npm - @supabase/pg-delta - Versions diffs - 1.0.0-alpha.22 → 1.0.0-alpha.24 - Mend

@supabase/pg-delta 1.0.0-alpha.22 → 1.0.0-alpha.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/dist/core/objects/materialized-view/materialized-view.model.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import z from "zod";
 import { BasePgModel, type TableLikeObject } from "../base.model.ts";
 import { type PrivilegeProps } from "../base.privilege-diff.ts";
 import { type ExtractRetryOptions } from "../extract-with-retry.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 declare const materializedViewPropsSchema: z.ZodObject<{
     schema: z.ZodString;
     name: z.ZodString;
@@ -42,6 +43,10 @@ declare const materializedViewPropsSchema: z.ZodObject<{
         collation: z.ZodNullable<z.ZodString>;
         default: z.ZodNullable<z.ZodString>;
         comment: z.ZodNullable<z.ZodString>;
+        security_labels: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            provider: z.ZodString;
+            label: z.ZodString;
+        }, z.z.core.$strip>>>;
     }, z.z.core.$strip>>;
     privileges: z.ZodArray<z.ZodObject<{
         grantee: z.ZodString;
@@ -49,6 +54,10 @@ declare const materializedViewPropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 type MaterializedViewPrivilegeProps = PrivilegeProps;
 export type MaterializedViewProps = z.infer<typeof materializedViewPropsSchema>;
@@ -71,6 +80,7 @@ export declare class MaterializedView extends BasePgModel implements TableLikeOb
     readonly comment: MaterializedViewProps["comment"];
     readonly columns: MaterializedViewProps["columns"];
     readonly privileges: MaterializedViewPrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: MaterializedViewProps);
     get stableId(): `materializedView:${string}`;
     get identityFields(): {
@@ -109,6 +119,10 @@ export declare class MaterializedView extends BasePgModel implements TableLikeOb
             collation: string | null;
             default: string | null;
             comment: string | null;
+            security_labels?: {
+                provider: string;
+                label: string;
+            }[] | undefined;
         }[];
         privileges: {
             grantee: string;
@@ -116,6 +130,10 @@ export declare class MaterializedView extends BasePgModel implements TableLikeOb
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
     stableSnapshot(): {
         identity: {
@@ -126,6 +144,10 @@ export declare class MaterializedView extends BasePgModel implements TableLikeOb
             columns: {
                 [x: string]: unknown;
             }[];
+            security_labels: {
+                provider: string;
+                label: string;
+            }[];
             definition: string;
             row_security: boolean;
             force_row_security: boolean;

package/dist/core/objects/materialized-view/materialized-view.model.js CHANGED Viewed

@@ -3,6 +3,7 @@ import z from "zod";
 import { BasePgModel, columnPropsSchema, } from "../base.model.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
 import { extractWithDefinitionRetry, } from "../extract-with-retry.js";
+import { normalizeSecurityLabels, securityLabelPropsSchema, } from "../security-label.types.js";
 import { ReplicaIdentitySchema } from "../table/table.model.js";
 const materializedViewPropsSchema = z.object({
     schema: z.string(),
@@ -23,6 +24,7 @@ const materializedViewPropsSchema = z.object({
     comment: z.string().nullable(),
     columns: z.array(columnPropsSchema),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 // pg_get_viewdef(oid) can return NULL when the underlying matview (or its
 // pg_rewrite row) is dropped between catalog scan and resolution, or under
@@ -51,6 +53,7 @@ export class MaterializedView extends BasePgModel {
     comment;
     columns;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -73,6 +76,7 @@ export class MaterializedView extends BasePgModel {
         this.comment = props.comment;
         this.columns = props.columns;
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `materializedView:${this.schema}.${this.name}`;
@@ -101,6 +105,7 @@ export class MaterializedView extends BasePgModel {
             comment: this.comment,
             columns: this.columns,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
     stableSnapshot() {
@@ -119,6 +124,7 @@ export class MaterializedView extends BasePgModel {
             data: {
                 ...this.dataFields,
                 columns: normalizeColumns(),
+                security_labels: normalizeSecurityLabels(this.security_labels),
             },
         };
     }
@@ -219,7 +225,20 @@ select
       join lateral aclexplode(src.acl) as x(grantor, grantee, privilege_type, is_grantable) on true
       group by x.grantee, x.privilege_type
     ) as grp
-  ), '[]') as privileges
+  ), '[]') as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = c.oid
+        and sl.classoid = 'pg_class'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_class c
   left outer join extension_oids e on c.oid = e.objid

