spicedb-operator icon indicating copy to clipboard operation
spicedb-operator copied to clipboard
verified publisher icon authzed

[RFE] add the ability to load schema and initial dataset

Open raffaelespazzoli opened this issue 3 years ago • 2 comments

I think the title is self explanatory. I envision this feature as having configmap for the schema and the initial dataset and pointing the operator to them. The operator would then load the scripts in an idempotent way (i.e. respecting possibly existing data) when the cluster starts.

raffaelespazzoli avatar Nov 30 '22 20:11 raffaelespazzoli

This might even call for CRDs to be able to version the schema.

ensonic avatar Jan 31 '23 07:01 ensonic

This should be possible now with 1.2.0:

apiVersion: authzed.com/v1alpha1
kind: SpiceDBCluster
metadata:
  name: dev
spec:
  config:
    datastoreEngine: memory
    datastoreBootstrapFiles: /etc/bootstrap/init.yaml
  secretName: dev-spicedb-config
  patches:
  - kind: Deployment
    patch:
      spec:
        template:
          spec:
            volumes:
            - name:  bootstrap
              configMap:
                name: spicedb-bootstrap
            containers:
            - name: dev-spicedb
              volumeMounts:
              - name: bootstrap
                mountPath: /etc/bootstrap
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: spicedb-bootstrap
data:
  init.yaml: |
    schema: |-
      definition user {}
    
      definition document {
          relation writer: user
          relation reader: user

          permission edit = writer
          permission view = reader + edit
      }
    relationships: |-
      document:firstdoc#writer@user:tom
      document:firstdoc#reader@user:fred
      document:seconddoc#reader@user:tom

I'll keep this open though; I think the idea of a separate API for this interesting.

ecordell avatar Feb 27 '23 21:02 ecordell