npm - @tinybirdco/sdk - Versions diffs - 0.0.73 → 0.0.75 - Mend

@tinybirdco/sdk 0.0.73 → 0.0.75

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

package/dist/api/deploy.d.ts.map +1 -1
package/dist/api/deploy.js +28 -25
package/dist/api/deploy.js.map +1 -1
package/dist/api/deploy.test.js +45 -0
package/dist/api/deploy.test.js.map +1 -1
package/dist/cli/commands/migrate.test.js +11 -0
package/dist/cli/commands/migrate.test.js.map +1 -1
package/dist/generator/connection.d.ts.map +1 -1
package/dist/generator/connection.js +12 -0
package/dist/generator/connection.js.map +1 -1
package/dist/generator/connection.test.js +16 -0
package/dist/generator/connection.test.js.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js.map +1 -1
package/dist/migrate/emit-ts.d.ts.map +1 -1
package/dist/migrate/emit-ts.js +18 -0
package/dist/migrate/emit-ts.js.map +1 -1
package/dist/migrate/parse-connection.d.ts.map +1 -1
package/dist/migrate/parse-connection.js +35 -0
package/dist/migrate/parse-connection.js.map +1 -1
package/dist/migrate/parse-connection.test.js +14 -0
package/dist/migrate/parse-connection.test.js.map +1 -1
package/dist/migrate/types.d.ts +4 -0
package/dist/migrate/types.d.ts.map +1 -1
package/dist/schema/connection.d.ts +12 -0
package/dist/schema/connection.d.ts.map +1 -1
package/dist/schema/connection.js.map +1 -1
package/dist/schema/connection.test.js +15 -0
package/dist/schema/connection.test.js.map +1 -1
package/package.json +1 -1
package/src/api/deploy.test.ts +66 -0
package/src/api/deploy.ts +32 -29
package/src/cli/commands/migrate.test.ts +11 -0
package/src/generator/connection.test.ts +23 -0
package/src/generator/connection.ts +16 -0
package/src/index.ts +1 -0
package/src/migrate/emit-ts.ts +21 -0
package/src/migrate/parse-connection.test.ts +27 -0
package/src/migrate/parse-connection.ts +40 -0
package/src/migrate/types.ts +4 -0
package/src/schema/connection.test.ts +21 -0
package/src/schema/connection.ts +13 -0

package/src/api/deploy.ts CHANGED Viewed

@@ -217,37 +217,40 @@ export async function deployToMain(
     );
   }
-  // Step 0: Clean up any stale non-live deployments that might block the new deployment
-  try {
-    const deploymentsUrl = `${baseUrl}/v1/deployments`;
-    const deploymentsResponse = await tinybirdFetch(deploymentsUrl, {
-      headers: {
-        Authorization: `Bearer ${config.token}`,
-      },
-    });
-    if (deploymentsResponse.ok) {
-      const deploymentsBody = (await deploymentsResponse.json()) as DeploymentsListResponse;
-      const staleDeployments = deploymentsBody.deployments.filter(
-        (d) => !d.live && d.status !== "live"
-      );
-      for (const stale of staleDeployments) {
-        if (debug) {
-          console.log(`[debug] Cleaning up stale deployment: ${stale.id} (status: ${stale.status})`);
+  // Step 0: Clean up any stale non-live deployments that might block the new deployment.
+  // Skipped in check mode so validation runs don't tear down in-flight deployments.
+  if (!options?.check) {
+    try {
+      const deploymentsUrl = `${baseUrl}/v1/deployments`;
+      const deploymentsResponse = await tinybirdFetch(deploymentsUrl, {
+        headers: {
+          Authorization: `Bearer ${config.token}`,
+        },
+      });
+      if (deploymentsResponse.ok) {
+        const deploymentsBody = (await deploymentsResponse.json()) as DeploymentsListResponse;
+        const staleDeployments = deploymentsBody.deployments.filter(
+          (d) => !d.live && d.status !== "live"
+        );
+        for (const stale of staleDeployments) {
+          if (debug) {
+            console.log(`[debug] Cleaning up stale deployment: ${stale.id} (status: ${stale.status})`);
+          }
+          await tinybirdFetch(`${baseUrl}/v1/deployments/${stale.id}`, {
+            method: "DELETE",
+            headers: {
+              Authorization: `Bearer ${config.token}`,
+            },
+          });
         }
-        await tinybirdFetch(`${baseUrl}/v1/deployments/${stale.id}`, {
-          method: "DELETE",
-          headers: {
-            Authorization: `Bearer ${config.token}`,
-          },
-        });
       }
-    }
-  } catch (e) {
-    // Ignore errors during cleanup - we'll try to deploy anyway
-    if (debug) {
-      console.log(`[debug] Failed to clean up stale deployments: ${e}`);
+    } catch (e) {
+      // Ignore errors during cleanup - we'll try to deploy anyway
+      if (debug) {
+        console.log(`[debug] Failed to clean up stale deployments: ${e}`);
+      }
     }
   }