package/dist/core/objects/procedure/changes/procedure.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
 import type { Procedure } from "../procedure.model.ts";
 declare abstract class BaseProcedureChange extends BaseChange {
     abstract readonly procedure: Procedure;
-    abstract readonly scope: "object" | "comment" | "privilege";
+    abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
     readonly objectType: "procedure";
 }
 export declare abstract class CreateProcedureChange extends BaseProcedureChange {

package/dist/core/objects/procedure/changes/procedure.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import type { Procedure } from "../procedure.model.ts";
+import { CreateProcedureChange, DropProcedureChange } from "./procedure.base.ts";
+export type SecurityLabelProcedure = CreateSecurityLabelOnProcedure | DropSecurityLabelOnProcedure;
+export declare class CreateSecurityLabelOnProcedure extends CreateProcedureChange {
+    readonly procedure: Procedure;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        procedure: Procedure;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `procedure:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnProcedure extends DropProcedureChange {
+    readonly procedure: Procedure;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        procedure: Procedure;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `procedure:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/procedure/changes/procedure.security-label.js ADDED Viewed

@@ -0,0 +1,69 @@
+import { quoteLiteral } from "../../base.change.js";
+import { stableId } from "../../utils.js";
+import { CreateProcedureChange, DropProcedureChange, } from "./procedure.base.js";
+function targetKeyword(p) {
+    return p.kind === "p" ? "PROCEDURE" : "FUNCTION";
+}
+function procedureIdentity(p) {
+    return `${p.schema}.${p.name}(${(p.argument_types ?? []).join(",")})`;
+}
+export class CreateSecurityLabelOnProcedure extends CreateProcedureChange {
+    procedure;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.procedure = props.procedure;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.procedure.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.procedure.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON",
+            targetKeyword(this.procedure),
+            procedureIdentity(this.procedure),
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnProcedure extends DropProcedureChange {
+    procedure;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.procedure = props.procedure;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.procedure.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.procedure.stableId, this.securityLabel.provider),
+            this.procedure.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON",
+            targetKeyword(this.procedure),
+            procedureIdentity(this.procedure),
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/procedure/changes/procedure.types.d.ts CHANGED Viewed

@@ -3,5 +3,6 @@ import type { CommentProcedure } from "./procedure.comment.ts";
 import type { CreateProcedure } from "./procedure.create.ts";
 import type { DropProcedure } from "./procedure.drop.ts";
 import type { ProcedurePrivilege } from "./procedure.privilege.ts";
+import type { SecurityLabelProcedure } from "./procedure.security-label.ts";
 /** Union of all procedure-related change variants (`objectType: "procedure"`). @category Change Types */
-export type ProcedureChange = AlterProcedure | CommentProcedure | CreateProcedure | DropProcedure | ProcedurePrivilege;
+export type ProcedureChange = AlterProcedure | CommentProcedure | CreateProcedure | DropProcedure | ProcedurePrivilege | SecurityLabelProcedure;

package/dist/core/objects/procedure/procedure.diff.js CHANGED Viewed

@@ -1,11 +1,13 @@
 import { diffObjects } from "../base.diff.js";
 import { diffPrivileges, emitObjectPrivilegeChanges, filterPublicBuiltInDefaults, } from "../base.privilege-diff.js";
+import { diffSecurityLabels } from "../security-label.types.js";
 import { deepEqual, hasNonAlterableChanges } from "../utils.js";
 import { AlterProcedureChangeOwner, AlterProcedureSetConfig, AlterProcedureSetLeakproof, AlterProcedureSetParallel, AlterProcedureSetSecurity, AlterProcedureSetStrictness, AlterProcedureSetVolatility, } from "./changes/procedure.alter.js";
 import { CreateCommentOnProcedure, DropCommentOnProcedure, } from "./changes/procedure.comment.js";
 import { CreateProcedure } from "./changes/procedure.create.js";
 import { DropProcedure } from "./changes/procedure.drop.js";
 import { GrantProcedurePrivileges, RevokeGrantOptionProcedurePrivileges, RevokeProcedurePrivileges, } from "./changes/procedure.privilege.js";
+import { CreateSecurityLabelOnProcedure, DropSecurityLabelOnProcedure, } from "./changes/procedure.security-label.js";
 /**
  * Diff two sets of procedures from main and branch catalogs.
  *
@@ -30,6 +32,12 @@ export function diffProcedures(ctx, main, branch) {
         if (proc.comment !== null) {
             changes.push(new CreateCommentOnProcedure({ procedure: proc }));
         }
+        for (const label of proc.security_labels) {
+            changes.push(new CreateSecurityLabelOnProcedure({
+                procedure: proc,
+                securityLabel: label,
+            }));
+        }
         // PRIVILEGES: For created objects, compare against default privileges state
         // The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
         // so objects are created with the default privileges state in effect.
@@ -139,6 +147,14 @@ export function diffProcedures(ctx, main, branch) {
                     changes.push(new CreateCommentOnProcedure({ procedure: branchProcedure }));
                 }
             }
+            // SECURITY LABELS
+            changes.push(...diffSecurityLabels(mainProcedure.security_labels, branchProcedure.security_labels, (securityLabel) => new CreateSecurityLabelOnProcedure({
+                procedure: branchProcedure,
+                securityLabel,
+            }), (securityLabel) => new DropSecurityLabelOnProcedure({
+                procedure: mainProcedure,
+                securityLabel,
+            })));
             // SECURITY DEFINER/INVOKER
             if (mainProcedure.security_definer !== branchProcedure.security_definer) {
                 changes.push(new AlterProcedureSetSecurity({

package/dist/core/objects/procedure/procedure.model.d.ts CHANGED Viewed

@@ -3,6 +3,7 @@ import z from "zod";
 import { BasePgModel } from "../base.model.ts";
 import { type PrivilegeProps } from "../base.privilege-diff.ts";
 import { type ExtractRetryOptions } from "../extract-with-retry.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 declare const procedurePropsSchema: z.ZodObject<{
     schema: z.ZodString;
     name: z.ZodString;
@@ -57,6 +58,10 @@ declare const procedurePropsSchema: z.ZodObject<{
         grantable: z.ZodBoolean;
         columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     }, z.z.core.$strip>>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 type ProcedurePrivilegeProps = PrivilegeProps;
 export type ProcedureProps = z.infer<typeof procedurePropsSchema>;
@@ -90,6 +95,7 @@ export declare class Procedure extends BasePgModel {
     readonly owner: ProcedureProps["owner"];
     readonly comment: ProcedureProps["comment"];
     readonly privileges: ProcedurePrivilegeProps[];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: ProcedureProps);
     get stableId(): `procedure:${string}`;
     get identityFields(): {
@@ -127,6 +133,10 @@ export declare class Procedure extends BasePgModel {
             grantable: boolean;
             columns?: string[] | null | undefined;
         }[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
 }
 export declare function extractProcedures(pool: Pool, options?: ExtractRetryOptions): Promise<Procedure[]>;

