fix: track LEAKPROOF and SECURITY DEFINER #181
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add comprehensive design document for implementing PostgreSQL function attributes LEAKPROOF and PARALLEL (SAFE/UNSAFE/RESTRICTED) support. Covers: - IR structure changes - Database inspection from pg_catalog.pg_proc - Dump output formatting (hybrid approach) - Diff logic and ALTER FUNCTION generation - Test case strategy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add proleakproof and proparallel to GetFunctionsForSchema SQL query
- Generate updated Go code with IsLeakproof (bool) and ParallelMode fields
- Map proparallel values ('s', 'r', 'u') to Parallel field (SAFE, RESTRICTED, UNSAFE)
- Map proleakproof to IsLeakproof field in Function IR
- Verified code compiles successfully
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add PARALLEL output logic (SAFE/RESTRICTED, skip UNSAFE default) - Add LEAKPROOF output logic (output when true, skip NOT LEAKPROOF default) - Reorder function attributes: LANGUAGE, Volatility, PARALLEL, LEAKPROOF, STRICT, SECURITY DEFINER Task 3 of function LEAKPROOF and PARALLEL support implementation. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Research of pg_dump source code (pg_dump.c lines 13686-13750) revealed the canonical ordering for function attributes. This commit updates pgschema to match pg_dump exactly. Changes: 1. Move STRICT before SECURITY DEFINER (was after) 2. Move SECURITY DEFINER before LEAKPROOF (was after) 3. Remove SECURITY INVOKER output (it's the default, pg_dump never outputs it) 4. Keep PARALLEL SAFE/RESTRICTED at the end (after LEAKPROOF) The correct pg_dump order is: - LANGUAGE (always) - VOLATILE/STABLE/IMMUTABLE (only non-default) - STRICT (only if true) - SECURITY DEFINER (only if true, INVOKER is default) - LEAKPROOF (only if true) - COST (only if non-default) - ROWS (only if non-default) - SUPPORT (only if set) - PARALLEL SAFE/RESTRICTED (only non-default) Updated internal/diff/function.go and all affected test fixtures. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Update integration test fixtures (plan.txt, plan.json) after fixing function attribute ordering to match PostgreSQL standards. Changes: - Regenerated function test fixtures using --generate flag - Regenerated trigger test fixtures (depend on functions) - Regenerated dependency test fixtures (function dependencies) - Regenerated migrate test fixtures (include functions) - Updated dump test expected outputs (employee, sakila, tenant, issue_125) - Updated include test expected outputs (modular function files) All tests now pass with correct attribute ordering that omits default SECURITY INVOKER attribute and properly positions PARALLEL SAFE. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Updated test case to demonstrate new LEAKPROOF and PARALLEL function attributes: - process_order: VOLATILE, PARALLEL RESTRICTED, LEAKPROOF, SECURITY DEFINER, STRICT - days_since_special_date: STABLE, PARALLEL SAFE, LEAKPROOF - safe_add: IMMUTABLE, PARALLEL SAFE, LEAKPROOF, STRICT (new function) Updated all test fixture files (diff.sql, new.sql, plan.sql, plan.txt, plan.json) to match the correct attribute ordering from the dump formatter. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add IsLeakproof and Parallel to functionsEqual comparison
- Create functionsEqualExceptAttributes helper to detect attribute-only changes
- Generate ALTER FUNCTION PARALLEL {SAFE|UNSAFE|RESTRICTED} when parallel mode changes
- Generate ALTER FUNCTION [NOT] LEAKPROOF when leakproof attribute changes
- Use CREATE OR REPLACE only when function body or other attributes change
This enables efficient migrations that use ALTER FUNCTION for attribute changes
instead of recreating the entire function definition.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
This test validates that ALTER FUNCTION statements are correctly generated when only LEAKPROOF and PARALLEL attributes change (no function body changes). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Create new test case for ALTER FUNCTION attribute changes - Regenerate add_function fixtures with LEAKPROOF and PARALLEL - Validates ALTER FUNCTION generation for attribute-only changes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Restructure test functions for better separation of concerns: 1. process_order - Complex case with all qualifiers (VOLATILE, STRICT, SECURITY DEFINER, LEAKPROOF, PARALLEL RESTRICTED) 2. calculate_tax - Tests PARALLEL SAFE only (IMMUTABLE, PARALLEL SAFE) 3. mask_sensitive_data - Tests LEAKPROOF only (STABLE, LEAKPROOF) This makes it clearer what each function is testing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements tracking of LEAKPROOF and SECURITY DEFINER function attributes to fix issue #174. The changes ensure that PostgreSQL function definitions properly capture and handle these important security and optimization attributes.
Key Changes
- Added support for tracking LEAKPROOF and PARALLEL (SAFE/RESTRICTED/UNSAFE) function attributes from PostgreSQL system catalogs
- Removed default output of
SECURITY INVOKER(since it's the PostgreSQL default) and only outputSECURITY DEFINERwhen explicitly set - Implemented smart ALTER FUNCTION statements for attribute-only changes (LEAKPROOF, PARALLEL) instead of always using CREATE OR REPLACE, preserving function permissions and dependencies
Reviewed changes
Copilot reviewed 64 out of 64 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| ir/queries/queries.sql | Added proleakproof and proparallel columns to function metadata query |
| ir/queries/queries.sql.go | Updated generated Go code with new IsLeakproof and ParallelMode fields |
| ir/ir.go | Added IsLeakproof and Parallel fields to Function struct |
| ir/inspector.go | Implemented logic to parse parallel mode from PostgreSQL's single-character representation and populate new function attributes |
| internal/diff/function.go | Removed default SECURITY INVOKER output, added LEAKPROOF and PARALLEL output logic, and implemented ALTER FUNCTION for attribute-only changes |
| testdata/dump/*/pgschema.sql | Updated schema dumps to reflect new function attribute handling and version bump to 1.4.3 |
| testdata/diff/*/plan.json | Updated migration plans with corrected function definitions and fingerprint hashes |
| testdata/diff/create_function/alter_function_attributes/* | New test case demonstrating ALTER FUNCTION for LEAKPROOF and PARALLEL changes |
| testdata/diff/create_function/add_function/* | Enhanced test case with comprehensive coverage of LEAKPROOF, PARALLEL SAFE, PARALLEL RESTRICTED, and SECURITY DEFINER |
| Various testdata diff files | Updated expected outputs to remove SECURITY INVOKER (now default) from function definitions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
testdata/diff/migrate/v3/diff.sql
Outdated
| RETURNS trigger | ||
| LANGUAGE plpgsql | ||
| SECURITY INVOKER | ||
|
|
There was a problem hiding this comment.
Unnecessary blank line between LANGUAGE plpgsql and VOLATILE. This blank line was left when SECURITY INVOKER was removed. The test file should be regenerated to remove this formatting issue.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #174