@supabase/pg-delta 1.0.0-alpha.22 → 1.0.0-alpha.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/catalog.model.js +1 -0
- package/dist/core/integrations/filter/flatten.js +13 -0
- package/dist/core/objects/aggregate/aggregate.diff.js +16 -0
- package/dist/core/objects/aggregate/aggregate.model.d.ts +10 -0
- package/dist/core/objects/aggregate/aggregate.model.js +19 -1
- package/dist/core/objects/aggregate/changes/aggregate.base.d.ts +1 -1
- package/dist/core/objects/aggregate/changes/aggregate.security-label.d.ts +28 -0
- package/dist/core/objects/aggregate/changes/aggregate.security-label.js +64 -0
- package/dist/core/objects/aggregate/changes/aggregate.types.d.ts +2 -1
- package/dist/core/objects/base.model.d.ts +8 -0
- package/dist/core/objects/base.model.js +2 -0
- package/dist/core/objects/domain/changes/domain.base.d.ts +1 -1
- package/dist/core/objects/domain/changes/domain.security-label.d.ts +28 -0
- package/dist/core/objects/domain/changes/domain.security-label.js +61 -0
- package/dist/core/objects/domain/changes/domain.types.d.ts +2 -1
- package/dist/core/objects/domain/domain.diff.js +16 -0
- package/dist/core/objects/domain/domain.model.d.ts +10 -0
- package/dist/core/objects/domain/domain.model.js +19 -1
- package/dist/core/objects/event-trigger/changes/event-trigger.base.d.ts +1 -1
- package/dist/core/objects/event-trigger/changes/event-trigger.security-label.d.ts +28 -0
- package/dist/core/objects/event-trigger/changes/event-trigger.security-label.js +61 -0
- package/dist/core/objects/event-trigger/changes/event-trigger.types.d.ts +2 -1
- package/dist/core/objects/event-trigger/event-trigger.diff.js +16 -0
- package/dist/core/objects/event-trigger/event-trigger.model.d.ts +10 -0
- package/dist/core/objects/event-trigger/event-trigger.model.js +19 -1
- package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.base.d.ts +1 -1
- package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.security-label.d.ts +28 -0
- package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.security-label.js +61 -0
- package/dist/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.types.d.ts +2 -1
- package/dist/core/objects/foreign-data-wrapper/foreign-table/foreign-table.diff.js +16 -0
- package/dist/core/objects/foreign-data-wrapper/foreign-table/foreign-table.model.d.ts +22 -0
- package/dist/core/objects/foreign-data-wrapper/foreign-table/foreign-table.model.js +20 -1
- package/dist/core/objects/materialized-view/changes/materialized-view.base.d.ts +1 -1
- package/dist/core/objects/materialized-view/changes/materialized-view.security-label.d.ts +28 -0
- package/dist/core/objects/materialized-view/changes/materialized-view.security-label.js +61 -0
- package/dist/core/objects/materialized-view/changes/materialized-view.types.d.ts +2 -1
- package/dist/core/objects/materialized-view/materialized-view.diff.js +18 -0
- package/dist/core/objects/materialized-view/materialized-view.model.d.ts +22 -0
- package/dist/core/objects/materialized-view/materialized-view.model.js +20 -1
- package/dist/core/objects/procedure/changes/procedure.base.d.ts +1 -1
- package/dist/core/objects/procedure/changes/procedure.security-label.d.ts +28 -0
- package/dist/core/objects/procedure/changes/procedure.security-label.js +69 -0
- package/dist/core/objects/procedure/changes/procedure.types.d.ts +2 -1
- package/dist/core/objects/procedure/procedure.diff.js +16 -0
- package/dist/core/objects/procedure/procedure.model.d.ts +10 -0
- package/dist/core/objects/procedure/procedure.model.js +19 -1
- package/dist/core/objects/publication/changes/publication.base.d.ts +1 -1
- package/dist/core/objects/publication/changes/publication.security-label.d.ts +28 -0
- package/dist/core/objects/publication/changes/publication.security-label.js +61 -0
- package/dist/core/objects/publication/changes/publication.types.d.ts +2 -1
- package/dist/core/objects/publication/publication.diff.js +16 -0
- package/dist/core/objects/publication/publication.model.d.ts +14 -0
- package/dist/core/objects/publication/publication.model.js +20 -1
- package/dist/core/objects/role/changes/role.base.d.ts +1 -1
- package/dist/core/objects/role/changes/role.security-label.d.ts +28 -0
- package/dist/core/objects/role/changes/role.security-label.js +61 -0
- package/dist/core/objects/role/changes/role.types.d.ts +2 -1
- package/dist/core/objects/role/role.diff.js +16 -0
- package/dist/core/objects/role/role.model.d.ts +10 -0
- package/dist/core/objects/role/role.model.js +29 -0
- package/dist/core/objects/schema/changes/schema.base.d.ts +1 -1
- package/dist/core/objects/schema/changes/schema.security-label.d.ts +28 -0
- package/dist/core/objects/schema/changes/schema.security-label.js +61 -0
- package/dist/core/objects/schema/changes/schema.types.d.ts +2 -1
- package/dist/core/objects/schema/schema.diff.js +24 -1
- package/dist/core/objects/schema/schema.model.d.ts +10 -0
- package/dist/core/objects/schema/schema.model.js +18 -1
- package/dist/core/objects/security-label.types.d.ts +20 -0
- package/dist/core/objects/security-label.types.js +46 -0
- package/dist/core/objects/sequence/changes/sequence.base.d.ts +1 -1
- package/dist/core/objects/sequence/changes/sequence.security-label.d.ts +28 -0
- package/dist/core/objects/sequence/changes/sequence.security-label.js +61 -0
- package/dist/core/objects/sequence/changes/sequence.types.d.ts +2 -1
- package/dist/core/objects/sequence/sequence.diff.js +16 -0
- package/dist/core/objects/sequence/sequence.model.d.ts +10 -0
- package/dist/core/objects/sequence/sequence.model.js +19 -1
- package/dist/core/objects/subscription/changes/subscription.base.d.ts +1 -1
- package/dist/core/objects/subscription/changes/subscription.security-label.d.ts +28 -0
- package/dist/core/objects/subscription/changes/subscription.security-label.js +61 -0
- package/dist/core/objects/subscription/changes/subscription.types.d.ts +2 -1
- package/dist/core/objects/subscription/subscription.diff.js +16 -0
- package/dist/core/objects/subscription/subscription.model.d.ts +10 -0
- package/dist/core/objects/subscription/subscription.model.js +19 -1
- package/dist/core/objects/table/changes/table.base.d.ts +1 -1
- package/dist/core/objects/table/changes/table.security-label.d.ts +63 -0
- package/dist/core/objects/table/changes/table.security-label.js +134 -0
- package/dist/core/objects/table/changes/table.types.d.ts +2 -1
- package/dist/core/objects/table/table.diff.js +49 -0
- package/dist/core/objects/table/table.model.d.ts +30 -0
- package/dist/core/objects/table/table.model.js +34 -2
- package/dist/core/objects/type/composite-type/changes/composite-type.base.d.ts +1 -1
- package/dist/core/objects/type/composite-type/changes/composite-type.security-label.d.ts +28 -0
- package/dist/core/objects/type/composite-type/changes/composite-type.security-label.js +61 -0
- package/dist/core/objects/type/composite-type/changes/composite-type.types.d.ts +2 -1
- package/dist/core/objects/type/composite-type/composite-type.diff.js +16 -0
- package/dist/core/objects/type/composite-type/composite-type.model.d.ts +22 -0
- package/dist/core/objects/type/composite-type/composite-type.model.js +22 -2
- package/dist/core/objects/type/enum/changes/enum.base.d.ts +1 -1
- package/dist/core/objects/type/enum/changes/enum.security-label.d.ts +28 -0
- package/dist/core/objects/type/enum/changes/enum.security-label.js +61 -0
- package/dist/core/objects/type/enum/changes/enum.types.d.ts +2 -1
- package/dist/core/objects/type/enum/enum.diff.js +16 -0
- package/dist/core/objects/type/enum/enum.model.d.ts +10 -0
- package/dist/core/objects/type/enum/enum.model.js +20 -1
- package/dist/core/objects/type/range/changes/range.base.d.ts +1 -1
- package/dist/core/objects/type/range/changes/range.security-label.d.ts +28 -0
- package/dist/core/objects/type/range/changes/range.security-label.js +61 -0
- package/dist/core/objects/type/range/changes/range.types.d.ts +2 -1
- package/dist/core/objects/type/range/range.diff.js +16 -0
- package/dist/core/objects/type/range/range.model.d.ts +10 -0
- package/dist/core/objects/type/range/range.model.js +19 -1
- package/dist/core/objects/utils.d.ts +1 -0
- package/dist/core/objects/utils.js +3 -0
- package/dist/core/objects/view/changes/view.base.d.ts +1 -1
- package/dist/core/objects/view/changes/view.security-label.d.ts +28 -0
- package/dist/core/objects/view/changes/view.security-label.js +61 -0
- package/dist/core/objects/view/changes/view.types.d.ts +2 -1
- package/dist/core/objects/view/view.diff.js +13 -0
- package/dist/core/objects/view/view.model.d.ts +26 -0
- package/dist/core/objects/view/view.model.js +20 -1
- package/dist/core/plan/sql-format/fixtures.js +1 -0
- package/dist/core/post-diff-normalization.d.ts +7 -0
- package/dist/core/post-diff-normalization.js +33 -4
- package/dist/core/sort/cycle-breakers.js +139 -17
- package/package.json +1 -1
- package/src/core/catalog.model.ts +1 -0
- package/src/core/integrations/filter/dsl.test.ts +27 -0
- package/src/core/integrations/filter/flatten.ts +16 -0
- package/src/core/objects/aggregate/aggregate.diff.ts +33 -0
- package/src/core/objects/aggregate/aggregate.model.ts +22 -1
- package/src/core/objects/aggregate/changes/aggregate.base.ts +5 -1
- package/src/core/objects/aggregate/changes/aggregate.security-label.ts +99 -0
- package/src/core/objects/aggregate/changes/aggregate.types.ts +3 -1
- package/src/core/objects/base.model.ts +2 -0
- package/src/core/objects/domain/changes/domain.base.ts +5 -1
- package/src/core/objects/domain/changes/domain.security-label.test.ts +56 -0
- package/src/core/objects/domain/changes/domain.security-label.ts +77 -0
- package/src/core/objects/domain/changes/domain.types.ts +3 -1
- package/src/core/objects/domain/domain.diff.ts +33 -0
- package/src/core/objects/domain/domain.model.ts +22 -1
- package/src/core/objects/event-trigger/changes/event-trigger.base.ts +1 -1
- package/src/core/objects/event-trigger/changes/event-trigger.security-label.ts +95 -0
- package/src/core/objects/event-trigger/changes/event-trigger.types.ts +3 -1
- package/src/core/objects/event-trigger/event-trigger.diff.ts +33 -0
- package/src/core/objects/event-trigger/event-trigger.model.ts +22 -1
- package/src/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.base.ts +5 -1
- package/src/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.security-label.ts +95 -0
- package/src/core/objects/foreign-data-wrapper/foreign-table/changes/foreign-table.types.ts +3 -1
- package/src/core/objects/foreign-data-wrapper/foreign-table/foreign-table.diff.ts +33 -0
- package/src/core/objects/foreign-data-wrapper/foreign-table/foreign-table.model.ts +24 -1
- package/src/core/objects/materialized-view/changes/materialized-view.base.ts +5 -1
- package/src/core/objects/materialized-view/changes/materialized-view.security-label.test.ts +63 -0
- package/src/core/objects/materialized-view/changes/materialized-view.security-label.ts +95 -0
- package/src/core/objects/materialized-view/changes/materialized-view.types.ts +3 -1
- package/src/core/objects/materialized-view/materialized-view.diff.ts +37 -0
- package/src/core/objects/materialized-view/materialized-view.model.ts +25 -4
- package/src/core/objects/procedure/changes/procedure.base.ts +5 -1
- package/src/core/objects/procedure/changes/procedure.security-label.ts +105 -0
- package/src/core/objects/procedure/changes/procedure.types.ts +3 -1
- package/src/core/objects/procedure/procedure.diff.ts +33 -0
- package/src/core/objects/procedure/procedure.model.ts +23 -2
- package/src/core/objects/publication/changes/publication.base.ts +1 -1
- package/src/core/objects/publication/changes/publication.security-label.ts +95 -0
- package/src/core/objects/publication/changes/publication.types.ts +3 -1
- package/src/core/objects/publication/publication.diff.ts +33 -0
- package/src/core/objects/publication/publication.model.ts +24 -1
- package/src/core/objects/role/changes/role.base.ts +2 -1
- package/src/core/objects/role/changes/role.security-label.ts +77 -0
- package/src/core/objects/role/changes/role.types.ts +3 -1
- package/src/core/objects/role/role.diff.ts +33 -0
- package/src/core/objects/role/role.model.ts +32 -0
- package/src/core/objects/schema/changes/schema.alter.test.ts +1 -0
- package/src/core/objects/schema/changes/schema.base.ts +5 -1
- package/src/core/objects/schema/changes/schema.create.test.ts +1 -0
- package/src/core/objects/schema/changes/schema.drop.test.ts +1 -0
