Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add debug trace support to bulk check API #127

Merged
merged 3 commits into from
Jan 7, 2025
Merged

Add debug trace support to bulk check API #127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
70e63e3
Add debug trace support to bulk check API
josephschorr Dec 30, 2024
54441d0
Add `source` field to debug information for better resolution informa…
josephschorr Jan 6, 2025
4b70b0b
Clarify trace comments
josephschorr Jan 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions authzed/api/v1/debug.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ message CheckDebugTrace {
}

// resource holds the resource on which the Check was performed.
// for batched calls, the object_id field contains a comma-separated list of object IDs
// for all the resources checked in the batch.
ObjectReference resource = 1 [ (validate.rules).message.required = true ];

// permission holds the name of the permission or relation on which the Check was performed.
Expand Down Expand Up @@ -82,6 +84,21 @@ message CheckDebugTrace {
// optional_expires_at is the time at which at least one of the relationships used to
// compute this result, expires (if any). This is *not* related to the caching window.
google.protobuf.Timestamp optional_expires_at = 10;

// trace_operation_id is a unique identifier for this trace's operation, that will
// be shared for all traces created for the same check operation in SpiceDB.
//
// In cases where SpiceDB performs automatic batching of subproblems, this ID can be used
// to correlate work that was shared across multiple traces.
//
// This identifier is generated by SpiceDB, is to be considered opaque to the caller
// and only guaranteed to be unique within the same overall Check or CheckBulk operation.
string trace_operation_id = 11;

// source holds the source of the result. It is of the form:
// `<sourcetype>:<sourceid>`, where sourcetype can be, among others:
// `spicedb`, `materialize`, etc.
string source = 12;
}

// CaveatEvalInfo holds information about a caveat expression that was evaluated.
Expand Down
8 changes: 8 additions & 0 deletions authzed/api/v1/permission_service.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -421,6 +421,11 @@ message CheckBulkPermissionsRequest {
Consistency consistency = 1;

repeated CheckBulkPermissionsRequestItem items = 2 [ (validate.rules).repeated .items.message.required = true ];

// with_tracing, if true, indicates that each response should include a debug trace.
// This can be useful for debugging and performance analysis, but adds a small amount
// of compute overhead to the request.
bool with_tracing = 3;
}

message CheckBulkPermissionsRequestItem {
Expand Down Expand Up @@ -454,6 +459,9 @@ message CheckBulkPermissionsResponseItem {
CheckPermissionResponse.Permissionship permissionship = 1 [ (validate.rules).enum = {defined_only: true, not_in: [0]} ];

PartialCaveatInfo partial_caveat_info = 2 [ (validate.rules).message.required = false ];

// debug_trace is the debugging trace of this check, if requested.
DebugInformation debug_trace = 3;
}

// ExpandPermissionTreeRequest returns a tree representing the expansion of all
Expand Down
Loading