Port @azure/postgresql-auth package from postgres-entra-auth repo#37647
Merged
Conversation
github-actions
Bot
added
the
dev-tool
KarishmaGhiya
force-pushed
the
port-postgresql-auth
branch
2 times, most recently
from
bc06f02 to
c61deb4
Compare
chidozieononiwu
force-pushed
the
port-postgresql-auth
branch
from
d9f33bf to
bd24fc2
Compare
KarishmaGhiya
requested review from
a team,
JialinHuang803,
MaryGao,
jeremymeng,
qiaozha and
xirzec
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Migrates the standalone azure-postgresql-auth library into this repo as a new package @azure/postgresql-auth, providing Entra ID token acquisition for PostgreSQL connections (via pg) and a Sequelize beforeConnect hook for automatic token-based auth.
Changes:
- Introduces the new
@azure/postgresql-authpackage (source, build config, API extractor config, docs, changelog, license). - Adds Vitest unit tests for
getEntraTokenPasswordandconfigureEntraIdAuth, plus shared test utilities. - Adds samples (JavaScript + TypeScript) and wires up CI + CODEOWNERS + lockfile entries.
Reviewed changes
Copilot reviewed 32 out of 33 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| sdk/postgresql/postgresql-auth/warp.config.yml | Warp build/export configuration for the new package |
| sdk/postgresql/postgresql-auth/vitest.config.ts | Hooks package tests into the repo’s shared Vitest config |
| sdk/postgresql/postgresql-auth/tsconfig.test.node.json | Test TS config and path mappings for local test runs |
| sdk/postgresql/postgresql-auth/tsconfig.test.json | TS project references for test compilation |
| sdk/postgresql/postgresql-auth/tsconfig.src.json | TS config for building the library source |
| sdk/postgresql/postgresql-auth/tsconfig.json | TS project references (src + tests) |
| sdk/postgresql/postgresql-auth/test/public/utils/testUtils.ts | Shared test utilities (mock credentials, mock Sequelize hooks, JWT helpers) |
| sdk/postgresql/postgresql-auth/test/public/getEntraTokenPassword.spec.ts | Unit tests for token acquisition helper |
| sdk/postgresql/postgresql-auth/test/public/configureEntraIdAuth.spec.ts | Unit tests for Sequelize hook configuration and username derivation |
| sdk/postgresql/postgresql-auth/src/logger.ts | Package logger setup via @azure/logger |
| sdk/postgresql/postgresql-auth/src/index.ts | Public entrypoint exports for the package |
| sdk/postgresql/postgresql-auth/src/entraConnection.ts | Core implementation of token acquisition + Sequelize hook |
| sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/tsconfig.json | TS sample compilation config |
| sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/src/sequelizeConnection.ts | TypeScript Sequelize sample |
| sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/src/pgConnection.ts | TypeScript pg sample |
| sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/sample.env | Sample environment variable template |
| sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/package.json | TypeScript samples’ package manifest |
| sdk/postgresql/postgresql-auth/samples/v1-beta/typescript/README.md | TypeScript samples README |
| sdk/postgresql/postgresql-auth/samples/v1-beta/javascript/sequelizeConnection.js | JavaScript Sequelize sample |
| sdk/postgresql/postgresql-auth/samples/v1-beta/javascript/sample.env | JavaScript sample environment variable template |
| sdk/postgresql/postgresql-auth/samples/v1-beta/javascript/pgConnection.js | JavaScript pg sample |
| sdk/postgresql/postgresql-auth/samples/v1-beta/javascript/package.json | JavaScript samples’ package manifest |
| sdk/postgresql/postgresql-auth/samples/v1-beta/javascript/README.md | JavaScript samples README |
| sdk/postgresql/postgresql-auth/review/postgresql-auth-node.api.md | API Extractor report for public surface validation |
| sdk/postgresql/postgresql-auth/package.json | Package metadata, scripts, exports, deps/peer deps |
| sdk/postgresql/postgresql-auth/eslint.config.mjs | Package ESLint rule configuration |
| sdk/postgresql/postgresql-auth/api-extractor.json | API Extractor configuration (extends repo base) |
| sdk/postgresql/postgresql-auth/README.md | Package README with usage examples |
| sdk/postgresql/postgresql-auth/LICENSE | Package license file |
| sdk/postgresql/postgresql-auth/CHANGELOG.md | Initial changelog entry for beta.1 |
| sdk/postgresql/ci.yml | Adds CI pipeline for the postgresql service directory/package |
| pnpm-lock.yaml | Workspace lockfile updates for the new package (and deps) |
| .github/CODEOWNERS | Adds code ownership for the new package path |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
You can also share your feedback on Copilot code review. Take the survey.
maorleger
reviewed
Mar 18, 2026
KarishmaGhiya
force-pushed
the
port-postgresql-auth
branch
from
b68aacb to
38b859c
Compare
maorleger
reviewed
Mar 26, 2026
Member
maorleger
left a comment
maorleger
left a comment
There was a problem hiding this comment.
We're close, just need a few things @KarishmaGhiya to tidy this up 👍
deyaaeldeen
added
the
architecture-review-needed
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Archie API Review — @azure/postgresql-auth (new package, v1.0.0-beta.1)
This is a new package being ported into the Azure SDK for JavaScript monorepo. 4 API design issues were found (0 critical, 3 medium, 1 low). No breaking changes (first release). CI status was not blocking review.
