Skip to content

[BB-803] add missing provisioning for postgres #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MarcusGoldschmidt merged 10 commits into from
Jun 11, 2025
Merged

[BB-803] add missing provisioning for postgres #36

MarcusGoldschmidt merged 10 commits into from
Jun 11, 2025

Conversation

@MarcusGoldschmidt
Copy link
Contributor

@MarcusGoldschmidt MarcusGoldschmidt commented May 29, 2025
edited by coderabbitai bot
Loading

  • Add provisioning for table
  • Add provisioning for view
  • Add provisioning for function
  • Add provisioning for sequence
  • Add test container for integration test
  • Add in memory syncer for integration test

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features

    • Added support for granting and revoking privileges on PostgreSQL tables, views, functions, procedures, and sequences.
    • Enhanced resource models to include function and procedure arguments and return types for detailed privilege management.
    • Introduced configuration option to skip built-in PostgreSQL functions during synchronization.
    • Increased pagination limits for improved data retrieval performance.

  • Bug Fixes

    • Improved entitlement ID parsing to handle more flexible structures and edge cases.

  • Tests

    • Introduced comprehensive integration tests for privilege grant and revoke operations across all supported resource types.
    • Added utilities for automated PostgreSQL test environments, including initialization scripts and container setup.

  • Chores

    • Upgraded and added dependencies to support testing, telemetry, and containerized environments.

@coderabbitai
Copy link

coderabbitai bot commented May 29, 2025
edited
Loading

Walkthrough

This update introduces grant and revoke functionality for PostgreSQL tables, views, sequences, functions, and procedures, including both implementation and comprehensive tests. It adds or updates supporting methods in connector and client code, expands the test suite with containerized integration tests, and upgrades dependencies for testing, telemetry, and container management.

Changes

Files / Groups Change Summary
go.mod Upgraded core dependencies, added test/telemetry/container libraries, and bumped multiple indirect dependencies.
pkg/connector/function.go, procedure.go, sequence.go, table.go, view.go Added Grant and Revoke methods to syncer types for each resource (function, procedure, sequence, table, view).
pkg/connector/function_test.go, procedure_test.go, sequence_test.go, table_test.go, view_test.go Added integration tests for Grant/Revoke on each resource type, using a test connector environment.
pkg/connector/connector_test.go Introduced a comprehensive test harness for in-memory gRPC and PostgreSQL container integration tests.
pkg/connector/helpers.go Updated entitlement ID parsing logic for improved flexibility and correctness.
pkg/postgres/client.go Added a constant for "WITH GRANT OPTION".
pkg/postgres/databases.go Added a helper function to sanitize privilege strings.
pkg/postgres/functions.go, procedures.go, sequences.go, tables.go, views.go Added Grant/Revoke methods for each resource type; expanded models with new fields (e.g., arguments, return type, signature).
pkg/postgres/functions_test.go, procedures_test.go, sequences_test.go, tables_test.go, views_test.go Added tests verifying Grant/Revoke methods for each resource type using PostgreSQL containers.
pkg/testutil/container.go, init.sql Introduced test utility for PostgreSQL containers and an SQL script to initialize test DB objects and roles.
pkg/config/conf.gen.go, config.go, connector.go Added configuration and constructor support for skipping built-in PostgreSQL functions.
pkg/postgres/pagination.go Increased pagination limits for page size from 100 to 500 max and 10 to 100 min.

Sequence Diagram(s)

sequenceDiagram
    participant Test as Test Suite
    participant TestUtil as Test Utility (Container)
    participant Connector as Connector Syncer
    participant Client as Postgres Client
    participant DB as PostgreSQL

    Test->>TestUtil: SetupPostgresContainer()
    TestUtil->>DB: Start container, apply init.sql
    Test->>Connector: newTestConnector()
    Connector->>Client: Connect to DB
    Test->>Connector: Sync()
    Connector->>DB: Read resources
    Test->>Connector: Grant/ Revoke (table/view/sequence/function/procedure)
    Connector->>Client: GrantXxx()/RevokeXxx()
    Client->>DB: Execute GRANT/REVOKE SQL
    Client-->>Connector: Return result
    Connector-->>Test: Return grant/revoke result
Loading

Possibly related PRs

  • ConductorOne/baton-postgresql#31: Refactored connector and client code to support multiple databases via a client pool and database-aware resource ID parsing; this PR's grant/revoke logic and tests build directly on those changes.

Poem

A rabbit hopped through SQL fields,
Granting rights with careful shields.
Revoke and grant, a tidy dance,
On tables, views, and more—enhance!
With tests in place and code anew,
This bunny cheers, "All green, woohoo!"
🐇✨

✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@MarcusGoldschmidt MarcusGoldschmidt changed the title [BB-803] add provisioning for table [BB-803] add missing provisioning for postgres May 29, 2025
@MarcusGoldschmidt MarcusGoldschmidt marked this pull request as ready for review June 2, 2025 20:56
coderabbitai[bot]
coderabbitai bot reviewed Jun 2, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 14

♻️ Duplicate comments (3)
pkg/postgres/functions_test.go (1)

12-40: Test implementation is correct but continues the duplication pattern.

The test correctly exercises function privilege management using the Execute privilege on the get_test_item_count function as expected.

This test follows the same pattern as tables_test.go and procedures_test.go with identical structure and logic. Please refer to the refactoring suggestions in the tables_test.go review to address the code duplication across all these test files.

pkg/connector/procedure_test.go (1)

44-58: ⚠️ Potential issue

Critical: Grant and Revoke methods are undefined on the client type.

Same compilation issue as in table_test.go - the client.Grant and client.Revoke methods don't exist on the *inMemoryConnectorClient type.

This is the same issue identified in table_test.go. The Grant and Revoke methods need to be implemented on the client type before these tests can run.

Also applies to: 65-67

🧰 Tools
🪛 golangci-lint (1.64.8)

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

pkg/connector/function_test.go (1)

44-58: ⚠️ Potential issue

Critical: Grant and Revoke methods are undefined on the client type.

Same compilation issue as in the other connector test files - the client.Grant and client.Revoke methods don't exist on the *inMemoryConnectorClient type.

This is the same issue identified in table_test.go and procedure_test.go. All three connector test files will fail to compile until the Grant and Revoke methods are implemented on the client type.

Also applies to: 65-67

🧰 Tools
🪛 golangci-lint (1.64.8)

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

🧹 Nitpick comments (12)
pkg/postgres/views_test.go (1)

12-40: Well-structured test with room for enhanced verification.

The test covers important scenarios including grant options and edge cases. The containerized setup provides good isolation for integration testing.

Consider adding verification that privileges were actually granted/revoked:

// After grant, verify privilege exists
privileges, err := client.GetViewPrivileges(ctx, "public", "test_table_view", container.Role())
require.NoError(t, err)
require.Contains(t, privileges, Select.Name())

// After revoke, verify privilege removed
privileges, err = client.GetViewPrivileges(ctx, "public", "test_table_view", container.Role())
require.NoError(t, err)
require.NotContains(t, privileges, Select.Name())

This would ensure the operations actually modify the privilege state, not just execute without errors.

pkg/postgres/procedures_test.go (1)

12-40: Test implementation looks good with opportunities for enhancement.

The test correctly covers the basic grant/revoke scenarios for procedures. The structure follows a logical pattern testing both grant options and edge cases.

Consider these enhancements to make the test more robust:

  1. Verify actual privilege state: Query the database to confirm privileges were actually granted/revoked rather than just checking for no errors.

  2. Reduce code duplication: This test pattern is identical across multiple *_test.go files. Consider extracting a generic test helper:

+func testGrantRevoke(t *testing.T, grantFunc, revokeFunc func(context.Context, string, string, string, string, bool) error, schema, objectName, privilege string) {
+    // Common test logic here
+}

  1. Add meaningful assertions: The "revoke without grant" scenarios (lines 34-39) should verify they behave correctly when no privilege exists.

  2. Consider test cleanup: Ensure test state doesn't leak between runs by explicitly revoking all test grants in cleanup.

pkg/connector/sequence_test.go (1)

23-23: Remove duplicate error check.

There's a redundant require.NoError(t, err) call on line 23 that duplicates the check on line 22.

 c1z, err := manager.LoadC1Z(ctx)
 require.NoError(t, err)
-require.NoError(t, err)
pkg/connector/table_test.go (1)

22-23: Remove duplicate error handling.

There are duplicate require.NoError(t, err) calls for the same operation.

 	c1z, err := manager.LoadC1Z(ctx)
 	require.NoError(t, err)
-	require.NoError(t, err)
pkg/connector/procedure_test.go (2)

22-23: Remove duplicate error handling.

There are duplicate require.NoError(t, err) calls for the same operation.

 	c1z, err := manager.LoadC1Z(ctx)
 	require.NoError(t, err)
-	require.NoError(t, err)

13-70: Consider refactoring to reduce code duplication.

The test structure is nearly identical to table_test.go and function_test.go. Consider extracting common test logic into a helper function to improve maintainability.

Example refactor approach:

func testGrantRevoke(t *testing.T, resourceType ResourceType, resourceName, privilege string) {
    // Common setup and test logic
    ctx, syncer, manager, client := newTestConnector(t)
    // ... shared implementation
}

func TestGrantRevokeProcedure(t *testing.T) {
    testGrantRevoke(t, procedureResourceType, "add_test_item", "execute")
}
🧰 Tools
🪛 golangci-lint (1.64.8)

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

pkg/connector/function_test.go (1)

22-23: Remove duplicate error handling.

There are duplicate require.NoError(t, err) calls for the same operation.

 	c1z, err := manager.LoadC1Z(ctx)
 	require.NoError(t, err)
-	require.NoError(t, err)
pkg/connector/view_test.go (1)

43-57: Consider using helper functions for entitlement ID construction.

The test manually constructs the entitlement ID string, which could be brittle and inconsistent with the formatEntitlementID helper function available in the same package.

Replace the manual string construction with the helper function:

	grantResponse, err := client.Grant(ctx, &connectorv2.GrantManagerServiceGrantRequest{
		Principal: &connectorv2.Resource{
			Id:          roleResource.Id,
			DisplayName: roleResource.DisplayName,
		},
		Entitlement: &connectorv2.Entitlement{
-			Id: fmt.Sprintf("entitlement:view:db%s:%d:select:grant", dbId, rId),
+			Id: formatEntitlementID(&connectorv2.Resource{
+				Id: &connectorv2.ResourceId{
+					ResourceType: viewResourceType.Id,
+					Resource:     fmt.Sprintf("view:db%s:%d", dbId, rId),
+				},
+			}, "select", true),
			Resource: &connectorv2.Resource{
				Id: &connectorv2.ResourceId{
					ResourceType: viewResourceType.Id,
					Resource:     fmt.Sprintf("view:db%s:%d", dbId, rId),
				},
			},
		},
	})

This approach ensures consistency with the helper function and reduces the risk of format mismatches.

pkg/connector/sequence.go (2)

132-169: Fix misleading error message in Grant method.

