Merge pull request #2042 from josephschorr/validationfile-load-fixes

Ensure the validationfile loader passes the full caveats to the typesystem

pkg/validationfile/loader.go

@@ -5,8 +5,6 @@ import (
 	"fmt"
 	"os"
 
-	v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
-
 	log "github.com/authzed/spicedb/internal/logging"
 	dsctx "github.com/authzed/spicedb/internal/middleware/datastore"
 	"github.com/authzed/spicedb/internal/namespace"
@@ -95,14 +93,19 @@ func PopulateFromFilesContents(ctx context.Context, ds datastore.Datastore, file
 				schema += parsed.Schema.Schema + "\n\n"
 			}
 
-			log.Ctx(ctx).Info().Str("filePath", filePath).Int("schemaDefinitionCount", len(parsed.Schema.CompiledSchema.OrderedDefinitions)).Msg("adding schema definitions")
+			log.Ctx(ctx).Info().Str("filePath", filePath).
+				Int("definitionCount", len(defs)).
+				Int("caveatDefinitionCount", len(parsed.Schema.CompiledSchema.CaveatDefinitions)).
+				Int("schemaDefinitionCount", len(parsed.Schema.CompiledSchema.OrderedDefinitions)).
+				Msg("adding schema definitions")
+
 			objectDefs = append(objectDefs, defs...)
 			caveatDefs = append(caveatDefs, parsed.Schema.CompiledSchema.CaveatDefinitions...)
 		}
 
 		// Parse relationships for updates.
 		for _, rel := range parsed.Relationships.Relationships {
-			tpl := tuple.MustFromRelationship[*v1.ObjectReference, *v1.SubjectReference, *v1.ContextualizedCaveat](rel)
+			tpl := tuple.MustFromRelationship(rel)
 			updates = append(updates, tuple.Touch(tpl))
 			tuples = append(tuples, tpl)
 		}
@@ -121,6 +124,7 @@ func PopulateFromFilesContents(ctx context.Context, ds datastore.Datastore, file
 			ts, err := typesystem.NewNamespaceTypeSystem(objectDef,
 				typesystem.ResolverForDatastoreReader(rwt).WithPredefinedElements(typesystem.PredefinedElements{
 					Namespaces: objectDefs,
+					Caveats:    caveatDefs,
 				}))
 			if err != nil {
 				return err

pkg/validationfile/loader_test.go

@@ -88,6 +88,15 @@ func TestPopulateFromFiles(t *testing.T) {
 			},
 			expectedError: "",
 		},
+		{
+			name:      "caveat order",
+			filePaths: []string{"testdata/caveat_order.yaml"},
+			want: []string{
+				"resource:first#reader@user:sarah[some_caveat:{\"somecondition\":42}]",
+				"resource:first#reader@user:tom[some_caveat]",
+			},
+			expectedError: "",
+		},
 		{
 			name:          "invalid caveat",
 			filePaths:     []string{"testdata/invalid_caveat.yaml"},

pkg/validationfile/testdata/caveat_order.yaml

@@ -0,0 +1,19 @@
+---
+schema: >-
+  definition user {}
+
+  definition resource {
+      relation reader: user with some_caveat
+  }
+
+  caveat some_caveat(somecondition int) {
+    somecondition == 42
+  }
+relationships: >-
+  resource:first#reader@user:tom[some_caveat]
+
+  resource:first#reader@user:sarah[some_caveat:{"somecondition": 42}]
+assertions:
+  assertTrue: []
+  assertFalse: []
+validation: null