Skip to content

Commit

Permalink
Merge pull request #2163 from josephschorr/export-caveats
Browse files Browse the repository at this point in the history
Fix bulk export of relationships with caveats
  • Loading branch information
josephschorr authored Dec 12, 2024
2 parents d50ec46 + 063c693 commit b16e9d8
Show file tree
Hide file tree
Showing 5 changed files with 133 additions and 81 deletions.
42 changes: 18 additions & 24 deletions internal/services/v1/experimental.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (

"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/protobuf/types/known/timestamppb"

"github.com/ccoveille/go-safecast"
"github.com/jzelinskie/stringz"
Expand Down Expand Up @@ -154,12 +155,6 @@ func (a *bulkLoadAdapter) Next(_ context.Context) (*tuple.Relationship, error) {
a.currentBatch = batch.Relationships
a.numSent = 0

for _, rel := range batch.Relationships {
if rel.OptionalExpiresAt != nil {
return nil, fmt.Errorf("expiration time is not currently supported")
}
}

a.awaitingNamespaces, a.awaitingCaveats = extractBatchNewReferencedNamespacesAndCaveats(
a.currentBatch,
a.referencedNamespaceMap,
Expand All @@ -172,6 +167,13 @@ func (a *bulkLoadAdapter) Next(_ context.Context) (*tuple.Relationship, error) {
return nil, nil
}

a.current.RelationshipReference.Resource.ObjectType = a.currentBatch[a.numSent].Resource.ObjectType
a.current.RelationshipReference.Resource.ObjectID = a.currentBatch[a.numSent].Resource.ObjectId
a.current.RelationshipReference.Resource.Relation = a.currentBatch[a.numSent].Relation
a.current.Subject.ObjectType = a.currentBatch[a.numSent].Subject.Object.ObjectType
a.current.Subject.ObjectID = a.currentBatch[a.numSent].Subject.Object.ObjectId
a.current.Subject.Relation = stringz.DefaultEmpty(a.currentBatch[a.numSent].Subject.OptionalRelation, tuple.Ellipsis)

if a.currentBatch[a.numSent].OptionalCaveat != nil {
a.caveat.CaveatName = a.currentBatch[a.numSent].OptionalCaveat.CaveatName
a.caveat.Context = a.currentBatch[a.numSent].OptionalCaveat.Context
Expand All @@ -180,29 +182,15 @@ func (a *bulkLoadAdapter) Next(_ context.Context) (*tuple.Relationship, error) {
a.current.OptionalCaveat = nil
}

if a.caveat.CaveatName != "" {
a.current.OptionalCaveat = &a.caveat
} else {
a.current.OptionalCaveat = nil
}

a.current.OptionalIntegrity = nil
a.current.OptionalExpiration = nil

a.current.RelationshipReference.Resource.ObjectType = a.currentBatch[a.numSent].Resource.ObjectType
a.current.RelationshipReference.Resource.ObjectID = a.currentBatch[a.numSent].Resource.ObjectId
a.current.RelationshipReference.Resource.Relation = a.currentBatch[a.numSent].Relation
a.current.Subject.ObjectType = a.currentBatch[a.numSent].Subject.Object.ObjectType
a.current.Subject.ObjectID = a.currentBatch[a.numSent].Subject.Object.ObjectId
a.current.Subject.Relation = stringz.DefaultEmpty(a.currentBatch[a.numSent].Subject.OptionalRelation, tuple.Ellipsis)

if a.currentBatch[a.numSent].OptionalExpiresAt != nil {
t := a.currentBatch[a.numSent].OptionalExpiresAt.AsTime()
a.current.OptionalExpiration = &t
} else {
a.current.OptionalExpiration = nil
}

a.current.OptionalIntegrity = nil

if err := relationships.ValidateOneRelationship(
a.referencedNamespaceMap,
a.referencedCaveatMap,
Expand Down Expand Up @@ -432,9 +420,15 @@ func BulkExport(ctx context.Context, ds datastore.ReadOnlyDatastore, batchSize u
if rel.OptionalCaveat != nil {
caveatArray[offset].CaveatName = rel.OptionalCaveat.CaveatName
caveatArray[offset].Context = rel.OptionalCaveat.Context
v1Rel.OptionalCaveat = &caveatArray[offset]
} else {
v1Rel.OptionalCaveat = nil
}

if rel.OptionalExpiration != nil {
v1Rel.OptionalExpiresAt = timestamppb.New(*rel.OptionalExpiration)
} else {
caveatArray[offset].CaveatName = ""
caveatArray[offset].Context = nil
v1Rel.OptionalExpiresAt = nil
}
}

Expand Down
39 changes: 15 additions & 24 deletions internal/services/v1/experimental_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,14 +74,15 @@ func TestBulkImportRelationships(t *testing.T) {

for i := uint64(0); i < batchSize; i++ {
if withCaveats {
batch = append(batch, relWithCaveat(
batch = append(batch, mustRelWithCaveatAndContext(
tf.DocumentNS.Name,
strconv.Itoa(batchNum)+"_"+strconv.FormatUint(i, 10),
"caveated_viewer",
tf.UserNS.Name,
strconv.FormatUint(i, 10),
"",
"test",
map[string]any{"secret": strconv.FormatUint(i, 10)},
))
} else {
batch = append(batch, rel(
Expand Down Expand Up @@ -177,23 +178,18 @@ func TestBulkExportRelationships(t *testing.T) {
{tf.FolderNS.Name, "owner"},
{tf.DocumentNS.Name, "editor"},
{tf.FolderNS.Name, "editor"},
{tf.DocumentNS.Name, "caveated_viewer"},
{tf.DocumentNS.Name, "expiring_viewer"},
}

totalToWrite := 1_000
expectedRels := set.NewStringSetWithSize(totalToWrite)
batch := make([]*v1.Relationship, totalToWrite)
for i := range batch {
nsAndRel := nsAndRels[i%len(nsAndRels)]
rel := rel(
nsAndRel.namespace,
strconv.Itoa(i),
nsAndRel.relation,
tf.UserNS.Name,
strconv.Itoa(i),
"",
)
batch[i] = rel
expectedRels.Add(tuple.MustV1RelString(rel))
v1rel := relationshipForBulkTesting(nsAndRel, i)
batch[i] = v1rel
expectedRels.Add(tuple.MustV1RelString(v1rel))
}

ctx := context.Background()
Expand Down Expand Up @@ -280,7 +276,7 @@ func TestBulkExportRelationshipsWithFilter(t *testing.T) {
&v1.RelationshipFilter{
ResourceType: tf.DocumentNS.Name,
},
500,
625,
},
{
"filter by resource ID",
Expand All @@ -302,7 +298,7 @@ func TestBulkExportRelationshipsWithFilter(t *testing.T) {
ResourceType: tf.DocumentNS.Name,
OptionalResourceIdPrefix: "1",
},
55,
69,
},
{
"filter by invalid resource type",
Expand Down Expand Up @@ -335,31 +331,26 @@ func TestBulkExportRelationshipsWithFilter(t *testing.T) {
{tf.FolderNS.Name, "owner"},
{tf.DocumentNS.Name, "editor"},
{tf.FolderNS.Name, "editor"},
{tf.DocumentNS.Name, "caveated_viewer"},
{tf.DocumentNS.Name, "expiring_viewer"},
}

expectedRels := set.NewStringSetWithSize(1000)
batch := make([]*v1.Relationship, 1000)
for i := range batch {
nsAndRel := nsAndRels[i%len(nsAndRels)]
rel := rel(
nsAndRel.namespace,
strconv.Itoa(i),
nsAndRel.relation,
tf.UserNS.Name,
strconv.Itoa(i),
"",
)
batch[i] = rel
v1rel := relationshipForBulkTesting(nsAndRel, i)
batch[i] = v1rel

