Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added multiple validation files parsing support #455

Merged
merged 5 commits into from
Jan 15, 2025
Merged

Added multiple validation files parsing support #455

merged 5 commits into from
Jan 15, 2025

Conversation

kartikaysaxena
Copy link
Contributor

@kartikaysaxena kartikaysaxena commented Jan 13, 2025
edited
Loading

Related #453 #454

zed validate now takes in multiple args to validate, also looks for schemaFile in given .yaml validation files to parse the schema. Example usage:-

(base) Kartikay2@Kartikays-MacBook-Pro-2 zed % ./zed validate validations/*
warning: Arrow `parent->reader` under permission "view" references relation "reader" on definition "folder"; it is recommended to point to a permission (arrow-references-relation)
 25 |       relation auditor: user with day_of_a_week
 26 | 
 27 | 
 28 >       // can user:kartikay view document:quartely_planning
 29 |       permission view = reader + owner + parent->reader + auditor
 30 |       permission edit = owner + parent->owner
 25 |     - "[user:owner_1] is <document:quaterly_planning#owner>"
 26 |     - "[user:owner_2] is <document:quaterly_planning#owner>"
 27 |   document:quaterly_planning#parent:
 28 >     - "[folder:planning] is <document:quaterly_planning#parent>"
 29 |   document:quaterly_planning#view:
 30 |     - "[user:auditorhere[...]] is <document:quaterly_planning#auditor>"
 25 | 
 26 | 
 27 |     // can user:kartikay view document:quartely_planning
 28 >     permission view = reader + owner + parent->reader + auditor
    >                                        ^~~~~~~~~~~~~~
 29 |     permission edit = owner + parent->owner
 30 |     permission delete = owner + parent->owner

warning: Arrow `parent->owner` under permission "edit" references relation "owner" on definition "folder"; it is recommended to point to a permission (arrow-references-relation)
 26 | 
 27 | 
 28 |       // can user:kartikay view document:quartely_planning
 29 >       permission view = reader + owner + parent->reader + auditor
 30 |       permission edit = owner + parent->owner
 31 |       permission delete = owner + parent->owner
 26 |     - "[user:owner_2] is <document:quaterly_planning#owner>"
 27 |   document:quaterly_planning#parent:
 28 |     - "[folder:planning] is <document:quaterly_planning#parent>"
 29 >   document:quaterly_planning#view:
 30 |     - "[user:auditorhere[...]] is <document:quaterly_planning#auditor>"
 31 |     - "[user:folder_reader_1] is <folder:planning#reader>"
 26 | 
 27 |     // can user:kartikay view document:quartely_planning
 28 |     permission view = reader + owner + parent->reader + auditor
 29 >     permission edit = owner + parent->owner
    >                               ^~~~~~~~~~~~~
 30 |     permission delete = owner + parent->owner
 31 | }

warning: Arrow `parent->owner` under permission "delete" references relation "owner" on definition "folder"; it is recommended to point to a permission (arrow-references-relation)
 27 | 
 28 |       // can user:kartikay view document:quartely_planning
 29 |       permission view = reader + owner + parent->reader + auditor
 30 >       permission edit = owner + parent->owner
    >                                 ^~~~~~~~~~~~~
 31 |       permission delete = owner + parent->owner
 32 |   }
 27 |   document:quaterly_planning#parent:
 28 |     - "[folder:planning] is <document:quaterly_planning#parent>"
 29 |   document:quaterly_planning#view:
 30 >     - "[user:auditorhere[...]] is <document:quaterly_planning#auditor>"
 31 |     - "[user:folder_reader_1] is <folder:planning#reader>"
 32 |     - "[user:owner_1] is <document:quaterly_planning#owner>"
 27 |     // can user:kartikay view document:quartely_planning
 28 |     permission view = reader + owner + parent->reader + auditor
 29 |     permission edit = owner + parent->owner
 30 >     permission delete = owner + parent->owner
    >                                 ^~~~~~~~~~~~~
 31 | }

complete - 26 relationships loaded, 2 assertions run, 8 expected relations validated
total files: 3, successfully validated files: 3