package/dist/core/objects/procedure/procedure.model.js CHANGED Viewed

@@ -3,6 +3,7 @@ import z from "zod";
 import { BasePgModel } from "../base.model.js";
 import { privilegePropsSchema, } from "../base.privilege-diff.js";
 import { extractWithDefinitionRetry, } from "../extract-with-retry.js";
+import { securityLabelPropsSchema, } from "../security-label.types.js";
 const FunctionKindSchema = z.enum([
     "f", // function
     "p", // procedure
@@ -56,6 +57,7 @@ const procedurePropsSchema = z.object({
     owner: z.string(),
     comment: z.string().nullable(),
     privileges: z.array(privilegePropsSchema),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 // pg_get_functiondef(oid) can return NULL when the function (its pg_proc
 // row) is dropped between catalog scan and resolution, or under transient
@@ -95,6 +97,7 @@ export class Procedure extends BasePgModel {
     owner;
     comment;
     privileges;
+    security_labels;
     constructor(props) {
         super();
         // Identity fields
@@ -128,6 +131,7 @@ export class Procedure extends BasePgModel {
         this.owner = props.owner;
         this.comment = props.comment;
         this.privileges = props.privileges;
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         const args = this.argument_types?.join(",") ?? "";
@@ -169,6 +173,7 @@ export class Procedure extends BasePgModel {
             owner: this.owner,
             comment: this.comment,
             privileges: this.privileges,
+            security_labels: this.security_labels,
         };
     }
 }
@@ -238,7 +243,20 @@ select
       )
       from lateral aclexplode(COALESCE(p.proacl, acldefault('f', p.proowner))) as x(grantor, grantee, privilege_type, is_grantable)
     ), '[]'
-  ) as privileges
+  ) as privileges,
+  coalesce(
+    (
+      select json_agg(
+        json_build_object('provider', sl.provider, 'label', sl.label)
+        order by sl.provider
+      )
+      from pg_catalog.pg_seclabel sl
+      where sl.objoid = p.oid
+        and sl.classoid = 'pg_proc'::regclass
+        and sl.objsubid = 0
+    ),
+    '[]'::json
+  ) as security_labels
 from
   pg_catalog.pg_proc p
   inner join pg_catalog.pg_language l on l.oid = p.prolang

package/dist/core/objects/publication/changes/publication.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
 import type { Publication } from "../publication.model.ts";
 declare abstract class BasePublicationChange extends BaseChange {
     abstract readonly publication: Publication;
-    abstract readonly scope: "object" | "comment";
+    abstract readonly scope: "object" | "comment" | "security_label";
     readonly objectType: "publication";
 }
 export declare abstract class CreatePublicationChange extends BasePublicationChange {

package/dist/core/objects/publication/changes/publication.security-label.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import type { SecurityLabelProps } from "../../security-label.types.ts";
+import type { Publication } from "../publication.model.ts";
+import { CreatePublicationChange, DropPublicationChange } from "./publication.base.ts";
+export type SecurityLabelPublication = CreateSecurityLabelOnPublication | DropSecurityLabelOnPublication;
+export declare class CreateSecurityLabelOnPublication extends CreatePublicationChange {
+    readonly publication: Publication;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        publication: Publication;
+        securityLabel: SecurityLabelProps;
+    });
+    get creates(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): `publication:${string}`[];
+    serialize(): string;
+}
+export declare class DropSecurityLabelOnPublication extends DropPublicationChange {
+    readonly publication: Publication;
+    readonly securityLabel: SecurityLabelProps;
+    readonly scope: "security_label";
+    constructor(props: {
+        publication: Publication;
+        securityLabel: SecurityLabelProps;
+    });
+    get drops(): `securityLabel:${string}::provider:${string}`[];
+    get requires(): (`securityLabel:${string}::provider:${string}` | `publication:${string}`)[];
+    serialize(): string;
+}

package/dist/core/objects/publication/changes/publication.security-label.js ADDED Viewed

@@ -0,0 +1,61 @@
+import { quoteLiteral } from "../../base.change.js";
+import { stableId } from "../../utils.js";
+import { CreatePublicationChange, DropPublicationChange, } from "./publication.base.js";
+export class CreateSecurityLabelOnPublication extends CreatePublicationChange {
+    publication;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.publication = props.publication;
+        this.securityLabel = props.securityLabel;
+    }
+    get creates() {
+        return [
+            stableId.securityLabel(this.publication.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [this.publication.stableId];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON PUBLICATION",
+            this.publication.name,
+            "IS",
+            quoteLiteral(this.securityLabel.label),
+        ].join(" ");
+    }
+}
+export class DropSecurityLabelOnPublication extends DropPublicationChange {
+    publication;
+    securityLabel;
+    scope = "security_label";
+    constructor(props) {
+        super();
+        this.publication = props.publication;
+        this.securityLabel = props.securityLabel;
+    }
+    get drops() {
+        return [
+            stableId.securityLabel(this.publication.stableId, this.securityLabel.provider),
+        ];
+    }
+    get requires() {
+        return [
+            stableId.securityLabel(this.publication.stableId, this.securityLabel.provider),
+            this.publication.stableId,
+        ];
+    }
+    serialize() {
+        return [
+            "SECURITY LABEL FOR",
+            this.securityLabel.provider,
+            "ON PUBLICATION",
+            this.publication.name,
+            "IS NULL",
+        ].join(" ");
+    }
+}

package/dist/core/objects/publication/changes/publication.types.d.ts CHANGED Viewed

@@ -2,5 +2,6 @@ import type { AlterPublicationAddSchemas, AlterPublicationAddTables, AlterPublic
 import type { CommentPublication } from "./publication.comment.ts";
 import type { CreatePublication } from "./publication.create.ts";
 import type { DropPublication } from "./publication.drop.ts";
+import type { SecurityLabelPublication } from "./publication.security-label.ts";
 /** Union of all publication-related change variants (`objectType: "publication"`). @category Change Types */
-export type PublicationChange = AlterPublicationAddSchemas | AlterPublicationAddTables | AlterPublicationDropSchemas | AlterPublicationDropTables | AlterPublicationSetList | AlterPublicationSetOptions | AlterPublicationSetOwner | CommentPublication | CreatePublication | DropPublication;
+export type PublicationChange = AlterPublicationAddSchemas | AlterPublicationAddTables | AlterPublicationDropSchemas | AlterPublicationDropTables | AlterPublicationSetList | AlterPublicationSetOptions | AlterPublicationSetOwner | CommentPublication | CreatePublication | DropPublication | SecurityLabelPublication;

package/dist/core/objects/publication/publication.diff.js CHANGED Viewed

@@ -1,9 +1,11 @@
 import { diffObjects } from "../base.diff.js";
+import { diffSecurityLabels } from "../security-label.types.js";
 import { deepEqual } from "../utils.js";
 import { AlterPublicationAddSchemas, AlterPublicationAddTables, AlterPublicationDropSchemas, AlterPublicationDropTables, AlterPublicationSetOptions, AlterPublicationSetOwner, } from "./changes/publication.alter.js";
 import { CreateCommentOnPublication, DropCommentOnPublication, } from "./changes/publication.comment.js";
 import { CreatePublication } from "./changes/publication.create.js";
 import { DropPublication } from "./changes/publication.drop.js";
+import { CreateSecurityLabelOnPublication, DropSecurityLabelOnPublication, } from "./changes/publication.security-label.js";
 export function diffPublications(ctx, main, branch) {
     const { created, dropped, altered } = diffObjects(main, branch);
     const changes = [];
@@ -21,6 +23,12 @@ export function diffPublications(ctx, main, branch) {
         if (publication.comment !== null) {
             changes.push(new CreateCommentOnPublication({ publication }));
         }
+        for (const label of publication.security_labels) {
+            changes.push(new CreateSecurityLabelOnPublication({
+                publication,
+                securityLabel: label,
+            }));
+        }
     }
     for (const id of dropped) {
         changes.push(new DropPublication({ publication: main[id] }));
@@ -107,6 +115,14 @@ export function diffPublications(ctx, main, branch) {
                 changes.push(new CreateCommentOnPublication({ publication: branchPublication }));
             }
         }
+        // SECURITY LABELS
+        changes.push(...diffSecurityLabels(mainPublication.security_labels, branchPublication.security_labels, (securityLabel) => new CreateSecurityLabelOnPublication({
+            publication: branchPublication,
+            securityLabel,
+        }), (securityLabel) => new DropSecurityLabelOnPublication({
+            publication: mainPublication,
+            securityLabel,
+        })));
     }
     return changes;
 }

package/dist/core/objects/publication/publication.model.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import type { Pool } from "pg";
 import z from "zod";
 import { BasePgModel } from "../base.model.ts";
+import { type SecurityLabelProps } from "../security-label.types.ts";
 declare const publicationTablePropsSchema: z.ZodObject<{
     schema: z.ZodString;
     name: z.ZodString;
@@ -24,6 +25,10 @@ declare const publicationPropsSchema: z.ZodObject<{
         row_filter: z.ZodNullable<z.ZodString>;
     }, z.z.core.$strip>>;
     schemas: z.ZodArray<z.ZodString>;
+    security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        label: z.ZodString;
+    }, z.z.core.$strip>>>>;
 }, z.z.core.$strip>;
 export type PublicationTableProps = z.infer<typeof publicationTablePropsSchema>;
 export type PublicationProps = z.infer<typeof publicationPropsSchema>;
@@ -44,6 +49,7 @@ export declare class Publication extends BasePgModel {
     readonly publish_via_partition_root: PublicationProps["publish_via_partition_root"];
     readonly tables: PublicationTableProps[];
     readonly schemas: PublicationProps["schemas"];
+    readonly security_labels: SecurityLabelProps[];
     constructor(props: PublicationProps);
     get stableId(): `publication:${string}`;
     get identityFields(): {
@@ -65,6 +71,10 @@ export declare class Publication extends BasePgModel {
             row_filter: string | null;
         }[];
         schemas: string[];
+        security_labels: {
+            provider: string;
+            label: string;
+        }[];
     };
     stableSnapshot(): {
         identity: {
@@ -78,6 +88,10 @@ export declare class Publication extends BasePgModel {
                 row_filter: string | null;
             }[];
             schemas: string[];
+            security_labels: {
+                provider: string;
+                label: string;
+            }[];
             owner: string;
             comment: string | null;
             all_tables: boolean;

package/dist/core/objects/publication/publication.model.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { sql } from "@ts-safeql/sql-tag";
 import z from "zod";
 import { BasePgModel } from "../base.model.js";
+import { normalizeSecurityLabels, securityLabelPropsSchema, } from "../security-label.types.js";
 const publicationTablePropsSchema = z.object({
     schema: z.string(),
     name: z.string(),
@@ -19,6 +20,7 @@ const publicationPropsSchema = z.object({
     publish_via_partition_root: z.boolean(),
     tables: z.array(publicationTablePropsSchema),
     schemas: z.array(z.string()),
+    security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
 });
 /**
  * Logical replication publication definition extracted from pg_publication.
@@ -37,6 +39,7 @@ export class Publication extends BasePgModel {
     publish_via_partition_root;
     tables;
     schemas;
+    security_labels;
     constructor(props) {
         super();
         this.name = props.name;
@@ -60,6 +63,7 @@ export class Publication extends BasePgModel {
             return a.schema.localeCompare(b.schema) || a.name.localeCompare(b.name);
         });
         this.schemas = [...props.schemas].sort((a, b) => a.localeCompare(b));
+        this.security_labels = props.security_labels ?? [];
     }
     get stableId() {
         return `publication:${this.name}`;
@@ -81,6 +85,7 @@ export class Publication extends BasePgModel {
             publish_via_partition_root: this.publish_via_partition_root,
             tables: this.tables,
             schemas: this.schemas,
+            security_labels: this.security_labels,
         };
     }
     stableSnapshot() {
@@ -98,6 +103,7 @@ export class Publication extends BasePgModel {
                 ...this.dataFields,
                 tables: normalizedTables.sort((a, b) => a.schema.localeCompare(b.schema) || a.name.localeCompare(b.name)),
                 schemas: [...this.schemas].sort((a, b) => a.localeCompare(b)),
+                security_labels: normalizeSecurityLabels(this.security_labels),
             },
         };
     }
@@ -173,7 +179,20 @@ export async function extractPublications(pool) {
             where s.pnpubid = p.oid
           ),
           '[]'::json
-        ) as schemas
+        ) as schemas,
+        coalesce(
+          (
+            select json_agg(
+              json_build_object('provider', sl.provider, 'label', sl.label)
+              order by sl.provider
+            )
+            from pg_catalog.pg_seclabel sl
+            where sl.objoid = p.oid
+              and sl.classoid = 'pg_publication'::regclass
+              and sl.objsubid = 0
+          ),
+          '[]'::json
+        ) as security_labels
       from pg_publication p
       left join extension_oids e on e.objid = p.oid
       where e.objid is null

package/dist/core/objects/role/changes/role.base.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
 import type { Role } from "../role.model.ts";
 declare abstract class BaseRoleChange extends BaseChange {
     abstract readonly role: Role;
-    abstract readonly scope: "object" | "comment" | "membership" | "default_privilege";
+    abstract readonly scope: "object" | "comment" | "membership" | "default_privilege" | "security_label";
     readonly objectType: "role";
 }
 export declare abstract class CreateRoleChange extends BaseRoleChange {