@sap/hdi-deploy - npm Package Compare versions

Comparing version 4.0.5 to 4.1.0

CHANGELOG.md

		@@ -0,1 +1,16 @@
		## 4.1.0
		Features:
		- provide `--validate-external-dependencies` option to always start a make, even if no files are in the deploy/undeploy sets
		- change wording for `"whitelist"` to `"allowlist"`
		- use @sap/hdi@4.0.2
		- use @sap/hana-client@2.8.20
		- added support for reading a `.env` file in the absence of `default-env.json` file

		Fixes:
		- with `--trace`, ensure that the complete VCAP_SERVICES are logged

		## 4.0.6
		Features:
		- with `--trace`, log target credentials before checking server version

		## 4.0.5
		@@ -2,0 +17,0 @@ Fixes:

deploy.js

		@@ -16,3 +16,5 @@ 'use strict';
		const defaultEnvFile = 'default-env.json';
		const dotEnvFile = '.env';
		let usedDefaultEnvFile = false;
		let useDotEnvFile = false;
		if (fs.existsSync(defaultEnvFile)) {
		@@ -22,2 +24,7 @@ xsenv.loadEnv(defaultEnvFile);
		usedDefaultEnvFile = true;
		} else if (fs.existsSync(dotEnvFile)) {
		const res = require('dotenv').config();
		if (!res.error) {
		useDotEnvFile = true;
		}
		}
		@@ -128,2 +135,4 @@
		args.translateJSONEnvBooleanOptionToOption(logger, options, name, option, process.argv);
		} else if (option === 'validate_external_dependencies') {
		args.translateJSONEnvBooleanOptionToOption(logger, options, name, option, process.argv);
		} else if (option === 'undeploy') {
		@@ -338,2 +347,6 @@ args.translateJSONEnvStringArrayOptionToOption(logger, options, name, option, process.argv);
		opt.treatUnmodifiedAsModified = false;
		} else if (arg === '--validate-external-dependencies') {
		opt.validateExternalDependencies = true;
		} else if (arg === '--no-validate-external-dependencies') {
		opt.validateExternalDependencies = false;
		} else if (arg === '--undeploy') {
		@@ -560,3 +573,14 @@ i = args.translatePathListOptionToPathFilter(i, process.argv, opt.undeploy, checkPathInUndeployOption);
		services = require('./lib/services.js')();
		/**
		* trace the vcap services
		*/
		if (typeof process.env.VCAP_SERVICES !== 'undefined') {
		logger.trace('VCAP_SERVICES:', JSON.stringify(JSON.parse(process.env.VCAP_SERVICES), null, 2));
		} else {
		logger.trace('VCAP_SERVICES: undefined');
		}

		if (opt.detectServerVersion \|\| opt.detectHDIVersion \|\| opt.container_api_version) {
		logger.trace('target credentials:', services.getTargetCreds());
		}
		cb();
		@@ -609,2 +633,6 @@ } catch (error) {
		}
		// if a .env was sourced, write the log message now
		if (useDotEnvFile) {
		logger.log(`Using default environment variables from file "${dotEnvFile}"`);
		}

		@@ -677,2 +705,8 @@ if (usedDefaultServicesFile) {

		if (opt.validateExternalDependencies) {
		if (info.client.features['validate-external-dependencies'] <= 0) {
		cb(`Option validate-external-dependencies is not supported by the server; based on HDI version ${hdi_version.version}`);
		}
		}

		if (opt.lockContainer) {
		@@ -679,0 +713,0 @@ if (info.client.features['lock-container'] <= 0) {

lib/deploy.js

		@@ -60,4 +60,2 @@ 'use strict';

		logger.trace('VCAP_SERVICES:', process.env.VCAP_SERVICES);

		logger.trace('top directories: ', cnt.serverTopDirs);
		@@ -64,0 +62,0 @@

lib/features.client.js

		@@ -20,2 +20,5 @@ 'use strict';
		const since_hdi_version_3 = hdi_version.isGreaterThanOrEqualTo(3);
		const since_hdi_version_10 = hdi_version.isGreaterThanOrEqualTo(10)? 1 : -1;
		const since_hdi_version_1005 = hdi_version.isGreaterThanOrEqualTo(1005)? 1 : -1;

