps,
+  securityLabelPropsSchema,
+} from "../security-label.types.ts";
 const sequencePropsSchema = z.object({
   schema: z.string(),
@@ -24,6 +28,7 @@ const sequencePropsSchema = z.object({
   comment: z.string().nullable(),
   privileges: z.array(privilegePropsSchema),
   owner: z.string(),
+  security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 type SequencePrivilegeProps = PrivilegeProps;
@@ -46,6 +51,7 @@ export class Sequence extends BasePgModel {
   public readonly comment: SequenceProps["comment"];
   public readonly privileges: SequencePrivilegeProps[];
   public readonly owner: SequenceProps["owner"];
+  public readonly security_labels: SecurityLabelProps[];
   constructor(props: SequenceProps) {
     super();
@@ -69,6 +75,7 @@ export class Sequence extends BasePgModel {
     this.comment = props.comment;
     this.privileges = props.privileges;
     this.owner = props.owner;
+    this.security_labels = props.security_labels ?? [];
   }
   get stableId(): `sequence:${string}` {
@@ -98,6 +105,7 @@ export class Sequence extends BasePgModel {
       comment: this.comment,
       privileges: this.privileges,
       owner: this.owner,
+      security_labels: this.security_labels,
     };
   }
 }
@@ -151,7 +159,20 @@ select
       from lateral aclexplode(COALESCE(c.relacl, acldefault('S', c.relowner))) as x(grantor, grantee, privilege_type, is_grantable)
     ), '[]'
   ) as privileges,
-  c.relowner::regrole::text as owner
+  c.relowner::regrole::text as owner,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = c.oid
+        and sl.classoid = 'pg_class'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_class c
   inner join pg_catalog.pg_sequence s on s.seqrelid = c.oid

package/src/core/objects/subscription/changes/subscription.base.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import type { Subscription } from "../subscription.model.ts";
 abstract class BaseSubscriptionChange extends BaseChange {
   abstract readonly subscription: Subscription;
-  abstract readonly scope: "object" | "comment";
+  abstract readonly scope: "object" | "comment" | "security_label";
   readonly objectType = "subscription" as const;
 }

package/src/core/objects/subscription/changes/subscription.security-label.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { Subscription } from "../subscription.model.ts";
+import {
+  CreateSubscriptionChange,
+  DropSubscriptionChange,
+} from "./subscription.base.ts";
+export type SecurityLabelSubscription =
+  | CreateSecurityLabelOnSubscription
+  | DropSecurityLabelOnSubscription;
+export class CreateSecurityLabelOnSubscription extends CreateSubscriptionChange {
+  public readonly subscription: Subscription;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    subscription: Subscription;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.subscription = props.subscription;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(
+        this.subscription.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [this.subscription.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON SUBSCRIPTION",
+      this.subscription.name,
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnSubscription extends DropSubscriptionChange {
+  public readonly subscription: Subscription;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    subscription: Subscription;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.subscription = props.subscription;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(
+        this.subscription.stableId,
+        this.securityLabel.provider,
+      ),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(
+        this.subscription.stableId,
+        this.securityLabel.provider,
+      ),
+      this.subscription.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON SUBSCRIPTION",
+      this.subscription.name,
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/subscription/changes/subscription.types.ts CHANGED Viewed

@@ -9,6 +9,7 @@ import type {
 import type { CommentSubscription } from "./subscription.comment.ts";
 import type { CreateSubscription } from "./subscription.create.ts";
 import type { DropSubscription } from "./subscription.drop.ts";
+import type { SecurityLabelSubscription } from "./subscription.security-label.ts";
 /** Union of all subscription-related change variants (`objectType: "subscription"`). @category Change Types */
 export type SubscriptionChange =
@@ -20,4 +21,5 @@ export type SubscriptionChange =
   | AlterSubscriptionDisable
   | AlterSubscriptionSetOptions
   | AlterSubscriptionSetOwner
-  | CommentSubscription;
+  | CommentSubscription
+  | SecurityLabelSubscription;

package/src/core/objects/subscription/subscription.diff.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { diffObjects } from "../base.diff.ts";
 import type { ObjectDiffContext } from "../diff-context.ts";
+import { diffSecurityLabels } from "../security-label.types.ts";
 import { hasNonAlterableChanges } from "../utils.ts";
 import {
   AlterSubscriptionDisable,
@@ -15,6 +16,10 @@ import {
 } from "./changes/subscription.comment.ts";
 import { CreateSubscription } from "./changes/subscription.create.ts";
 import { DropSubscription } from "./changes/subscription.drop.ts";
+import {
+  CreateSecurityLabelOnSubscription,
+  DropSecurityLabelOnSubscription,
+} from "./changes/subscription.security-label.ts";
 import type { SubscriptionChange } from "./changes/subscription.types.ts";
 import type { Subscription } from "./subscription.model.ts";
 import type { SubscriptionSettableOption } from "./utils.ts";
@@ -61,6 +66,14 @@ export function diffSubscriptions(
     if (subscription.comment !== null) {
       changes.push(new CreateCommentOnSubscription({ subscription }));
     }
+    for (const label of subscription.security_labels) {
+      changes.push(
+        new CreateSecurityLabelOnSubscription({
+          subscription,
+          securityLabel: label,
+        }),
+      );
+    }
   }
   for (const id of dropped) {
@@ -236,6 +249,26 @@ export function diffSubscriptions(
         );
       }
     }
+    // SECURITY LABELS
+    changes.push(
+      ...diffSecurityLabels<
+        CreateSecurityLabelOnSubscription | DropSecurityLabelOnSubscription
+      >(
+        mainSubscription.security_labels,
+        branchSubscription.security_labels,
+        (securityLabel) =>
+          new CreateSecurityLabelOnSubscription({
+            subscription: branchSubscription,
+            securityLabel,
+          }),
+        (securityLabel) =>
+          new DropSecurityLabelOnSubscription({
+            subscription: mainSubscription,
+            securityLabel,
+          }),
+      ),
+    );
   }
   return changes;

package/src/core/objects/subscription/subscription.model.ts CHANGED Viewed

@@ -2,6 +2,10 @@ import type { Pool } from "pg";
 import z from "zod";
 import { extractVersion } from "../../context.ts";
 import { BasePgModel } from "../base.model.ts";
+import {
+  type SecurityLabelProps,
+  securityLabelPropsSchema,
+} from "../security-label.types.ts";
 const subscriptionPropsSchema = z.object({
   name: z.string(),
@@ -23,6 +27,7 @@ const subscriptionPropsSchema = z.object({
   synchronous_commit: z.string(),
   publications: z.array(z.string()),
   origin: z.enum(["any", "none"]),
+  security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 export type SubscriptionProps = z.infer<typeof subscriptionPropsSchema>;
@@ -47,6 +52,7 @@ export class Subscription extends BasePgModel {
   public readonly synchronous_commit: SubscriptionProps["synchronous_commit"];
   public readonly publications: SubscriptionProps["publications"];
   public readonly origin: SubscriptionProps["origin"];
+  public readonly security_labels: SecurityLabelProps[];
   constructor(props: SubscriptionProps) {
     super();
@@ -72,6 +78,7 @@ export class Subscription extends BasePgModel {
       a.localeCompare(b),
     );
     this.origin = props.origin;
+    this.security_labels = props.security_labels ?? [];
   }
   get stableId(): `subscription:${string}` {
@@ -104,6 +111,7 @@ export class Subscription extends BasePgModel {
       synchronous_commit: this.synchronous_commit,
       publications: this.publications,
       origin: this.origin,
+      security_labels: this.security_labels,
     };
   }
 }
@@ -173,7 +181,20 @@ export async function extractSubscriptions(
           ),
           '[]'::json
         ) as publications,
-        ${originExpr} as origin
+        ${originExpr} as origin,
+        coalesce(
+          (
+            select json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              order by sl.provider
+            )
+            from pg_catalog.pg_seclabel sl
+            where sl.objoid = s.oid
+              and sl.classoid = 'pg_subscription'::regclass
+              and sl.objsubid = 0
+          ),
+          '[]'::json
+        ) as security_labels
       from scoped_subscriptions s
       left join pg_replication_slots r
         on r.slot_name = s.subslotname

package/src/core/objects/table/changes/table.base.ts CHANGED Viewed

@@ -3,7 +3,11 @@ import type { Table } from "../table.model.ts";
 abstract class BaseTableChange extends BaseChange {
   abstract readonly table: Table;
-  abstract readonly scope: "object" | "comment" | "privilege";
+  abstract readonly scope:
+    | "object"
+    | "comment"
+    | "privilege"
+    | "security_label";
   readonly objectType: "table" = "table";
 }

