feat(gb-9141): empty allowlist filters everything out

pimeys · pimeys · commit 506a6ef2bb31 · 2025-05-30T10:40:50.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cli/postgres/Cargo.toml b/cli/postgres/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "grafbase-postgres"
-version = "0.3.7"
+version = "0.3.8"
 edition = "2024"
 license = "Apache-2.0"
 
diff --git a/cli/postgres/README.md b/cli/postgres/README.md
@@ -129,8 +129,9 @@ enable_queries = true
 
 # Schema allowlist: An array of schema names to include in the introspection.
 # If provided, only schemas in this list will be included.
-# If empty, all schemas will be included (unless in the denylist).
-schema_allowlist = []
+# If not defined or null, all schemas will be included (unless in the denylist).
+# If empty, no schemas will be included.
+schema_allowlist = null
 
 # Schema denylist: An array of schema names to exclude from the introspection.
 # Schemas in this list will be excluded even if they appear in the allowlist.
@@ -156,8 +157,9 @@ enable_queries = true
 
 # Table allowlist: An array of table names to include in the introspection.
 # If provided, only tables in this list will be included for this schema.
-# If empty, all tables will be included (unless in the denylist).
-table_allowlist = []
+# If not defined or null, all tables will be included (unless in the denylist).
+# If empty, no tables will be included for the schema.
+table_allowlist = null
 
 # Table denylist: An array of table names to exclude from the introspection.
 # Tables in this list will be excluded even if they appear in the allowlist.
@@ -459,7 +461,7 @@ You can control which database schemas and tables are included in the introspect
 
 You can include or exclude specific database schemas using the following options:
 
-- `schema_allowlist`: An array of schema names to include. If provided, only schemas in this list will be included in the introspection.
+- `schema_allowlist`: An array of schema names to include. If provided, only schemas in this list will be included in the introspection. If empty, no schemas will be included. If not defined, all schemas will be included.
 - `schema_denylist`: An array of schema names to exclude. Schemas in this list will be excluded from introspection, even if they appear in the allowlist.
 
 ```toml
@@ -473,12 +475,12 @@ schema_denylist = ["internal"]
 
 Within each schema, you can include or exclude specific tables using these options:
 
-- `table_allowlist`: An array of table names to include. If provided, only tables in this list will be included for that schema.
+- `table_allowlist`: An array of table names to include. If provided, only tables in this list will be included for that schema. If empty, no tables will be included for the schema. If not defined, all tables will be included.
 - `table_denylist`: An array of table names to exclude. Tables in this list will be excluded, even if they appear in the allowlist.
 
 ```toml
 # Example of table filtering in config.toml
-extension_url = "https://grafbase.com/extensions/postgres/0.4.7"
+extension_url = "https://grafbase.com/extensions/postgres/0.4.9"
 
 [schemas.public]
 table_allowlist = ["users", "posts"]
diff --git a/cli/postgres/install.sh b/cli/postgres/install.sh
@@ -6,7 +6,7 @@ if [[ ${OS:-} = Windows_NT ]]; then
     exit 1
 fi
 
-LATEST_VERSION="0.3.7"
+LATEST_VERSION="0.3.8"
 
 # Reset
 Color_Off=''
diff --git a/crates/postgres-introspection/src/config.rs b/crates/postgres-introspection/src/config.rs
@@ -37,9 +37,9 @@ pub struct Config {
     pub schemas: BTreeMap<String, SchemaConfig>,
     /// Optional list of schemas to include in the GraphQL schema.
     /// If this list is populated, only schemas in this list will be included.
-    /// If empty, all schemas will be included.
+    /// If None, all schemas will be included. If empty, no schemas will be included.
     #[serde(default)]
-    pub schema_allowlist: Vec<String>,
+    pub schema_allowlist: Option<Vec<String>>,
     /// Optional list of schemas to exclude from the GraphQL schema.
     /// If this list is populated, schemas in this list will be excluded even if they are in the allowlist.
     /// This takes precedence over the allowlist.
@@ -96,8 +96,12 @@ impl Config {
     }
 
     pub fn is_schema_included(&self, schema: &str) -> bool {
+        let Some(allowlist) = self.schema_allowlist.as_ref() else {
+            return !self.schema_denylist.contains(&schema.to_string());
+        };
+
         !self.schema_denylist.contains(&schema.to_string())
-            && (self.schema_allowlist.is_empty() || self.schema_allowlist.contains(&schema.to_string()))
+            && (!allowlist.is_empty() && allowlist.contains(&schema.to_string()))
     }
 
     /// Determines whether a table is included in the GraphQL schema based on the configuration.
@@ -109,8 +113,12 @@ impl Config {
             return true;
         };
 
+        let Some(allowlist) = schema_config.table_allowlist.as_ref() else {
+            return !schema_config.table_denylist.contains(&table.to_string());
+        };
+
         !schema_config.table_denylist.contains(&table.to_string())
-            && (schema_config.table_allowlist.is_empty() || schema_config.table_allowlist.contains(&table.to_string()))
+            && (!allowlist.is_empty() && allowlist.contains(&table.to_string()))
     }
 }
 
@@ -140,9 +148,9 @@ pub struct SchemaConfig {
     pub tables: BTreeMap<String, TableConfig>,
     /// Optional list of tables to include in the GraphQL schema.
     /// If this list is populated, only tables in this list will be included.
-    /// If empty, all tables will be included.
+    /// If None, all tables will be included. If empty, no tables will be included.
     #[serde(default)]
-    pub table_allowlist: Vec<String>,
+    pub table_allowlist: Option<Vec<String>>,
     /// Optional list of tables to exclude from the GraphQL schema.
     /// If this list is populated, tables in this list will be excluded even if they are in the allowlist.
     /// This takes precedence over the allowlist.
diff --git a/crates/postgres-introspection/src/tables.rs b/crates/postgres-introspection/src/tables.rs
@@ -39,18 +39,18 @@ pub(crate) async fn introspect_database(
             continue;
         };
 
-        // Skip tables that are not in the allowlist or are in the denylist
-        if !config.is_table_included(&schema_name, &table_name) {
-            continue;
-        };
-
         let kind = match row.get::<i8, _>(3) as u8 as char {
             'r' => RelationKind::Relation,
             'v' => RelationKind::View,
             'm' => RelationKind::MaterializedView,
             _ => unreachable!(),
         };
 
+        // Skip tables that are not in the allowlist or are in the denylist
+        if !kind.is_view() && !config.is_table_included(&schema_name, &table_name) {
+            continue;
+        };
+
         let mut table = Table::<String>::new(schema_id, table_name, kind, None);
 
         if let Some(description) = row.get(2) {
diff --git a/extensions/postgres/tests/integration_tests.rs b/extensions/postgres/tests/integration_tests.rs
@@ -266,7 +266,7 @@ impl PgTestApi {
             schemas: Default::default(),
             enable_mutations: true,
             enable_queries: true,
-            schema_allowlist: Vec::new(),
+            schema_allowlist: None,
             schema_denylist: Vec::new(),
         })
         .await
@@ -282,7 +282,7 @@ impl PgTestApi {
             schemas: Default::default(),
             enable_mutations: true,
             enable_queries: true,
-            schema_allowlist: Vec::new(),
+            schema_allowlist: None,
             schema_denylist: Vec::new(),
         })
         .await
diff --git a/extensions/postgres/tests/introspection/configuration.rs b/extensions/postgres/tests/introspection/configuration.rs
