diesel-guard 0.2.0

Catch unsafe PostgreSQL migrations in Diesel before they take down production
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

//! Detection for unnamed constraints in migrations.
//!
//! This check identifies constraints added without explicit names (UNIQUE, FOREIGN KEY, CHECK).
//!
//! Unnamed constraints receive auto-generated names from PostgreSQL (like "users_email_key"
//! or "posts_user_id_fkey"), which can vary between databases and make future migrations
//! difficult. When you need to modify or drop the constraint later, you'll need to query
//! the database to find the generated name, which is error-prone and environment-specific.
//!
//! Always name constraints explicitly for maintainable migrations.

use crate::checks::Check;
use crate::violation::Violation;
use sqlparser::ast::{AlterTableOperation, Statement, TableConstraint};

pub struct UnnamedConstraintCheck;

impl Check for UnnamedConstraintCheck {
    fn check(&self, stmt: &Statement) -> Vec<Violation> {
        let Statement::AlterTable {
            name, operations, ..
        } = stmt
        else {
            return vec![];
        };

        let table_name = name.to_string();

        operations
            .iter()
            .filter_map(|op| {
                let AlterTableOperation::AddConstraint { constraint, .. } = op else {
                    return None;
                };

                // Check if constraint has a name
                let (constraint_type, columns_desc) = match constraint {
                    TableConstraint::Unique { name, columns, .. } => {
                        if name.is_some() {
                            return None;
                        }
                        let cols = columns
                            .iter()
                            .map(|c| c.column.expr.to_string())
                            .collect::<Vec<_>>()
                            .join(", ");
                        ("UNIQUE", cols)
                    }
                    TableConstraint::ForeignKey {
                        name,
                        columns,
                        foreign_table,
                        referred_columns,
                        ..
                    } => {
                        if name.is_some() {
                            return None;
                        }
                        let cols = columns
                            .iter()
                            .map(|c| c.to_string())
                            .collect::<Vec<_>>()
                            .join(", ");
                        let foreign_cols = referred_columns
                            .iter()
                            .map(|c| c.to_string())
                            .collect::<Vec<_>>()
                            .join(", ");
                        (
                            "FOREIGN KEY",
                            format!(
                                "({}) REFERENCES {}({})",
                                cols, foreign_table, foreign_cols
                            ),
                        )
                    }
                    TableConstraint::Check { name, expr, .. } => {
                        if name.is_some() {
                            return None;
                        }
                        ("CHECK", format!("({})", expr))
                    }
                    _ => return None, // Ignore other constraint types
                };

                Some(Violation::new(
                    "Unnamed constraint",
                    format!(
                        "Adding unnamed {constraint_type} constraint on table '{table}' will receive an auto-generated name from PostgreSQL. \
                        This makes future migrations difficult, as the generated name varies between databases and requires querying \
                        the database to find the constraint name before modifying or dropping it.",
                        constraint_type = constraint_type,
                        table = table_name
                    ),
                    format!(
                        r#"Always name constraints explicitly using the CONSTRAINT keyword:

Instead of:
   ALTER TABLE {table} ADD {constraint_type} {columns};

Use:
   ALTER TABLE {table} ADD CONSTRAINT {table}_{suggested_name} {constraint_type} {columns};

Named constraints make future migrations predictable and maintainable:
   -- Easy to reference in later migrations
   ALTER TABLE {table} DROP CONSTRAINT {table}_{suggested_name};

Note: Choose descriptive names that indicate the table, columns, and constraint type.
Common patterns:
  - UNIQUE: {table}_<column>_key or {table}_<column1>_<column2>_key
  - FOREIGN KEY: {table}_<column>_fkey
  - CHECK: {table}_<column>_check or {table}_<description>_check"#,
                        table = table_name,
                        constraint_type = constraint_type,
                        columns = columns_desc,
                        suggested_name = match constraint_type {
                            "UNIQUE" => "column_key",
                            "FOREIGN KEY" => "column_fkey",
                            "CHECK" => "column_check",
                            _ => "constraint",
                        }
                    ),
                ))
            })
            .collect()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::{assert_allows, assert_detects_violation};

    #[test]
    fn test_detects_unnamed_unique_constraint() {
        assert_detects_violation!(
            UnnamedConstraintCheck,
            "ALTER TABLE users ADD UNIQUE (email);",
            "Unnamed constraint"
        );
    }

    #[test]
    fn test_detects_unnamed_foreign_key_constraint() {
        assert_detects_violation!(
            UnnamedConstraintCheck,
            "ALTER TABLE posts ADD FOREIGN KEY (user_id) REFERENCES users(id);",
            "Unnamed constraint"
        );
    }

    #[test]
    fn test_detects_unnamed_check_constraint() {
        assert_detects_violation!(
            UnnamedConstraintCheck,
            "ALTER TABLE users ADD CHECK (age >= 0);",
            "Unnamed constraint"
        );
    }

    #[test]
    fn test_allows_named_unique_constraint() {
        assert_allows!(
            UnnamedConstraintCheck,
            "ALTER TABLE users ADD CONSTRAINT users_email_key UNIQUE (email);"
        );
    }

    #[test]
    fn test_allows_named_foreign_key_constraint() {
        assert_allows!(
            UnnamedConstraintCheck,
            "ALTER TABLE posts ADD CONSTRAINT posts_user_id_fkey FOREIGN KEY (user_id) REFERENCES users(id);"
        );
    }

    #[test]
    fn test_allows_named_check_constraint() {
        assert_allows!(
            UnnamedConstraintCheck,
            "ALTER TABLE users ADD CONSTRAINT users_age_check CHECK (age >= 0);"
        );
    }

    #[test]
    fn test_ignores_other_alter_operations() {
        assert_allows!(
            UnnamedConstraintCheck,
            "ALTER TABLE users ADD COLUMN email TEXT;"
        );
    }

    #[test]
    fn test_ignores_other_statements() {
        assert_allows!(
            UnnamedConstraintCheck,
            "CREATE TABLE users (id SERIAL PRIMARY KEY);"
        );
    }
}