Skip to content

Commit

Permalink
Merge pull request #173 from jzelinskie/separate-lint
Browse files Browse the repository at this point in the history
  • Loading branch information
@jzelinskie
jzelinskie committed Oct 8, 2021
2 parents 424037a + c682e67 commit f82f5c4
Show file tree
Hide file tree
Showing 7 changed files with 107 additions and 60 deletions.
58 changes: 22 additions & 36 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,46 +4,32 @@ on:
push:
branches:
- "main"
paths:
- ".github/workflows/build.yaml"
- "buf.gen.yaml"
- "buf.work.yaml"
- "Dockerfile"
- "go.mod"
- "go.sum"
- "cmd/**"
- "pkg/**"
- "internal/**"
- "proto/**"
pull_request:
branches:
- "*"
paths:
- ".github/workflows/build.yaml"
- "buf.gen.yaml"
- "buf.work.yaml"
- "Dockerfile"
- "go.mod"
- "go.sum"
- "cmd/**"
- "pkg/**"
- "internal/**"
- "proto/**"
jobs:
lint:
name: "Lint"
runs-on: "ubuntu-latest"
steps:
- uses: "actions/setup-go@v2"
with:
go-version: "^1.17"
- name: "Install linting tools"
run: |
# This is done before checking out, as to not modify go.mod
go install mvdan.cc/gofumpt/gofumports@latest
go install github.com/mgechev/revive@latest
go install golang.org/x/tools/cmd/stringer@latest
- uses: "actions/checkout@v2"
- uses: "bewuethr/yamllint-action@v1.1.1"
with:
config-file: ".yamllint"
- uses: "instrumenta/kubeval-action@5915e4adba5adccac07cb156b82e54c3fed74921"
with:
files: "k8s"
- name: "Go Mod Tidy"
run: "go mod tidy && bash -c '[ $(git status --porcelain | tee /dev/fd/2 | wc -c) -eq 0 ]'"
- name: "Formatting (gofumpt)"
run: |
GOFUMPT_OUTPUT="$(find . -iname '*.go' -type f | grep -v pb.validate.go | grep -v pb.go | xargs gofumports -d)"
if [ -n "$GOFUMPT_OUTPUT" ]; then
echo "All the following files are not correctly formatted"
echo "${GOFUMPT_OUTPUT}"
exit 1
fi
- uses: "golangci/golangci-lint-action@v2"
with:
version: "v1.42"
- name: "Go Generate"
run: "go generate ./... && bash -c '[ $(git status --porcelain | tee /dev/fd/2 | wc -c) -eq 0 ]'"

test:
name: "Test"
runs-on: "ubuntu-latest"
Expand Down
55 changes: 55 additions & 0 deletions .github/workflows/lint.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
---
name: "Lint"
on:
push:
branches:
- "main"
pull_request:
branches:
- "*"
jobs:
go-lint:
name: "Lint Go"
runs-on: "ubuntu-latest"
steps:
- uses: "actions/setup-go@v2"
with:
go-version: "^1.17"
- name: "Install linting tools"
run: |
# This is done before checking out, as to not modify go.mod
go install mvdan.cc/gofumpt/gofumports@latest
go install github.com/mgechev/revive@latest
go install golang.org/x/tools/cmd/stringer@latest
- uses: "actions/checkout@v2"
- name: "Go Mod Tidy"
run: "go mod tidy && bash -c '[ $(git status --porcelain | tee /dev/fd/2 | wc -c) -eq 0 ]'"
- name: "Formatting (gofumpt)"
run: |
GOFUMPT_OUTPUT="$(find . -iname '*.go' -type f | grep -v pb.validate.go | grep -v pb.go | xargs gofumports -d)"
if [ -n "$GOFUMPT_OUTPUT" ]; then
echo "All the following files are not correctly formatted"
echo "${GOFUMPT_OUTPUT}"
exit 1
fi
- uses: "golangci/golangci-lint-action@v2"
with:
version: "v1.42"
- name: "Go Generate"
run: "go generate ./... && bash -c '[ $(git status --porcelain | tee /dev/fd/2 | wc -c) -eq 0 ]'"

extra-lint:
name: "Lint Everything Else"
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@v2"
- uses: "bewuethr/yamllint-action@v1.1.1"
with:
config-file: ".yamllint"
- uses: "instrumenta/kubeval-action@5915e4adba5adccac07cb156b82e54c3fed74921"
with:
files: "k8s"
- uses: "nosborn/github-action-markdown-cli@v2.0.0"
with:
files: "."
config_file: ".markdownlint.yaml"
3 changes: 3 additions & 0 deletions .markdownlint.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
line-length: false
no-hard-tabs: false
4 changes: 3 additions & 1 deletion CODE-OF-CONDUCT.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# Code of Conduct

As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.

We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
Expand All @@ -19,4 +21,4 @@ This code of conduct applies both within project spaces and in public spaces whe

Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.