The error message refers to "roles granted" which is confusing in the context of sequence privileges.

	if principal.Id.ResourceType != roleResourceType.Id {
-		return nil, nil, fmt.Errorf("baton-postgres: only users and roles can have roles granted")
+		return nil, nil, fmt.Errorf("baton-postgres: only users and roles can be granted sequence privileges")
	}

171-201: Fix misleading error message in Revoke method.

Similar to the Grant method, the error message is misleading.

	if principal.Id.ResourceType != roleResourceType.Id {
-		return nil, fmt.Errorf("baton-postgres: only users and roles can have roles granted")
+		return nil, fmt.Errorf("baton-postgres: only users and roles can have sequence privileges revoked")
	}
pkg/connector/connector_test.go (2)

22-24: Minor: Organize imports consistently.

Consider moving the os and testing imports into the main import block for better organization.

	"google.golang.org/grpc/credentials/insecure"
	"google.golang.org/grpc/test/bufconn"
-
-	"os"
-	"testing"
+	"os"
+	"testing"

177-185: Consider enhancing test comprehensiveness.

While this test successfully validates that sync completes without errors, it could be more comprehensive given the extensive setup infrastructure. Consider adding assertions to verify:

  • Expected PostgreSQL resources (tables, views, functions, etc.) are discovered
  • The C1Z file contains the expected data after sync
  • Grant/revoke functionality works as mentioned in the PR objectives

Example enhancement:

func TestConnectorFullSync(t *testing.T) {
	ctx, syncer, localManager, client := newTestConnector(t)

	err := syncer.Sync(ctx)
	require.NoError(t, err)

+	// Verify sync results
+	c1z, err := localManager.LoadC1File(ctx)
+	require.NoError(t, err)
+	
+	// Check that expected resource types exist
+	resourceTypes, err := c1z.ListResourceTypes(ctx, &connectorV2.ResourceTypesServiceListResourceTypesRequest{})
+	require.NoError(t, err)
+	require.NotEmpty(t, resourceTypes.List)

	err = syncer.Close(ctx)
	require.NoError(t, err)
}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3180304 and 34ed268.

⛔ Files ignored due to path filters (273)
  • go.sum is excluded by !**/*.sum and included by none
  • vendor/dario.cat/mergo/.deepsource.toml is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/.gitignore is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/.travis.yml is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/CODE_OF_CONDUCT.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/CONTRIBUTING.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/LICENSE is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/README.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/SECURITY.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/doc.go is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/map.go is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/merge.go is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/mergo.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/constants.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/context.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/csi_entry_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/csi_param_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/escape_intermediate_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/escape_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/event_handler.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/ground_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/osc_string_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/parser.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/parser_action_helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/parser_actions.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/states.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/utilities.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/ansi.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/api.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/attr_translation.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/cursor_helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/erase_helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/scroll_helper.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/utilities.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/win_event_handler.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/.gitattributes is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/.gitignore is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/.golangci.yml is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/CODEOWNERS is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/SECURITY.md is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/backup.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/doc.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/ea.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/file.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/fileinfo.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/hvsock.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/doc.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/fs.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/security.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/socket/rawaddr.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/socket/socket.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pipe.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/variant_string.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/privilege.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/reparse.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/sd.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/syscall.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/zsyscall_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/internal/connector/connector.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_raw_id.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_raw_id.pb.validate.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/event_feed.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/event_feed.pb.validate.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/event_feed_grpc.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource.pb.validate.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource_grpc.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connectorapi/baton/v1/baton.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/connectorapi/baton/v1/baton.pb.validate.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/reader/v2/sync.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pb/c1/reader/v2/sync.pb.validate.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/cli/commands.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/config/config.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/connectorbuilder/connectorbuilder.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/connectorrunner/runner.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/connectorstore/connectorstore.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/assets.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/diff.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/entitlements.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/grants.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/resouce_types.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/resources.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sql_helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sync_runs.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/field/default_relationships.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/field/defaults.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/field/fields.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/retry/retry.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/sdk/empty_connector.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/sdk/version.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/sync/state.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/sync/syncer.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/synccompactor/compactor.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/synccompactor/naive/naive.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/synccompactor/naive/naive_unroll.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/tasks/c1api/full_sync.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/tasks/c1api/manager.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/tasks/local/compactor.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/tasks/local/differ.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/tasks/local/event_feed.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/tasks/local/syncer.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/tasks/tasks.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/types/entitlement/entitlement.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/types/tasks/tasks.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/types/types.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/uhttp/pagination.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/uhttp/transport.go is excluded by !vendor/** and included by none
  • vendor/github.com/conductorone/baton-sdk/pkg/uhttp/wrapper.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/log/.golangci.yml is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/log/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/log/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/log/context.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/.gitattributes is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/.golangci.yml is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/compare.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/cpuinfo.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/cpuinfo_linux.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/cpuinfo_other.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/database.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/defaults.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/defaults_darwin.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/defaults_freebsd.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/defaults_unix.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/defaults_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/errors.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/platform_compat_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/platforms.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/platforms_other.go is excluded by !vendor/** and included by none
  • vendor/github.com/containerd/platforms/platforms_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/cpuguy83/dockercfg/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/cpuguy83/dockercfg/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/cpuguy83/dockercfg/auth.go is excluded by !vendor/** and included by none
  • vendor/github.com/cpuguy83/dockercfg/config.go is excluded by !vendor/** and included by none
  • vendor/github.com/cpuguy83/dockercfg/load.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/bypass.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/bypasssafe.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/common.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/config.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/doc.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/dump.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/format.go is excluded by !vendor/** and included by none
  • vendor/github.com/davecgh/go-spew/spew/spew.go is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/.gitattributes is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/.gitignore is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/.golangci.yml is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/CONTRIBUTING.md is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/GOVERNANCE.md is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/MAINTAINERS is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/Makefile is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/SECURITY.md is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/distribution-logo.svg is excluded by !**/*.svg, !vendor/** and included by none
  • vendor/github.com/distribution/reference/helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/normalize.go is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/reference.go is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/regexp.go is excluded by !vendor/** and included by none
  • vendor/github.com/distribution/reference/sort.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/AUTHORS is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/NOTICE is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/common.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/swagger-gen.yaml is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/swagger.yaml is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/blkiodev/blkio.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/checkpoint/list.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/checkpoint/options.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/client.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/common/id_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/change_type.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/change_types.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/commit.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/config.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/container.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/create_request.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/create_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/errors.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/exec.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/filesystem_change.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/health.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/hostconfig.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/network_settings.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/options.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/port.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/stats.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/top_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/update_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/wait_exit_error.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/wait_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/container/waitcondition.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/error_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/error_response_ext.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/events/events.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/filters/errors.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/filters/parse.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/image/delete_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/image/image.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/image/image_history.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/image/image_inspect.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/image/manifest.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/image/opts.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/image/summary.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/mount/mount.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/network/create_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/network/endpoint.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/network/ipam.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/network/network.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/plugin.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/plugin_device.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/plugin_env.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/plugin_interface_type.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/plugin_mount.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/plugin_responses.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/registry/authconfig.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/registry/authenticate.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/registry/registry.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/registry/search.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/storage/driver_data.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/strslice/strslice.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/common.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/config.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/container.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/network.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/node.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/runtime.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/runtime/gen.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.pb.go is excluded by !**/*.pb.go, !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/runtime/plugin.proto is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/secret.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/service.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/service_create_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/service_update_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/swarm.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/swarm/task.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/system/info.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/system/runtime.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/system/security_opts.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/time/timestamp.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/types.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/types_deprecated.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/versions/compare.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/volume/cluster_volume.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/volume/create_options.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/volume/list_response.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/volume/options.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/volume/volume.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/api/types/volume/volume_update.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/client/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/client/build_cancel.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/client/build_prune.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/client/checkpoint.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/client/checkpoint_create.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/client/checkpoint_delete.go is excluded by !vendor/** and included by none
  • vendor/github.com/docker/docker/client/checkpoint_list.go is excluded by !vendor/** and included by none
📒 Files selected for processing (27)
  • go.mod (5 hunks)
  • pkg/connector/connector_test.go (1 hunks)
  • pkg/connector/function.go (1 hunks)
  • pkg/connector/function_test.go (1 hunks)
  • pkg/connector/helpers.go (1 hunks)
  • pkg/connector/procedure.go (1 hunks)
  • pkg/connector/procedure_test.go (1 hunks)
  • pkg/connector/sequence.go (1 hunks)
  • pkg/connector/sequence_test.go (1 hunks)
  • pkg/connector/table.go (1 hunks)
  • pkg/connector/table_test.go (1 hunks)
  • pkg/connector/view.go (1 hunks)
  • pkg/connector/view_test.go (1 hunks)
  • pkg/postgres/client.go (1 hunks)
  • pkg/postgres/databases.go (1 hunks)
  • pkg/postgres/functions.go (4 hunks)
  • pkg/postgres/functions_test.go (1 hunks)
  • pkg/postgres/procedures.go (5 hunks)
  • pkg/postgres/procedures_test.go (1 hunks)
  • pkg/postgres/sequences.go (2 hunks)
  • pkg/postgres/sequences_test.go (1 hunks)
  • pkg/postgres/tables.go (2 hunks)
  • pkg/postgres/tables_test.go (1 hunks)
  • pkg/postgres/views.go (2 hunks)
  • pkg/postgres/views_test.go (1 hunks)
  • pkg/testutil/container.go (1 hunks)
  • pkg/testutil/init.sql (1 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (11)
pkg/postgres/functions_test.go (2)
pkg/testutil/container.go (1)
  • SetupPostgresContainer (44-87)
pkg/postgres/privileges.go (1)
  • Execute (106-106)
pkg/postgres/views_test.go (2)
pkg/testutil/container.go (1)
  • SetupPostgresContainer (44-87)
pkg/postgres/privileges.go (1)
  • Select (100-100)
pkg/postgres/procedures_test.go (2)
pkg/testutil/container.go (1)
  • SetupPostgresContainer (44-87)
pkg/postgres/privileges.go (1)
  • Execute (106-106)
pkg/postgres/sequences_test.go (2)
pkg/testutil/container.go (1)
  • SetupPostgresContainer (44-87)
pkg/postgres/privileges.go (1)
  • Select (100-100)
pkg/postgres/sequences.go (1)
pkg/postgres/client.go (1)
  • Client (98-102)
pkg/postgres/views.go (1)
pkg/postgres/client.go (1)
  • Client (98-102)
pkg/postgres/tables_test.go (1)
pkg/testutil/container.go (1)
  • SetupPostgresContainer (44-87)
pkg/postgres/tables.go (1)
pkg/postgres/client.go (1)
  • Client (98-102)
pkg/connector/connector_test.go (1)
pkg/testutil/container.go (1)
  • SetupPostgresContainer (44-87)
pkg/postgres/functions.go (1)
pkg/postgres/client.go (1)
  • Client (98-102)
pkg/postgres/procedures.go (1)
pkg/postgres/client.go (1)
  • Client (98-102)
🪛 golangci-lint (1.64.8)
pkg/connector/sequence_test.go

