Merge pull request #108 from authzed/experimental-bulk

Add experimental bulk write API support
authzed · May 11, 2023 · 5ca5523 · 5ca5523
2 parents e75d140 + fa76505
commit 5ca5523
Show file tree

Hide file tree

Showing 16 changed files with 1,326 additions and 47 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -14,7 +14,7 @@ jobs:
       - uses: "actions/checkout@v3"
       - uses: "actions/setup-go@v3"
         with:
-          go-version: "~1.19"
+          go-version: "~1.20"
       - uses: "authzed/action-spicedb@v1"
       - uses: "authzed/actions/go-test@main"
         with:
@@ -28,7 +28,7 @@ jobs:
       - uses: "actions/checkout@v3"
       - uses: "actions/setup-go@v3"
         with:
-          go-version: "~1.19"
+          go-version: "~1.20"
       - name: "Install Go Tools"
-        run: "./install-tools.sh"
+        run: "./hack/install-tools.sh"
       - uses: "authzed/actions/buf-generate@main"
diff --git a/buf.gen.yaml b/buf.gen.yaml
@@ -1,4 +1,4 @@
-#!/usr/bin/env -S buf generate buf.build/authzed/api:d7e27e8163e5b6fddc0e3f989c8aefad8ca81184 --template
+#!/usr/bin/env -S buf generate buf.build/authzed/api:09d25203f9c83dbdb859e197824003f1b313f886 --template
 ---
 version: "v1"
 plugins:

diff --git a/hack/install-tools.sh b/hack/install-tools.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -xeuo pipefail
+
+read -ra TOOLS < <(go list -f "{{range .Imports}}{{.}} {{end}}" tools.go)
+go install "${TOOLS[@]}"
diff --git a/install-tools.sh b/install-tools.sh
diff --git a/proto/apidocs.swagger.json b/proto/apidocs.swagger.json
@@ -17,6 +17,9 @@
     {
       "name": "DeveloperService"
     },
+    {
+      "name": "ExperimentalService"
+    },
     {
       "name": "PermissionsService"
     },
@@ -45,6 +48,41 @@
     "application/json"
   ],
   "paths": {
+    "/v1/experimental/relationships/bulkload": {
+      "post": {
+        "summary": "BulkLoadRelationships is a faster path to writing a large number of\nrelationships at once. It is both batched and streaming. For maximum\nperformance, the caller should attempt to write relationships in as close\nto relationship sort order as possible: (resource.object_type,\nresource.object_id, relation, subject.object.object_type,\nsubject.object.object_id, subject.optional_relation)",
+        "description": "EXPERIMENTAL\nhttps://github.com/authzed/spicedb/issues/1303",
+        "operationId": "ExperimentalService_BulkLoadRelationships",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1BulkLoadRelationshipsResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "parameters": [
+          {
+            "name": "body",
+            "description": "BulkLoadRelationshipsRequest represents one batch of the streaming\nBulkLoadRelationships API. The maximum size is only limited by the backing\ndatastore, and optimal size should be determined by the calling client\nexperimentally. (streaming inputs)",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/v1BulkLoadRelationshipsRequest"
+            }
+          }
+        ],
+        "tags": [
+          "ExperimentalService"
+        ]
+      }
+    },
     "/v1/permissions/check": {
       "post": {
         "summary": "CheckPermission determines for a given resource whether a subject computes\nto having a permission or is a direct member of a particular relation.",
@@ -825,6 +863,28 @@
       ],
       "default": "OPERATION_UNSPECIFIED"
     },
+    "v1BulkLoadRelationshipsRequest": {
+      "type": "object",
+      "properties": {
+        "relationships": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/v1Relationship"
+          }
+        }
+      },
+      "description": "BulkLoadRelationshipsRequest represents one batch of the streaming\nBulkLoadRelationships API. The maximum size is only limited by the backing\ndatastore, and optimal size should be determined by the calling client\nexperimentally."
+    },
+    "v1BulkLoadRelationshipsResponse": {
+      "type": "object",
+      "properties": {
+        "numLoaded": {
+          "type": "string",
+          "format": "uint64"
+        }
+      },
+      "description": "BulkLoadRelationshipsResponse is returned on successful completion of the\nbulk load stream, and contains the total number of relationships loaded."
+    },
     "v1CheckPermissionRequest": {
       "type": "object",
       "properties": {
@@ -845,7 +905,7 @@
         },
         "context": {
           "type": "object",
-          "title": "context consists of named values that are injected into the caveat evaluation context *"
+          "title": "context consists of named values that are injected into the caveat evaluation context"
         }
       },
       "description": "CheckPermissionRequest issues a check on whether a subject has a permission\nor is a member of a relation, on a specific resource."
@@ -903,11 +963,11 @@
       "properties": {
         "caveatName": {
           "type": "string",
-          "title": "caveat_name is the name of the caveat expression to use, as defined in the schema *"
+          "title": "caveat_name is the name of the caveat expression to use, as defined in the schema"
         },
         "context": {
           "type": "object",
-          "title": "context consists of any named values that are defined at write time for the caveat expression *"
+          "title": "context consists of any named values that are defined at write time for the caveat expression"
         }
       },
       "description": "ContextualizedCaveat represents a reference to a caveat to be used by caveated relationships.\nThe context consists of key-value pairs that will be injected at evaluation time.\nThe keys must match the arguments defined on the caveat in the schema."
@@ -1029,7 +1089,7 @@
         },
         "context": {
           "type": "object",
-          "title": "context consists of named values that are injected into the caveat evaluation context *"
+          "title": "context consists of named values that are injected into the caveat evaluation context"
         },
         "optionalLimit": {
           "type": "integer",
@@ -1093,7 +1153,7 @@
         },
         "context": {
           "type": "object",
-          "title": "context consists of named values that are injected into the caveat evaluation context *"
+          "title": "context consists of named values that are injected into the caveat evaluation context"
         }
       },
       "description": "LookupSubjectsRequest performs a lookup of all subjects of a particular\nkind for which the subject has the specified permission or the relation in\nwhich the subject exists, streaming back the IDs of those subjects."

diff --git a/proto/authzed/api/v1/core.pb.go b/proto/authzed/api/v1/core.pb.go