if tc.filter != nil {
filter, err := datastore.RelationshipsFilterFromPublicFilter(tc.filter)
require.NoError(err)
if !filter.Test(tuple.FromV1Relationship(rel)) {
if !filter.Test(tuple.FromV1Relationship(v1rel)) {
continue
}
}

expectedRels.Add(tuple.MustV1RelString(rel))
expectedRels.Add(tuple.MustV1RelString(v1rel))
}

require.Equal(tc.expectedCount, expectedRels.Size())
Expand Down
27 changes: 18 additions & 9 deletions internal/services/v1/permissions.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"google.golang.org/grpc/status"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/types/known/structpb"
"google.golang.org/protobuf/types/known/timestamppb"

cexpr "github.com/authzed/spicedb/internal/caveats"
dispatchpkg "github.com/authzed/spicedb/internal/dispatch"
Expand Down Expand Up @@ -768,6 +769,13 @@ func (a *loadBulkAdapter) Next(_ context.Context) (*tuple.Relationship, error) {
return nil, nil
}

a.current.RelationshipReference.Resource.ObjectType = a.currentBatch[a.numSent].Resource.ObjectType
a.current.RelationshipReference.Resource.ObjectID = a.currentBatch[a.numSent].Resource.ObjectId
a.current.RelationshipReference.Resource.Relation = a.currentBatch[a.numSent].Relation
a.current.Subject.ObjectType = a.currentBatch[a.numSent].Subject.Object.ObjectType
a.current.Subject.ObjectID = a.currentBatch[a.numSent].Subject.Object.ObjectId
a.current.Subject.Relation = stringz.DefaultEmpty(a.currentBatch[a.numSent].Subject.OptionalRelation, tuple.Ellipsis)

if a.currentBatch[a.numSent].OptionalCaveat != nil {
a.caveat.CaveatName = a.currentBatch[a.numSent].OptionalCaveat.CaveatName
a.caveat.Context = a.currentBatch[a.numSent].OptionalCaveat.Context
Expand All @@ -776,22 +784,15 @@ func (a *loadBulkAdapter) Next(_ context.Context) (*tuple.Relationship, error) {
a.current.OptionalCaveat = nil
}

a.current.OptionalIntegrity = nil

a.current.RelationshipReference.Resource.ObjectType = a.currentBatch[a.numSent].Resource.ObjectType
a.current.RelationshipReference.Resource.ObjectID = a.currentBatch[a.numSent].Resource.ObjectId
a.current.RelationshipReference.Resource.Relation = a.currentBatch[a.numSent].Relation
a.current.Subject.ObjectType = a.currentBatch[a.numSent].Subject.Object.ObjectType
a.current.Subject.ObjectID = a.currentBatch[a.numSent].Subject.Object.ObjectId
a.current.Subject.Relation = stringz.DefaultEmpty(a.currentBatch[a.numSent].Subject.OptionalRelation, tuple.Ellipsis)

if a.currentBatch[a.numSent].OptionalExpiresAt != nil {
t := a.currentBatch[a.numSent].OptionalExpiresAt.AsTime()
a.current.OptionalExpiration = &t
} else {
a.current.OptionalExpiration = nil
}

a.current.OptionalIntegrity = nil

if err := relationships.ValidateOneRelationship(
a.referencedNamespaceMap,
a.referencedCaveatMap,
Expand Down Expand Up @@ -996,9 +997,17 @@ func ExportBulk(ctx context.Context, ds datastore.Datastore, batchSize uint64, r
if rel.OptionalCaveat != nil {
caveatArray[offset].CaveatName = rel.OptionalCaveat.CaveatName
caveatArray[offset].Context = rel.OptionalCaveat.Context
v1Rel.OptionalCaveat = &caveatArray[offset]
} else {
caveatArray[offset].CaveatName = ""
caveatArray[offset].Context = nil
v1Rel.OptionalCaveat = nil
}

if rel.OptionalExpiration != nil {
v1Rel.OptionalExpiresAt = timestamppb.New(*rel.OptionalExpiration)
} else {
v1Rel.OptionalExpiresAt = nil
}
}

