Merge pull request #1949 from josephschorr/steelthread-tests

Start on a steel thread test framework

go.mod

@@ -136,6 +136,8 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.0.0-alpha.1 // indirect
 	github.com/godbus/dbus/v5 v5.0.6 // indirect
 	github.com/golangci/modinfo v0.3.4 // indirect
+	github.com/gosimple/slug v1.14.0 // indirect
+	github.com/gosimple/unidecode v1.0.1 // indirect
 	github.com/jjti/go-spancheck v0.6.1 // indirect
 	github.com/lasiar/canonicalheader v1.1.1 // indirect
 	github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 // indirect

go.sum

@@ -1135,6 +1135,10 @@ github.com/gordonklaus/ineffassign v0.1.0/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it
 github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gosimple/slug v1.14.0 h1:RtTL/71mJNDfpUbCOmnf/XFkzKRtD6wL6Uy+3akm4Es=
+github.com/gosimple/slug v1.14.0/go.mod h1:UiRaFH+GEilHstLUmcBgWcI42viBN7mAb818JrYOeFQ=
+github.com/gosimple/unidecode v1.0.1 h1:hZzFTMMqSswvf0LBJZCZgThIZrpDHFXux9KeGmn6T/o=
+github.com/gosimple/unidecode v1.0.1/go.mod h1:CP0Cr1Y1kogOtx0bJblKzsVWrqYaqfNOnHzpgWw4Awc=
 github.com/gostaticanalysis/analysisutil v0.7.1 h1:ZMCjoue3DtDWQ5WyU16YbjbQEQ3VuzwxALrpYd+HeKk=
 github.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc=
 github.com/gostaticanalysis/comment v1.4.1/go.mod h1:ih6ZxzTHLdadaiSnF5WY3dxUoXfXAlTaRzuaNDlSado=

internal/services/steelthreadtesting/definitions.go

@@ -0,0 +1,49 @@
+//go:build steelthread
+// +build steelthread
+
+package steelthreadtesting
+
+import v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
+
+type steelThreadTestCase struct {
+	name       string
+	datafile   string
+	operations []steelThreadOperationCase
+}
+
+type steelThreadOperationCase struct {
+	name          string
+	operationName string
+	arguments     map[string]any
+}
+
+type stOperation func(parameters map[string]any, client v1.PermissionsServiceClient) (any, error)
+
+var steelThreadTestCases = []steelThreadTestCase{
+	{
+		name:     "basic lookup subjects",
+		datafile: "basic-document.yaml",
+		operations: []steelThreadOperationCase{
+			{
+				name:          "uncursored lookup subjects for somedoc",
+				operationName: "lookupSubjects",
+				arguments: map[string]any{
+					"resource_type":      "document",
+					"resource_object_id": "somedoc",
+					"permission":         "view",
+					"subject_type":       "user",
+				},
+			},
+			{
+				name:          "uncursored lookup subjects for public doc",
+				operationName: "lookupSubjects",
+				arguments: map[string]any{
+					"resource_type":      "document",
+					"resource_object_id": "publicdoc",
+					"permission":         "view",
+					"subject_type":       "user",
+				},
+			},
+		},
+	},
+}

internal/services/steelthreadtesting/operations.go

@@ -0,0 +1,101 @@
+//go:build steelthread
+// +build steelthread
+
+package steelthreadtesting
+
+import (
+	"context"
+	"errors"
+	"io"
+	"sort"
+	"strings"
+	"time"
+
+	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
+	"gopkg.in/yaml.v3"
+
+	"github.com/authzed/spicedb/pkg/genutil/mapz"
+)
+
+func lookupSubjects(parameters map[string]any, client v1.PermissionsServiceClient) (any, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
+	defer cancel()
+
+	r, err := client.LookupSubjects(ctx, &v1.LookupSubjectsRequest{
+		Resource: &v1.ObjectReference{
+			ObjectType: parameters["resource_type"].(string),
+			ObjectId:   parameters["resource_object_id"].(string),
+		},
+		Permission:        parameters["permission"].(string),
+		SubjectObjectType: parameters["subject_type"].(string),
+		Consistency: &v1.Consistency{
+			Requirement: &v1.Consistency_FullyConsistent{
+				FullyConsistent: true,
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	foundSubjects := mapz.NewSet[string]()
+	for {
+		resp, err := r.Recv()
+		if err != nil {
+			if errors.Is(err, io.EOF) {
+				break
+			}
+
+			return nil, err
+		}
+
+		if !foundSubjects.Add(formatResolvedSubject(resp)) {
+			return nil, errors.New("duplicate subject found")
+		}
+	}
+
+	foundSubjectsSlice := foundSubjects.AsSlice()
+	sort.Strings(foundSubjectsSlice)
+
+	yamlNodes := make([]yaml.Node, 0, len(foundSubjectsSlice))
+	for _, subject := range foundSubjectsSlice {
+		yamlNodes = append(yamlNodes, yaml.Node{
+			Kind:  yaml.ScalarNode,
+			Value: subject,
+			Style: yaml.SingleQuotedStyle,
+		})
+	}
+	return yamlNodes, nil
+}
+
+var operations = map[string]stOperation{
+	"lookupSubjects": lookupSubjects,
+}
+
+func formatResolvedSubject(sub *v1.LookupSubjectsResponse) string {
+	var sb strings.Builder
+	sb.WriteString(sub.Subject.SubjectObjectId)
+
+	if len(sub.ExcludedSubjects) > 0 {
+		excludedSubjectStrings := make([]string, 0, len(sub.ExcludedSubjects))
+		for _, excluded := range sub.ExcludedSubjects {
+			excludedSubjectString := excluded.SubjectObjectId
+			if excluded.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION {
+				excludedSubjectString += " (conditional)"
+			}
+
+			excludedSubjectStrings = append(excludedSubjectStrings, excludedSubjectString)
+		}
+		sort.Strings(excludedSubjectStrings)
+
+		sb.WriteString(" - [")
+		sb.WriteString(strings.Join(excludedSubjectStrings, ", "))
+		sb.WriteString("]")
+	}
+
+	if sub.Subject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION {
+		sb.WriteString(" (conditional)")
+	}
+
+	return sb.String()
+}

internal/services/steelthreadtesting/steelresults/basic-lookup-subjects-uncursored-lookup-subjects-for-public-doc-results.yaml

@@ -0,0 +1,7 @@
+---
+- '* - [user-0, user-1, user-2, user-3, user-4, user-5]'
+- 'user-10'
+- 'user-6'
+- 'user-7'
+- 'user-8'
+- 'user-9'