Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

introduce caveat support in WriteRelationships/ReadRelationships #838

Merged
merged 1 commit into from
Sep 29, 2022
Merged

introduce caveat support in WriteRelationships/ReadRelationships #838

merged 1 commit into from
Sep 29, 2022

Conversation

vroldanbet
Copy link
Contributor

@vroldanbet vroldanbet commented Sep 22, 2022
edited
Loading

Tracking: #386
Closes #836
Depends on authzed/api#38
Depends on authzed/authzed-go#71

What

Introduces support for writing caveated relationships via WriteRelationships API

How

The duality caveat_id/caveat_name was problematic to handle between the controller layer and the datastore layer, so it was adjusted.

The usage of ID introduced a situation where a core.RelationTuple cannot be converted to a v1.Relationship without a database lookup, because database tuples reference caveats via ID, but we return named caveats to the client via v1.Relationship. It would be a departure from what happens today in service controllers: v1-to-core would introduce I/O operations.

☝🏻 is certainly not a deal breaker we couldn't addres, but the question here is that it's not clear the usage of ID buys us anything at this point. The rationale behind them was being able to support "anonymous caveats". An anonymous caveat signature defined in place in a relation in the schema. Because they don't have a name, we need a way to identify them.

However, it's not clear anonymous caveats is needed at this point, and that we should work on it when the need arises.

Note: because caveat is not yet exposed via Schema API, I resourced to writing it directly via the datastore, using type assertions.

Note on failing buf build

I intentionally broke core proto definition. These haven't been yet released and are not being used so we can ignore that error:

Error: Field "1" on message "ContextualizedCaveat" changed type from "uint64" to "string". See https://developers.google.com/protocol-buffers/docs/proto3#updating for wire compatibility rules.
Error: buf found 1 breaking changes.

@github-actions github-actions bot added area/api v1 Affects the v1 API area/dependencies Affects dependencies area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) labels Sep 22, 2022
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch 4 times, most recently from 008963e to a18066f Compare September 27, 2022 16:19
@github-actions github-actions bot added the area/datastore Affects the storage system label Sep 27, 2022
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch 2 times, most recently from 5084df5 to 40f76bd Compare September 27, 2022 16:42
@github-actions github-actions bot added the area/dispatch Affects dispatching of requests label Sep 27, 2022
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch 5 times, most recently from cd0a252 to d8f32f0 Compare September 27, 2022 17:58
@github-actions github-actions bot removed the area/dispatch Affects dispatching of requests label Sep 27, 2022
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch from d8f32f0 to 5a5f1d3 Compare September 27, 2022 18:11
@vroldanbet vroldanbet self-assigned this Sep 28, 2022
@vroldanbet vroldanbet changed the title introduce caveat support in WriteRelationships introduce caveat support in WriteRelationships/ReadRelationships Sep 28, 2022
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch from 5a5f1d3 to b35cd00 Compare September 28, 2022 19:34
@vroldanbet vroldanbet marked this pull request as ready for review September 28, 2022 19:35
@vroldanbet vroldanbet requested review from a team and josephschorr September 28, 2022 19:35
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch from b35cd00 to 7cfd73c Compare September 28, 2022 19:35
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch 2 times, most recently from 9b06a37 to c3ce2f3 Compare September 29, 2022 16:16
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch from c3ce2f3 to 679697f Compare September 29, 2022 16:29
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch from 679697f to 4bea32c Compare September 29, 2022 16:33
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch from 4bea32c to fdf5d93 Compare September 29, 2022 16:47
@vroldanbet
introduce caveat support in WriteRelationships
3356329 
this commit changes parts of the datastore implementation.
The duality caveatID/CaveatName was problematic to handle
between the controller layer and the datastore layer:

The usage of ID introduced a situation where a core.RelationTuple
cannot be converted to a v1.Relationship without a database lookup,
because database tuples reference caveats via ID, but we return
named caveats to the client via v1.Relationship. It would be a departure
from what happens today in service controllers: v1-to-core would introduce
I/O operations.

The question here is that it's not clear the usage of ID buys us anything
at this point. The rationale behind them was being able to support "anonymous caveats".
An anonymous caveat signature defined in place in a relation in the schema.
Because they don't have a name, we need a way to identify them.

However, it's not clear anonymous caveats is needed at this point,
and that we should work on it when the need arises.
@vroldanbet vroldanbet force-pushed the add-caveat-to-write-relationships branch from fdf5d93 to 3356329 Compare September 29, 2022 16:55
josephschorr
josephschorr approved these changes Sep 29, 2022
View reviewed changes
Copy link
Member

@josephschorr josephschorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@josephschorr josephschorr merged commit 3b8f7d4 into main Sep 29, 2022
@josephschorr josephschorr deleted the add-caveat-to-write-relationships branch September 29, 2022 18:28
@github-actions github-actions bot locked and limited conversation to collaborators Sep 29, 2022
@jzelinskie jzelinskie added the area/caveats Affects caveated relationships label Oct 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@josephschorr josephschorr josephschorr approved these changes

Assignees

@vroldanbet vroldanbet

Labels
area/api v1 Affects the v1 API area/caveats Affects caveated relationships area/datastore Affects the storage system area/dependencies Affects dependencies area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

add caveats in the WriteRelationships/ReadRelationships API
3 participants
@vroldanbet @josephschorr @jzelinskie