Expand Down
39 changes: 15 additions & 24 deletions internal/services/v1/permissions_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2087,14 +2087,15 @@ func TestImportBulkRelationships(t *testing.T) {

for i := uint64(0); i < batchSize; i++ {
if withTrait == "caveated_viewer" {
batch = append(batch, relWithCaveat(
batch = append(batch, mustRelWithCaveatAndContext(
tf.DocumentNS.Name,
strconv.Itoa(batchNum)+"_"+strconv.FormatUint(i, 10),
"caveated_viewer",
tf.UserNS.Name,
strconv.FormatUint(i, 10),
"",
"test",
map[string]any{"secret": strconv.FormatUint(i, 10)},
))
} else if withTrait == "expiring_viewer" {
batch = append(batch, relWithExpiration(
Expand Down Expand Up @@ -2197,23 +2198,18 @@ func TestExportBulkRelationships(t *testing.T) {
{tf.FolderNS.Name, "owner"},
{tf.DocumentNS.Name, "editor"},
{tf.FolderNS.Name, "editor"},
{tf.DocumentNS.Name, "caveated_viewer"},
{tf.DocumentNS.Name, "expiring_viewer"},
}

totalToWrite := 1_000
expectedRels := set.NewStringSetWithSize(totalToWrite)
batch := make([]*v1.Relationship, totalToWrite)
for i := range batch {
nsAndRel := nsAndRels[i%len(nsAndRels)]
rel := rel(
nsAndRel.namespace,
strconv.Itoa(i),
nsAndRel.relation,
tf.UserNS.Name,
strconv.Itoa(i),
"",
)
batch[i] = rel
expectedRels.Add(tuple.MustV1RelString(rel))
v1rel := relationshipForBulkTesting(nsAndRel, i)
batch[i] = v1rel
expectedRels.Add(tuple.MustV1RelString(v1rel))
}

ctx := context.Background()
Expand Down Expand Up @@ -2300,7 +2296,7 @@ func TestExportBulkRelationshipsWithFilter(t *testing.T) {
&v1.RelationshipFilter{
ResourceType: tf.DocumentNS.Name,
},
500,
625,
},
{
"filter by resource ID",
Expand All @@ -2322,7 +2318,7 @@ func TestExportBulkRelationshipsWithFilter(t *testing.T) {
ResourceType: tf.DocumentNS.Name,
OptionalResourceIdPrefix: "1",
},
55,
69,
},
{
"filter by invalid resource type",
Expand Down Expand Up @@ -2354,31 +2350,26 @@ func TestExportBulkRelationshipsWithFilter(t *testing.T) {
{tf.FolderNS.Name, "owner"},
{tf.DocumentNS.Name, "editor"},
{tf.FolderNS.Name, "editor"},
{tf.DocumentNS.Name, "caveated_viewer"},
{tf.DocumentNS.Name, "expiring_viewer"},
}

expectedRels := set.NewStringSetWithSize(1000)
batch := make([]*v1.Relationship, 1000)
for i := range batch {
nsAndRel := nsAndRels[i%len(nsAndRels)]
rel := rel(
nsAndRel.namespace,
strconv.Itoa(i),
nsAndRel.relation,
tf.UserNS.Name,
strconv.Itoa(i),
"",
)
batch[i] = rel
v1rel := relationshipForBulkTesting(nsAndRel, i)
batch[i] = v1rel

if tc.filter != nil {
filter, err := datastore.RelationshipsFilterFromPublicFilter(tc.filter)
require.NoError(err)
if !filter.Test(tuple.FromV1Relationship(rel)) {
if !filter.Test(tuple.FromV1Relationship(v1rel)) {
continue
}
}

expectedRels.Add(tuple.MustV1RelString(rel))
expectedRels.Add(tuple.MustV1RelString(v1rel))
}

require.Equal(tc.expectedCount, expectedRels.Size())
Expand Down
Loading

0 comments on commit b16e9d8

Please sign in to comment.