v1.WriteSchema relationship sanity check should skip permissions #733
Assignees
Labels
area/api v1
Affects the v1 API
area/perf
Affects performance or scalability
priority/1 high
This is the top priority
Comments
jzelinskie
added
priority/1 high
josephschorr
added a commit
to josephschorr/spicedb
that referenced
this issue
Aug 2, 2022
This PR changes the namespace diff logic to treat relations and permissions distinctly, thus ensuring that WriteSchema will only check for relationships if a *relation* is removed, and not a permission as well. This was a legacy of the time when relations could contain both data and expressions. Fixes authzed#733
josephschorr
added a commit
to josephschorr/spicedb
that referenced
this issue
Aug 2, 2022
This PR changes the namespace diff logic to treat relations and permissions distinctly, thus ensuring that WriteSchema will only check for relationships if a *relation* is removed, and not a permission as well. This was a legacy of the time when relations could contain both data and expressions. Fixes authzed#733
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To ensure that data remains valid across schema migrations,
v1.WriteSchemaperforms a sanity check.An optimization that is missing for this sanity check is to skip permissions as they are computed and cannot contain any data themselves. This optimization would vastly improve the performance of large schema writes on production systems and make schema migrations that only modify permissions nearly instantaneous.
Big thanks to @williamdclt for the report the surfaced this issue.
The text was updated successfully, but these errors were encountered: