Skip to content

Commit 6a77d25

Browse files
EmyrkEmyrk
committed
Use our schema
1 parent 1f1abf9 commit 6a77d25

File tree

2 files changed

+84
-43
lines changed

2 files changed

+84
-43
lines changed

coderd/database/spice/spice.go

Lines changed: 82 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ import (
55
_ "embed"
66
"log"
77

8+
"github.com/authzed/spicedb/pkg/tuple"
9+
810
"google.golang.org/protobuf/encoding/protojson"
911

1012
"golang.org/x/xerrors"
@@ -28,7 +30,7 @@ var _ = v1.NewSchemaServiceClient
2830
//go:embed schema.zed
2931
var schema string
3032

31-
func DB(ctx context.Context) error {
33+
func RunExample(ctx context.Context) error {
3234
srv, err := newServer(ctx)
3335
if err != nil {
3436
return err
@@ -48,61 +50,44 @@ func DB(ctx context.Context) error {
4850
}()
4951

5052
_, err = schemaSrv.WriteSchema(ctx, &v1.WriteSchemaRequest{
51-
Schema: `definition user {}
52-
definition resource {
53-
relation viewer: user
54-
permission view = viewer
55-
}`,
53+
Schema: schema,
5654
})
5755
if err != nil {
5856
return err
5957
}
6058

61-
resp, err := permSrv.WriteRelationships(ctx, &v1.WriteRelationshipsRequest{Updates: []*v1.RelationshipUpdate{
62-
{
63-
Operation: v1.RelationshipUpdate_OPERATION_TOUCH,
64-
Relationship: &v1.Relationship{
65-
Resource: &v1.ObjectReference{
66-
ObjectId: "my_book",
67-
ObjectType: "resource",
68-
},
69-
Relation: "viewer",
70-
Subject: &v1.SubjectReference{
71-
Object: &v1.ObjectReference{
72-
ObjectId: "john_doe",
73-
ObjectType: "user",
74-
},
75-
},
76-
},
77-
},
78-
}})
59+
token, err := populateRelationships(ctx, permSrv)
7960
if err != nil {
8061
return err
8162
}
8263

83-
token := resp.GetWrittenAt()
64+
permsToCheck := []string{
65+
"workspace:dogfood#view@user:root",
66+
"workspace:dogfood#view@user:alice",
67+
"workspace:dogfood#view@user:charlie",
68+
"workspace:dogfood#view@user:gopher",
69+
"workspace_build:dogfood-build#view@user:gopher",
70+
// Look for cache hits?
71+
"workspace_build:dogfood-build#view@user:gopher",
72+
}
8473

85-
for i := 0; i < 10; i++ {
74+
for _, perm := range permsToCheck {
75+
tup := tuple.Parse(perm)
76+
r := tuple.ToRelationship(tup)
77+
78+
// Add debug information to the request so we can see the trace of the check.
8679
var trailerMD metadata.MD
8780
ctx = requestmeta.AddRequestHeaders(ctx, requestmeta.RequestDebugInformation)
8881
checkResp, err := permSrv.CheckPermission(ctx, &v1.CheckPermissionRequest{
8982
Permission: "view",
9083
Consistency: &v1.Consistency{Requirement: &v1.Consistency_AtLeastAsFresh{AtLeastAsFresh: token}},
91-
Resource: &v1.ObjectReference{
92-
ObjectId: "my_book",
93-
ObjectType: "resource",
94-
},
95-
Subject: &v1.SubjectReference{
96-
Object: &v1.ObjectReference{
97-
ObjectId: "john_doe",
98-
ObjectType: "user",
99-
},
100-
},
84+
Resource: r.Resource,
85+
Subject: r.Subject,
10186
}, grpc.Trailer(&trailerMD))
10287
if err != nil {
10388
log.Fatal("unable to issue PermissionCheck: %w", err)
10489
} else {
105-
90+
log.Printf("check result (%s): %s", perm, checkResp.Permissionship.String())
10691
// All this debug stuff just shows the trace of the check
10792
// with information like cache hits.
10893
found, err := responsemeta.GetResponseTrailerMetadata(trailerMD, responsemeta.DebugInformation)
@@ -123,14 +108,53 @@ func DB(ctx context.Context) error {
123108
DisplayCheckTrace(debugInfo.Check, tp, false)
124109
tp.Print()
125110
}
126-
127111
}
128-
log.Printf("check result: %s", checkResp.Permissionship.String())
129112
}
130113