Summary of findings:
| # | Severity | Issue |
|---|---|---|
| 1 | 🟡 Medium | entraTokenProvider should use a verb prefix (getEntraToken) per naming conventions |
| 2 | 🟡 Medium | GetEntraTokenPasswordOptions must extend OperationOptions to support AbortSignal cancellation |
| 3 | 🟡 Medium | Return type typeof sequelizeInstance should be expressed as a generic <T extends SequelizeBeforeConnectHook>: T |
| 4 | 🔵 Low | Export alias GetEntraAccessTokenOptions as GetEntraTokenPasswordOptions mixes "Token" and "Password" terminology |
All findings are actionable before the first beta release.
📊 Structured Report
{"agent":"archie","pr":37647,"summary":"issues_found","findings":[{"file":"sdk/postgresql/postgresql-auth/review/postgresql-auth-node.api.md","line":18,"severity":"medium","category":"naming","description":"entraTokenProvider does not follow verb-first naming convention; should be getEntraToken or similar per Azure SDK guidelines"},{"file":"sdk/postgresql/postgresql-auth/review/postgresql-auth-node.api.md","line":22,"severity":"medium","category":"options-design","description":"GetEntraTokenPasswordOptions does not extend OperationOptions; async operation missing AbortSignal cancellation support"},{"file":"sdk/postgresql/postgresql-auth/review/postgresql-auth-node.api.md","line":10,"severity":"medium","category":"type-safety","description":"Return type typeof sequelizeInstance is non-idiomatic; should use generic <T extends SequelizeBeforeConnectHook>: T"},{"file":"sdk/postgresql/postgresql-auth/src/index.ts","line":16,"severity":"low","category":"naming","description":"Export alias GetEntraAccessTokenOptions as GetEntraTokenPasswordOptions mixes Token/Password terminology inconsistently"}]}Note
🔒 Integrity filter blocked 2 items
The following items were blocked because they don't meet the GitHub integrity level.
- #37647
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - #37647
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | none🏗️ Reviewed by Architecture Review
deyaaeldeen
added
the
docs-review-needed
Contributor
There was a problem hiding this comment.
This PR introduces a new @azure/postgresql-auth package with generally good documentation. Found 4 issues (0 critical, 2 medium, 2 low):
- [medium] Snippet test names (
"entraTokenProvider","configureEntraAuthentication","Logging") don't follow theReadmeSample<Feature>convention used across the repo — bothsnippets.spec.tsand thesnippet:tags inREADME.mdneed renaming. - [medium] README code fences use dynamic
await import()while the samples use standard static imports — this inconsistency can mislead users who copy from the README. - [low]
GetEntraTokenPasswordOptions(scopeoverride) andSequelizeBeforeConnectHookare exported but not mentioned in the README Key Concepts section. - [low] The
@param optionsJSDoc onentraTokenProvidershould reference the exported public type nameGetEntraTokenPasswordOptions(not the internal aliasGetEntraAccessTokenOptions) for consistency with the API report.
📊 Structured Report
{"agent":"scribe","pr":37647,"summary":"issues_found","findings":[{"file":"sdk/postgresql/postgresql-auth/test/snippets.spec.ts","line":9,"severity":"medium","category":"snippet-naming","description":"Snippet names do not follow ReadmeSample<Feature> convention; should be ReadmeSampleEntraTokenProvider, ReadmeSampleConfigureEntraAuthentication, ReadmeSampleLogging"},{"file":"sdk/postgresql/postgresql-auth/README.md","line":57,"severity":"medium","category":"consistency","description":"README examples use dynamic await import() while samples use static ES module imports, creating inconsistency for users"},{"file":"sdk/postgresql/postgresql-auth/README.md","line":41,"severity":"low","category":"missing-docs","description":"Key Concepts section omits GetEntraTokenPasswordOptions (scope override) and SequelizeBeforeConnectHook from the public API description"},{"file":"sdk/postgresql/postgresql-auth/src/index.ts","line":16,"severity":"low","category":"tsdoc","description":"entraTokenProvider `@param` options should reference the exported public type name GetEntraTokenPasswordOptions, not the internal GetEntraAccessTokenOptions alias"}]}Note
🔒 Integrity filter blocked 2 items
The following items were blocked because they don't meet the GitHub integrity level.
- #37647
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved". - #37647
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | none📝 Proofread by Documentation Review
deyaaeldeen
added
the
test-review-needed
…rameter Replaces the inline structural type on configureEntraIdAuth with a named exported interface SequelizeBeforeConnectHook for better discoverability. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
KarishmaGhiya
force-pushed
the
port-postgresql-auth
branch
2 times, most recently
from
79b0824 to
8bbd634
Compare
KarishmaGhiya
commented
Apr 10, 2026
KarishmaGhiya
commented
Apr 10, 2026
Co-authored-by: KarishmaGhiya <kghiya8@gmail.com>
KarishmaGhiya
commented
Apr 10, 2026
jeremymeng
approved these changes
Apr 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Migrates the standalone azure-postgresql-auth library into the monorepo as
@azure/postgresql-auth- a new Azure SDK client package providing Entra ID authentication for PostgreSQL connections via bothpg(node-postgres) and Sequelize clients.Key changes:
getEntraTokenPassword()- acquires Entra ID token for use as PostgreSQL passwordconfigureEntraIdAuth()- registers SequelizebeforeConnecthook for automatic token-based authwarpbuild system with 4 targets (browser, react-native, esm, commonjs)pg(>=8.0.0) andsequelize(>=6.0.0) as optional peer dependenciessdk/postgresql/ci.ymldata-plane pipelineReferences
Release Plan Details