		const since_server_version_2_0_37_1_but_not_higher_sp = server_version.isGreaterThanOrEqualTo(2, 0, 37, 1) && !server_version.isGreaterThanOrEqualTo(2, 0, 40, 0);
		@@ -39,2 +42,3 @@ const since_server_version_2_0_24_10_but_not_higher_sp = server_version.isGreaterThanOrEqualTo(2, 0, 24, 10) && !server_version.isGreaterThanOrEqualTo(2, 0, 30, 0);
		'treat-warnings-as-errors': 1 * since_server_version_1_0_120_0,
		'validate-external-dependencies': (since_hdi_version_10 \|\| since_hdi_version_1005),
		'simulate-make': 1 * since_server_version_1_0_120_0,
		@@ -45,3 +49,3 @@ 'service-replacements': 1,
		'environment-options': 1,
		'undeploy-whitelist': 1,
		'undeploy-allowlist': 1,
		'zero-downtime-update': 1 * since_server_version_2_0_10_0,
		@@ -48,0 +52,0 @@ 'treat-wrong-ownership-as-errors': since_container_api_version_44,

lib/hana-helper.js

		@@ -706,5 +706,7 @@ 'use strict';
		},

		/**
		* Grant schema privileges on a container.
		* Grant schema privileges on a container via the group API.
		*
		* @param {String} group Name of the containerGroup
		* @param {String} schema Name of the container
		@@ -716,4 +718,4 @@ * @param {String} privTable Table containing the privileges
		*/
		hdiSysGrantSchemaPrivileges: function (schema, privTable, prmsTable, cb) {
		return callproc1(`CALL _SYS_DI.GRANT_CONTAINER_SCHEMA_PRIVILEGES(${['?', privTable, prmsTable].concat(newArray(3, '?')).join(', ')})`, {
		hdiGrantSchemaPrivileges: function (group, schema, privTable, prmsTable, cb) {
		return callproc1(`CALL _SYS_DI#${group}.GRANT_CONTAINER_SCHEMA_PRIVILEGES(${['?', privTable, prmsTable].concat(newArray(3, '?')).join(', ')})`, {
		CONTAINER_NAME: schema
		@@ -720,0 +722,0 @@ }, cb);

lib/hdi_utils.js

		@@ -45,3 +45,3 @@ 'use strict';
		if (fs.existsSync(filename)) {
		logger.log('Undeploy whitelist file "undeploy.json" found; deleted files will be filtered by the whitelist');
		logger.log('Undeploy allowlist file "undeploy.json" found; deleted files will be filtered by the allowlist');
		try {
		@@ -51,3 +51,3 @@ filter = fs.readJSONFile(filename);
		logger.error(`Could not read the "undeploy.json": ${e.message ? e.message : e}`);
		logger.error('Proceeding with an empty whitelist and no files will be scheduled for undeploy.');
		logger.error('Proceeding with an empty allowlist and no files will be scheduled for undeploy.');
		return [];
		@@ -60,3 +60,3 @@ }
		} else {
		logger.log('Undeploy whitelist file "undeploy.json" not found; an empty whitelist is used and no files will be scheduled for undeploy');
		logger.log('Undeploy allowlist file "undeploy.json" not found; an empty allowlist is used and no files will be scheduled for undeploy');
		return [];
		@@ -135,3 +135,3 @@ }
		}
		logger.log(`${undeployFiles.length} deleted files are scheduled for undeploy based on delta detection (filtered by undeploy whitelist)`);
		logger.log(`${undeployFiles.length} deleted files are scheduled for undeploy based on delta detection (filtered by undeploy allowlist)`);

		@@ -138,0 +138,0 @@ const explicit_deploy_files = new Set();

lib/options.js

		@@ -24,2 +24,3 @@ 'use strict';
		treatWarningsAsErrors: false,
		validateExternalDependencies: false,
		simulateMake: false,
		@@ -26,0 +27,0 @@ stripCRFromCSV: false,

lib/tasks.js

		@@ -445,2 +445,5 @@ 'use strict';
		}
		if (this.options.validateExternalDependencies) {
		deployParameters.push(new Parameter('VALIDATE_EXTERNAL_DEPENDENCIES', 'TRUE'));
		}