Edit: Raised authzed/spicedb#2206 to introduce schemaFile which would fix the tests here too

@tstirrat15
Copy link
Contributor

@kartikaysaxena as a temporary fix for the linting stuff, you can install a git SHA with go get github.com/authzed/spicedb@<git sha>. we can update the reference once there's a release to point at.

tstirrat15
tstirrat15 reviewed Jan 13, 2025
View reviewed changes
Copy link
Contributor

@tstirrat15 tstirrat15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments - the assumption about using the first schema file for the dev context is the only part that I'd like to change. The other points are more for discussion.

internal/cmd/validate.go Outdated Show resolved Hide resolved
internal/decode/decoder.go
@@ -105,6 +105,30 @@ func directHTTPDecoder(u *url.URL) Func {
}
}

// Uses the files passed in the args and looks for the specified schemaFile to parse the YAML.
func unmarshalAsYAMLOrSchemaWithFile(data []byte, out interface{}, args []string) (bool, error) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add validation for the case where a user specifies both the schema and the schemafile?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When both schema and schemaFIle are provided, it directly goes to yaml.Unmarshal() which prefers schema over schemaFile.

internal/cmd/validate.go
@@ -71,7 +71,7 @@ var validateCmd = &cobra.Command{

From a devtools instance:
zed validate https://localhost:8443/download`,
Args: cobra.ExactArgs(1),
Args: cobra.MinimumNArgs(1),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

internal/decode/decoder.go
Comment on lines +122 to +129
data, err = io.ReadAll(file)
if err != nil {
return false, err
}
}
}
}
return unmarshalAsYAMLOrSchema(data, out)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... I suppose that one implication of doing it this way is that one yaml file could reference another. Is that desirable? Genuine question; I don't know the answer. I think I'm fine with it, though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add maybe some identifiers to prevent this if not desirable.

internal/decode/decoder.go
schema := out.(*validationfile.ValidationFile)

for _, arg := range args {
if strings.Contains(arg, schema.SchemaFile) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does this check do?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checks if the file is present in the arguments provided to validate

@kartikaysaxena kartikaysaxena force-pushed the multiple-validation-files branch 2 times, most recently from 23bd84e to 2bb29e8 Compare January 14, 2025 20:10
@kartikaysaxena
merge loops and enhance logic
dc5852f 
Signed-off-by: Kartikay <kartikay_2101ce32@iitp.ac.in>
@kartikaysaxena kartikaysaxena force-pushed the multiple-validation-files branch from 2bb29e8 to dc5852f Compare January 14, 2025 20:40
@tstirrat15 tstirrat15 mentioned this pull request Jan 14, 2025
Merged
@tstirrat15
Copy link
Contributor

This is looking good to me. Can you look into the lint failures? Then we'll get the SpiceDB PR merged and we can update this PR to point at that SpiceDB commit.

@kartikaysaxena
lint
c5908cf 
Signed-off-by: Kartikay <kartikay_2101ce32@iitp.ac.in>
@kartikaysaxena kartikaysaxena force-pushed the multiple-validation-files branch 2 times, most recently from f6d132d to c5282b6 Compare January 14, 2025 22:46
@kartikaysaxena
added parser logic
2ee39b6 
Signed-off-by: Kartikay <kartikay_2101ce32@iitp.ac.in>
@kartikaysaxena kartikaysaxena force-pushed the multiple-validation-files branch from e7e9d0e to 2ee39b6 Compare January 14, 2025 23:13
@tstirrat15
Copy link
Contributor

This looks great! Thank you!

@tstirrat15 tstirrat15 merged commit 753fe21 into authzed:main Jan 15, 2025
11 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Jan 15, 2025
@kartikaysaxena kartikaysaxena deleted the multiple-validation-files branch January 16, 2025 17:58
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tstirrat15 tstirrat15 tstirrat15 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kartikaysaxena @tstirrat15