package/src/cli/commands/migrate.test.ts CHANGED Viewed

@@ -845,6 +845,12 @@ INDEXES >
       "stream.connection",
       `TYPE kafka
 KAFKA_BOOTSTRAP_SERVERS kafka.example.com:9092
+KAFKA_SECURITY_PROTOCOL SASL_SSL
+KAFKA_SASL_MECHANISM OAUTHBEARER
+KAFKA_SASL_OAUTHBEARER_METHOD AWS
+KAFKA_SASL_OAUTHBEARER_AWS_REGION eu-west-1
+KAFKA_SASL_OAUTHBEARER_AWS_ROLE_ARN {{ tb_secret("KAFKA_AWS_ROLE_ARN") }}
+KAFKA_SASL_OAUTHBEARER_AWS_EXTERNAL_ID {{ tb_secret("KAFKA_AWS_EXTERNAL_ID") }}
 KAFKA_SCHEMA_REGISTRY_URL https://registry-user:registry-pass@registry.example.com
 # Optional registry auth details
 `
@@ -909,6 +915,11 @@ DATASOURCE events_state
     expect(output).toContain(
       'schemaRegistryUrl: "https://registry-user:registry-pass@registry.example.com"'
     );
+    expect(output).toContain('saslMechanism: "OAUTHBEARER"');
+    expect(output).toContain('saslOauthbearerMethod: "AWS"');
+    expect(output).toContain('saslOauthbearerAwsRegion: "eu-west-1"');
+    expect(output).toContain('saslOauthbearerAwsRoleArn: secret("KAFKA_AWS_ROLE_ARN")');
+    expect(output).toContain('saslOauthbearerAwsExternalId: secret("KAFKA_AWS_EXTERNAL_ID")');
     expect(output).toContain("storeRawValue: true");
     expect(output).toContain(
       'engine: engine.replacingMergeTree({ sortingKey: "event_id", ver: "version_ts", isDeleted: "_is_deleted" })'

package/src/generator/connection.test.ts CHANGED Viewed

@@ -152,6 +152,29 @@ describe("Connection Generator", () => {
       });
     });
+    it("generates Kafka AWS IAM OAUTHBEARER settings", () => {
+      const conn = defineKafkaConnection("aws_msk", {
+        bootstrapServers: "b-1.msk.example.com:9098,b-2.msk.example.com:9098",
+        securityProtocol: "SASL_SSL",
+        saslMechanism: "OAUTHBEARER",
+        saslOauthbearerMethod: "AWS",
+        saslOauthbearerAwsRegion: "eu-west-1",
+        saslOauthbearerAwsRoleArn: '{{ tb_secret("KAFKA_AWS_ROLE_ARN") }}',
+        saslOauthbearerAwsExternalId: '{{ tb_secret("KAFKA_AWS_EXTERNAL_ID") }}',
+      });
+      const result = generateConnection(conn);
+      expect(result.content).toContain("KAFKA_SASL_OAUTHBEARER_METHOD AWS");
+      expect(result.content).toContain("KAFKA_SASL_OAUTHBEARER_AWS_REGION eu-west-1");
+      expect(result.content).toContain(
+        'KAFKA_SASL_OAUTHBEARER_AWS_ROLE_ARN {{ tb_secret("KAFKA_AWS_ROLE_ARN") }}'
+      );
+      expect(result.content).toContain(
+        'KAFKA_SASL_OAUTHBEARER_AWS_EXTERNAL_ID {{ tb_secret("KAFKA_AWS_EXTERNAL_ID") }}'
+      );
+    });
     it("generates basic S3 connection with IAM role auth", () => {
       const conn = defineS3Connection("my_s3", {
         region: "us-east-1",

package/src/generator/connection.ts CHANGED Viewed

@@ -42,6 +42,22 @@ function generateKafkaConnection(connection: KafkaConnectionDefinition): string
     parts.push(`KAFKA_SASL_MECHANISM ${options.saslMechanism}`);
   }
+  if (options.saslOauthbearerMethod) {
+    parts.push(`KAFKA_SASL_OAUTHBEARER_METHOD ${options.saslOauthbearerMethod}`);
+  }
+  if (options.saslOauthbearerAwsRegion) {
+    parts.push(`KAFKA_SASL_OAUTHBEARER_AWS_REGION ${options.saslOauthbearerAwsRegion}`);
+  }
+  if (options.saslOauthbearerAwsRoleArn) {
+    parts.push(`KAFKA_SASL_OAUTHBEARER_AWS_ROLE_ARN ${options.saslOauthbearerAwsRoleArn}`);
+  }
+  if (options.saslOauthbearerAwsExternalId) {
+    parts.push(`KAFKA_SASL_OAUTHBEARER_AWS_EXTERNAL_ID ${options.saslOauthbearerAwsExternalId}`);
+  }
   if (options.key) {
     parts.push(`KAFKA_KEY ${options.key}`);
   }

package/src/index.ts CHANGED Viewed

@@ -137,6 +137,7 @@ export type {
   KafkaConnectionOptions,
   KafkaSecurityProtocol,
   KafkaSaslMechanism,
+  KafkaSaslOauthbearerMethod,
   S3ConnectionDefinition,
   S3ConnectionOptions,
   GCSConnectionDefinition,

package/src/migrate/emit-ts.ts CHANGED Viewed

@@ -64,6 +64,9 @@ function hasSecretTemplate(resources: ParsedResource[]): boolean {
         if (resource.secret) values.push(resource.secret);
         if (resource.sslCaPem) values.push(resource.sslCaPem);
         if (resource.schemaRegistryUrl) values.push(resource.schemaRegistryUrl);
+        if (resource.saslOauthbearerAwsRegion) values.push(resource.saslOauthbearerAwsRegion);
+        if (resource.saslOauthbearerAwsRoleArn) values.push(resource.saslOauthbearerAwsRoleArn);
+        if (resource.saslOauthbearerAwsExternalId) values.push(resource.saslOauthbearerAwsExternalId);
       } else if (resource.connectionType === "s3") {
         values.push(resource.region);
         if (resource.arn) values.push(resource.arn);
@@ -429,6 +432,24 @@ function emitConnection(
     if (connection.saslMechanism) {
       lines.push(`  saslMechanism: ${emitStringOrSecret(connection.saslMechanism)},`);
     }
+    if (connection.saslOauthbearerMethod) {
+      lines.push(`  saslOauthbearerMethod: ${emitStringOrSecret(connection.saslOauthbearerMethod)},`);
+    }
+    if (connection.saslOauthbearerAwsRegion) {
+      lines.push(
+        `  saslOauthbearerAwsRegion: ${emitStringOrSecret(connection.saslOauthbearerAwsRegion)},`
+      );
+    }
+    if (connection.saslOauthbearerAwsRoleArn) {
+      lines.push(
+        `  saslOauthbearerAwsRoleArn: ${emitStringOrSecret(connection.saslOauthbearerAwsRoleArn)},`
+      );
+    }
+    if (connection.saslOauthbearerAwsExternalId) {
+      lines.push(
+        `  saslOauthbearerAwsExternalId: ${emitStringOrSecret(connection.saslOauthbearerAwsExternalId)},`
+      );
+    }
     if (connection.key) {
       lines.push(`  key: ${emitStringOrSecret(connection.key)},`);
     }