This Code of Conduct is adapted from the Contributor Covenant, version 1.2.0, available at https://www.contributor-covenant.org/version/1/2/0/code-of-conduct.html
This Code of Conduct is adapted from the Contributor Covenant, version 1.2.0, available [here](https://www.contributor-covenant.org/version/1/2/0/code-of-conduct.html)
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ In order to protect both you and ourselves, all commits will require an explicit

Sign-off commits end with the following line:

```
```git
Signed-off-by: Random J Developer <random@developer.example.org>
```

Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ SpiceDB is a [Zanzibar]-inspired database that stores, computes, and validates a
Developers create a schema that models their permissions requirements and use a [client library] to apply the schema to the database, insert data into the database, and query the data to efficiently check permissions in their applications.

Features that distinguish SpiceDB from other systems include:

- [Expressive APIs] for checking permissions, listing access, and powering devtools
- An architecture faithful to the [Google Zanzibar] paper, including resistance to the [New Enemy Problem]
- An intuitive and expressive [schema language] complete with a [playground] dev environment
Expand Down
44 changes: 22 additions & 22 deletions e2e/newenemy/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
# New Enemy Test

This test suite performs testing for the New Enemy problem on CockroachDB, including
verification that they occur without mitigations and ensuring that when present,
those mitigations work to prevent the issue from occurring.
This test suite performs testing for the New Enemy problem on CockroachDB, including verification that they occur without mitigations and ensuring that when present, those mitigations work to prevent the issue from occurring.

## The Test
## The Test

This is the schema:

```
```zed
definition user {}
definition resource {
relation direct: user
Expand All @@ -30,34 +28,36 @@ This is how each operation is translated to SQL

1. Write exclusion tuple

```sql
INSERT INTO relation_tuple (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) VALUES ("resource","thegoods","direct","user","1","...") ON CONFLICT (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) DO UPDATE SET timestamp = now() RETURNING cluster_logical_timestamp()
```
```sql
INSERT INTO relation_tuple (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) VALUES ("resource","thegoods","direct","user","1","...") ON CONFLICT (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) DO UPDATE SET timestamp = now() RETURNING cluster_logical_timestamp()
```

2. Write direct tuple

```sql
INSERT INTO relation_tuple (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) VALUES ("resource","thegoods","excluded","user","1","...") ON CONFLICT (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) DO UPDATE SET timestamp = now() RETURNING cluster_logical_timestamp()
```
```sql
INSERT INTO relation_tuple (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) VALUES ("resource","thegoods","excluded","user","1","...") ON CONFLICT (namespace,object_id,relation,userset_namespace,userset_object_id,userset_relation) DO UPDATE SET timestamp = now() RETURNING cluster_logical_timestamp()
```

3. Check

```sql
SET TRANSACTION AS OF SYSTEM TIME 1631462510162458000;
```sql
SET TRANSACTION AS OF SYSTEM TIME 1631462510162458000;

SELECT namespace, object_id, relation, userset_namespace, userset_object_id, userset_relation FROM relation_tuple WHERE namespace = "resource" AND object_id = "thegoods" AND relation = "excluded";
SELECT namespace, object_id, relation, userset_namespace, userset_object_id, userset_relation FROM relation_tuple WHERE namespace = "resource" AND object_id = "thegoods" AND relation = "excluded";


SET TRANSACTION AS OF SYSTEM TIME 1631462510162458000;
SET TRANSACTION AS OF SYSTEM TIME 1631462510162458000;

SELECT namespace, object_id, relation, userset_namespace, userset_object_id, userset_relation FROM relation_tuple WHERE namespace = "resource" AND object_id = "thegoods" AND relation = "direct";
```
SELECT namespace, object_id, relation, userset_namespace, userset_object_id, userset_relation FROM relation_tuple WHERE namespace = "resource" AND object_id = "thegoods" AND relation = "direct";
```

## Triggering a "New Enemy"

The new enemy problem occurs when a client can observe test steps `exclude write` and `direct write` in sequence, request a check with the revision returned by `direct write`, but still be granted access. This should only happen if the timestamp returned by `direct write` is below the timestamp returned by `exclude write`.
The new enemy problem occurs when a client can observe test steps `exclude write` and `direct write` in sequence, request a check with the revision returned by `direct write`, but still be granted access.
This should only happen if the timestamp returned by `direct write` is below the timestamp returned by `exclude write`.

In Zanzibar, this is prevented by Spanner's TrueTime:
> Spanner’s TrueTime mechanism assigns each ACL write a microsecond-resolution timestamp, such that the timestamps of writes reflect the causal ordering between writes, and thereby provide external consistency.
> Spanner’s TrueTime mechanism assigns each ACL write a microsecond-resolution timestamp, such that the timestamps of writes reflect the causal ordering between writes, and thereby provide external consistency.
CockroachDB doesn't provide the same guarantees, instead choosing to wait on subsequent reads of overlapping keys.

Expand All @@ -76,7 +76,7 @@ It's easier to force these conditions by configuring cockroach with:
ALTER DATABASE spicedb CONFIGURE ZONE USING range_min_bytes = 0, range_max_bytes = 65536, num_replicas = 1;"
```
This makes ranges as small as possible (increasing the likelihood keys will land in different ranges) and reduces the replica count to 1 (making it impossible for a node to have a follower of the raft leader)
This makes ranges as small as possible (increasing the likelihood keys will land in different ranges) and reduces the replica count to 1 (making it impossible for a node to have a follower of the raft leader).
Even under these conditions, to trigger the new enemy problem we have to:
Expand All @@ -87,7 +87,7 @@ _Note: timechaos only works on amd64 and ptrace calls don't work in qemu, which
## Build notes
This runs in CI and builds spicedb from head.
This runs in CI and builds spicedb from head.
The go.mod/go.sum may get out of sync.
If they do, they can be fixed with:
Expand All @@ -96,4 +96,4 @@ cd e2e
go get -d github.com/authzed/spicedb/cmd/spicedb/...
go build github.com/authzed/spicedb/cmd/spicedb/...
go mod tidy
```
```

0 comments on commit f82f5c4

Please sign in to comment.