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

pkg/connector/function_test.go

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

pkg/connector/procedure_test.go

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

pkg/testutil/container.go

53-53: undefined: testcontainers

(typecheck)

70-70: undefined: pgx

(typecheck)

71-71: undefined: pgx

(typecheck)

pkg/connector/connector_test.go

143-143: client.Validate undefined (type *inMemoryConnectorClient has no field or method Validate)

(typecheck)

🔇 Additional comments (22)
pkg/testutil/init.sql (1)

1-74: Excellent test database schema setup.

The initialization script is well-structured and comprehensive, covering all the database objects needed for testing privilege management:

  • Tables with proper primary keys and foreign key constraints
  • Views for testing view privileges
  • Functions and procedures with correct plpgsql syntax
  • Sequences for testing sequence privileges
  • Appropriate roles and users for privilege testing scenarios

The SQL syntax is correct and the schema design supports thorough testing of the grant/revoke functionality.

pkg/postgres/client.go (1)

12-12: Good addition for code maintainability.

The withGrantOptions constant centralizes the WITH GRANT OPTION clause string, reducing duplication across grant methods and improving maintainability.

pkg/connector/sequence_test.go (1)

44-58:

Details

❌ Incorrect review comment

Critical issue: Grant method not implemented on client.

The static analysis correctly identifies that client.Grant is undefined on the inMemoryConnectorClient type.

This test will fail to compile because the Grant method is not implemented. Please verify the implementation status:

🏁 Script executed:

#!/bin/bash
# Description: Check if Grant and Revoke methods are implemented on the connector client
# Expected: Find method implementations or interface definitions

# Search for Grant method implementations
ast-grep --pattern 'func ($_ *$_) Grant($$$) $$$'

# Search for Revoke method implementations  
ast-grep --pattern 'func ($_ *$_) Revoke($$$) $$$'

# Check the inMemoryConnectorClient type definition
ast-grep --pattern 'type inMemoryConnectorClient struct { $$$ }'

# Look for Grant/Revoke interface definitions
rg -A 10 "Grant.*Request.*Response|Revoke.*Request.*Response"

Length of output: 26892

Remove incorrect missing-method warning

The inMemoryConnectorClient in pkg/connector/connector_test.go embeds the GrantManagerServiceClient interface, which provides the Grant(ctx, *GrantManagerServiceGrantRequest) method. Calls to client.Grant(...) resolve to that embedded interface, so the test will compile and run as written. No implementation changes are required.

Likely an incorrect or invalid review comment.

🧰 Tools
🪛 golangci-lint (1.64.8)

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

pkg/postgres/sequences_test.go (1)

12-40: Well-structured integration test with comprehensive scenario coverage.

The test effectively covers the main scenarios for sequence privilege management:

  • Grant/revoke with isGrant flag variations
  • Edge case testing (revoke without prior grant)
  • Proper container-based test setup

The test logic is sound and follows good integration testing practices.

pkg/connector/table_test.go (1)

44-58:

Details

❌ Incorrect review comment

Critical: Grant and Revoke methods are undefined on the client type.

The static analysis correctly identifies that client.Grant and client.Revoke methods don't exist on the *inMemoryConnectorClient type. This will prevent the test from compiling and running.

Verify that the Grant and Revoke methods are properly implemented on the client type:

Also applies to: 65-67

🏁 Script executed:

#!/bin/bash
# Description: Check if Grant and Revoke methods exist on the connector client types
# Expected: Find method definitions or interface implementations

echo "Searching for Grant method implementations:"
ast-grep --pattern 'func ($_ *$_) Grant($$$) $$$'

echo -e "\nSearching for Revoke method implementations:"  
ast-grep --pattern 'func ($_ *$_) Revoke($$$) $$$'

echo -e "\nSearching for inMemoryConnectorClient type definition:"
rg -A 10 "type.*inMemoryConnectorClient"

echo -e "\nSearching for connector client interface definitions:"
rg -A 5 "type.*Client.*interface"

Length of output: 26861

Incorrect static analysis: Grant and Revoke are already provided via embedding

The inMemoryConnectorClient struct in pkg/connector/connector_test.go embeds the generated gRPC interface connectorv2.GrantManagerServiceClient, which declares both Grant and Revoke. Those methods are thus promoted onto inMemoryConnectorClient and will resolve correctly in your table tests. You can ignore the earlier “undefined method” warning.

Likely an incorrect or invalid review comment.

pkg/connector/view_test.go (1)

13-69: Well-structured integration test for view grant/revoke functionality.

The test follows a clear and comprehensive flow:

  1. Sets up test connector and performs sync
  2. Loads C1Z file and retrieves necessary resources
  3. Tests grant operation and validates response
  4. Tests revoke operation

The test coverage is appropriate and validates the complete grant/revoke cycle.

pkg/connector/sequence.go (1)

132-201: Well-implemented grant and revoke methods for sequences.

