kimberlite-migration 0.9.1

Schema migration utilities for Kimberlite
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

//! Migration lock file for integrity validation.

use crate::{Error, MigrationFile, Result};
use serde::{Deserialize, Serialize};
use std::fs;
use std::path::Path;

/// Lock file entry for a migration.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
pub struct LockEntry {
    /// Migration ID
    pub id: u32,

    /// Migration name
    pub name: String,

    /// SHA-256 checksum
    pub checksum: String,
}

/// Migration lock file for tamper detection.
///
/// Stores checksums of all migrations to detect if they've been modified
/// after being applied. This prevents data integrity issues from migrations
/// being changed retroactively.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct LockFile {
    /// Version of lock file format
    pub version: u32,

    /// Locked migrations (stored as vec for TOML compatibility)
    #[serde(rename = "migration")]
    pub migrations: Vec<LockEntry>,
}

impl LockFile {
    /// Creates a new empty lock file.
    pub fn new() -> Self {
        Self {
            version: 1,
            migrations: Vec::new(),
        }
    }

    /// Loads lock file from disk.
    pub fn load(path: &Path) -> Result<Self> {
        if !path.exists() {
            return Ok(Self::new());
        }

        let content = fs::read_to_string(path)?;

        if content.trim().is_empty() {
            return Ok(Self::new());
        }

        let lock_file: Self = toml::from_str(&content)?;

        Ok(lock_file)
    }

    /// Saves lock file to disk.
    pub fn save(&self, path: &Path) -> Result<()> {
        // Ensure parent directory exists
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent)?;
        }

        let content = toml::to_string_pretty(self)?;
        fs::write(path, content)?;

        Ok(())
    }

    /// Adds a migration to the lock file.
    pub fn lock(&mut self, file: &MigrationFile) {
        let entry = LockEntry {
            id: file.migration.id,
            name: file.migration.name.clone(),
            checksum: file.checksum.clone(),
        };

        // Remove existing entry if present
        self.migrations.retain(|e| e.id != file.migration.id);
        self.migrations.push(entry);

        // Keep sorted by ID
        self.migrations.sort_by_key(|e| e.id);
    }

    /// Validates migrations against lock file.
    pub fn validate(&self, files: &[MigrationFile]) -> Result<()> {
        for file in files {
            if let Some(locked) = self.migrations.iter().find(|e| e.id == file.migration.id) {
                // Check if checksum matches
                if locked.checksum != file.checksum {
                    return Err(Error::ChecksumMismatch {
                        id: file.migration.id,
                        expected: locked.checksum.clone(),
                        actual: file.checksum.clone(),
                    });
                }
            }
        }

        Ok(())
    }

    /// Checks if a migration is locked.
    pub fn is_locked(&self, id: u32) -> bool {
        self.migrations.iter().any(|e| e.id == id)
    }

    /// Updates lock file with new migrations.
    pub fn update(&mut self, files: &[MigrationFile]) -> Result<()> {
        // Validate existing locked migrations first
        self.validate(files)?;

        // Add new migrations
        for file in files {
            if !self.is_locked(file.migration.id) {
                self.lock(file);
            }
        }

        Ok(())
    }
}

impl Default for LockFile {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::Migration;
    use chrono::Utc;
    use std::path::PathBuf;
    use tempfile::TempDir;

    fn create_test_migration_file(id: u32, name: &str, sql: &str) -> MigrationFile {
        let migration = Migration {
            id,
            name: name.to_string(),
            sql: sql.to_string(),
            created_at: Utc::now(),
            author: None,
        };

        let checksum = migration.checksum();

        MigrationFile {
            migration,
            path: PathBuf::from(format!("{id:04}_{name}.sql")),
            checksum,
        }
    }

    #[test]
    fn test_lock_file_creation() {
        let lock = LockFile::new();

        assert_eq!(lock.version, 1);
        assert!(lock.migrations.is_empty());
    }

    #[test]
    fn test_lock_migration() {
        let mut lock = LockFile::new();
        let file = create_test_migration_file(1, "test", "SELECT 1;");

        lock.lock(&file);

        assert!(lock.is_locked(1));
        assert_eq!(
            lock.migrations.iter().find(|e| e.id == 1).unwrap().name,
            "test"
        );
    }

    #[test]
    fn test_validate_success() {
        let mut lock = LockFile::new();
        let file = create_test_migration_file(1, "test", "SELECT 1;");

        lock.lock(&file);

        // Validate with same file should succeed
        assert!(lock.validate(&[file]).is_ok());
    }

    #[test]
    fn test_validate_checksum_mismatch() {
        let mut lock = LockFile::new();
        let file1 = create_test_migration_file(1, "test", "SELECT 1;");

        lock.lock(&file1);

        // Different SQL = different checksum
        let file2 = create_test_migration_file(1, "test", "SELECT 2;");

        let result = lock.validate(&[file2]);

        assert!(matches!(result, Err(Error::ChecksumMismatch { .. })));
    }

    #[test]
    fn test_update_lock_file() {
        let mut lock = LockFile::new();
        let file1 = create_test_migration_file(1, "first", "SELECT 1;");

        lock.lock(&file1);

        // Add second migration
        let file2 = create_test_migration_file(2, "second", "SELECT 2;");
        lock.update(&[file1.clone(), file2.clone()]).unwrap();

        assert!(lock.is_locked(1));
        assert!(lock.is_locked(2));
    }

    #[test]
    fn test_save_and_load() {
        let temp = TempDir::new().unwrap();
        let path = temp.path().join(".lock");

        let mut lock = LockFile::new();
        let file = create_test_migration_file(1, "test", "SELECT 1;");
        lock.lock(&file);

        // Save
        lock.save(&path).unwrap();
        assert!(path.exists());

        // Load
        let loaded = LockFile::load(&path).unwrap();

        assert_eq!(loaded.version, 1);
        assert_eq!(loaded.migrations.len(), 1);
        assert!(loaded.is_locked(1));
    }

    #[test]
    fn test_load_nonexistent_file() {
        let temp = TempDir::new().unwrap();
        let path = temp.path().join(".lock");

        let lock = LockFile::load(&path).unwrap();

        assert!(lock.migrations.is_empty());
    }
}