131114
return nil
132115
}
133116

117+
func populateRelationships(ctx context.Context, permSrv v1.PermissionsServiceClient) (*v1.ZedToken, error) {
118+
// Write in a workspace
119+
relationships := []string{
120+
"platform:default#administrator@user:root",
121+
122+
//"Dogfood" workspace owned by "Alice" with the group "developers"
123+
"workspace:dogfood#owner@user:alice",
124+
"workspace_build:dogfood-build#workspace@workspace:dogfood",
125+
"workspace:dogfood#platform@platform:default",
126+
"workspace:dogfood#group@group:developers",
127+
128+
//Group middle-class is in group developers
129+
"group:developers#direct_member@user:bob",
130+
"group:back-end#direct_member@user:charlie",
131+
"group:golang#direct_member@user:gopher",
132+
"group:developers#child_group@group:back-end",
133+
"group:developers#child_group@group:front-end",
134+
"group:back-end#child_group@group:golang",
135+
"group:back-end#child_group@group:sql",
136+
}
137+
138+
var token *v1.ZedToken
139+
for _, rel := range relationships {
140+
tup := tuple.Parse(rel)
141+
v1Rel := tuple.ToRelationship(tup)
142+
143+
resp, err := permSrv.WriteRelationships(ctx, &v1.WriteRelationshipsRequest{Updates: []*v1.RelationshipUpdate{
144+
{
145+
Operation: v1.RelationshipUpdate_OPERATION_TOUCH,
146+
Relationship: v1Rel,
147+
},
148+
}})
149+
if err != nil {
150+
return nil, err
151+
}
152+
token = resp.GetWrittenAt()
153+
}
154+
155+
return token, nil
156+
}
157+
134158
func newServer(ctx context.Context) (server.RunnableServer, error) {
135159
ds, err := datastore.NewDatastore(ctx,
136160
datastore.DefaultDatastoreConfig().ToOption(),
@@ -162,9 +186,25 @@ func newServer(ctx context.Context) (server.RunnableServer, error) {
162186
server.WithMetricsAPI(util.HTTPServerConfig{
163187
HTTPAddress: "localhost:50000",
164188
HTTPEnabled: true}),
165-
server.WithDispatchCacheConfig(server.CacheConfig{Enabled: true, Metrics: true}),
166-
server.WithNamespaceCacheConfig(server.CacheConfig{Enabled: true, Metrics: true}),
167-
server.WithClusterDispatchCacheConfig(server.CacheConfig{Enabled: true, Metrics: true}),
189+
//server.WithDispatchCacheConfig(server.CacheConfig{
190+
// Name: "DispatchCache",
191+
// Metrics: true,
192+
// Enabled: true,
193+
//}),
194+
//server.WithNamespaceCacheConfig(server.CacheConfig{
195+
// Name: "NamespaceCache",
196+
// //MaxCost: "",
197+
// //NumCounters: 0,
198+
// Metrics: true,
199+
// Enabled: true,
200+
//}),
201+
//server.WithClusterDispatchCacheConfig(server.CacheConfig{
202+
// Name: "ClusterCache",
203+
// //MaxCost: "",
204+
// //NumCounters: 0,
205+
// Metrics: true,
206+
// Enabled: true,
207+
//}),
168208
server.WithDatastore(ds),
169209
server.WithDispatchClientMetricsPrefix("coder_client"),
170210
server.WithDispatchClientMetricsEnabled(true),

coderd/database/spice/spice_test.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,8 @@ import (
99
)
1010

1111
func TestSpiceDB(t *testing.T) {
12-
err := spice.DB(context.Background())
12+
// Output colors: https://authzed.com/docs/guides/debugging#displaying-explanations-via-zed
13+
err := spice.RunExample(context.Background())
1314
require.NoError(t, err)
1415
//time.Sleep(time.Second * 1000)
1516
}

0 commit comments

Comments
 (0)