feat(policies): allow include/exclude schema(s)

Author: osaxma

src/lib/PostgresMetaPolicies.ts

@@ -12,17 +12,33 @@ export default class PostgresMetaPolicies {
 
   async list({
     includeSystemSchemas = false,
+    includedSchemas,
+    excludedSchemas,
     limit,
     offset,
   }: {
     includeSystemSchemas?: boolean
+    includedSchemas?: string[]
+    excludedSchemas?: string[]
     limit?: number
     offset?: number
   } = {}): Promise<PostgresMetaResult<PostgresPolicy[]>> {
     let sql = policiesSql
-    if (!includeSystemSchemas) {
+
+    if (includedSchemas?.length) {
+      sql = `${sql} WHERE (n.nspname IN (${includedSchemas.map(literal).join(',')}))`
+    } else if (!includeSystemSchemas) {
       sql = `${sql} WHERE NOT (n.nspname IN (${DEFAULT_SYSTEM_SCHEMAS.map(literal).join(',')}))`
     }
+
+    if (excludedSchemas?.length) {
+      if (includedSchemas?.length || !includeSystemSchemas) {
+        sql = `${sql} AND NOT (n.nspname IN (${excludedSchemas.map(literal).join(',')}))`
+      } else {
+        sql = `${sql} WHERE NOT (n.nspname IN (${excludedSchemas.map(literal).join(',')}))`
+      }
+    }
+
     if (limit) {
       sql = `${sql} LIMIT ${limit}`
     }

src/server/routes/policies.ts

@@ -8,17 +8,22 @@ export default async (fastify: FastifyInstance) => {
     Headers: { pg: string }
     Querystring: {
       include_system_schemas?: string
+      // Note: this only supports comma separated values (e.g., ".../policies?included_schemas=public,core")
+      included_schemas?: string
+      excluded_schemas?: string
       limit?: number
       offset?: number
     }
   }>('/', async (request, reply) => {
     const connectionString = request.headers.pg
     const includeSystemSchemas = request.query.include_system_schemas === 'true'
+    const includedSchemas = request.query.included_schemas?.split(',')
+    const excludedSchemas = request.query.excluded_schemas?.split(',')
     const limit = request.query.limit
     const offset = request.query.offset
 
     const pgMeta = new PostgresMeta({ ...DEFAULT_POOL_CONFIG, connectionString })
-    const { data, error } = await pgMeta.policies.list({ includeSystemSchemas, limit, offset })
+    const { data, error } = await pgMeta.policies.list({ includeSystemSchemas, includedSchemas, excludedSchemas, limit, offset })
     await pgMeta.end()
     if (error) {
       request.log.error({ error, request: extractRequestForLogging(request) })

test/lib/policies.ts

@@ -23,6 +23,39 @@ test('list', async () => {
   )
 })
 
+test('list policies with included schemas', async () => {
+  let res = await pgMeta.policies.list({
+    includedSchemas: ['public'],
+  })
+
+  expect(res.data?.length).toBeGreaterThan(0)
+
+  res.data?.forEach((policy) => {
+    expect(policy.schema).toBe('public')
+  })
+})
+
+test('list policies with excluded schemas', async () => {
+  let res = await pgMeta.policies.list({
+    excludedSchemas: ['public'],
+  })
+
+  res.data?.forEach((policy) => {
+    expect(policy.schema).not.toBe('public')
+  })
+})
+
+test('list policies with excluded schemas and include System Schemas', async () => {
+  let res = await pgMeta.policies.list({
+    excludedSchemas: ['public'],
+    includeSystemSchemas: true,
+  })
+
+  res.data?.forEach((policy) => {
+    expect(policy.schema).not.toBe('public')
+  })
+})
+
 test('retrieve, create, update, delete', async () => {
   let res = await pgMeta.policies.create({
     name: 'test policy',