Both methods follow consistent patterns with proper:

  • Principal validation
  • ID parsing using helper functions
  • Database client retrieval
  • Error handling and response construction

The implementation aligns well with the overall architecture.

pkg/postgres/views.go (2)

100-117: Well-implemented GrantView method with proper sanitization.

The method follows best practices:

  • Extracts logger for debugging
  • Sanitizes all identifiers to prevent SQL injection
  • Constructs parameterized SQL with grant option handling
  • Uses proper error handling

119-137:

Details

✅ Verification successful

Verify PostgreSQL syntax for view privilege revocation.

The implementation uses ON TABLE for both regular revoke and grant option revoke operations on views. While this might seem inconsistent, it's likely correct as PostgreSQL treats views similar to tables for privilege operations.

Please verify that PostgreSQL accepts REVOKE ... ON TABLE syntax for views:

The rest of the implementation is solid with proper sanitization, logging, and error handling.

🌐 Web query:

Does PostgreSQL support "REVOKE privileges ON TABLE view_name" syntax for revoking privileges on views?

💡 Result:

Revoking Privileges on Views in PostgreSQL

Syntax and Capability

PostgreSQL uses the REVOKE statement to remove previously granted privileges from database roles (users or groups) for various database objects, including tables and views. The syntax for revoking privileges is:

REVOKE [privileges] ON [object] FROM [role];

Where [object] can be a table, view, sequence, etc.[1][2][4]

Application to Views

  • In PostgreSQL, views are database objects similar to tables regarding privilege management. As such, you use the same REVOKE syntax for views as you do for tables.
  • You can use the following command to revoke privileges on a view:
REVOKE SELECT ON view_name FROM role_name;

or, more generally,

REVOKE [SELECT | INSERT | UPDATE | DELETE | ALL] ON view_name FROM role_name;
  • The documentation and common practice support the use of REVOKE ... ON TABLE view_name, because in PostgreSQL, the keyword TABLE in privilege commands can refer to either a physical table or a view. Thus, the following are functionally equivalent:
    • REVOKE SELECT ON view_name FROM user123;
    • REVOKE SELECT ON TABLE view_name FROM user123;[1][2][4][5]

Conclusion

Yes, PostgreSQL supports the syntax REVOKE privileges ON TABLE view_name for revoking privileges on views. The TABLE keyword in this context applies to both tables and views, and the privileges that can be revoked (such as SELECT, INSERT, UPDATE, DELETE) are appropriate for views as well[1][2][4][5].

Example

REVOKE SELECT ON TABLE my_view FROM some_user;

This command revokes the SELECT privilege on the view my_view from the user some_user in PostgreSQL[1][4].

Citations:

Confirmed: REVOKE … ON TABLE Is Valid for Views in PostgreSQL

PostgreSQL treats views like tables for privilege management. The TABLE keyword in REVOKE statements applies equally to tables and views, so both of these are equivalent and valid:

  • REVOKE SELECT ON view_name FROM role_name;
  • REVOKE SELECT ON TABLE view_name FROM role_name;

No changes needed—the current implementation in pkg/postgres/views.go correctly uses ON TABLE for revoking view privileges.

pkg/postgres/sequences.go (1)

110-127: LGTM! Proper implementation of sequence privilege granting.

The method correctly sanitizes all inputs to prevent SQL injection and properly constructs the GRANT statement with optional WITH GRANT OPTION support.

pkg/connector/table.go (2)

142-179: LGTM! Well-structured implementation of table privilege granting.

The method properly validates inputs, handles errors appropriately, and correctly delegates to the database client for executing the grant operation.

181-211: LGTM! Consistent implementation of table privilege revocation.

The method follows the same pattern as Grant, ensuring consistency in privilege management operations.

pkg/testutil/container.go (1)

44-87:

Details

✅ Verification successful

Well-structured test container setup.

The PostgreSQL container setup is well-implemented with appropriate:

  • 1-minute timeout for container startup
  • Debug logging integration with test framework
  • Connection pool configuration with MaxConns=2 for tests
  • Embedded SQL initialization script execution

The static analysis hints indicate undefined references, but the imports appear correct. Let me verify the actual availability of these packages:

🏁 Script executed:

#!/bin/bash
# Description: Verify the imports are valid and packages are available in go.mod

# Check if testcontainers-go is in go.mod
echo "Checking testcontainers-go dependency:"
cat go.mod | grep testcontainers

# Check if pgx is in go.mod  
echo "Checking pgx dependency:"
cat go.mod | grep pgx

# Look for any go build or compilation errors
echo "Checking for build issues:"
go list -e ./pkg/testutil/...

Length of output: 509

PostgreSQL test container setup verified and approved

I confirmed that:

  • github.com/testcontainers/testcontainers-go (including the Postgres module) and github.com/jackc/pgx/v4 are declared in go.mod.
  • go list -e ./pkg/testutil/... reports no build errors.

No further changes are required.

🧰 Tools
🪛 golangci-lint (1.64.8)

53-53: undefined: testcontainers

(typecheck)

70-70: undefined: pgx

(typecheck)

71-71: undefined: pgx

(typecheck)

pkg/postgres/tables.go (2)

119-138: LGTM: RevokeTable method is well-implemented.

The RevokeTable method correctly handles both privilege revocation and grant option revocation with proper sanitization and logging.

100-117:

Details

✅ Verification successful

Verify the withGrantOptions constant is defined.

The GrantTable method implementation looks good with proper sanitization, logging, and SQL construction. However, line 112 references withGrantOptions which should be verified to exist.

🏁 Script executed:

#!/bin/bash
# Description: Find the definition of withGrantOptions constant

# Search for withGrantOptions definition in the postgres package
echo "Searching for withGrantOptions definition:"
ast-grep --pattern 'const $_ = $_' | grep -i grant || rg "withGrantOptions.*=" pkg/postgres/

# Alternative search for the constant
rg "withGrantOptions" pkg/postgres/ -A 2 -B 2

Length of output: 1158

withGrantOptions constant verified and GrantTable implementation approved

The withGrantOptions constant is defined in pkg/postgres/client.go (const withGrantOptions = " WITH GRANT OPTION"), so the reference in GrantTable is valid. The method uses proper sanitization, logging, and SQL construction.

No further changes required.

go.mod (1)

6-19: LGTM! Appropriate dependency updates for provisioning support.

The dependency updates are well-aligned with the PR objectives:

  • baton-sdk upgrade to v0.3.9 provides necessary provisioning capabilities
  • testcontainers packages enable PostgreSQL integration testing
  • OpenTelemetry packages add observability for the new features
pkg/postgres/procedures.go (1)

19-45: Good additions for procedure signature handling.

The Arguments field and Signature() method properly support procedure identification. The SQL queries correctly use pg_get_function_arguments() to retrieve the argument list.

pkg/postgres/functions.go (1)

19-46: Well-structured additions for function metadata.

The Arguments and ReturnType fields along with the Signature() method provide proper support for function identification. The SQL queries correctly use PostgreSQL's built-in functions to retrieve this metadata.

pkg/connector/connector_test.go (4)

26-44: LGTM! Well-designed client aggregation.

The buffer size and client struct design are appropriate for comprehensive integration testing. The struct effectively aggregates all necessary gRPC service clients.

46-157: Comprehensive test setup with proper resource management.

The test infrastructure setup is well-designed with:

  • Proper PostgreSQL container initialization
  • Complete gRPC server/client setup with OpenTelemetry
  • Appropriate cleanup mechanisms using t.Cleanup()
  • All necessary service registrations

The approach enables thorough integration testing of the connector.

🧰 Tools
🪛 golangci-lint (1.64.8)

143-143: client.Validate undefined (type *inMemoryConnectorClient has no field or method Validate)

(typecheck)

159-175: LGTM! Clean helper function.

The resource lookup logic is correct and handles errors appropriately. The page size of 100 is reasonable for test scenarios.

143-144:

Details

❓ Verification inconclusive

Address static analysis error: Validate method undefined.

The static analysis tool reports that client.Validate is undefined. This suggests the ConnectorServiceClient interface may not have a Validate method, or there's a type mismatch.

Please verify the correct method signature by checking the connector service definition:

🏁 Script executed:

#!/bin/bash
# Check if Validate method exists in ConnectorServiceClient interface
ast-grep --pattern 'type ConnectorServiceClient interface {
  $$$
}'

# Also search for any Validate method in connector service definitions
rg -A 10 "Validate.*Request"

Length of output: 727

🏁 Script executed:

#!/bin/bash
# Locate the generated protobuf Go file defining ConnectorServiceClient
rg -n "type ConnectorServiceClient" -g "*.pb.go"

# Verify if any RPC named Validate exists in the proto definitions
rg -n "rpc Validate" -g "*.proto"

# If found, show the surrounding lines for context
rg -A3 -B3 "rpc Validate" -g "*.proto"

Length of output: 574

Verify client.Validate exists with correct signature
I couldn’t locate the generated gRPC client code (.pb.go) for connectorV2 in this repo—this package is likely external. Please manually confirm that connectorV2.ConnectorServiceClient defines:

Validate(ctx context.Context, in *ConnectorServiceValidateRequest, …grpc.CallOption) (*ConnectorServiceValidateResponse, error)

If the method name or signature differs, update the test accordingly at:

  • pkg/connector/connector_test.go:143-144 (client.Validate call)
🧰 Tools
🪛 golangci-lint (1.64.8)

143-143: client.Validate undefined (type *inMemoryConnectorClient has no field or method Validate)

(typecheck)

coderabbitai[bot]
coderabbitai bot reviewed Jun 2, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

♻️ Duplicate comments (6)
pkg/connector/function_test.go (1)

13-70: Address code duplication across test files.

This test duplicates the exact same pattern found in other connector test files, as identified in previous reviews.

🧰 Tools
🪛 golangci-lint (1.64.8)

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

pkg/connector/procedure_test.go (1)

13-70: Address code duplication across test files.

This test follows the exact same pattern as function_test.go and other connector test files, differing only in resource type and names. This creates maintenance overhead and inconsistency risks.

🧰 Tools
🪛 golangci-lint (1.64.8)

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

pkg/connector/procedure.go (2)

112-114: Fix the error message to match the validation logic.

The error message mentions "users and roles" but the validation only allows roles. Also, the message incorrectly refers to "procedure granted" instead of privileges.

153-155: Fix the error message to match the validation logic.

Same issue as in the Grant method - the error message mentions "users and roles" but validation only allows roles, and incorrectly refers to "procedure revoked" instead of privileges.

pkg/connector/function.go (2)

130-132: Fix the error message to match the validation logic.

The error message mentions "users and roles" but the validation only allows roles. Also, the message incorrectly refers to "function granted" instead of privileges.

