This is a guide on how to setup and use alembic with the rls package.
alembic must be initialized by our extended metadata first to be used when creating policies.
the rls policies are registered as metadata info and can be used with alembic
in the env.py file you must import the set_metadata_info from the package and pass it to the target_metadata variable
from rls.alembic_rls import set_metadata_info
target_metadata = set_metadata_info(Base).metadatawhich returns a base that its rls policies metadata set.
To create a policy in alembic revision manually you have to keep in mind the following custom alembic operations:
op.create_policy: to create a policy for a tableop.drop_policy: to drop a policy for a tableop.enable_rls: to enable row level security on a tableop.disable_rls: to disable row level security on a table
Note: automatically creating policies in alembic is supported by the package but it is recommended to always check them before running the upgrade head command
Creates a policy for a table with the given name, definition, policy name, command, and expression
from alembic import op
op.create_policy(
table_name="accounts",
definition="PERMISSIVE",
policy_name="accounts_select",
cmd="select",
expr="true"
)Drops a policy for a table with the given name, policy name, command, and expression
from alembic import op
op.drop_policy(
table_name="accounts",
definition="PERMISSIVE",
policy_name="accounts_select",
cmd="select",
expr="true"
)Note: the expr, cmd, definition are not used in the drop operation but it is required to be passed for reverse compatibility
Enables row level security on a table with the given name
from alembic import op
op.enable_rls(
table_name="accounts"
)Disables row level security on a table with the given name
from alembic import op
op.disable_rls(
table_name="accounts"
)- All custom operations are not picked up by mypy and will throw an error when type checked.