- package/src/core/objects/schema/changes/schema.security-label.test.ts +76 -0
- package/src/core/objects/schema/changes/schema.security-label.ts +77 -0
- package/src/core/objects/schema/changes/schema.types.ts +3 -1
- package/src/core/objects/schema/schema.diff.test.ts +1 -0
- package/src/core/objects/schema/schema.diff.ts +43 -1
- package/src/core/objects/schema/schema.model.ts +21 -1
- package/src/core/objects/security-label.types.test.ts +106 -0
- package/src/core/objects/security-label.types.ts +61 -0
- package/src/core/objects/sequence/changes/sequence.base.ts +5 -1
- package/src/core/objects/sequence/changes/sequence.security-label.test.ts +58 -0
- package/src/core/objects/sequence/changes/sequence.security-label.ts +92 -0
- package/src/core/objects/sequence/changes/sequence.types.ts +3 -1
- package/src/core/objects/sequence/sequence.diff.ts +33 -0
- package/src/core/objects/sequence/sequence.model.ts +22 -1
- package/src/core/objects/subscription/changes/subscription.base.ts +1 -1
- package/src/core/objects/subscription/changes/subscription.security-label.ts +95 -0
- package/src/core/objects/subscription/changes/subscription.types.ts +3 -1
- package/src/core/objects/subscription/subscription.diff.ts +33 -0
- package/src/core/objects/subscription/subscription.model.ts +22 -1
- package/src/core/objects/table/changes/table.base.ts +5 -1
- package/src/core/objects/table/changes/table.security-label.test.ts +140 -0
- package/src/core/objects/table/changes/table.security-label.ts +183 -0
- package/src/core/objects/table/changes/table.types.ts +3 -1
- package/src/core/objects/table/table.diff.ts +87 -0
- package/src/core/objects/table/table.model.ts +42 -2
- package/src/core/objects/type/composite-type/changes/composite-type.base.ts +5 -1
- package/src/core/objects/type/composite-type/changes/composite-type.security-label.ts +95 -0
- package/src/core/objects/type/composite-type/changes/composite-type.types.ts +3 -1
- package/src/core/objects/type/composite-type/composite-type.diff.ts +33 -0
- package/src/core/objects/type/composite-type/composite-type.model.ts +26 -2
- package/src/core/objects/type/enum/changes/enum.base.ts +5 -1
- package/src/core/objects/type/enum/changes/enum.security-label.ts +77 -0
- package/src/core/objects/type/enum/changes/enum.types.ts +3 -1
- package/src/core/objects/type/enum/enum.diff.ts +33 -0
- package/src/core/objects/type/enum/enum.model.ts +25 -1
- package/src/core/objects/type/range/changes/range.base.ts +5 -1
- package/src/core/objects/type/range/changes/range.security-label.ts +77 -0
- package/src/core/objects/type/range/changes/range.types.ts +3 -1
- package/src/core/objects/type/range/range.diff.ts +33 -0
- package/src/core/objects/type/range/range.model.ts +22 -1
- package/src/core/objects/utils.ts +3 -0
- package/src/core/objects/view/changes/view.base.ts +5 -1
- package/src/core/objects/view/changes/view.security-label.test.ts +64 -0
- package/src/core/objects/view/changes/view.security-label.ts +77 -0
- package/src/core/objects/view/changes/view.types.ts +3 -1
- package/src/core/objects/view/view.diff.ts +31 -0
- package/src/core/objects/view/view.model.ts +25 -2
- package/src/core/plan/sql-format/fixtures.ts +1 -0
- package/src/core/post-diff-normalization.test.ts +123 -0
- package/src/core/post-diff-normalization.ts +40 -4
- package/src/core/sort/cycle-breakers.test.ts +236 -2
- package/src/core/sort/cycle-breakers.ts +184 -24
- package/src/core/sort/sort-changes.test.ts +317 -0
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { diffObjects } from "../../base.diff.js";
|
|
2
2
|
import { diffPrivileges, emitObjectPrivilegeChanges, filterPublicBuiltInDefaults, } from "../../base.privilege-diff.js";
|
|
3
|
+
import { diffSecurityLabels } from "../../security-label.types.js";
|
|
3
4
|
import { AlterEnumAddValue, AlterEnumChangeOwner, } from "./changes/enum.alter.js";
|
|
4
5
|
import { CreateCommentOnEnum, DropCommentOnEnum, } from "./changes/enum.comment.js";
|
|
5
6
|
import { CreateEnum } from "./changes/enum.create.js";
|
|
6
7
|
import { DropEnum } from "./changes/enum.drop.js";
|
|
7
8
|
import { GrantEnumPrivileges, RevokeEnumPrivileges, RevokeGrantOptionEnumPrivileges, } from "./changes/enum.privilege.js";
|
|
9
|
+
import { CreateSecurityLabelOnEnum, DropSecurityLabelOnEnum, } from "./changes/enum.security-label.js";
|
|
8
10
|
/**
|
|
9
11
|
* Diff two sets of enums from main and branch catalogs.
|
|
10
12
|
*
|
|
@@ -30,6 +32,12 @@ export function diffEnums(ctx, main, branch) {
|
|
|
30
32
|
if (createdEnum.comment !== null) {
|
|
31
33
|
changes.push(new CreateCommentOnEnum({ enum: createdEnum }));
|
|
32
34
|
}
|
|
35
|
+
for (const label of createdEnum.security_labels) {
|
|
36
|
+
changes.push(new CreateSecurityLabelOnEnum({
|
|
37
|
+
enum: createdEnum,
|
|
38
|
+
securityLabel: label,
|
|
39
|
+
}));
|
|
40
|
+
}
|
|
33
41
|
// PRIVILEGES: For created objects, compare against default privileges state
|
|
34
42
|
// The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
|
|
35
43
|
// so objects are created with the default privileges state in effect.
|
|
@@ -106,6 +114,14 @@ export function diffEnums(ctx, main, branch) {
|
|
|
106
114
|
changes.push(new CreateCommentOnEnum({ enum: branchEnum }));
|
|
107
115
|
}
|
|
108
116
|
}
|
|
117
|
+
// SECURITY LABELS
|
|
118
|
+
changes.push(...diffSecurityLabels(mainEnum.security_labels, branchEnum.security_labels, (securityLabel) => new CreateSecurityLabelOnEnum({
|
|
119
|
+
enum: branchEnum,
|
|
120
|
+
securityLabel,
|
|
121
|
+
}), (securityLabel) => new DropSecurityLabelOnEnum({
|
|
122
|
+
enum: mainEnum,
|
|
123
|
+
securityLabel,
|
|
124
|
+
})));
|
|
109
125
|
// PRIVILEGES
|
|
110
126
|
// Filter out PUBLIC's built-in default USAGE privilege from main catalog
|
|
111
127
|
// (PostgreSQL grants it automatically, so we shouldn't compare it)
|
|
@@ -2,6 +2,7 @@ import type { Pool } from "pg";
|
|
|
2
2
|
import z from "zod";
|
|
3
3
|
import { BasePgModel } from "../../base.model.ts";
|
|
4
4
|
import { type PrivilegeProps } from "../../base.privilege-diff.ts";
|
|
5
|
+
import { type SecurityLabelProps } from "../../security-label.types.ts";
|
|
5
6
|
/**
|
|
6
7
|
* All properties exposed by CREATE TYPE AS ENUM statement are included in diff output.
|
|
7
8
|
* https://www.postgresql.org/docs/current/sql-createtype.html
|
|
@@ -31,6 +32,10 @@ declare const enumPropsSchema: z.ZodObject<{
|
|
|
31
32
|
grantable: z.ZodBoolean;
|
|
32
33
|
columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
33
34
|
}, z.z.core.$strip>>;
|
|
35
|
+
security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
36
|
+
provider: z.ZodString;
|
|
37
|
+
label: z.ZodString;
|
|
38
|
+
}, z.z.core.$strip>>>>;
|
|
34
39
|
}, z.z.core.$strip>;
|
|
35
40
|
type EnumPrivilegeProps = PrivilegeProps;
|
|
36
41
|
export type EnumProps = z.infer<typeof enumPropsSchema>;
|
|
@@ -41,6 +46,7 @@ export declare class Enum extends BasePgModel {
|
|
|
41
46
|
readonly labels: EnumProps["labels"];
|
|
42
47
|
readonly comment: EnumProps["comment"];
|
|
43
48
|
readonly privileges: EnumPrivilegeProps[];
|
|
49
|
+
readonly security_labels: SecurityLabelProps[];
|
|
44
50
|
constructor(props: EnumProps);
|
|
45
51
|
get stableId(): `type:${string}`;
|
|
46
52
|
get identityFields(): {
|
|
@@ -60,6 +66,10 @@ export declare class Enum extends BasePgModel {
|
|
|
60
66
|
privilege: string;
|
|
61
67
|
grantable: boolean;
|
|
62
68
|
}[];
|
|
69
|
+
security_labels: {
|
|
70
|
+
provider: string;
|
|
71
|
+
label: string;
|
|
72
|
+
}[];
|
|
63
73
|
};
|
|
64
74
|
}
|
|
65
75
|
export declare function extractEnums(pool: Pool): Promise<Enum[]>;
|
|
@@ -2,6 +2,7 @@ import { sql } from "@ts-safeql/sql-tag";
|
|
|
2
2
|
import z from "zod";
|
|
3
3
|
import { BasePgModel } from "../../base.model.js";
|
|
4
4
|
import { privilegePropsSchema, } from "../../base.privilege-diff.js";
|
|
5
|
+
import { securityLabelPropsSchema, } from "../../security-label.types.js";
|
|
5
6
|
const enumLabelSchema = z.object({
|
|
6
7
|
sort_order: z.number(),
|
|
7
8
|
label: z.string(),
|
|
@@ -27,6 +28,7 @@ const enumPropsSchema = z.object({
|
|
|
27
28
|
labels: z.array(enumLabelSchema),
|
|
28
29
|
comment: z.string().nullable(),
|
|
29
30
|
privileges: z.array(privilegePropsSchema),
|
|
31
|
+
security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
|
|
30
32
|
});
|
|
31
33
|
export class Enum extends BasePgModel {
|
|
32
34
|
schema;
|
|
@@ -35,6 +37,7 @@ export class Enum extends BasePgModel {
|
|
|
35
37
|
labels;
|
|
36
38
|
comment;
|
|
37
39
|
privileges;
|
|
40
|
+
security_labels;
|
|
38
41
|
constructor(props) {
|
|
39
42
|
super();
|
|
40
43
|
// Identity fields
|
|
@@ -45,6 +48,7 @@ export class Enum extends BasePgModel {
|
|
|
45
48
|
this.labels = props.labels;
|
|
46
49
|
this.comment = props.comment;
|
|
47
50
|
this.privileges = props.privileges;
|
|
51
|
+
this.security_labels = props.security_labels ?? [];
|
|
48
52
|
}
|
|
49
53
|
get stableId() {
|
|
50
54
|
return `type:${this.schema}.${this.name}`;
|
|
@@ -88,6 +92,7 @@ export class Enum extends BasePgModel {
|
|
|
88
92
|
labels,
|
|
89
93
|
comment: this.comment,
|
|
90
94
|
privileges,
|
|
95
|
+
security_labels: this.security_labels,
|
|
91
96
|
};
|
|
92
97
|
}
|
|
93
98
|
}
|
|
@@ -121,7 +126,20 @@ select
|
|
|
121
126
|
)
|
|
122
127
|
from lateral aclexplode(COALESCE(t.typacl, acldefault('T', t.typowner))) as x(grantor, grantee, privilege_type, is_grantable)
|
|
123
128
|
), '[]'
|
|
124
|
-
) as privileges
|
|
129
|
+
) as privileges,
|
|
130
|
+
coalesce(
|
|
131
|
+
(
|
|
132
|
+
select json_agg(
|
|
133
|
+
json_build_object('provider', sl.provider, 'label', sl.label)
|
|
134
|
+
order by sl.provider
|
|
135
|
+
)
|
|
136
|
+
from pg_catalog.pg_seclabel sl
|
|
137
|
+
where sl.objoid = t.oid
|
|
138
|
+
and sl.classoid = 'pg_type'::regclass
|
|
139
|
+
and sl.objsubid = 0
|
|
140
|
+
),
|
|
141
|
+
'[]'::json
|
|
142
|
+
) as security_labels
|
|
125
143
|
from
|
|
126
144
|
pg_catalog.pg_enum e
|
|
127
145
|
inner join pg_catalog.pg_type t on t.oid = e.enumtypid
|
|
@@ -142,6 +160,7 @@ order by
|
|
|
142
160
|
labels: [],
|
|
143
161
|
comment: e.comment,
|
|
144
162
|
privileges: e.privileges,
|
|
163
|
+
security_labels: e.security_labels,
|
|
145
164
|
};
|
|
146
165
|
}
|
|
147
166
|
grouped[key].labels.push({ sort_order: e.sort_order, label: e.label });
|
|
@@ -2,7 +2,7 @@ import { BaseChange } from "../../../base.change.ts";
|
|
|
2
2
|
import type { Range } from "../range.model.ts";
|
|
3
3
|
declare abstract class BaseRangeChange extends BaseChange {
|
|
4
4
|
abstract readonly range: Range;
|
|
5
|
-
abstract readonly scope: "object" | "comment" | "privilege";
|
|
5
|
+
abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
|
|
6
6
|
readonly objectType: "range";
|
|
7
7
|
}
|
|
8
8
|
export declare abstract class CreateRangeChange extends BaseRangeChange {
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { SecurityLabelProps } from "../../../security-label.types.ts";
|
|
2
|
+
import type { Range } from "../range.model.ts";
|
|
3
|
+
import { CreateRangeChange, DropRangeChange } from "./range.base.ts";
|
|
4
|
+
export type SecurityLabelRange = CreateSecurityLabelOnRange | DropSecurityLabelOnRange;
|
|
5
|
+
export declare class CreateSecurityLabelOnRange extends CreateRangeChange {
|
|
6
|
+
readonly range: Range;
|
|
7
|
+
readonly securityLabel: SecurityLabelProps;
|
|
8
|
+
readonly scope: "security_label";
|
|
9
|
+
constructor(props: {
|
|
10
|
+
range: Range;
|
|
11
|
+
securityLabel: SecurityLabelProps;
|
|
12
|
+
});
|
|
13
|
+
get creates(): `securityLabel:${string}::provider:${string}`[];
|
|
14
|
+
get requires(): `type:${string}`[];
|
|
15
|
+
serialize(): string;
|
|
16
|
+
}
|
|
17
|
+
export declare class DropSecurityLabelOnRange extends DropRangeChange {
|
|
18
|
+
readonly range: Range;
|
|
19
|
+
readonly securityLabel: SecurityLabelProps;
|
|
20
|
+
readonly scope: "security_label";
|
|
21
|
+
constructor(props: {
|
|
22
|
+
range: Range;
|
|
23
|
+
securityLabel: SecurityLabelProps;
|
|
24
|
+
});
|
|
25
|
+
get drops(): `securityLabel:${string}::provider:${string}`[];
|
|
26
|
+
get requires(): (`securityLabel:${string}::provider:${string}` | `type:${string}`)[];
|
|
27
|
+
serialize(): string;
|
|
28
|
+
}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { quoteLiteral } from "../../../base.change.js";
|
|
2
|
+
import { stableId } from "../../../utils.js";
|
|
3
|
+
import { CreateRangeChange, DropRangeChange } from "./range.base.js";
|
|
4
|
+
export class CreateSecurityLabelOnRange extends CreateRangeChange {
|
|
5
|
+
range;
|
|
6
|
+
securityLabel;
|
|
7
|
+
scope = "security_label";
|
|
8
|
+
constructor(props) {
|
|
9
|
+
super();
|
|
10
|
+
this.range = props.range;
|
|
11
|
+
this.securityLabel = props.securityLabel;
|
|
12
|
+
}
|
|
13
|
+
get creates() {
|
|
14
|
+
return [
|
|
15
|
+
stableId.securityLabel(this.range.stableId, this.securityLabel.provider),
|
|
16
|
+
];
|
|
17
|
+
}
|
|
18
|
+
get requires() {
|
|
19
|
+
return [this.range.stableId];
|
|
20
|
+
}
|
|
21
|
+
serialize() {
|
|
22
|
+
return [
|
|
23
|
+
"SECURITY LABEL FOR",
|
|
24
|
+
this.securityLabel.provider,
|
|
25
|
+
"ON TYPE",
|
|
26
|
+
`${this.range.schema}.${this.range.name}`,
|
|
27
|
+
"IS",
|
|
28
|
+
quoteLiteral(this.securityLabel.label),
|
|
29
|
+
].join(" ");
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
export class DropSecurityLabelOnRange extends DropRangeChange {
|
|
33
|
+
range;
|
|
34
|
+
securityLabel;
|
|
35
|
+
scope = "security_label";
|
|
36
|
+
constructor(props) {
|
|
37
|
+
super();
|
|
38
|
+
this.range = props.range;
|
|
39
|
+
this.securityLabel = props.securityLabel;
|
|
40
|
+
}
|
|
41
|
+
get drops() {
|
|
42
|
+
return [
|
|
43
|
+
stableId.securityLabel(this.range.stableId, this.securityLabel.provider),
|
|
44
|
+
];
|
|
45
|
+
}
|
|
46
|
+
get requires() {
|
|
47
|
+
return [
|
|
48
|
+
stableId.securityLabel(this.range.stableId, this.securityLabel.provider),
|
|
49
|
+
this.range.stableId,
|
|
50
|
+
];
|
|
51
|
+
}
|
|
52
|
+
serialize() {
|
|
53
|
+
return [
|
|
54
|
+
"SECURITY LABEL FOR",
|
|
55
|
+
this.securityLabel.provider,
|
|
56
|
+
"ON TYPE",
|
|
57
|
+
`${this.range.schema}.${this.range.name}`,
|
|
58
|
+
"IS NULL",
|
|
59
|
+
].join(" ");
|
|
60
|
+
}
|
|
61
|
+
}
|
|
@@ -3,5 +3,6 @@ import type { CommentRange } from "./range.comment.ts";
|
|
|
3
3
|
import type { CreateRange } from "./range.create.ts";
|
|
4
4
|
import type { DropRange } from "./range.drop.ts";
|
|
5
5
|
import type { RangePrivilege } from "./range.privilege.ts";
|
|
6
|
+
import type { SecurityLabelRange } from "./range.security-label.ts";
|
|
6
7
|
/** Union of all range-related change variants (`objectType: "range"`). @category Change Types */
|
|
7
|
-
export type RangeChange = AlterRange | CommentRange | CreateRange | DropRange | RangePrivilege;
|
|
8
|
+
export type RangeChange = AlterRange | CommentRange | CreateRange | DropRange | RangePrivilege | SecurityLabelRange;
|
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
import { diffObjects } from "../../base.diff.js";
|
|
2
2
|
import { diffPrivileges, emitObjectPrivilegeChanges, filterPublicBuiltInDefaults, } from "../../base.privilege-diff.js";
|
|
3
|
+
import { diffSecurityLabels } from "../../security-label.types.js";
|
|
3
4
|
import { hasNonAlterableChanges } from "../../utils.js";
|
|
4
5
|
import { AlterRangeChangeOwner } from "./changes/range.alter.js";
|
|
5
6
|
import { CreateCommentOnRange, DropCommentOnRange, } from "./changes/range.comment.js";
|
|
6
7
|
import { CreateRange } from "./changes/range.create.js";
|
|
7
8
|
import { DropRange } from "./changes/range.drop.js";
|
|
8
9
|
import { GrantRangePrivileges, RevokeGrantOptionRangePrivileges, RevokeRangePrivileges, } from "./changes/range.privilege.js";
|
|
10
|
+
import { CreateSecurityLabelOnRange, DropSecurityLabelOnRange, } from "./changes/range.security-label.js";
|
|
9
11
|
/**
|
|
10
12
|
* Diff two sets of range types from main and branch catalogs.
|
|
11
13
|
*
|
|
@@ -31,6 +33,12 @@ export function diffRanges(ctx, main, branch) {
|
|
|
31
33
|
if (createdRange.comment !== null) {
|
|
32
34
|
changes.push(new CreateCommentOnRange({ range: createdRange }));
|
|
33
35
|
}
|
|
36
|
+
for (const label of createdRange.security_labels) {
|
|
37
|
+
changes.push(new CreateSecurityLabelOnRange({
|
|
38
|
+
range: createdRange,
|
|
39
|
+
securityLabel: label,
|
|
40
|
+
}));
|
|
41
|
+
}
|
|
34
42
|
// PRIVILEGES: For created objects, compare against default privileges state
|
|
35
43
|
// The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
|
|
36
44
|
// so objects are created with the default privileges state in effect.
|
|
@@ -91,6 +99,14 @@ export function diffRanges(ctx, main, branch) {
|
|
|
91
99
|
changes.push(new CreateCommentOnRange({ range: branchRange }));
|
|
92
100
|
}
|
|
93
101
|
}
|
|
102
|
+
// SECURITY LABELS
|
|
103
|
+
changes.push(...diffSecurityLabels(mainRange.security_labels, branchRange.security_labels, (securityLabel) => new CreateSecurityLabelOnRange({
|
|
104
|
+
range: branchRange,
|
|
105
|
+
securityLabel,
|
|
106
|
+
}), (securityLabel) => new DropSecurityLabelOnRange({
|
|
107
|
+
range: mainRange,
|
|
108
|
+
securityLabel,
|
|
109
|
+
})));
|
|
94
110
|
// PRIVILEGES
|
|
95
111
|
// Filter out PUBLIC's built-in default USAGE privilege from main catalog
|
|
96
112
|
// (PostgreSQL grants it automatically, so we shouldn't compare it)
|
|
@@ -2,6 +2,7 @@ import type { Pool } from "pg";
|
|
|
2
2
|
import z from "zod";
|
|
3
3
|
import { BasePgModel } from "../../base.model.ts";
|
|
4
4
|
import { type PrivilegeProps } from "../../base.privilege-diff.ts";
|
|
5
|
+
import { type SecurityLabelProps } from "../../security-label.types.ts";
|
|
5
6
|
declare const rangePropsSchema: z.ZodObject<{
|
|
6
7
|
schema: z.ZodString;
|
|
7
8
|
name: z.ZodString;
|
|
@@ -22,6 +23,10 @@ declare const rangePropsSchema: z.ZodObject<{
|
|
|
22
23
|
grantable: z.ZodBoolean;
|
|
23
24
|
columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
24
25
|
}, z.z.core.$strip>>;
|
|
26
|
+
security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
27
|
+
provider: z.ZodString;
|
|
28
|
+
label: z.ZodString;
|
|
29
|
+
}, z.z.core.$strip>>>>;
|
|
25
30
|
}, z.z.core.$strip>;
|
|
26
31
|
type RangePrivilegeProps = PrivilegeProps;
|
|
27
32
|
export type RangeProps = z.infer<typeof rangePropsSchema>;
|
|
@@ -40,6 +45,7 @@ export declare class Range extends BasePgModel {
|
|
|
40
45
|
readonly subtype_opclass_schema: RangeProps["subtype_opclass_schema"];
|
|
41
46
|
readonly subtype_opclass_name: RangeProps["subtype_opclass_name"];
|
|
42
47
|
readonly privileges: RangePrivilegeProps[];
|
|
48
|
+
readonly security_labels: SecurityLabelProps[];
|
|
43
49
|
constructor(props: RangeProps);
|
|
44
50
|
get stableId(): `type:${string}`;
|
|
45
51
|
get identityFields(): {
|
|
@@ -64,6 +70,10 @@ export declare class Range extends BasePgModel {
|
|
|
64
70
|
grantable: boolean;
|
|
65
71
|
columns?: string[] | null | undefined;
|
|
66
72
|
}[];
|
|
73
|
+
security_labels: {
|
|
74
|
+
provider: string;
|
|
75
|
+
label: string;
|
|
76
|
+
}[];
|
|
67
77
|
};
|
|
68
78
|
}
|
|
69
79
|
/**
|
|
@@ -2,6 +2,7 @@ import { sql } from "@ts-safeql/sql-tag";
|
|
|
2
2
|
import z from "zod";
|
|
3
3
|
import { BasePgModel } from "../../base.model.js";
|
|
4
4
|
import { privilegePropsSchema, } from "../../base.privilege-diff.js";
|
|
5
|
+
import { securityLabelPropsSchema, } from "../../security-label.types.js";
|
|
5
6
|
const rangePropsSchema = z.object({
|
|
6
7
|
schema: z.string(),
|
|
7
8
|
name: z.string(),
|
|
@@ -21,6 +22,7 @@ const rangePropsSchema = z.object({
|
|
|
21
22
|
subtype_opclass_schema: z.string().nullable(),
|
|
22
23
|
subtype_opclass_name: z.string().nullable(),
|
|
23
24
|
privileges: z.array(privilegePropsSchema),
|
|
25
|
+
security_labels: z.array(securityLabelPropsSchema).default([]).optional(),
|
|
24
26
|
});
|
|
25
27
|
export class Range extends BasePgModel {
|
|
26
28
|
schema;
|
|
@@ -37,6 +39,7 @@ export class Range extends BasePgModel {
|
|
|
37
39
|
subtype_opclass_schema;
|
|
38
40
|
subtype_opclass_name;
|
|
39
41
|
privileges;
|
|
42
|
+
security_labels;
|
|
40
43
|
constructor(props) {
|
|
41
44
|
super();
|
|
42
45
|
// Identity fields
|
|
@@ -55,6 +58,7 @@ export class Range extends BasePgModel {
|
|
|
55
58
|
this.subtype_opclass_schema = props.subtype_opclass_schema;
|
|
56
59
|
this.subtype_opclass_name = props.subtype_opclass_name;
|
|
57
60
|
this.privileges = props.privileges;
|
|
61
|
+
this.security_labels = props.security_labels ?? [];
|
|
58
62
|
}
|
|
59
63
|
get stableId() {
|
|
60
64
|
return `type:${this.schema}.${this.name}`;
|
|
@@ -79,6 +83,7 @@ export class Range extends BasePgModel {
|
|
|
79
83
|
subtype_opclass_name: this.subtype_opclass_name,
|
|
80
84
|
comment: this.comment,
|
|
81
85
|
privileges: this.privileges,
|
|
86
|
+
security_labels: this.security_labels,
|
|
82
87
|
};
|
|
83
88
|
}
|
|
84
89
|
}
|
|
@@ -142,7 +147,20 @@ select
|
|
|
142
147
|
)
|
|
143
148
|
from lateral aclexplode(COALESCE(t.typacl, acldefault('T', t.typowner))) as x(grantor, grantee, privilege_type, is_grantable)
|
|
144
149
|
), '[]'
|
|
145
|
-
) as privileges
|
|
150
|
+
) as privileges,
|
|
151
|
+
coalesce(
|
|
152
|
+
(
|
|
153
|
+
select json_agg(
|
|
154
|
+
json_build_object('provider', sl.provider, 'label', sl.label)
|
|
155
|
+
order by sl.provider
|
|
156
|
+
)
|
|
157
|
+
from pg_catalog.pg_seclabel sl
|
|
158
|
+
where sl.objoid = t.oid
|
|
159
|
+
and sl.classoid = 'pg_type'::regclass
|
|
160
|
+
and sl.objsubid = 0
|
|
161
|
+
),
|
|
162
|
+
'[]'::json
|
|
163
|
+
) as security_labels
|
|
146
164
|
from pg_catalog.pg_range r
|
|
147
165
|
join pg_catalog.pg_type t on t.oid = r.rngtypid
|
|
148
166
|
join pg_catalog.pg_type subt on subt.oid = r.rngsubtype
|
|
@@ -22,6 +22,7 @@ export declare const stableId: {
|
|
|
22
22
|
constraint(schema: string, table: string, constraint: string): `constraint:${string}.${string}.${string}`;
|
|
23
23
|
index(schema: string, table: string, indexName: string): `index:${string}.${string}.${string}`;
|
|
24
24
|
comment(objectStableId: string): `comment:${string}`;
|
|
25
|
+
securityLabel(objectStableId: string, provider: string): `securityLabel:${string}::provider:${string}`;
|
|
25
26
|
role(role: string): `role:${string}`;
|
|
26
27
|
type(schema: string, name: string): `type:${string}.${string}`;
|
|
27
28
|
collation(schema: string, name: string): `collation:${string}.${string}`;
|
|
@@ -55,6 +55,9 @@ export const stableId = {
|
|
|
55
55
|
comment(objectStableId) {
|
|
56
56
|
return `comment:${objectStableId}`;
|
|
57
57
|
},
|
|
58
|
+
securityLabel(objectStableId, provider) {
|
|
59
|
+
return `securityLabel:${objectStableId}::provider:${provider}`;
|
|
60
|
+
},
|
|
58
61
|
role(role) {
|
|
59
62
|
return `role:${role}`;
|
|
60
63
|
},
|
|
@@ -2,7 +2,7 @@ import { BaseChange } from "../../base.change.ts";
|
|
|
2
2
|
import type { View } from "../view.model.ts";
|
|
3
3
|
declare abstract class BaseViewChange extends BaseChange {
|
|
4
4
|
abstract readonly view: View;
|
|
5
|
-
abstract readonly scope: "object" | "comment" | "privilege";
|
|
5
|
+
abstract readonly scope: "object" | "comment" | "privilege" | "security_label";
|
|
6
6
|
readonly objectType: "view";
|
|
7
7
|
}
|
|
8
8
|
export declare abstract class CreateViewChange extends BaseViewChange {
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { SecurityLabelProps } from "../../security-label.types.ts";
|
|
2
|
+
import type { View } from "../view.model.ts";
|
|
3
|
+
import { CreateViewChange, DropViewChange } from "./view.base.ts";
|
|
4
|
+
export type SecurityLabelView = CreateSecurityLabelOnView | DropSecurityLabelOnView;
|
|
5
|
+
export declare class CreateSecurityLabelOnView extends CreateViewChange {
|
|
6
|
+
readonly view: View;
|
|
7
|
+
readonly securityLabel: SecurityLabelProps;
|
|
8
|
+
readonly scope: "security_label";
|
|
9
|
+
constructor(props: {
|
|
10
|
+
view: View;
|
|
11
|
+
securityLabel: SecurityLabelProps;
|
|
12
|
+
});
|
|
13
|
+
get creates(): `securityLabel:${string}::provider:${string}`[];
|
|
14
|
+
get requires(): `view:${string}`[];
|
|
15
|
+
serialize(): string;
|
|
16
|
+
}
|
|
17
|
+
export declare class DropSecurityLabelOnView extends DropViewChange {
|
|
18
|
+
readonly view: View;
|
|
19
|
+
readonly securityLabel: SecurityLabelProps;
|
|
20
|
+
readonly scope: "security_label";
|
|
21
|
+
constructor(props: {
|
|
22
|
+
view: View;
|
|
23
|
+
securityLabel: SecurityLabelProps;
|
|
24
|
+
});
|
|
25
|
+
get drops(): `securityLabel:${string}::provider:${string}`[];
|
|
26
|
+
get requires(): (`securityLabel:${string}::provider:${string}` | `view:${string}`)[];
|
|
27
|
+
serialize(): string;
|
|
28
|
+
}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { quoteLiteral } from "../../base.change.js";
|
|
2
|
+
import { stableId } from "../../utils.js";
|
|
3
|
+
import { CreateViewChange, DropViewChange } from "./view.base.js";
|
|
4
|
+
export class CreateSecurityLabelOnView extends CreateViewChange {
|
|
5
|
+
view;
|
|
6
|
+
securityLabel;
|
|
7
|
+
scope = "security_label";
|
|
8
|
+
constructor(props) {
|
|
9
|
+
super();
|
|
10
|
+
this.view = props.view;
|
|
11
|
+
this.securityLabel = props.securityLabel;
|
|
12
|
+
}
|
|
13
|
+
get creates() {
|
|
14
|
+
return [
|
|
15
|
+
stableId.securityLabel(this.view.stableId, this.securityLabel.provider),
|
|
16
|
+
];
|
|
17
|
+
}
|
|
18
|
+
get requires() {
|
|
19
|
+
return [this.view.stableId];
|
|
20
|
+
}
|
|
21
|
+
serialize() {
|
|
22
|
+
return [
|
|
23
|
+
"SECURITY LABEL FOR",
|
|
24
|
+
this.securityLabel.provider,
|
|
25
|
+
"ON VIEW",
|
|
26
|
+
`${this.view.schema}.${this.view.name}`,
|
|
27
|
+
"IS",
|
|
28
|
+
quoteLiteral(this.securityLabel.label),
|
|
29
|
+
].join(" ");
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
export class DropSecurityLabelOnView extends DropViewChange {
|
|
33
|
+
view;
|
|
34
|
+
securityLabel;
|
|
35
|
+
scope = "security_label";
|
|
36
|
+
constructor(props) {
|
|
37
|
+
super();
|
|
38
|
+
this.view = props.view;
|
|
39
|
+
this.securityLabel = props.securityLabel;
|
|
40
|
+
}
|
|
41
|
+
get drops() {
|
|
42
|
+
return [
|
|
43
|
+
stableId.securityLabel(this.view.stableId, this.securityLabel.provider),
|
|
44
|
+
];
|
|
45
|
+
}
|
|
46
|
+
get requires() {
|
|
47
|
+
return [
|
|
48
|
+
stableId.securityLabel(this.view.stableId, this.securityLabel.provider),
|
|
49
|
+
this.view.stableId,
|
|
50
|
+
];
|
|
51
|
+
}
|
|
52
|
+
serialize() {
|
|
53
|
+
return [
|
|
54
|
+
"SECURITY LABEL FOR",
|
|
55
|
+
this.securityLabel.provider,
|
|
56
|
+
"ON VIEW",
|
|
57
|
+
`${this.view.schema}.${this.view.name}`,
|
|
58
|
+
"IS NULL",
|
|
59
|
+
].join(" ");
|
|
60
|
+
}
|
|
61
|
+
}
|
|
@@ -3,5 +3,6 @@ import type { CommentView } from "./view.comment.ts";
|
|
|
3
3
|
import type { CreateView } from "./view.create.ts";
|
|
4
4
|
import type { DropView } from "./view.drop.ts";
|
|
5
5
|
import type { ViewPrivilege } from "./view.privilege.ts";
|
|
6
|
+
import type { SecurityLabelView } from "./view.security-label.ts";
|
|
6
7
|
/** Union of all view-related change variants (`objectType: "view"`). @category Change Types */
|
|
7
|
-
export type ViewChange = AlterView | CommentView | CreateView | DropView | ViewPrivilege;
|
|
8
|
+
export type ViewChange = AlterView | CommentView | CreateView | DropView | ViewPrivilege | SecurityLabelView;
|
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
import { diffObjects } from "../base.diff.js";
|
|
2
2
|
import { normalizeColumns } from "../base.model.js";
|
|
3
3
|
import { diffPrivileges, emitColumnPrivilegeChanges, } from "../base.privilege-diff.js";
|
|
4
|
+
import { diffSecurityLabels } from "../security-label.types.js";
|
|
4
5
|
import { deepEqual, hasNonAlterableChanges } from "../utils.js";
|
|
5
6
|
import { AlterViewChangeOwner, AlterViewResetOptions, AlterViewSetOptions, } from "./changes/view.alter.js";
|
|
6
7
|
import { CreateCommentOnView, DropCommentOnView, } from "./changes/view.comment.js";
|
|
7
8
|
import { CreateView } from "./changes/view.create.js";
|
|
8
9
|
import { DropView } from "./changes/view.drop.js";
|
|
9
10
|
import { GrantViewPrivileges, RevokeGrantOptionViewPrivileges, RevokeViewPrivileges, } from "./changes/view.privilege.js";
|
|
11
|
+
import { CreateSecurityLabelOnView, DropSecurityLabelOnView, } from "./changes/view.security-label.js";
|
|
10
12
|
/**
|
|
11
13
|
* Diff two sets of views from main and branch catalogs.
|
|
12
14
|
*
|
|
@@ -28,6 +30,9 @@ export function diffViews(ctx, main, branch) {
|
|
|
28
30
|
if (view.comment !== null) {
|
|
29
31
|
changes.push(new CreateCommentOnView({ view }));
|
|
30
32
|
}
|
|
33
|
+
for (const label of view.security_labels) {
|
|
34
|
+
changes.push(new CreateSecurityLabelOnView({ view, securityLabel: label }));
|
|
35
|
+
}
|
|
31
36
|
// PRIVILEGES: For created objects, compare against default privileges state
|
|
32
37
|
// The migration script will run ALTER DEFAULT PRIVILEGES before CREATE (via constraint spec),
|
|
33
38
|
// so objects are created with the default privileges state in effect.
|
|
@@ -121,6 +126,14 @@ export function diffViews(ctx, main, branch) {
|
|
|
121
126
|
changes.push(new CreateCommentOnView({ view: branchView }));
|
|
122
127
|
}
|
|
123
128
|
}
|
|
129
|
+
// SECURITY LABELS
|
|
130
|
+
changes.push(...diffSecurityLabels(mainView.security_labels, branchView.security_labels, (securityLabel) => new CreateSecurityLabelOnView({
|
|
131
|
+
view: branchView,
|
|
132
|
+
securityLabel,
|
|
133
|
+
}), (securityLabel) => new DropSecurityLabelOnView({
|
|
134
|
+
view: mainView,
|
|
135
|
+
securityLabel,
|
|
136
|
+
})));
|
|
124
137
|
// Note: View renaming would also use ALTER VIEW ... RENAME TO ...
|
|
125
138
|
// But since our View model uses 'name' as the identity field,
|
|
126
139
|
// a name change would be handled as drop + create by diffObjects()
|
|
@@ -3,6 +3,7 @@ import z from "zod";
|
|
|
3
3
|
import { BasePgModel, type TableLikeObject } from "../base.model.ts";
|
|
4
4
|
import { type PrivilegeProps } from "../base.privilege-diff.ts";
|
|
5
5
|
import { type ExtractRetryOptions } from "../extract-with-retry.ts";
|
|
6
|
+
import { type SecurityLabelProps } from "../security-label.types.ts";
|
|
6
7
|
declare const viewPropsSchema: z.ZodObject<{
|
|
7
8
|
schema: z.ZodString;
|
|
8
9
|
name: z.ZodString;
|
|
@@ -42,6 +43,10 @@ declare const viewPropsSchema: z.ZodObject<{
|
|
|
42
43
|
collation: z.ZodNullable<z.ZodString>;
|
|
43
44
|
default: z.ZodNullable<z.ZodString>;
|
|
44
45
|
comment: z.ZodNullable<z.ZodString>;
|
|
46
|
+
security_labels: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
47
|
+
provider: z.ZodString;
|
|
48
|
+
label: z.ZodString;
|
|
49
|
+
}, z.z.core.$strip>>>;
|
|
45
50
|
}, z.z.core.$strip>>;
|
|
46
51
|
privileges: z.ZodArray<z.ZodObject<{
|
|
47
52
|
grantee: z.ZodString;
|
|
@@ -49,6 +54,10 @@ declare const viewPropsSchema: z.ZodObject<{
|
|
|
49
54
|
grantable: z.ZodBoolean;
|
|
50
55
|
columns: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
|
|
51
56
|
}, z.z.core.$strip>>;
|
|
57
|
+
security_labels: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
58
|
+
provider: z.ZodString;
|
|
59
|
+
label: z.ZodString;
|
|
60
|
+
}, z.z.core.$strip>>>>;
|
|
52
61
|
}, z.z.core.$strip>;
|
|
53
62
|
type ViewPrivilegeProps = PrivilegeProps;
|
|
54
63
|
export type ViewProps = z.infer<typeof viewPropsSchema>;
|
|
@@ -71,6 +80,7 @@ export declare class View extends BasePgModel implements TableLikeObject {
|
|
|
71
80
|
readonly comment: ViewProps["comment"];
|
|
72
81
|
readonly columns: ViewProps["columns"];
|
|
73
82
|
readonly privileges: ViewPrivilegeProps[];
|
|
83
|
+
readonly security_labels: SecurityLabelProps[];
|
|
74
84
|
constructor(props: ViewProps);
|
|
75
85
|
get stableId(): `view:${string}`;
|
|
76
86
|
get identityFields(): {
|
|
@@ -109,6 +119,10 @@ export declare class View extends BasePgModel implements TableLikeObject {
|
|
|
109
119
|
collation: string | null;
|
|
110
120
|
default: string | null;
|
|
111
121
|
comment: string | null;
|
|
122
|
+
security_labels?: {
|
|
123
|
+
provider: string;
|
|
124
|
+
label: string;
|
|
125
|
+
}[] | undefined;
|
|
112
126
|
}[];
|
|
113
127
|
privileges: {
|
|
114
128
|
grantee: string;
|
|
@@ -116,6 +130,10 @@ export declare class View extends BasePgModel implements TableLikeObject {
|
|
|
116
130
|
grantable: boolean;
|
|
117
131
|
columns?: string[] | null | undefined;
|
|
118
132
|
}[];
|
|
133
|
+
security_labels: {
|
|
134
|
+
provider: string;
|
|
135
|
+
label: string;
|
|
136
|
+
}[];
|
|
119
137
|
};
|
|
120
138
|
stableSnapshot(): {
|
|
121
139
|
identity: {
|
|
@@ -139,6 +157,14 @@ export declare class View extends BasePgModel implements TableLikeObject {
|
|
|
139
157
|
collation: string | null;
|
|
140
158
|
default: string | null;
|
|
141
159
|
comment: string | null;
|
|
160
|
+
security_labels?: {
|
|
161
|
+
provider: string;
|
|
162
|
+
label: string;
|
|
163
|
+
}[] | undefined;
|
|
164
|
+
}[];
|
|
165
|
+
security_labels: {
|
|
166
|
+
provider: string;
|
|
167
|
+
label: string;
|
|
142
168
|
}[];
|
|
143
169
|
definition: string;
|
|
144
170
|
row_security: boolean;
|