Joseph Schorr
Joseph Schorr
This (draft) PR adds the dispatching support for LookupSubjects. NOTE: This does not yet implement the actual API, nor does it change the dispatch for expand in any way. An...
**Problem**: The SpiceDB datastores occasionally require migrations of the schema and data for the underlying services or engines. For example, adding a new index into Postgres, or writing a default...
_Originally posted by @bryanaknight in https://github.com/authzed/spicedb/issues/1#issuecomment-973357174_ I ran into a use-case (for GitHub) that is related to this. Scenario: We have specially privileged users (e.g. staff) that have permissions for...
## Background SpiceDB’s schema contains the arrow operation (known as `TupleToUserset` in Zanzibar), which performs a “walk” of relationships found on a relation (forming the `tupleset`), and for each object...
 # Lookup Watch API and Caching Service ("Tiger cache") ## Background The [Lookup Resources API](https://buf.build/authzed/api/docs/main/authzed.api.v1#LookupResources) provides a graph-driven permission-aware reverse lookup of all resources, of a particular type,...
Its a nice utility and not only used by migrations anymore
The [Lookup Watch API Proposal](https://github.com/authzed/spicedb/issues/207) includes the addition of the "reachability" APIs, which allow a caller to query the data-driven shape of the permissions graph. One of the APIs proposed...
https://github.com/onsi/ginkgo provides a nice framework for state-driven tests. We should try converting a test (maybe a portion of consistency testing?) over to it, and see if it makes the tests...
Right now, the `time` field in the pgx logs as output is repeated: ``` {"level":"info","module":"pgx","args":[],"commandTag":"...","sql":"begin read only","time":2.258174,"time":"2021-09-02T16:31:54Z","message":"Exec"} ``` Note that the produced JSON, when piped through tooling, loses one of...
In https://github.com/authzed/spicedb/blob/main/internal/graph/check.go#L61, we perform a lookup of *all* relationships under a relation, and then search for the goal subject, as well as kicking off the recursive checks if a non-terminal...