diff --git a/e2e/go.mod b/e2e/go.mod index ab32f03248..d205c3679c 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -5,7 +5,7 @@ go 1.21 toolchain go1.21.1 require ( - github.com/authzed/authzed-go v0.10.2-0.20240312180602-9b3947de5a3d + github.com/authzed/authzed-go v0.10.2-0.20240313203343-903be5541103 github.com/authzed/grpcutil v0.0.0-20240123092924-129dc0a6a6e1 github.com/authzed/spicedb v1.29.5 github.com/brianvoe/gofakeit/v6 v6.23.2 diff --git a/e2e/go.sum b/e2e/go.sum index 70c38773cd..85f7fc3aba 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 h1:goHVqTbFX3AIo0tzGr14pgfAW2ZfPChKO21Z9MGf/gk= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= -github.com/authzed/authzed-go v0.10.2-0.20240312180602-9b3947de5a3d h1:hzo0UIaYtLyJsEdCrM05k1k2YZHqPAyMpHL7rq37j5Q= -github.com/authzed/authzed-go v0.10.2-0.20240312180602-9b3947de5a3d/go.mod h1:2cnND+OBSxz1DpVfaQBKtdobTiaX2qAlj7k9eNr/pM4= +github.com/authzed/authzed-go v0.10.2-0.20240313203343-903be5541103 h1:7LvqvFL9z+zyo7wlkH7rBKDD6SgJ7jbP1nvAJWi1Oug= +github.com/authzed/authzed-go v0.10.2-0.20240313203343-903be5541103/go.mod h1:2cnND+OBSxz1DpVfaQBKtdobTiaX2qAlj7k9eNr/pM4= github.com/authzed/cel-go v0.17.5 h1:lfpkNrR99B5QRHg5qdG9oLu/kguVlZC68VJuMk8tH9Y= github.com/authzed/cel-go v0.17.5/go.mod h1:XL/zEq5hKGVF8aOdMbG7w+BQPihLjY2W8N+UIygDA2I= github.com/authzed/grpcutil v0.0.0-20240123092924-129dc0a6a6e1 h1:zBfQzia6Hz45pJBeURTrv1b6HezmejB6UmiGuBilHZM= diff --git a/go.mod b/go.mod index ba4f747f5f..9fcda7d064 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( contrib.go.opencensus.io/exporter/prometheus v0.4.2 github.com/IBM/pgxpoolprometheus v1.1.1 github.com/Masterminds/squirrel v1.5.4 - github.com/authzed/authzed-go v0.10.2-0.20240312180602-9b3947de5a3d + github.com/authzed/authzed-go v0.10.2-0.20240313203343-903be5541103 github.com/authzed/cel-go v0.17.5 github.com/authzed/consistent v0.1.0 github.com/authzed/grpcutil v0.0.0-20240123092924-129dc0a6a6e1 diff --git a/go.sum b/go.sum index a2dcaf36f6..4e26345a9e 100644 --- a/go.sum +++ b/go.sum @@ -111,8 +111,8 @@ github.com/ashanbrown/forbidigo v1.6.0 h1:D3aewfM37Yb3pxHujIPSpTf6oQk9sc9WZi8ger github.com/ashanbrown/forbidigo v1.6.0/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU= github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s= github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI= -github.com/authzed/authzed-go v0.10.2-0.20240312180602-9b3947de5a3d h1:hzo0UIaYtLyJsEdCrM05k1k2YZHqPAyMpHL7rq37j5Q= -github.com/authzed/authzed-go v0.10.2-0.20240312180602-9b3947de5a3d/go.mod h1:2cnND+OBSxz1DpVfaQBKtdobTiaX2qAlj7k9eNr/pM4= +github.com/authzed/authzed-go v0.10.2-0.20240313203343-903be5541103 h1:7LvqvFL9z+zyo7wlkH7rBKDD6SgJ7jbP1nvAJWi1Oug= +github.com/authzed/authzed-go v0.10.2-0.20240313203343-903be5541103/go.mod h1:2cnND+OBSxz1DpVfaQBKtdobTiaX2qAlj7k9eNr/pM4= github.com/authzed/cel-go v0.17.5 h1:lfpkNrR99B5QRHg5qdG9oLu/kguVlZC68VJuMk8tH9Y= github.com/authzed/cel-go v0.17.5/go.mod h1:XL/zEq5hKGVF8aOdMbG7w+BQPihLjY2W8N+UIygDA2I= github.com/authzed/consistent v0.1.0 h1:tlh1wvKoRbjRhMm2P+X5WQQyR54SRoS4MyjLOg17Mp8= diff --git a/internal/services/v1/debug_test.go b/internal/services/v1/debug_test.go index b925a33609..096821b204 100644 --- a/internal/services/v1/debug_test.go +++ b/internal/services/v1/debug_test.go @@ -12,7 +12,6 @@ import ( "github.com/stretchr/testify/require" "google.golang.org/grpc" "google.golang.org/grpc/metadata" - "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/encoding/prototext" "google.golang.org/protobuf/types/known/structpb" @@ -485,9 +484,7 @@ func TestCheckPermissionWithDebug(t *testing.T) { req.NotNil(encodedDebugInfo) - debugInfo := &v1.DebugInformation{} - err = protojson.Unmarshal([]byte(*encodedDebugInfo), debugInfo) - req.NoError(err) + debugInfo := checkResp.DebugTrace req.NotEmpty(debugInfo.SchemaUsed) req.Equal(stc.checkRequest.resource.ObjectType, debugInfo.Check.Resource.ObjectType) diff --git a/internal/services/v1/permissions.go b/internal/services/v1/permissions.go index fbc1adb87b..9d29b701fe 100644 --- a/internal/services/v1/permissions.go +++ b/internal/services/v1/permissions.go @@ -11,7 +11,6 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" - "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/structpb" @@ -67,6 +66,7 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe } debugOption := computed.NoDebugging + if md, ok := metadata.FromIncomingContext(ctx); ok { _, isDebuggingEnabled := md[string(requestmeta.RequestDebugInformation)] if isDebuggingEnabled { @@ -74,6 +74,10 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe } } + if req.WithTracing { + debugOption = computed.BasicDebuggingEnabled + } + cr, metadata, err := computed.ComputeCheck(ctx, ps.dispatch, computed.CheckParameters{ ResourceType: &core.RelationReference{ @@ -94,21 +98,18 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe ) usagemetrics.SetInContext(ctx, metadata) + var debugTrace *v1.DebugInformation if debugOption != computed.NoDebugging && metadata.DebugInfo != nil { - // Convert the dispatch debug information into API debug information and marshal into - // the footer. + // Convert the dispatch debug information into API debug information. converted, cerr := ConvertCheckDispatchDebugInformation(ctx, caveatContext, metadata, ds) if cerr != nil { return nil, ps.rewriteError(ctx, cerr) } + debugTrace = converted - marshaled, merr := protojson.Marshal(converted) - if merr != nil { - return nil, ps.rewriteError(ctx, merr) - } - + // TODO(jschorr): Remove this once the trailer is not longer used by anyone. serr := responsemeta.SetResponseTrailerMetadata(ctx, map[responsemeta.ResponseMetadataTrailerKey]string{ - responsemeta.DebugInformation: string(marshaled), + responsemeta.DebugInformation: `{"note": "debug information has been moved into the response object. See https://spicedb.dev/d/check-traces"}`, }) if serr != nil { return nil, ps.rewriteError(ctx, serr) @@ -125,6 +126,7 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe CheckedAt: checkedAt, Permissionship: permissionship, PartialCaveatInfo: partialCaveat, + DebugTrace: debugTrace, }, nil } diff --git a/internal/services/v1/permissions_test.go b/internal/services/v1/permissions_test.go index f653154a2f..031001f578 100644 --- a/internal/services/v1/permissions_test.go +++ b/internal/services/v1/permissions_test.go @@ -22,7 +22,6 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" - "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/types/known/structpb" "github.com/authzed/spicedb/internal/datastore/memdb" @@ -296,9 +295,7 @@ func TestCheckPermissions(t *testing.T) { if debug { require.NotNil(encodedDebugInfo) - debugInfo := &v1.DebugInformation{} - err = protojson.Unmarshal([]byte(*encodedDebugInfo), debugInfo) - require.NoError(err) + debugInfo := checkResp.DebugTrace require.NotNil(debugInfo.Check) require.NotNil(debugInfo.Check.Duration) require.Equal(tuple.StringObjectRef(tc.resource), tuple.StringObjectRef(debugInfo.Check.Resource)) @@ -347,10 +344,7 @@ func TestCheckPermissionWithDebugInfo(t *testing.T) { require.NotNil(encodedDebugInfo) - debugInfo := &v1.DebugInformation{} - err = protojson.Unmarshal([]byte(*encodedDebugInfo), debugInfo) - require.NoError(err) - + debugInfo := checkResp.DebugTrace require.GreaterOrEqual(len(debugInfo.Check.GetSubProblems().Traces), 1) require.NotEmpty(debugInfo.SchemaUsed)