package/src/migrate/parse-connection.test.ts CHANGED Viewed

@@ -95,4 +95,31 @@ KAFKA_SSL_CA_PEM {{ tb_secret('KAFKA_SSL_CA_PEM') }}`
     expect(result).toHaveProperty("sslCaPem", "{{ tb_secret('KAFKA_SSL_CA_PEM') }}");
   });
+  it("parses Kafka AWS IAM OAUTHBEARER directives", () => {
+    const result = parseConnectionFile(
+      resource(
+        "aws_msk",
+        `TYPE kafka
+KAFKA_BOOTSTRAP_SERVERS b-1.msk.example.com:9098,b-2.msk.example.com:9098
+KAFKA_SECURITY_PROTOCOL SASL_SSL
+KAFKA_SASL_MECHANISM OAUTHBEARER
+KAFKA_SASL_OAUTHBEARER_METHOD AWS
+KAFKA_SASL_OAUTHBEARER_AWS_REGION eu-west-1
+KAFKA_SASL_OAUTHBEARER_AWS_ROLE_ARN {{ tb_secret("KAFKA_AWS_ROLE_ARN") }}
+KAFKA_SASL_OAUTHBEARER_AWS_EXTERNAL_ID {{ tb_secret("KAFKA_AWS_EXTERNAL_ID") }}`
+      )
+    );
+    expect(result).toHaveProperty("saslOauthbearerMethod", "AWS");
+    expect(result).toHaveProperty("saslOauthbearerAwsRegion", "eu-west-1");
+    expect(result).toHaveProperty(
+      "saslOauthbearerAwsRoleArn",
+      '{{ tb_secret("KAFKA_AWS_ROLE_ARN") }}'
+    );
+    expect(result).toHaveProperty(
+      "saslOauthbearerAwsExternalId",
+      '{{ tb_secret("KAFKA_AWS_EXTERNAL_ID") }}'
+    );
+  });
 });

package/src/migrate/parse-connection.ts CHANGED Viewed

@@ -18,6 +18,10 @@ const CONNECTION_DIRECTIVES = new Set([
   "KAFKA_BOOTSTRAP_SERVERS",
   "KAFKA_SECURITY_PROTOCOL",
   "KAFKA_SASL_MECHANISM",
+  "KAFKA_SASL_OAUTHBEARER_METHOD",
+  "KAFKA_SASL_OAUTHBEARER_AWS_REGION",
+  "KAFKA_SASL_OAUTHBEARER_AWS_ROLE_ARN",
+  "KAFKA_SASL_OAUTHBEARER_AWS_EXTERNAL_ID",
   "KAFKA_KEY",
   "KAFKA_SECRET",
   "KAFKA_SCHEMA_REGISTRY_URL",
@@ -55,6 +59,10 @@ export function parseConnectionFile(
     | "SCRAM-SHA-512"
     | "OAUTHBEARER"
     | undefined;
+  let saslOauthbearerMethod: "AWS" | undefined;
+  let saslOauthbearerAwsRegion: string | undefined;
+  let saslOauthbearerAwsRoleArn: string | undefined;
+  let saslOauthbearerAwsExternalId: string | undefined;
   let key: string | undefined;
   let secret: string | undefined;
   let schemaRegistryUrl: string | undefined;
@@ -110,6 +118,26 @@ export function parseConnectionFile(
         }
         saslMechanism = value;
         break;
+      case "KAFKA_SASL_OAUTHBEARER_METHOD":
+        if (value !== "AWS") {
+          throw new MigrationParseError(
+            resource.filePath,
+            "connection",
+            resource.name,
+            `Unsupported KAFKA_SASL_OAUTHBEARER_METHOD: "${value}"`
+          );
+        }
+        saslOauthbearerMethod = value;
+        break;
+      case "KAFKA_SASL_OAUTHBEARER_AWS_REGION":
+        saslOauthbearerAwsRegion = value;
+        break;
+      case "KAFKA_SASL_OAUTHBEARER_AWS_ROLE_ARN":
+        saslOauthbearerAwsRoleArn = value;
+        break;
+      case "KAFKA_SASL_OAUTHBEARER_AWS_EXTERNAL_ID":
+        saslOauthbearerAwsExternalId = value;
+        break;
       case "KAFKA_KEY":
         key = value;
         break;
@@ -196,6 +224,10 @@ export function parseConnectionFile(
       bootstrapServers,
       securityProtocol,
       saslMechanism,
+      saslOauthbearerMethod,
+      saslOauthbearerAwsRegion,
+      saslOauthbearerAwsRoleArn,
+      saslOauthbearerAwsExternalId,
       key,
       secret,
       schemaRegistryUrl,
@@ -208,6 +240,10 @@ export function parseConnectionFile(
       bootstrapServers ||
       securityProtocol ||
       saslMechanism ||
+      saslOauthbearerMethod ||
+      saslOauthbearerAwsRegion ||
+      saslOauthbearerAwsRoleArn ||
+      saslOauthbearerAwsExternalId ||
       key ||
       secret ||
       schemaRegistryUrl ||
@@ -266,6 +302,10 @@ export function parseConnectionFile(
       bootstrapServers ||
       securityProtocol ||
       saslMechanism ||
+      saslOauthbearerMethod ||
+      saslOauthbearerAwsRegion ||
+      saslOauthbearerAwsRoleArn ||
+      saslOauthbearerAwsExternalId ||
       key ||
       secret ||
       schemaRegistryUrl ||

package/src/migrate/types.ts CHANGED Viewed

@@ -155,6 +155,10 @@ export interface KafkaConnectionModel {
   bootstrapServers: string;
   securityProtocol?: "SASL_SSL" | "PLAINTEXT" | "SASL_PLAINTEXT";
   saslMechanism?: "PLAIN" | "SCRAM-SHA-256" | "SCRAM-SHA-512" | "OAUTHBEARER";
+  saslOauthbearerMethod?: "AWS";
+  saslOauthbearerAwsRegion?: string;
+  saslOauthbearerAwsRoleArn?: string;
+  saslOauthbearerAwsExternalId?: string;
   key?: string;
   secret?: string;
   schemaRegistryUrl?: string;

package/src/schema/connection.test.ts CHANGED Viewed

@@ -60,6 +60,27 @@ describe("Connection Schema", () => {
       expect(oauthConn.options.saslMechanism).toBe("OAUTHBEARER");
     });
+    it("creates a Kafka connection with AWS IAM OAUTHBEARER auth", () => {
+      const conn = defineKafkaConnection("aws_msk", {
+        bootstrapServers: "b-1.msk.example.com:9098,b-2.msk.example.com:9098",
+        securityProtocol: "SASL_SSL",
+        saslMechanism: "OAUTHBEARER",
+        saslOauthbearerMethod: "AWS",
+        saslOauthbearerAwsRegion: "eu-west-1",
+        saslOauthbearerAwsRoleArn: '{{ tb_secret("KAFKA_AWS_ROLE_ARN") }}',
+        saslOauthbearerAwsExternalId: '{{ tb_secret("KAFKA_AWS_EXTERNAL_ID") }}',
+      });
+      expect(conn.options.saslOauthbearerMethod).toBe("AWS");
+      expect(conn.options.saslOauthbearerAwsRegion).toBe("eu-west-1");
+      expect(conn.options.saslOauthbearerAwsRoleArn).toBe(
+        '{{ tb_secret("KAFKA_AWS_ROLE_ARN") }}'
+      );
+      expect(conn.options.saslOauthbearerAwsExternalId).toBe(
+        '{{ tb_secret("KAFKA_AWS_EXTERNAL_ID") }}'
+      );
+    });
     it("supports different security protocols", () => {
       const plaintext = defineKafkaConnection("plaintext_kafka", {
         bootstrapServers: "localhost:9092",

package/src/schema/connection.ts CHANGED Viewed

@@ -17,6 +17,11 @@ export type KafkaSecurityProtocol = "SASL_SSL" | "PLAINTEXT" | "SASL_PLAINTEXT";
  */
 export type KafkaSaslMechanism = "PLAIN" | "SCRAM-SHA-256" | "SCRAM-SHA-512" | "OAUTHBEARER";
+/**
+ * Kafka SASL OAUTHBEARER provider method options
+ */
+export type KafkaSaslOauthbearerMethod = "AWS";
 /**
  * Options for creating a Kafka connection
  */
@@ -27,6 +32,14 @@ export interface KafkaConnectionOptions {
   securityProtocol?: KafkaSecurityProtocol;
   /** SASL mechanism for authentication */
   saslMechanism?: KafkaSaslMechanism;
+  /** SASL OAUTHBEARER provider method */
+  saslOauthbearerMethod?: KafkaSaslOauthbearerMethod;
+  /** AWS region for SASL OAUTHBEARER IAM authentication */
+  saslOauthbearerAwsRegion?: string;
+  /** AWS role ARN for SASL OAUTHBEARER IAM authentication */
+  saslOauthbearerAwsRoleArn?: string;
+  /** AWS external ID for SASL OAUTHBEARER IAM authentication */
+  saslOauthbearerAwsExternalId?: string;
   /** Kafka key/username - can use {{ tb_secret(...) }} */
   key?: string;
   /** Kafka secret/password - can use {{ tb_secret(...) }} */