		@@ -447,0 +450,0 @@ tasks.push(function (callback) {

npm-shrinkwrap.json

		{
		"name": "@sap/hdi-deploy",
		"version": "4.0.5",
		"version": "4.1.0",
		"lockfileVersion": 1,
		@@ -8,3 +8,3 @@ "requires": true,
		"@sap/hana-client": {
		"version": "2.7.26",
		"version": "2.8.20",
		"requires": {
		@@ -26,3 +26,3 @@ "debug": "3.1.0"
		"@sap/hdi": {
		"version": "4.0.1",
		"version": "4.0.2",
		"requires": {
		@@ -59,2 +59,5 @@ "async": "3.1.0"
		},
		"dotenv": {
		"version": "10.0.0"
		},
		"extsprintf": {
		@@ -83,3 +86,3 @@ "version": "1.4.0"
		"uglify-js": {
		"version": "3.13.4",
		"version": "3.13.8",
		"optional": true
		@@ -86,0 +89,0 @@ },

package.json

		{
		"name": "@sap/hdi-deploy",
		"description": "HDI content deployment",
		"version": "4.0.5",
		"version": "4.1.0",
		"license": "See LICENSE file",
		@@ -9,6 +9,7 @@ "repository": {},
		"dependencies": {
		"@sap/hdi": "4.0.1",
		"@sap/hana-client": "2.7.26",
		"@sap/hdi": "4.0.2",
		"@sap/hana-client": "2.8.20",
		"@sap/xsenv": "3.1.0",
		"async": "3.1.0",
		"dotenv": "10.0.0",
		"handlebars": "4.7.7"
		@@ -15,0 +16,0 @@ },

README.md

		@@ -73,3 +73,3 @@ @sap/hdi-deploy
		- [A Database Module's File System Structure](#a-database-modules-file-system-structure)
		- [Delta Deployment and Undeploy Whitelist](#delta-deployment-and-undeploy-whitelist)
		- [Delta Deployment and Undeploy Allowlist](#delta-deployment-and-undeploy-allowlist)
		- [The default_access_role Role](#the-default_access_role-role)
		@@ -105,3 +105,3 @@ - [The development_debug_role Role](#the-development_debug_role-role)
		"dependencies": {
		"@sap/hdi-deploy": "4.0.5"
		"@sap/hdi-deploy": "4.1.0"
		},
		@@ -122,2 +122,3 @@ "scripts": {
		- `default-env.json`: a JSON file which contains a set of environment variables and their values
		- `.env`: a dot env file which contains a set of environment variables and their values. This file is used in the absence of `default-env.json`.
		- `default-services.json`: a JSON file which contains a set of service bindings
		@@ -293,3 +294,14 @@
		```
		### .env

		A `.env` file can contain a set of environment variables and their values. The HDI Deployer will pick up these settings on startup:


		`.env` example file:

		```

		VCAP_SERVICES={"hana" : [ { "name" : "target-service", "label" : "hana", "tags" : [ "hana", "database", "relational" ], "plan" : "hdi-shared", "credentials" : { "schema" : "SCHEMA", "hdi_user" : "USER_DT", "hdi_password" : "PASSWORD_DT", "certificate" : "-----BEGIN CERTIFICATE-----\nABCD...1234\n-----END CERTIFICATE-----\n", "host" : "host", "port" : "30015" } } ] }

		```
		## Deployment via Push and Tasks
		@@ -332,3 +344,3 @@

		## Delta Deployment and Undeploy Whitelist
		## Delta Deployment and Undeploy Allowlist

		@@ -341,3 +353,3 @@ The HDI Deployer implements a delta-based deployment strategy:

		In order to undeploy deleted files, an application needs to include an undeploy whitelist via an `undeploy.json` file in the root directory of the `db` module (right beside the `src/` and `cfg/` folders). The undeploy whitelist `undeploy.json` file is a JSON document with a top-level array of file names:
		In order to undeploy deleted files, an application needs to include an undeploy allowlist via an `undeploy.json` file in the root directory of the `db` module (right beside the `src/` and `cfg/` folders). The undeploy allowlist `undeploy.json` file is a JSON document with a top-level array of file names:

		@@ -357,10 +369,18 @@ `undeploy.json`:

		In this case, the HDI Deployer will ignore the undeploy whitelist `undeploy.json` file and will schedule all deleted files in the `src/` and `cfg/` folders for undeployment.
		In this case, the HDI Deployer will ignore the undeploy allowlist `undeploy.json` file and will schedule all deleted files in the `src/` and `cfg/` folders for undeployment.

		## The default_access_role Role

		When an HDI container service instance is created by the SAP HANA Service Broker, e.g. service instance `foo` with schema name `FOO`, the broker creates an HDI container `FOO` (consisting of the runtime schema `FOO`, the HDI metadata and API schema `FOO#DI`, and the object owner `FOO#OO`) and a global access role `FOO::access_role` for the runtime schema. This access role is equipped with a default permission set for the runtime schema which consists of `SELECT`, `INSERT`, `UPDATE`, `DELETE`, `EXECUTE`, `CREATE TEMPORARY TABLE`, and `SELECT CDS METADATA` (not on SAP HANA Cloud) on the runtime schema `FOO`.
		When an HDI container service instance is created by the SAP HANA Service Broker, for example, service instance `foo` with schema name `FOO`, the broker creates an HDI container named `FOO` (consisting of the run-time schema `FOO` , the HDI metadata and API schema `FOO#DI` , and the object owner `FOO#OO`) and, in addition, the following roles, which are assigned to the application user:

		Every time the service instance is bound to an application, the broker creates 2 new users which are specific to this binding. The first user is the application user who is named `user` in the instance's credentials. This user is used by the application to access the HDI container's runtime schema `FOO`. This user is equipped with the service instance's global access role `FOO::access_role`. The second user is the HDI API user who is named `hdi_user` in the credentials. This user is equipped with privileges for the container's APIs in the `FOO#DI` schema.
		- FOO::access_role
		A global access role for the run-time schema. This access role is assigned a set of default permissions for the run-time schema: SELECT, INSERT, UPDATE, DELETE, EXECUTE, CREATE TEMPORARY TABLE, and SELECT CDS METADATA on the run-time schema `FOO`.

		- FOO::external_privileges_role
		A role that grants the application user the privileges required to enable access to schemas and objects outside the HDI container, for example, the run-time container `BAR`.

		Note : The roles exist as long as the HDI container exists; they are not lost when the application binding user changes. New binding users are automatically assigned these roles by the broker.

		Every time the service instance is bound to an application, the service broker creates two new users that are specific to this binding. The first user is the application user who is named user in the instance's credentials. This user is used by the application to access the HDI container's run-time schema `FOO`. This user is assigned the service instance's global access role `FOO::access_role` and the role `FOO::external_privileges_role`. The second user is the HDI API user - named `hdi_user` in the credentials. This user is equipped with privileges for the container's APIs in the `FOO#DI` schema.

		The following diagram illustrates the binding-specific application users and the role of the global access role (the HDI API users and the bindings for the HDI Deployer are not shown for simplicity):
		@@ -527,3 +547,3 @@
		"dependencies": {
		"@sap/hdi-deploy": "4.0.5",
		"@sap/hdi-deploy": "4.1.0",
		"module1": "1.3.1",
		@@ -1012,2 +1032,3 @@ "module2": "1.7.0"
		- `--[no-]treat-warnings-as-errors`: [don't] treat warnings as errors
		- `--[no-]validate-external-dependencies`: [don't] start a make, even if no files are in the deploy/undeploy sets; all deployed synonyms, projection views, and virtual tables in the container will be checked for changes to referenced objects and redeployed, if a change is detected.
		- `--[no-]simulate-make`: [don't] simulate the make and skip post-make activities; pre-make activities still take effect, e.g. grants
		@@ -1055,3 +1076,3 @@ - `--connection-timeout <ms>`: number of milliseconds to wait for the database connection(s)
		"name": "@sap/hdi-deploy",
		"version": "4.0.5",
		"version": "4.1.0",
		"features": {
		@@ -1072,2 +1093,3 @@ "info": 2,
		"treat-warnings-as-errors": 1,
		"validate-external-dependencies": 1,
		"simulate-make": 1,
		@@ -1078,3 +1100,3 @@ "service-replacements": 1,
		"environment-options": 1,
		"undeploy-whitelist": 1
		"undeploy-allowlist": 1
		}
		@@ -1081,0 +1103,0 @@ }

@sap/hdi-deploy - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes