1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
use crate::catalog;
use crate::catalog::id::DbObjectId;
use crate::config::types::{ObjectExclude, ObjectInclude, Objects, TrackingTable};
use glob::Pattern;
/// Object filter for determining which database objects pgmt should manage.
/// Schema files are the source of truth - what's in your files is what gets managed.
/// Use include/exclude patterns to control which schemas and tables are processed.
pub struct ObjectFilter {
include: ObjectInclude,
exclude: ObjectExclude,
tracking_table: TrackingTable,
}
impl ObjectFilter {
/// Create a new object filter from configuration
pub fn new(config: &Objects, tracking_table: &TrackingTable) -> Self {
Self {
include: config.include.clone(),
exclude: config.exclude.clone(),
tracking_table: tracking_table.clone(),
}
}
/// Check if a schema should be included
pub fn should_include_schema(&self, schema_name: &str) -> bool {
// Check exclude patterns first
if self.matches_patterns(&self.exclude.schemas, schema_name) {
return false;
}
// If include patterns are specified, schema must match one of them
if !self.include.schemas.is_empty() {
return self.matches_patterns(&self.include.schemas, schema_name);
}
// Default: include if not excluded
true
}
/// Check if a table should be included
pub fn should_include_table(&self, schema_name: &str, table_name: &str) -> bool {
// Exclude pgmt internal tables (migrations tracking, sections, etc.)
if self.is_pgmt_internal_table(schema_name, table_name) {
return false;
}
// First check if the schema is included
if !self.should_include_schema(schema_name) {
return false;
}
// Check exclude patterns for tables
if self.matches_patterns(&self.exclude.tables, table_name) {
return false;
}
// If include patterns are specified, table must match one of them
if !self.include.tables.is_empty() {
return self.matches_patterns(&self.include.tables, table_name);
}
// Default: include if not excluded
true
}
/// Check if this is a pgmt internal table (migration tracking, sections, etc.)
/// These tables are infrastructure managed by pgmt itself, not part of the user's schema.
pub fn is_pgmt_internal_table(&self, schema_name: &str, table_name: &str) -> bool {
if schema_name != self.tracking_table.schema {
return false;
}
// Check all pgmt internal table patterns
let internal_tables = [
self.tracking_table.name.as_str(), // pgmt_migrations
&format!("{}_sections", self.tracking_table.name), // pgmt_migrations_sections
];
internal_tables.contains(&table_name)
}
/// Apply filter to a catalog, removing objects that shouldn't be managed
/// based on include/exclude patterns. Schema files are the source of truth
/// for what object types to manage (grants, triggers, extensions, etc.).
pub fn filter_catalog(&self, mut catalog: catalog::Catalog) -> catalog::Catalog {
// Filter schemas
catalog
.schemas
.retain(|schema| self.should_include_schema(&schema.name));
// Filter tables
catalog
.tables
.retain(|table| self.should_include_table(&table.schema, &table.name));
// Filter views (apply same table filtering logic)
catalog
.views
.retain(|view| self.should_include_table(&view.schema, &view.name));
// Filter functions by schema
catalog
.functions
.retain(|function| self.should_include_schema(&function.schema));
// Filter custom types by schema
catalog
.types
.retain(|custom_type| self.should_include_schema(&custom_type.schema));
// Filter sequences by schema
catalog
.sequences
.retain(|sequence| self.should_include_schema(&sequence.schema));
// Filter indexes by table inclusion
catalog
.indexes
.retain(|index| self.should_include_table(&index.schema, &index.table_name));
// Filter constraints by table inclusion
catalog.constraints.retain(|constraint| {
self.should_include_table(&constraint.schema, &constraint.table_name)
});
// Filter triggers by table inclusion
catalog
.triggers
.retain(|trigger| self.should_include_table(&trigger.schema, &trigger.table_name));
// Filter grants by the schema of the object they apply to
catalog.grants.retain(|grant| {
// For table/view grants, check both schema and table exclusion patterns
// For other objects, just check schema inclusion
match &grant.target.object {
DbObjectId::Table { schema, name } | DbObjectId::View { schema, name } => {
self.should_include_table(schema, name)
}
_ => self.should_include_schema(&grant.target.schema()),
}
});
// Filter extensions by schema - platform extensions (e.g. installed by Supabase
// in the `extensions` schema) should be excluded when the user doesn't manage
// that schema. Users who need an extension should declare it in their schema files.
catalog
.extensions
.retain(|ext| self.should_include_schema(&ext.schema));
catalog
}
/// Check if a name matches any of the glob patterns
fn matches_patterns(&self, patterns: &[String], name: &str) -> bool {
if patterns.is_empty() {
return false;
}
patterns.iter().any(|pattern| {
Pattern::new(pattern)
.map(|p| p.matches(name))
.unwrap_or(false)
})
}
}
#[cfg(test)]
mod tests {
use super::*;
fn create_test_objects() -> Objects {
Objects {
include: ObjectInclude {
schemas: vec!["public".to_string(), "app".to_string()],
tables: vec!["users".to_string(), "posts".to_string()],
},
exclude: ObjectExclude {
schemas: vec!["pg_*".to_string(), "information_schema".to_string()],
tables: vec!["temp_*".to_string()],
},
}
}
fn create_test_tracking_table() -> TrackingTable {
TrackingTable {
schema: "public".to_string(),
name: "pgmt_migrations".to_string(),
}
}
#[test]
fn test_schema_filtering() {
let filter = ObjectFilter::new(&create_test_objects(), &create_test_tracking_table());
// Should include specified schemas
assert!(filter.should_include_schema("public"));
assert!(filter.should_include_schema("app"));
// Should exclude postgres system schemas
assert!(!filter.should_include_schema("pg_catalog"));
assert!(!filter.should_include_schema("information_schema"));
// Should not include schemas not in the include list
assert!(!filter.should_include_schema("other"));
}
#[test]
fn test_table_filtering() {
let filter = ObjectFilter::new(&create_test_objects(), &create_test_tracking_table());
// Should include specified tables in included schemas
assert!(filter.should_include_table("public", "users"));
assert!(filter.should_include_table("app", "posts"));
// Should exclude tables matching exclude patterns
assert!(!filter.should_include_table("public", "temp_data"));
// Should not include tables not in the include list
assert!(!filter.should_include_table("public", "other_table"));
// Should not include tables in excluded schemas
assert!(!filter.should_include_table("pg_catalog", "pg_tables"));
// Should NOT include migration table in declarative management
assert!(!filter.should_include_table("public", "pgmt_migrations"));
}
#[test]
fn test_pgmt_internal_tables() {
let filter = ObjectFilter::new(&create_test_objects(), &create_test_tracking_table());
// Main migrations table
assert!(filter.is_pgmt_internal_table("public", "pgmt_migrations"));
// Sections table
assert!(filter.is_pgmt_internal_table("public", "pgmt_migrations_sections"));
// Not internal - wrong schema
assert!(!filter.is_pgmt_internal_table("other", "pgmt_migrations"));
// Not internal - different table
assert!(!filter.is_pgmt_internal_table("public", "users"));
}
#[test]
fn test_empty_include_patterns() {
let objects = Objects {
include: ObjectInclude {
schemas: vec![], // Empty means include all
tables: vec![],
},
exclude: ObjectExclude {
schemas: vec!["pg_*".to_string()],
tables: vec!["temp_*".to_string()],
},
};
let filter = ObjectFilter::new(&objects, &create_test_tracking_table());
// Should include schemas not in exclude list
assert!(filter.should_include_schema("public"));
assert!(filter.should_include_schema("app"));
// Should still exclude patterns
assert!(!filter.should_include_schema("pg_catalog"));
}
#[test]
fn test_migration_table_handling() {
let tracking_table = TrackingTable {
schema: "internal".to_string(),
name: "migration_history".to_string(),
};
let objects = Objects {
include: ObjectInclude {
schemas: vec!["public".to_string()], // Note: doesn't include "internal"
tables: vec!["users".to_string()], // Note: doesn't include migration table
},
exclude: ObjectExclude {
schemas: vec![],
tables: vec![],
},
};
let filter = ObjectFilter::new(&objects, &tracking_table);
// Migration table should NOT be included in declarative management
// Even though it's the migration table, it's managed imperatively
assert!(!filter.should_include_table("internal", "migration_history"));
assert!(filter.is_pgmt_internal_table("internal", "migration_history"));
// Sections table should also be excluded
assert!(!filter.should_include_table("internal", "migration_history_sections"));
assert!(filter.is_pgmt_internal_table("internal", "migration_history_sections"));
// Other tables in the same schema should not be included
assert!(!filter.should_include_table("internal", "other_table"));
// Regular filtering should still work for non-migration tables
assert!(filter.should_include_table("public", "users"));
assert!(!filter.should_include_table("public", "posts")); // not in include list
}
#[test]
fn test_grant_filtering() {
use crate::catalog::Catalog;
use crate::catalog::grant::{Grant, GranteeType};
use crate::catalog::target::AttrTarget;
let objects = Objects {
include: ObjectInclude {
schemas: vec![],
tables: vec![],
},
exclude: ObjectExclude {
schemas: vec!["excluded_schema".to_string()],
tables: vec!["excluded_table".to_string()],
},
};
let filter = ObjectFilter::new(&objects, &create_test_tracking_table());
// Helper to create a test grant
let make_grant = |target: AttrTarget| Grant {
grantee: GranteeType::Public,
target,
privileges: vec!["EXECUTE".to_string()],
with_grant_option: false,
depends_on: vec![],
object_owner: "postgres".to_string(),
is_default_acl: false,
};
let mut catalog = Catalog::empty();
catalog.grants = vec![
// Should be kept - public schema function
make_grant(AttrTarget::object(DbObjectId::Function {
schema: "public".into(),
name: "my_func".into(),
arguments: "".into(),
})),
// Should be filtered - excluded schema function
make_grant(AttrTarget::object(DbObjectId::Function {
schema: "excluded_schema".into(),
name: "notify_watchers".into(),
arguments: "".into(),
})),
// Should be filtered - excluded table
make_grant(AttrTarget::object(DbObjectId::Table {
schema: "public".into(),
name: "excluded_table".into(),
})),
// Should be kept - non-excluded table
make_grant(AttrTarget::object(DbObjectId::Table {
schema: "public".into(),
name: "users".into(),
})),
// Should be filtered - grant on excluded schema itself
make_grant(AttrTarget::object(DbObjectId::Schema {
name: "excluded_schema".into(),
})),
// Should be kept - grant on included schema
make_grant(AttrTarget::object(DbObjectId::Schema {
name: "public".into(),
})),
];
let filtered = filter.filter_catalog(catalog);
// Should have 3 grants remaining: public function, users table, public schema
assert_eq!(filtered.grants.len(), 3);
// Verify the remaining grants are the correct ones
let remaining_ids: Vec<String> = filtered.grants.iter().map(|g| g.id()).collect();
assert!(
remaining_ids
.iter()
.any(|id| id.contains("function:public.my_func"))
);
assert!(
remaining_ids
.iter()
.any(|id| id.contains("table:public.users"))
);
assert!(remaining_ids.iter().any(|id| id.contains("schema:public")));
// Verify excluded grants are NOT present
assert!(
!remaining_ids
.iter()
.any(|id| id.contains("excluded_schema"))
);
assert!(!remaining_ids.iter().any(|id| id.contains("excluded_table")));
}
}