package/src/core/objects/table/changes/table.security-label.test.ts ADDED Viewed

@@ -0,0 +1,140 @@
+import { describe, expect, test } from "bun:test";
+import { assertValidSql } from "../../../test-utils/assert-valid-sql.ts";
+import type { ColumnProps } from "../../base.model.ts";
+import { stableId } from "../../utils.ts";
+import { Table, type TableProps } from "../table.model.ts";
+import {
+  CreateSecurityLabelOnColumn,
+  CreateSecurityLabelOnTable,
+  DropSecurityLabelOnColumn,
+  DropSecurityLabelOnTable,
+} from "./table.security-label.ts";
+const makeColumn = (overrides: Partial<ColumnProps> = {}): ColumnProps => ({
+  name: "id",
+  position: 1,
+  data_type: "integer",
+  data_type_str: "integer",
+  is_custom_type: false,
+  custom_type_type: null,
+  custom_type_category: null,
+  custom_type_schema: null,
+  custom_type_name: null,
+  not_null: false,
+  is_identity: false,
+  is_identity_always: false,
+  is_generated: false,
+  collation: null,
+  default: null,
+  comment: null,
+  ...overrides,
+});
+const makeTable = (): Table =>
+  new Table({
+    schema: "public",
+    name: "users",
+    persistence: "p",
+    row_security: false,
+    force_row_security: false,
+    has_indexes: false,
+    has_rules: false,
+    has_triggers: false,
+    has_subclasses: false,
+    is_populated: true,
+    replica_identity: "d",
+    is_partition: false,
+    options: null,
+    partition_bound: null,
+    partition_by: null,
+    owner: "postgres",
+    comment: null,
+    parent_schema: null,
+    parent_name: null,
+    columns: [makeColumn({ name: "email" })],
+    privileges: [],
+    security_labels: [],
+  } as TableProps);
+describe("table.security-label", () => {
+  test("table create serializes and tracks dependencies", async () => {
+    const table = makeTable();
+    const change = new CreateSecurityLabelOnTable({
+      table,
+      securityLabel: { provider: "dummy", label: "classified" },
+    });
+    expect(change.scope).toBe("security_label");
+    expect(change.objectType).toBe("table");
+    expect(change.operation).toBe("create");
+    expect(change.creates).toEqual([
+      stableId.securityLabel(table.stableId, "dummy"),
+    ]);
+    expect(change.requires).toEqual([table.stableId]);
+    await assertValidSql(change.serialize());
+    expect(change.serialize()).toBe(
+      "SECURITY LABEL FOR dummy ON TABLE public.users IS 'classified'",
+    );
+  });
+  test("table drop serializes to IS NULL", async () => {
+    const table = makeTable();
+    const change = new DropSecurityLabelOnTable({
+      table,
+      securityLabel: { provider: "dummy", label: "classified" },
+    });
+    expect(change.drops).toEqual([
+      stableId.securityLabel(table.stableId, "dummy"),
+    ]);
+    expect(change.requires).toEqual([
+      stableId.securityLabel(table.stableId, "dummy"),
+      table.stableId,
+    ]);
+    await assertValidSql(change.serialize());
+    expect(change.serialize()).toBe(
+      "SECURITY LABEL FOR dummy ON TABLE public.users IS NULL",
+    );
+  });
+  test("column create serializes and tracks dependencies", async () => {
+    const table = makeTable();
+    const column = makeColumn({ name: "email" });
+    const change = new CreateSecurityLabelOnColumn({
+      table,
+      column,
+      securityLabel: { provider: "dummy", label: "classified" },
+    });
+    const colStableId = stableId.column(table.schema, table.name, column.name);
+    expect(change.creates).toEqual([
+      stableId.securityLabel(colStableId, "dummy"),
+    ]);
+    expect(change.requires).toEqual([colStableId]);
+    await assertValidSql(change.serialize());
+    expect(change.serialize()).toBe(
+      "SECURITY LABEL FOR dummy ON COLUMN public.users.email IS 'classified'",
+    );
+  });
+  test("column drop serializes to IS NULL", async () => {
+    const table = makeTable();
+    const column = makeColumn({ name: "email" });
+    const change = new DropSecurityLabelOnColumn({
+      table,
+      column,
+      securityLabel: { provider: "dummy", label: "x" },
+    });
+    const colStableId = stableId.column(table.schema, table.name, column.name);
+    expect(change.drops).toEqual([
+      stableId.securityLabel(colStableId, "dummy"),
+    ]);
+    expect(change.requires).toEqual([
+      stableId.securityLabel(colStableId, "dummy"),
+      colStableId,
+    ]);
+    await assertValidSql(change.serialize());
+    expect(change.serialize()).toBe(
+      "SECURITY LABEL FOR dummy ON COLUMN public.users.email IS NULL",
+    );
+  });
+});

package/src/core/objects/table/changes/table.security-label.ts ADDED Viewed

@@ -0,0 +1,183 @@
+import { quoteLiteral } from "../../base.change.ts";
+import type { ColumnProps } from "../../base.model.ts";
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import { stableId } from "../../utils.ts";
+import type { Table } from "../table.model.ts";
+import { CreateTableChange, DropTableChange } from "./table.base.ts";
+export type SecurityLabelTable =
+  | CreateSecurityLabelOnTable
+  | DropSecurityLabelOnTable
+  | CreateSecurityLabelOnColumn
+  | DropSecurityLabelOnColumn;
+/**
+ * SECURITY LABEL FOR <provider> ON TABLE <schema>.<table> IS <literal>
+ */
+export class CreateSecurityLabelOnTable extends CreateTableChange {
+  public readonly table: Table;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: { table: Table; securityLabel: SecurityLabelProps }) {
+    super();
+    this.table = props.table;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    return [
+      stableId.securityLabel(this.table.stableId, this.securityLabel.provider),
+    ];
+  }
+  get requires() {
+    return [this.table.stableId];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON TABLE",
+      `${this.table.schema}.${this.table.name}`,
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnTable extends DropTableChange {
+  public readonly table: Table;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: { table: Table; securityLabel: SecurityLabelProps }) {
+    super();
+    this.table = props.table;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    return [
+      stableId.securityLabel(this.table.stableId, this.securityLabel.provider),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.securityLabel(this.table.stableId, this.securityLabel.provider),
+      this.table.stableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON TABLE",
+      `${this.table.schema}.${this.table.name}`,
+      "IS NULL",
+    ].join(" ");
+  }
+}
+/**
+ * SECURITY LABEL FOR <provider> ON COLUMN <schema>.<table>.<column> IS <literal>
+ */
+export class CreateSecurityLabelOnColumn extends CreateTableChange {
+  public readonly table: Table;
+  public readonly column: ColumnProps;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    table: Table;
+    column: ColumnProps;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.table = props.table;
+    this.column = props.column;
+    this.securityLabel = props.securityLabel;
+  }
+  get creates() {
+    const columnStableId = stableId.column(
+      this.table.schema,
+      this.table.name,
+      this.column.name,
+    );
+    return [
+      stableId.securityLabel(columnStableId, this.securityLabel.provider),
+    ];
+  }
+  get requires() {
+    return [
+      stableId.column(this.table.schema, this.table.name, this.column.name),
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON COLUMN",
+      `${this.table.schema}.${this.table.name}.${this.column.name}`,
+      "IS",
+      quoteLiteral(this.securityLabel.label),
+    ].join(" ");
+  }
+}
+export class DropSecurityLabelOnColumn extends DropTableChange {
+  public readonly table: Table;
+  public readonly column: ColumnProps;
+  public readonly securityLabel: SecurityLabelProps;
+  public readonly scope = "security_label" as const;
+  constructor(props: {
+    table: Table;
+    column: ColumnProps;
+    securityLabel: SecurityLabelProps;
+  }) {
+    super();
+    this.table = props.table;
+    this.column = props.column;
+    this.securityLabel = props.securityLabel;
+  }
+  get drops() {
+    const columnStableId = stableId.column(
+      this.table.schema,
+      this.table.name,
+      this.column.name,
+    );
+    return [
+      stableId.securityLabel(columnStableId, this.securityLabel.provider),
+    ];
+  }
+  get requires() {
+    const columnStableId = stableId.column(
+      this.table.schema,
+      this.table.name,
+      this.column.name,
+    );
+    return [
+      stableId.securityLabel(columnStableId, this.securityLabel.provider),
+      columnStableId,
+    ];
+  }
+  serialize(): string {
+    return [
+      "SECURITY LABEL FOR",
+      this.securityLabel.provider,
+      "ON COLUMN",
+      `${this.table.schema}.${this.table.name}.${this.column.name}`,
+      "IS NULL",
+    ].join(" ");
+  }
+}

package/src/core/objects/table/changes/table.types.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import type { CommentTable } from "./table.comment.ts";
 import type { CreateTable } from "./table.create.ts";
 import type { DropTable } from "./table.drop.ts";
 import type { TablePrivilege } from "./table.privilege.ts";
+import type { SecurityLabelTable } from "./table.security-label.ts";
 /** Union of all table-related change variants (`objectType: "table"`). @category Change Types */
 export type TableChange =
@@ -10,4 +11,5 @@ export type TableChange =
   | CommentTable
   | CreateTable
   | DropTable
-  | TablePrivilege;
+  | TablePrivilege
+  | SecurityLabelTable;