Add config option for path to schema file

Add init mechanism that loads the schema and writes it Remove bootstrap from test container Some tests passing
project-kessel · Sep 4, 2024 · 2d877a5 · 2d877a5
1 parent b0cc615
commit 2d877a5
Show file tree

Hide file tree

Showing 10 changed files with 149 additions and 92 deletions.
diff --git a/configs/config.yaml b/configs/config.yaml
@@ -16,3 +16,4 @@ data:
     endpoint: "${ENDPOINT:0.0.0.0:50051}"
     token: "${PRESHARED}" # token takes precedence over tokenFile
     tokenFile: "${PRESHARED_FILE:.secrets/local-spicedb-secret}"
+    schemaFile: "${SCHEMA_FILE:deploy/schema.zed}"
diff --git a/go.mod b/go.mod
@@ -55,6 +55,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/cel-go v0.21.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/google/subcommands v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
@@ -82,11 +83,13 @@ require (
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 // indirect
+	golang.org/x/mod v0.20.0 // indirect
 	golang.org/x/net v0.28.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.24.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.24.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

diff --git a/go.sum b/go.sum
@@ -105,6 +105,7 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/subcommands v1.2.0 h1:vWQspBTo2nEqTUFita5/KeEWlUL8kQObDFbub/EN9oE=
 github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -238,6 +239,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -317,6 +320,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/internal/conf/conf.pb.go b/internal/conf/conf.pb.go
diff --git a/internal/conf/conf.proto b/internal/conf/conf.proto
@@ -39,6 +39,7 @@ message Data {
     string endpoint = 2;
     string token = 3;
     string tokenFile = 4;
+    string schemaFile = 5;
   }
   SpiceDb spiceDb = 1;
 }
diff --git a/internal/data/LocalSpiceDbContainer.go b/internal/data/LocalSpiceDbContainer.go
@@ -6,22 +6,25 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+
 	"github.com/authzed/authzed-go/v1"
 
-	"github.com/go-kratos/kratos/v2/log"
-	"github.com/ory/dockertest/v3"
-	"github.com/ory/dockertest/v3/docker"
-	"github.com/project-kessel/relations-api/internal/conf"
 	"io"
 	"os"
 	"path"
 	"path/filepath"
 	"runtime"
 	"time"
 
+	"github.com/go-kratos/kratos/v2/log"
+	"github.com/ory/dockertest/v3"
+	"github.com/ory/dockertest/v3/docker"
+	"github.com/project-kessel/relations-api/internal/conf"
+
 	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/health/grpc_health_v1"
 )
 
 const (
@@ -30,18 +33,19 @@ const (
 	// SpicedbVersion is the image version used for containerized spiceDB in tests
 	SpicedbVersion = "v1.22.2"
 	// SpicedbSchemaBootstrapFile specifies an optional bootstrap schema file to be used for testing
-	SpicedbSchemaBootstrapFile = "spicedb-test-data/basic_schema.yaml"
+	SpicedbSchemaBootstrapFile = "spicedb-test-data/basic_schema.zed"
 	// SpicedbRelationsBootstrapFile specifies an optional bootstrap file containing relations to be used for testing
 	SpicedbRelationsBootstrapFile = ""
 )
 
 // LocalSpiceDbContainer struct that holds pointers to the container, dockertest pool and exposes the port
 type LocalSpiceDbContainer struct {
-	logger    log.Logger
-	port      string
-	container *dockertest.Resource
-	pool      *dockertest.Pool
-	name      string
+	logger         log.Logger
+	port           string
+	container      *dockertest.Resource
+	pool           *dockertest.Pool
+	name           string
+	schemaLocation string
 }
 
 type ContainerOptions struct {
@@ -65,27 +69,10 @@ func CreateContainer(opts *ContainerOptions) (*LocalSpiceDbContainer, error) {
 
 	cmd := []string{"serve-testing", "--skip-release-check=true"}
 
-	var mounts []string
-	if SpicedbSchemaBootstrapFile != "" {
-		cmd = append(cmd, "--load-configs")
-		cmd = append(cmd, "/mnt/spicedb_bootstrap.yaml")
-		mounts = append(mounts, path.Join(basepath, SpicedbSchemaBootstrapFile)+":/mnt/spicedb_bootstrap.yaml")
-	}
-	if SpicedbRelationsBootstrapFile != "" {
-		if SpicedbSchemaBootstrapFile != "" {
-			cmd[len(cmd)-1] = "/mnt/spicedb_bootstrap.yaml,/mnt/spicedb_bootstrap_relations.yaml"
-		} else {
-			cmd = append(cmd, "--load-configs")
-			cmd = append(cmd, "/mnt/spicedb_bootstrap_relations.yaml")
-		}
-		mounts = append(mounts, path.Join(basepath, SpicedbRelationsBootstrapFile)+":/mnt/spicedb_bootstrap_relations.yaml")
-	}
-
 	runopt := &dockertest.RunOptions{
 		Repository:   SpicedbImage,
 		Tag:          SpicedbVersion, // Replace this with an actual version
 		Cmd:          cmd,
-		Mounts:       mounts,
 		ExposedPorts: []string{"50051/tcp", "50052/tcp"},
 	}
 	if opts.Network != nil {
@@ -111,11 +98,10 @@ func CreateContainer(opts *ContainerOptions) (*LocalSpiceDbContainer, error) {
 			return fmt.Errorf("error connecting to spiceDB: %v", err.Error())
 		}
 
-		client := v1.NewSchemaServiceClient(conn)
-
-		//read scheme we add via mount
-		_, err = client.ReadSchema(context.Background(), &v1.ReadSchemaRequest{})
-
+		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+		client := grpc_health_v1.NewHealthClient(conn)
+		client.Check(ctx, &grpc_health_v1.HealthCheckRequest{})
 		return err
 	})
 
@@ -124,11 +110,12 @@ func CreateContainer(opts *ContainerOptions) (*LocalSpiceDbContainer, error) {
 	}
 
 	return &LocalSpiceDbContainer{
-		name:      resource.Container.Name,
-		logger:    opts.Logger,
-		port:      port,
-		container: resource,
-		pool:      pool,
+		name:           resource.Container.Name,
+		logger:         opts.Logger,
+		port:           port,
+		container:      resource,
+		pool:           pool,
+		schemaLocation: path.Join(basepath, SpicedbSchemaBootstrapFile),
 	}, nil
 }
 
@@ -180,9 +167,10 @@ func (l *LocalSpiceDbContainer) CreateSpiceDbRepository() (*SpiceDbRepository, e
 	defer os.RemoveAll(tmpDir)
 
 	spiceDbConf := &conf.Data_SpiceDb{
-		UseTLS:   false,
-		Endpoint: "localhost:" + l.port,
-		Token:    tmpFile.Name(),
+		UseTLS:     false,
+		Endpoint:   "localhost:" + l.port,
+		Token:      tmpFile.Name(),
+		SchemaFile: l.schemaLocation,
 	}
 	repo, _, err := NewSpiceDbRepository(&conf.Data{SpiceDb: spiceDbConf}, l.logger)
 	if err != nil {

diff --git a/internal/data/spicedb-test-data/basic_schema.yaml b/internal/data/spicedb-test-data/basic_schema.yaml
diff --git a/internal/data/spicedb-test-data/basic_schema.zed b/internal/data/spicedb-test-data/basic_schema.zed
@@ -0,0 +1,29 @@
+definition rbac/user {}
+
+definition rbac/group {
+  relation member: rbac/user | rbac/group#member
+}
+
+definition rbac/role {
+  relation view_the_thing: rbac/user:*
+}
+
+definition rbac/role_binding {
+  relation subject : rbac/user | rbac/group#member
+  relation granted: rbac/role
+
+  permission view_the_thing = subject & granted->view_the_thing
+}
+
+definition rbac/workspace {
+  relation parent: rbac/workspace
+  relation user_grant: rbac/role_binding
+
+  permission view_the_thing = user_grant->view_the_thing
+}
+
+definition rbac/thing {
+  relation workspace: rbac/workspace
+
+  permission view = workspace->view_the_thing
+}