171-173: Fix the error message to match the validation logic.

Same issue as in the Grant method - the error message mentions "users and roles" but validation only allows roles, and incorrectly refers to "function revoked" instead of privileges.

🧹 Nitpick comments (1)
pkg/postgres/pagination.go (1)

8-9: Consider the impact of the MinPageSize increase.

The MinPageSize was increased from 10 to 100 (10x increase), which means even small queries will now fetch at least 100 records. While this may improve efficiency for large datasets, it could increase memory usage and latency for operations that only need a few records.

Consider if this dramatic increase is necessary, or if a more moderate increase (e.g., to 25 or 50) would balance efficiency gains with resource usage for smaller result sets.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f666cd1 and 0372bc3.

⛔ Files ignored due to path filters (1)
  • cmd/baton-postgresql/main.go is excluded by none and included by none
📒 Files selected for processing (17)
  • pkg/config/conf.gen.go (1 hunks)
  • pkg/config/config.go (1 hunks)
  • pkg/connector/connector.go (3 hunks)
  • pkg/connector/connector_test.go (1 hunks)
  • pkg/connector/function.go (4 hunks)
  • pkg/connector/function_test.go (1 hunks)
  • pkg/connector/procedure.go (2 hunks)
  • pkg/connector/procedure_test.go (1 hunks)
  • pkg/connector/sequence.go (1 hunks)
  • pkg/connector/table.go (1 hunks)
  • pkg/connector/view.go (1 hunks)
  • pkg/postgres/databases.go (1 hunks)
  • pkg/postgres/functions.go (5 hunks)
  • pkg/postgres/functions_test.go (1 hunks)
  • pkg/postgres/pagination.go (1 hunks)
  • pkg/postgres/procedures.go (5 hunks)
  • pkg/postgres/procedures_test.go (1 hunks)
✅ Files skipped from review due to trivial changes (2)
  • pkg/config/conf.gen.go
  • pkg/config/config.go
🚧 Files skipped from review as they are similar to previous changes (8)
  • pkg/postgres/databases.go
  • pkg/postgres/procedures_test.go
  • pkg/postgres/functions_test.go
  • pkg/connector/sequence.go
  • pkg/connector/table.go
  • pkg/postgres/functions.go
  • pkg/connector/view.go
  • pkg/postgres/procedures.go
🧰 Additional context used
🧬 Code Graph Analysis (2)
pkg/connector/connector.go (2)
pkg/postgres/client.go (4)
  • ClientDatabasesPool (14-21)
  • New (121-148)
  • NewClientDatabasesPool (23-40)
  • WithSchemaFilter (115-119)
pkg/config/conf.gen.go (1)
  • Postgresql (6-13)
pkg/connector/function.go (2)
pkg/postgres/client.go (1)
  • ClientDatabasesPool (14-21)
pkg/postgres/pagination.go (1)
  • Pager (12-15)
🪛 golangci-lint (1.64.8)
pkg/connector/connector_test.go

144-144: client.Validate undefined (type *inMemoryConnectorClient has no field or method Validate)

(typecheck)

pkg/connector/function_test.go

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

pkg/connector/procedure_test.go

44-44: client.Grant undefined (type *inMemoryConnectorClient has no field or method Grant)

(typecheck)

65-65: client.Revoke undefined (type *inMemoryConnectorClient has no field or method Revoke)

(typecheck)

🔇 Additional comments (8)
pkg/connector/connector.go (2)

20-20: Clean implementation of the skipBuiltInFunctions feature.

The addition of the skipBuiltInFunctions field is well-implemented and integrates properly with the existing code structure.

65-87: Constructor properly handles the new parameter.

The New function correctly accepts and initializes the skipBuiltInFunctions parameter, maintaining consistency with the configuration structure and properly passing it to the function syncer.

pkg/connector/procedure.go (1)

60-60: LGTM! Improved display name using function signature.

Using o.Signature() instead of just the name provides better clarity for procedures with parameters.

pkg/connector/function.go (3)

21-24: LGTM! Good addition of skipBuiltInFunctions configuration.

The new skipBuiltInFunctions field provides useful control over which functions are synchronized.

51-51: LGTM! Proper usage of skipBuiltInFunctions flag.

The flag is correctly passed to the ListFunctions method to control filtering.

61-61: LGTM! Improved display name using function signature.

Using o.Signature() provides better clarity for functions with parameters and return types.

pkg/connector/connector_test.go (2)

46-158: LGTM! Well-structured integration test setup.

The test harness is well-designed with:

  • Proper container setup for PostgreSQL
  • Complete gRPC server registration
  • Appropriate cleanup functions
  • Comprehensive client service aggregation
🧰 Tools
🪛 golangci-lint (1.64.8)

144-144: client.Validate undefined (type *inMemoryConnectorClient has no field or method Validate)

(typecheck)

178-186: LGTM! Good basic integration test.

The test validates the full sync process and ensures proper cleanup.

@MarcusGoldschmidt MarcusGoldschmidt merged commit a833513 into main Jun 11, 2025
4 checks passed
@MarcusGoldschmidt MarcusGoldschmidt deleted the goldschmidt/feat-provisioning branch June 11, 2025 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@laurenleach laurenleach laurenleach approved these changes

+1 more reviewer

@tide-jamiegwatkin tide-jamiegwatkin tide-jamiegwatkin approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MarcusGoldschmidt @tide-jamiegwatkin @laurenleach