Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

caveat in MemDB datastore #807

Merged
merged 18 commits into from
Sep 20, 2022
Merged

caveat in MemDB datastore #807

merged 18 commits into from
Sep 20, 2022

Conversation

vroldanbet
Copy link
Contributor

@vroldanbet vroldanbet commented Sep 8, 2022
edited
Loading

#757

This PR introduces datastore interface to do CRUD operations with Caveats. We choose to start with MemDB because it does not require migrations, it's not meant to be used in production, and thus allows us to start building the graph evaluation logic without requiring modifications to all datastores. Once we've nailed its usage, we can go back to add support in the rest of datastores.

The main design choices are:

  • Caveats have its own lifecycle independent from Namespaces
  • They get a globally unique identifier so that we can continue referencing them even though name may change
  • Name is a user-friendly way to reference a caveat. It will be used in the schema language to give caveats a name the schema developer can reference in their definition
  • The datastore does not know anything about how caveats are implemented, and are simply stored as a sequence of bytes
  • Tuples will reference caveats by its ID.
  • Tuples may include a caveat context, which will be passed along to the caveat evaluator. Think input arguments of a function.
  • The caveat package has evolved to serialize the caveat name with the proto representation. This is necessary for type checking in the schema.
  • New interfaces are added to make datastores support caveats. They include the various CRUD operations. Writes are upserts, and caveats can be looked up by ID or name.
  • Two caveats with the same name are considered the same caveat. There cannot be two caveats with distinct IDs and same Name

@github-actions github-actions bot added area/datastore Affects the storage system area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) labels Sep 8, 2022
@vroldanbet vroldanbet force-pushed the caveat-hybrid-spike branch 3 times, most recently from 4edd111 to dff6f68 Compare September 13, 2022 14:24
@github-actions github-actions bot added the area/dependencies Affects dependencies label Sep 13, 2022
@vroldanbet vroldanbet force-pushed the caveat-hybrid-spike branch 3 times, most recently from 8951238 to 2efc7c2 Compare September 13, 2022 15:02
josephschorr
josephschorr reviewed Sep 14, 2022
View reviewed changes
internal/datastore/memdb/caveat.go Outdated Show resolved Hide resolved
internal/datastore/memdb/caveat.go Outdated Show resolved Hide resolved
internal/datastore/memdb/caveat.go Outdated Show resolved Hide resolved
internal/datastore/memdb/readwrite.go Show resolved Hide resolved
internal/datastore/memdb/readwrite.go Outdated Show resolved Hide resolved
pkg/caveats/compile.go Show resolved Hide resolved
@vroldanbet vroldanbet force-pushed the caveat-hybrid-spike branch 3 times, most recently from d9bea35 to 30d445d Compare September 15, 2022 18:29
@vroldanbet vroldanbet changed the title spiking named/anonymous caveat design caveat in datastore redux Sep 15, 2022
@vroldanbet vroldanbet self-assigned this Sep 15, 2022
josephschorr
josephschorr reviewed Sep 16, 2022
View reviewed changes
internal/datastore/memdb/readwrite.go Outdated Show resolved Hide resolved
internal/datastore/memdb/schema.go Outdated Show resolved Hide resolved
@vroldanbet
spike named/anonymous caveats
1ac4f6a
@vroldanbet
adjust naming and use structpb
d9c7a71 
instead of using protobuf.Any, we use
protobuf.Struct that better maps a
map[string]any

we move away from the concept of caveat
digest and will reference them by name.
Anonymous caveats will have a globally-unique
name that may likely be the result of performing
a digest of the signature and payload

we replace "caveat logic" with "caveat expression"

we also change the term "predefined variables" with "caveat
context" to refer to the state persisted alongside the tuple.
these are variables that will be injected at caveat evaluation time

as a minor inconvenience the relationship.RelationTuple method now has to
return an error, propagated from the call to structpb.NewStruct.
That led to changes in all callsites using it.
@vroldanbet
pluralize interface methods
048999e 
h/t @josephschorr
@vroldanbet
introduce Caveat ID
44b8f10 
cavat names are not a good source
for database ID. The ID will be used
as the foreign key used in in tuples
to keep track of caveats.
@vroldanbet
remove caveat type
88cae16 
we are going to punt on anonymous caveats
for now as we've found named caveats
can fulfil most requirements we've
stumbled upon

as a consequence the caveat reference
is simplified and now we use
the caveat id

if we ever are to introduce anonymous
caveats, we can do a proto oneof between
a named caveat ID and an anonymous caveat payload
@vroldanbet
uses uint64 as caveatID instead of string
a20ccbb
@vroldanbet
test name uniqueness
0762676 
I couldn't determine why go-memdb does not honor
secondary index uniqueness, so I added a safeguard.
@vroldanbet
add interface docs
0c9112f
@vroldanbet
serialize name with caveat and test
e6aafb2
@vroldanbet
datastore no longer responsible to check if caveat exists
bf3245d 
this commit removes validating that a caveated tuple
references an existing caveat. The controller layer
is responsible to maintain the integrity. It also
helps avoid duplicated validation across layers
@vroldanbet
rename internal memdb struct to align with proto name
8a6548b 
if was formerly named "CaveatReference" in the proto def
@github-actions github-actions bot removed the area/dependencies Affects dependencies label Sep 19, 2022
@vroldanbet vroldanbet marked this pull request as ready for review September 19, 2022 11:38
@vroldanbet vroldanbet requested a review from a team September 19, 2022 11:38
@vroldanbet vroldanbet changed the title caveat in datastore redux caveat in MemDB datastore redux Sep 19, 2022
josephschorr
josephschorr reviewed Sep 19, 2022
View reviewed changes
internal/datastore/memdb/caveat.go Outdated Show resolved Hide resolved
internal/datastore/memdb/caveat.go Show resolved Hide resolved
internal/datastore/memdb/caveat.go Show resolved Hide resolved
internal/datastore/memdb/caveat_test.go Outdated Show resolved Hide resolved
internal/datastore/memdb/caveat_test.go Show resolved Hide resolved
pkg/datastore/caveat.go Show resolved Hide resolved
proto/internal/core/v1/core.proto Show resolved Hide resolved
proto/internal/core/v1/core.proto Show resolved Hide resolved
proto/internal/core/v1/core.proto Outdated Show resolved Hide resolved
proto/internal/core/v1/core.proto
max_bytes : 128,
} ];

/** expression is the byte representation of a caveat's logic */
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should just make this DecodedCaveat and move it in here...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

honestly it's not clear to me what is the design rationale behind the impl proto package. It feels like both would overlap in responsibility.

@vroldanbet
address review comments by @josephschorr
44e0782
@vroldanbet
add custom errors for not found name/id
3ff4020 
this is important in order to provide a good
experience in dev tooling
@vroldanbet
panic if caveats are attempted to be written
9a702d6 
for safety until those datastores implement
caveat support
josephschorr
josephschorr reviewed Sep 20, 2022
View reviewed changes
pkg/datastore/caveat.go Show resolved Hide resolved
proto/internal/core/v1/core.proto Outdated Show resolved Hide resolved
internal/datastore/memdb/caveat.go Show resolved Hide resolved
internal/datastore/mysql/readwrite.go Show resolved Hide resolved
internal/datastore/crdb/readwrite.go Outdated Show resolved Hide resolved
@vroldanbet
clarify in comment MemDB does not enforce uniqueness
d104b71
@vroldanbet
more cosmetic changes from PR review
1282eac
@vroldanbet
demonstrate snapshot reads for memdb
b22266d 
in order to demonstrate snapshot reads
the caveat write operation had to be adjusted
to support upserts. Thus it's no longer
returning an error on duplicate caveats
josephschorr
josephschorr approved these changes Sep 20, 2022
View reviewed changes
Copy link
Member

@josephschorr josephschorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vroldanbet vroldanbet merged commit bb5f08b into authzed:main Sep 20, 2022
@vroldanbet vroldanbet deleted the caveat-hybrid-spike branch September 20, 2022 16:57
@github-actions github-actions bot locked and limited conversation to collaborators Sep 20, 2022
@vroldanbet vroldanbet changed the title caveat in MemDB datastore redux caveat in MemDB datastore Sep 21, 2022
@jzelinskie jzelinskie added the area/caveats Affects caveated relationships label Oct 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jakedt jakedt jakedt left review comments

@josephschorr josephschorr josephschorr approved these changes

Assignees

@vroldanbet vroldanbet

Labels
area/caveats Affects caveated relationships area/datastore Affects the storage system area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vroldanbet @jakedt @josephschorr @jzelinskie