From 45d410060449bc97d227144943ffb0f9f71ff1bd Mon Sep 17 00:00:00 2001 From: Tanner Stirrat Date: Wed, 22 Oct 2025 15:38:28 -0600 Subject: [PATCH] chore: Enable protogetter linter and run fixes --- .golangci.yaml | 1 + cmd/spicedb/servetesting_integration_test.go | 4 +- cmd/spicedb/servetesting_race_test.go | 2 +- internal/caveats/builder_test.go | 6 +- internal/caveats/errors.go | 16 +- internal/caveats/run.go | 26 +- internal/datasets/subjectset_test.go | 18 +- internal/datasets/subjectsetbyresourceid.go | 2 +- .../datasets/subjectsetbyresourceid_test.go | 14 +- internal/datasets/subjectsetbytype.go | 4 +- internal/datasets/subjectsetbytype_test.go | 12 +- .../datastore/benchmark/driver_bench_test.go | 16 +- internal/datastore/common/changes.go | 12 +- internal/datastore/common/errors.go | 12 +- internal/datastore/common/gc_test.go | 4 +- internal/datastore/common/sql.go | 14 +- internal/datastore/crdb/caveat.go | 4 +- internal/datastore/crdb/crdb_test.go | 18 +- internal/datastore/crdb/keys_test.go | 2 +- internal/datastore/crdb/readwrite.go | 42 +-- internal/datastore/memdb/caveat.go | 8 +- internal/datastore/memdb/readonly.go | 2 +- internal/datastore/memdb/readwrite.go | 30 +- internal/datastore/mysql/caveat.go | 4 +- internal/datastore/mysql/readwrite.go | 40 +- internal/datastore/postgres/caveat.go | 6 +- internal/datastore/postgres/common/bulk.go | 10 +- .../postgres/postgres_shared_test.go | 10 +- internal/datastore/postgres/readwrite.go | 72 ++-- internal/datastore/postgres/revisions.go | 16 +- internal/datastore/postgres/watch.go | 4 +- internal/datastore/proxy/observable.go | 26 +- .../datastore/proxy/relationshipintegrity.go | 10 +- .../proxy/schemacaching/estimatedsize_test.go | 4 +- .../proxy/schemacaching/standardcache.go | 4 +- .../schemacaching/standardcaching_test.go | 2 +- .../proxy/schemacaching/watchingcache.go | 8 +- .../proxy/schemacaching/watchingcache_test.go | 18 +- internal/datastore/spanner/caveat.go | 8 +- internal/datastore/spanner/caveat_test.go | 14 +- internal/datastore/spanner/readwrite.go | 38 +- internal/datastore/spanner/stats.go | 6 +- .../developmentmembership/foundsubject.go | 2 +- internal/developmentmembership/membership.go | 34 +- internal/dispatch/caching/caching.go | 12 +- .../dispatch/caching/cachingdispatch_test.go | 2 +- internal/dispatch/dispatch.go | 8 +- internal/dispatch/graph/check_test.go | 60 +-- internal/dispatch/graph/dispatch_test.go | 10 +- internal/dispatch/graph/expand_test.go | 36 +- internal/dispatch/graph/graph.go | 78 ++-- .../dispatch/graph/lookupresources2_test.go | 38 +- .../dispatch/graph/lookupresources3_test.go | 32 +- .../dispatch/graph/lookupsubjects_test.go | 16 +- internal/dispatch/keys/computed.go | 66 ++-- internal/dispatch/keys/computed_test.go | 46 +-- internal/dispatch/keys/keys.go | 12 +- internal/dispatch/remote/cluster.go | 32 +- internal/dispatch/remote/cluster_test.go | 28 +- .../dispatch/singleflight/singleflight.go | 8 +- .../singleflight/singleflight_test.go | 4 +- internal/graph/check.go | 180 ++++----- internal/graph/checkdispatchset.go | 2 +- internal/graph/computed/computecheck.go | 22 +- internal/graph/computed/computecheck_test.go | 14 +- internal/graph/cursors.go | 22 +- internal/graph/cursors_test.go | 12 +- internal/graph/errors.go | 2 +- internal/graph/expand.go | 44 +-- internal/graph/graph.go | 30 +- internal/graph/hints/checkhints.go | 12 +- internal/graph/hints/checkhints_test.go | 24 +- internal/graph/lookupresources2.go | 80 ++-- internal/graph/lookupresources3.go | 90 ++--- internal/graph/lookupsubjects.go | 98 ++--- internal/graph/lr2streams.go | 20 +- internal/graph/membershipset.go | 18 +- internal/graph/resourcesubjectsmap2.go | 12 +- internal/graph/resourcesubjectsmap2_test.go | 12 +- internal/lsp/handlers.go | 12 +- .../perfinsights/perfinsights_test.go | 8 +- internal/middleware/pertoken/pertoken_test.go | 14 +- .../streamtimeout/streamtimeout_test.go | 2 +- .../middleware/usagemetrics/usagemetrics.go | 8 +- internal/namespace/aliasing.go | 22 +- internal/namespace/annotate.go | 6 +- internal/namespace/canonicalization.go | 46 +-- internal/namespace/caveats.go | 26 +- internal/namespace/caveats_test.go | 2 +- internal/namespace/test/serialization_test.go | 8 +- internal/namespace/util.go | 20 +- internal/relationships/errors.go | 14 +- internal/relationships/validation.go | 20 +- .../services/integrationtesting/cert_test.go | 8 +- .../integrationtesting/consistency_test.go | 90 ++--- .../consistencytestutil/accessibilityset.go | 18 +- .../consistencytestutil/servicetester.go | 14 +- .../integrationtesting/dispatch_test.go | 16 +- .../services/integrationtesting/ops_test.go | 2 +- .../services/integrationtesting/perf_test.go | 4 +- internal/services/shared/schema.go | 66 ++-- .../services/steelthreadtesting/operations.go | 40 +- internal/services/v1/bulkcheck.go | 70 ++-- internal/services/v1/debug.go | 72 ++-- internal/services/v1/debug_test.go | 54 +-- internal/services/v1/debug_unit_test.go | 4 +- internal/services/v1/errors.go | 64 ++-- internal/services/v1/experimental.go | 174 ++++----- internal/services/v1/experimental_test.go | 96 ++--- internal/services/v1/expreflection.go | 100 ++--- internal/services/v1/expreflection_test.go | 4 +- internal/services/v1/grouping.go | 10 +- internal/services/v1/grouping_test.go | 18 +- internal/services/v1/hash.go | 58 +-- internal/services/v1/metadata_test.go | 2 +- internal/services/v1/permissions.go | 354 +++++++++--------- internal/services/v1/permissions_test.go | 254 ++++++------- internal/services/v1/preconditions.go | 6 +- internal/services/v1/reflectionapi.go | 100 ++--- internal/services/v1/reflectionapi_test.go | 4 +- internal/services/v1/relationships.go | 146 ++++---- internal/services/v1/relationships_test.go | 78 ++-- internal/services/v1/schema.go | 70 ++-- internal/services/v1/schema_test.go | 48 +-- internal/services/v1/watch.go | 12 +- internal/services/v1/watch_test.go | 10 +- internal/telemetry/metrics.go | 16 +- internal/telemetry/reporter_test.go | 10 +- internal/testserver/datastore/spanner.go | 4 +- internal/testutil/subjects.go | 36 +- pkg/caveats/compile.go | 4 +- pkg/caveats/context_hash.go | 2 +- pkg/caveats/parameters.go | 6 +- pkg/caveats/structure.go | 28 +- pkg/caveats/types/encoding.go | 12 +- pkg/cmd/datastore/datastore_test.go | 6 +- .../compiler/compiler_test.go | 14 +- .../compiler/translator.go | 14 +- .../generator/generator.go | 66 ++-- pkg/cursor/cursor.go | 22 +- pkg/cursor/cursor_test.go | 4 +- pkg/datastore/datastore.go | 74 ++-- pkg/datastore/errors.go | 18 +- pkg/datastore/stats.go | 2 +- pkg/datastore/test/basic.go | 4 +- pkg/datastore/test/bulk.go | 52 +-- pkg/datastore/test/caveat.go | 48 +-- pkg/datastore/test/counters.go | 28 +- pkg/datastore/test/namespace.go | 44 +-- pkg/datastore/test/pagination.go | 30 +- pkg/datastore/test/revisions.go | 2 +- pkg/datastore/util.go | 6 +- pkg/development/assertions_test.go | 8 +- pkg/development/check.go | 4 +- pkg/development/devcontext.go | 14 +- pkg/development/devcontext_test.go | 40 +- pkg/development/development_test.go | 2 +- pkg/development/parsing_test.go | 32 +- pkg/development/resolver.go | 48 +-- pkg/development/schema_test.go | 14 +- pkg/development/validation.go | 2 +- pkg/development/validation_test.go | 4 +- pkg/development/warningdefs.go | 40 +- pkg/development/warnings.go | 34 +- pkg/development/warnings_misc_test.go | 32 +- pkg/diff/caveats/diff.go | 16 +- pkg/diff/diff.go | 24 +- pkg/diff/diff_test.go | 6 +- pkg/diff/namespace/diff.go | 52 +-- pkg/diff/namespace/diffexpr.go | 40 +- pkg/diff/namespace/diffexpr_test.go | 2 +- pkg/graph/walker.go | 8 +- pkg/middleware/consistency/consistency.go | 6 +- pkg/middleware/nodeid/nodeid_test.go | 6 +- pkg/middleware/requestid/requestid_test.go | 4 +- pkg/namespace/builder.go | 12 +- pkg/namespace/metadata.go | 36 +- pkg/namespace/metadata_test.go | 14 +- pkg/promutil/promutil.go | 6 +- pkg/promutil/promutil_test.go | 19 +- pkg/proto/dispatch/v1/00_zerolog.go | 58 +-- pkg/proto/dispatch/v1/02_resolvermeta.go | 4 +- pkg/proto/dispatch/v1/02_resolvermeta_test.go | 2 +- pkg/query/arrow_test.go | 2 +- pkg/query/caveat.go | 16 +- pkg/query/context.go | 2 +- pkg/query/exclusion_test.go | 4 +- pkg/query/intersection_arrow_test.go | 8 +- pkg/query/intersection_test.go | 4 +- pkg/query/simplify_caveat.go | 20 +- pkg/query/simplify_caveat_test.go | 26 +- pkg/query/union_test.go | 4 +- pkg/schema/arrows.go | 30 +- pkg/schema/arrows_test.go | 8 +- pkg/schema/definition.go | 36 +- pkg/schema/definition_test.go | 8 +- pkg/schema/errors.go | 4 +- pkg/schema/full_reachability.go | 24 +- pkg/schema/full_reachability_test.go | 10 +- pkg/schema/reachabilitygraph.go | 64 ++-- pkg/schema/reachabilitygraph_test.go | 6 +- pkg/schema/reachabilitygraphbuilder.go | 62 +-- pkg/schema/resolver.go | 2 +- pkg/schema/type_check.go | 10 +- pkg/schema/type_check_test.go | 14 +- pkg/schema/typesystem_validation.go | 50 +-- pkg/schema/v2/flatten_test.go | 12 +- pkg/schema/v2/schema_conversion_test.go | 16 +- pkg/schemadsl/compiler/compiler_test.go | 14 +- pkg/schemadsl/compiler/translator.go | 14 +- .../type_annotations_integration_test.go | 30 +- pkg/schemadsl/generator/generator.go | 66 ++-- pkg/spiceerrors/testutil.go | 2 +- pkg/testutil/proto_test.go | 4 +- pkg/tuple/comparison.go | 2 +- pkg/tuple/core.go | 34 +- pkg/tuple/hashing.go | 18 +- pkg/tuple/parsing_test.go | 8 +- pkg/tuple/strings.go | 12 +- pkg/tuple/v1.go | 74 ++-- pkg/tuple/v1_test.go | 2 +- pkg/validationfile/loader.go | 2 +- pkg/zedtoken/zedtoken.go | 14 +- 223 files changed, 2970 insertions(+), 2970 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 4d3ef1e1a..fd333e13a 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -32,6 +32,7 @@ linters: - "prealloc" - "predeclared" - "promlinter" + - "protogetter" - "revive" - "rowserrcheck" - "spancheck" diff --git a/cmd/spicedb/servetesting_integration_test.go b/cmd/spicedb/servetesting_integration_test.go index b7992bd29..ed4540cae 100644 --- a/cmd/spicedb/servetesting_integration_test.go +++ b/cmd/spicedb/servetesting_integration_test.go @@ -116,12 +116,12 @@ func TestTestServer(t *testing.T) { v1Resp, err := v1client.CheckPermission(context.Background(), checkReq) require.NoError(err) - require.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, v1Resp.Permissionship) + require.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, v1Resp.GetPermissionship()) // Ensure check against readonly works as well. v1Resp, err = rov1client.CheckPermission(context.Background(), checkReq) require.NoError(err) - require.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, v1Resp.Permissionship) + require.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, v1Resp.GetPermissionship()) // Try a call with a different auth header and ensure it fails. authedConn, err := grpc.NewClient(fmt.Sprintf("localhost:%s", tester.readonlyPort), diff --git a/cmd/spicedb/servetesting_race_test.go b/cmd/spicedb/servetesting_race_test.go index 184866a5f..c0efe18d6 100644 --- a/cmd/spicedb/servetesting_race_test.go +++ b/cmd/spicedb/servetesting_race_test.go @@ -72,6 +72,6 @@ func TestCheckPermissionOnTesterNoFlakes(t *testing.T) { conn.Close() assert.NoError(t, err) - assert.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, result.Permissionship, "Error on attempt #%d", i) + assert.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, result.GetPermissionship(), "Error on attempt #%d", i) } } diff --git a/internal/caveats/builder_test.go b/internal/caveats/builder_test.go index 29d55e00e..310e767a8 100644 --- a/internal/caveats/builder_test.go +++ b/internal/caveats/builder_test.go @@ -223,10 +223,10 @@ func TestMustCaveatExprForTestingWithContext(t *testing.T) { result := MustCaveatExprForTestingWithContext("test_caveat", context) require.NotNil(t, result) require.NotNil(t, result.GetCaveat()) - require.Equal(t, "test_caveat", result.GetCaveat().CaveatName) - require.NotNil(t, result.GetCaveat().Context) + require.Equal(t, "test_caveat", result.GetCaveat().GetCaveatName()) + require.NotNil(t, result.GetCaveat().GetContext()) - contextMap := result.GetCaveat().Context.AsMap() + contextMap := result.GetCaveat().GetContext().AsMap() require.Equal(t, "value1", contextMap["key1"]) require.Equal(t, float64(42), contextMap["key2"]) //nolint:testifyrequire these are known/static values } diff --git a/internal/caveats/errors.go b/internal/caveats/errors.go index 06284f200..b69a5a939 100644 --- a/internal/caveats/errors.go +++ b/internal/caveats/errors.go @@ -24,13 +24,13 @@ type EvaluationError struct { // MarshalZerologObject implements zerolog.LogObjectMarshaler func (err EvaluationError) MarshalZerologObject(e *zerolog.Event) { - e.Err(err.error).Str("caveat_name", err.caveatExpr.GetCaveat().CaveatName).Interface("context", err.caveatExpr.GetCaveat().Context) + e.Err(err.error).Str("caveat_name", err.caveatExpr.GetCaveat().GetCaveatName()).Interface("context", err.caveatExpr.GetCaveat().GetContext()) } // DetailsMetadata returns the metadata for details for this error. func (err EvaluationError) DetailsMetadata() map[string]string { return spiceerrors.CombineMetadata(err.evalErr, map[string]string{ - "caveat_name": err.caveatExpr.GetCaveat().CaveatName, + "caveat_name": err.caveatExpr.GetCaveat().GetCaveatName(), }) } @@ -47,7 +47,7 @@ func (err EvaluationError) GRPCStatus() *status.Status { func NewEvaluationError(caveatExpr *core.CaveatExpression, err caveats.EvaluationError) EvaluationError { return EvaluationError{ - fmt.Errorf("evaluation error for caveat %s: %w", caveatExpr.GetCaveat().CaveatName, err), caveatExpr, err, + fmt.Errorf("evaluation error for caveat %s: %w", caveatExpr.GetCaveat().GetCaveatName(), err), caveatExpr, err, } } @@ -61,8 +61,8 @@ type ParameterTypeError struct { // MarshalZerologObject implements zerolog.LogObjectMarshaler func (err ParameterTypeError) MarshalZerologObject(e *zerolog.Event) { evt := e.Err(err.error). - Str("caveat_name", err.caveatExpr.GetCaveat().CaveatName). - Interface("context", err.caveatExpr.GetCaveat().Context) + Str("caveat_name", err.caveatExpr.GetCaveat().GetCaveatName()). + Interface("context", err.caveatExpr.GetCaveat().GetContext()) if err.conversionError != nil { evt.Str("parameter_name", err.conversionError.ParameterName()) @@ -73,12 +73,12 @@ func (err ParameterTypeError) MarshalZerologObject(e *zerolog.Event) { func (err ParameterTypeError) DetailsMetadata() map[string]string { if err.conversionError != nil { return spiceerrors.CombineMetadata(err.conversionError, map[string]string{ - "caveat_name": err.caveatExpr.GetCaveat().CaveatName, + "caveat_name": err.caveatExpr.GetCaveat().GetCaveatName(), }) } return map[string]string{ - "caveat_name": err.caveatExpr.GetCaveat().CaveatName, + "caveat_name": err.caveatExpr.GetCaveat().GetCaveatName(), } } @@ -100,7 +100,7 @@ func NewParameterTypeError(caveatExpr *core.CaveatExpression, err error) Paramet } return ParameterTypeError{ - fmt.Errorf("type error for parameters for caveat `%s`: %w", caveatExpr.GetCaveat().CaveatName, err), + fmt.Errorf("type error for parameters for caveat `%s`: %w", caveatExpr.GetCaveat().GetCaveatName(), err), caveatExpr, conversionError, } diff --git a/internal/caveats/run.go b/internal/caveats/run.go index 7ad75255a..1e0db0c2e 100644 --- a/internal/caveats/run.go +++ b/internal/caveats/run.go @@ -133,12 +133,12 @@ func (cr *CaveatRunner) get(caveatDefName string) (*core.CaveatDefinition, *cave return caveat, deserialized, nil } - parameterTypes, err := caveattypes.DecodeParameterTypes(cr.caveatTypeSet, caveat.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(cr.caveatTypeSet, caveat.GetParameterTypes()) if err != nil { return nil, nil, err } - justDeserialized, err := caveats.DeserializeCaveatWithTypeSet(cr.caveatTypeSet, caveat.SerializedExpression, parameterTypes) + justDeserialized, err := caveats.DeserializeCaveatWithTypeSet(cr.caveatTypeSet, caveat.GetSerializedExpression(), parameterTypes) if err != nil { return caveat, nil, err } @@ -149,12 +149,12 @@ func (cr *CaveatRunner) get(caveatDefName string) (*core.CaveatDefinition, *cave func collectCaveatNames(expr *core.CaveatExpression, caveatNames *mapz.Set[string]) { if expr.GetCaveat() != nil { - caveatNames.Add(expr.GetCaveat().CaveatName) + caveatNames.Add(expr.GetCaveat().GetCaveatName()) return } cop := expr.GetOperation() - for _, child := range cop.Children { + for _, child := range cop.GetChildren() { collectCaveatNames(child, caveatNames) } } @@ -170,9 +170,9 @@ func (cr *CaveatRunner) runExpressionWithCaveats( defer span.End() if expr.GetCaveat() != nil { - span.SetAttributes(attribute.StringSlice(otelconv.AttrCaveatsNames, []string{expr.GetCaveat().CaveatName})) + span.SetAttributes(attribute.StringSlice(otelconv.AttrCaveatsNames, []string{expr.GetCaveat().GetCaveatName()})) - caveat, compiled, err := cr.get(expr.GetCaveat().CaveatName) + caveat, compiled, err := cr.get(expr.GetCaveat().GetCaveatName()) if err != nil { return nil, err } @@ -190,7 +190,7 @@ func (cr *CaveatRunner) runExpressionWithCaveats( typedParameters, err := caveats.ConvertContextToParameters( cr.caveatTypeSet, untypedFullContext, - caveat.ParameterTypes, + caveat.GetParameterTypes(), caveats.SkipUnknownParameters, ) if err != nil { @@ -211,16 +211,16 @@ func (cr *CaveatRunner) runExpressionWithCaveats( } cop := expr.GetOperation() - span.SetAttributes(attribute.StringSlice(otelconv.AttrCaveatsOperations, []string{cop.Op.String()})) + span.SetAttributes(attribute.StringSlice(otelconv.AttrCaveatsOperations, []string{cop.GetOp().String()})) var currentResult ExpressionResult = syntheticResult{ - value: cop.Op == core.CaveatOperation_AND, + value: cop.GetOp() == core.CaveatOperation_AND, isPartialResult: false, } var exprResultsForDebug []ExpressionResult if debugOption == RunCaveatExpressionWithDebugInformation { - exprResultsForDebug = make([]ExpressionResult, 0, len(cop.Children)) + exprResultsForDebug = make([]ExpressionResult, 0, len(cop.GetChildren())) } var missingVarNames *mapz.Set[string] @@ -313,7 +313,7 @@ func (cr *CaveatRunner) runExpressionWithCaveats( }, nil } - for _, child := range cop.Children { + for _, child := range cop.GetChildren() { childResult, err := cr.runExpressionWithCaveats(ctx, env, child, context, debugOption) if err != nil { return nil, err @@ -330,7 +330,7 @@ func (cr *CaveatRunner) runExpressionWithCaveats( missingVarNames.Extend(missingVars) } - switch cop.Op { + switch cop.GetOp() { case core.CaveatOperation_AND: cr, err := and(currentResult, childResult) if err != nil { @@ -357,7 +357,7 @@ func (cr *CaveatRunner) runExpressionWithCaveats( return invert(childResult) default: - return nil, spiceerrors.MustBugf("unknown caveat operation: %v", cop.Op) + return nil, spiceerrors.MustBugf("unknown caveat operation: %v", cop.GetOp()) } } diff --git a/internal/datasets/subjectset_test.go b/internal/datasets/subjectset_test.go index cbf83fa05..14a7d95d6 100644 --- a/internal/datasets/subjectset_test.go +++ b/internal/datasets/subjectset_test.go @@ -1420,27 +1420,27 @@ func TestSubjectSetGet(t *testing.T) { found, ok := ss.Get("first") require.True(t, ok) - require.Equal(t, "first", found.SubjectId) - require.Nil(t, found.CaveatExpression) + require.Equal(t, "first", found.GetSubjectId()) + require.Nil(t, found.GetCaveatExpression()) found, ok = ss.Get("second") require.True(t, ok) - require.Equal(t, "second", found.SubjectId) - require.Nil(t, found.CaveatExpression) + require.Equal(t, "second", found.GetSubjectId()) + require.Nil(t, found.GetCaveatExpression()) found, ok = ss.Get("third") require.True(t, ok) - require.Equal(t, "third", found.SubjectId) - require.NotNil(t, found.CaveatExpression) + require.Equal(t, "third", found.GetSubjectId()) + require.NotNil(t, found.GetCaveatExpression()) _, ok = ss.Get("fourth") require.False(t, ok) found, ok = ss.Get("*") require.True(t, ok) - require.Equal(t, "*", found.SubjectId) - require.Nil(t, found.CaveatExpression) - require.Len(t, found.ExcludedSubjects, 2) + require.Equal(t, "*", found.GetSubjectId()) + require.Nil(t, found.GetCaveatExpression()) + require.Len(t, found.GetExcludedSubjects(), 2) } var testSets = [][]*v1.FoundSubject{ diff --git a/internal/datasets/subjectsetbyresourceid.go b/internal/datasets/subjectsetbyresourceid.go index 86c0ec09c..2ed5266ee 100644 --- a/internal/datasets/subjectsetbyresourceid.go +++ b/internal/datasets/subjectsetbyresourceid.go @@ -49,7 +49,7 @@ func (ssr SubjectSetByResourceID) UnionWith(other map[string]*v1.FoundSubjects) return fmt.Errorf("received nil FoundSubjects in other map of SubjectSetByResourceID's UnionWith for key %s", resourceID) } - for _, subject := range subjects.FoundSubjects { + for _, subject := range subjects.GetFoundSubjects() { if err := ssr.add(resourceID, subject); err != nil { return err } diff --git a/internal/datasets/subjectsetbyresourceid_test.go b/internal/datasets/subjectsetbyresourceid_test.go index 521124b1c..7de80485c 100644 --- a/internal/datasets/subjectsetbyresourceid_test.go +++ b/internal/datasets/subjectsetbyresourceid_test.go @@ -36,11 +36,11 @@ func TestSubjectSetByResourceIDBasicOperations(t *testing.T) { } asMap := ssr.AsMap() - slices.SortFunc(expected["firstdoc"].FoundSubjects, testutil.CmpSubjects) - slices.SortFunc(expected["seconddoc"].FoundSubjects, testutil.CmpSubjects) + slices.SortFunc(expected["firstdoc"].GetFoundSubjects(), testutil.CmpSubjects) + slices.SortFunc(expected["seconddoc"].GetFoundSubjects(), testutil.CmpSubjects) - slices.SortFunc(asMap["firstdoc"].FoundSubjects, testutil.CmpSubjects) - slices.SortFunc(asMap["seconddoc"].FoundSubjects, testutil.CmpSubjects) + slices.SortFunc(asMap["firstdoc"].GetFoundSubjects(), testutil.CmpSubjects) + slices.SortFunc(asMap["seconddoc"].GetFoundSubjects(), testutil.CmpSubjects) require.Equal(t, expected, asMap) } @@ -67,7 +67,7 @@ func TestSubjectSetByResourceIDUnionWith(t *testing.T) { require.NoError(t, err) found := ssr.AsMap() - slices.SortFunc(found["firstdoc"].FoundSubjects, testutil.CmpSubjects) + slices.SortFunc(found["firstdoc"].GetFoundSubjects(), testutil.CmpSubjects) require.Equal(t, map[string]*v1.FoundSubjects{ "firstdoc": { @@ -216,8 +216,8 @@ func TestSubjectSetByResourceIDBasicCaveatedOperations(t *testing.T) { } asMap := ssr.AsMap() - slices.SortFunc(expected["firstdoc"].FoundSubjects, testutil.CmpSubjects) - slices.SortFunc(asMap["firstdoc"].FoundSubjects, testutil.CmpSubjects) + slices.SortFunc(expected["firstdoc"].GetFoundSubjects(), testutil.CmpSubjects) + slices.SortFunc(asMap["firstdoc"].GetFoundSubjects(), testutil.CmpSubjects) require.Equal(t, expected, asMap) } diff --git a/internal/datasets/subjectsetbytype.go b/internal/datasets/subjectsetbytype.go index 8882a2e43..fb02dd42d 100644 --- a/internal/datasets/subjectsetbytype.go +++ b/internal/datasets/subjectsetbytype.go @@ -70,7 +70,7 @@ func (s *SubjectByTypeSet) Map(mapper func(rr *core.RelationReference) (*core.Re continue } - key := tuple.JoinRelRef(updatedType.Namespace, updatedType.Relation) + key := tuple.JoinRelRef(updatedType.GetNamespace(), updatedType.GetRelation()) if existing, ok := mapped.byType[key]; ok { cloned := subjectset.Clone() if err := cloned.UnionWithSet(existing); err != nil { @@ -96,7 +96,7 @@ func (s *SubjectByTypeSet) Len() int { // SubjectSetForType returns the subject set associated with the given subject type, if any. func (s *SubjectByTypeSet) SubjectSetForType(rr *core.RelationReference) (SubjectSet, bool) { - found, ok := s.byType[tuple.JoinRelRef(rr.Namespace, rr.Relation)] + found, ok := s.byType[tuple.JoinRelRef(rr.GetNamespace(), rr.GetRelation())] return found, ok } diff --git a/internal/datasets/subjectsetbytype_test.go b/internal/datasets/subjectsetbytype_test.go index a6ccc499c..ca9b5d620 100644 --- a/internal/datasets/subjectsetbytype_test.go +++ b/internal/datasets/subjectsetbytype_test.go @@ -25,10 +25,10 @@ func TestSubjectByTypeSet(t *testing.T) { objectIds := make([]string, 0, len(subjects.AsSlice())) for _, subject := range subjects.AsSlice() { require.Empty(t, subject.GetExcludedSubjects()) - objectIds = append(objectIds, subject.SubjectId) + objectIds = append(objectIds, subject.GetSubjectId()) } - if rr.Namespace == foundRR.Namespace && rr.Relation == foundRR.Relation { + if rr.GetNamespace() == foundRR.GetNamespace() && rr.GetRelation() == foundRR.GetRelation() { sort.Strings(objectIds) require.Equal(t, expected, objectIds) wasFound = true @@ -70,8 +70,8 @@ func TestSubjectByTypeSet(t *testing.T) { // Map mapped, err := set.Map(func(rr *core.RelationReference) (*core.RelationReference, error) { - if rr.Namespace == "document" { - return RR("doc", rr.Relation), nil + if rr.GetNamespace() == "document" { + return RR("doc", rr.GetRelation()), nil } return rr, nil @@ -118,7 +118,7 @@ func TestSubjectSetMapOverSameSubjectDifferentRelation(t *testing.T) { mapped, err := set.Map(func(rr *core.RelationReference) (*core.RelationReference, error) { return &core.RelationReference{ - Namespace: rr.Namespace, + Namespace: rr.GetNamespace(), Relation: "shared", }, nil }) @@ -126,7 +126,7 @@ func TestSubjectSetMapOverSameSubjectDifferentRelation(t *testing.T) { foundSubjectIDs := mapz.NewSet[string]() for _, sub := range mapped.byType["folder#shared"].AsSlice() { - foundSubjectIDs.Add(sub.SubjectId) + foundSubjectIDs.Add(sub.GetSubjectId()) } require.ElementsMatch(t, []string{"folder1", "folder2"}, foundSubjectIDs.AsSlice()) diff --git a/internal/datastore/benchmark/driver_bench_test.go b/internal/datastore/benchmark/driver_bench_test.go index 8b1928a95..8adc79114 100644 --- a/internal/datastore/benchmark/driver_bench_test.go +++ b/internal/datastore/benchmark/driver_bench_test.go @@ -101,7 +101,7 @@ func BenchmarkDatastoreDriver(b *testing.B) { for n := 0; n < b.N; n++ { randDocNum := rand.Intn(numDocuments) //nolint:gosec iter, err := ds.SnapshotReader(headRev).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), OptionalResourceIds: []string{strconv.Itoa(randDocNum)}, OptionalResourceRelation: "viewer", }) @@ -117,7 +117,7 @@ func BenchmarkDatastoreDriver(b *testing.B) { b.Run("SnapshotReadOnlyNamespace", func(b *testing.B) { for n := 0; n < b.N; n++ { iter, err := ds.SnapshotReader(headRev).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }) require.NoError(b, err) var count int @@ -133,7 +133,7 @@ func BenchmarkDatastoreDriver(b *testing.B) { b.Run(orderName, func(b *testing.B) { for n := 0; n < b.N; n++ { iter, err := ds.SnapshotReader(headRev).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithSort(order)) require.NoError(b, err) var count int @@ -151,7 +151,7 @@ func BenchmarkDatastoreDriver(b *testing.B) { b.Run(orderName, func(b *testing.B) { for n := 0; n < b.N; n++ { iter, err := ds.SnapshotReader(headRev).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), OptionalResourceRelation: "viewer", }, options.WithSort(order)) require.NoError(b, err) @@ -171,7 +171,7 @@ func BenchmarkDatastoreDriver(b *testing.B) { for n := 0; n < b.N; n++ { randDocNum := rand.Intn(numDocuments) //nolint:gosec iter, err := ds.SnapshotReader(headRev).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), OptionalResourceIds: []string{strconv.Itoa(randDocNum)}, OptionalResourceRelation: "viewer", }, options.WithSort(order)) @@ -188,7 +188,7 @@ func BenchmarkDatastoreDriver(b *testing.B) { b.Run("SnapshotReverseRead", func(b *testing.B) { for n := 0; n < b.N; n++ { iter, err := ds.SnapshotReader(headRev).ReverseQueryRelationships(ctx, datastore.SubjectsFilter{ - SubjectType: testfixtures.UserNS.Name, + SubjectType: testfixtures.UserNS.GetName(), }, options.WithSortForReverse(options.ByResource)) require.NoError(b, err) var count int @@ -270,12 +270,12 @@ func docViewer(documentID, userID string) tuple.Relationship { return tuple.Relationship{ RelationshipReference: tuple.RelationshipReference{ Resource: tuple.ObjectAndRelation{ - ObjectType: testfixtures.DocumentNS.Name, + ObjectType: testfixtures.DocumentNS.GetName(), ObjectID: documentID, Relation: "viewer", }, Subject: tuple.ObjectAndRelation{ - ObjectType: testfixtures.UserNS.Name, + ObjectType: testfixtures.UserNS.GetName(), ObjectID: userID, Relation: datastore.Ellipsis, }, diff --git a/internal/datastore/common/changes.go b/internal/datastore/common/changes.go index 3077f2ecc..7681a0944 100644 --- a/internal/datastore/common/changes.go +++ b/internal/datastore/common/changes.go @@ -252,30 +252,30 @@ func (ch *Changes[R, K]) AddChangedDefinition( switch t := def.(type) { case *core.NamespaceDefinition: - delete(record.namespacesDeleted, t.Name) + delete(record.namespacesDeleted, t.GetName()) - if existing, ok := record.definitionsChanged[nsPrefix+t.Name]; ok { + if existing, ok := record.definitionsChanged[nsPrefix+t.GetName()]; ok { if err := ch.adjustByteSize(existing, -1); err != nil { return err } } - record.definitionsChanged[nsPrefix+t.Name] = t + record.definitionsChanged[nsPrefix+t.GetName()] = t if err := ch.adjustByteSize(t, 1); err != nil { return err } case *core.CaveatDefinition: - delete(record.caveatsDeleted, t.Name) + delete(record.caveatsDeleted, t.GetName()) - if existing, ok := record.definitionsChanged[nsPrefix+t.Name]; ok { + if existing, ok := record.definitionsChanged[nsPrefix+t.GetName()]; ok { if err := ch.adjustByteSize(existing, -1); err != nil { return err } } - record.definitionsChanged[caveatPrefix+t.Name] = t + record.definitionsChanged[caveatPrefix+t.GetName()] = t if err := ch.adjustByteSize(t, 1); err != nil { return err diff --git a/internal/datastore/common/errors.go b/internal/datastore/common/errors.go index 5344873c6..e6e9d675e 100644 --- a/internal/datastore/common/errors.go +++ b/internal/datastore/common/errors.go @@ -122,12 +122,12 @@ func (err CreateRelationshipExistsError) GRPCStatus() *status.Status { v1.ErrorReason_ERROR_REASON_ATTEMPT_TO_RECREATE_RELATIONSHIP, map[string]string{ "relationship": tuple.V1StringRelationshipWithoutCaveatOrExpiration(relationship), - "resource_type": relationship.Resource.ObjectType, - "resource_object_id": relationship.Resource.ObjectId, - "resource_relation": relationship.Relation, - "subject_type": relationship.Subject.Object.ObjectType, - "subject_object_id": relationship.Subject.Object.ObjectId, - "subject_relation": relationship.Subject.OptionalRelation, + "resource_type": relationship.GetResource().GetObjectType(), + "resource_object_id": relationship.GetResource().GetObjectId(), + "resource_relation": relationship.GetRelation(), + "subject_type": relationship.GetSubject().GetObject().GetObjectType(), + "subject_object_id": relationship.GetSubject().GetObject().GetObjectId(), + "subject_relation": relationship.GetSubject().GetOptionalRelation(), }, ), ) diff --git a/internal/datastore/common/gc_test.go b/internal/datastore/common/gc_test.go index e52811515..8033ed404 100644 --- a/internal/datastore/common/gc_test.go +++ b/internal/datastore/common/gc_test.go @@ -203,7 +203,7 @@ func TestGCFailureBackoff(t *testing.T) { mf = metric } } - require.Greater(t, *(mf.GetMetric()[0].Counter.Value), 100.0, "MaxElapsedTime=1ns did not cause backoff to get ignored") + require.Greater(t, mf.GetMetric()[0].GetCounter().GetValue(), 100.0, "MaxElapsedTime=1ns did not cause backoff to get ignored") localCounter = prometheus.NewCounter(gcFailureCounterConfig) reg = prometheus.NewRegistry() @@ -224,7 +224,7 @@ func TestGCFailureBackoff(t *testing.T) { mf = metric } } - require.Less(t, *(mf.GetMetric()[0].Counter.Value), 3.0, "MaxElapsedTime=0 should have not caused backoff to get ignored") + require.Less(t, mf.GetMetric()[0].GetCounter().GetValue(), 3.0, "MaxElapsedTime=0 should have not caused backoff to get ignored") } // Ensure the garbage collector interval is reset after recovering from an diff --git a/internal/datastore/common/sql.go b/internal/datastore/common/sql.go index f91b33699..e6a96c8d1 100644 --- a/internal/datastore/common/sql.go +++ b/internal/datastore/common/sql.go @@ -638,16 +638,16 @@ func (sqf SchemaQueryFilterer) FilterWithSubjectsSelectors(selectors ...datastor // FilterToSubjectFilter returns a new SchemaQueryFilterer that is limited to resources with // subjects that match the specified filter. func (sqf SchemaQueryFilterer) FilterToSubjectFilter(filter *v1.SubjectFilter) SchemaQueryFilterer { - sqf.queryBuilder = sqf.queryBuilder.Where(sq.Eq{sqf.schema.ColUsersetNamespace: filter.SubjectType}) - sqf.recordColumnValue(sqf.schema.ColUsersetNamespace, filter.SubjectType) + sqf.queryBuilder = sqf.queryBuilder.Where(sq.Eq{sqf.schema.ColUsersetNamespace: filter.GetSubjectType()}) + sqf.recordColumnValue(sqf.schema.ColUsersetNamespace, filter.GetSubjectType()) - if filter.OptionalSubjectId != "" { - sqf.queryBuilder = sqf.queryBuilder.Where(sq.Eq{sqf.schema.ColUsersetObjectID: filter.OptionalSubjectId}) - sqf.recordColumnValue(sqf.schema.ColUsersetObjectID, filter.OptionalSubjectId) + if filter.GetOptionalSubjectId() != "" { + sqf.queryBuilder = sqf.queryBuilder.Where(sq.Eq{sqf.schema.ColUsersetObjectID: filter.GetOptionalSubjectId()}) + sqf.recordColumnValue(sqf.schema.ColUsersetObjectID, filter.GetOptionalSubjectId()) } - if filter.OptionalRelation != nil { - dsRelationName := cmp.Or(filter.OptionalRelation.Relation, datastore.Ellipsis) + if filter.GetOptionalRelation() != nil { + dsRelationName := cmp.Or(filter.GetOptionalRelation().GetRelation(), datastore.Ellipsis) sqf.queryBuilder = sqf.queryBuilder.Where(sq.Eq{sqf.schema.ColUsersetRelation: dsRelationName}) sqf.recordColumnValue(sqf.schema.ColUsersetRelation, datastore.Ellipsis) diff --git a/internal/datastore/crdb/caveat.go b/internal/datastore/crdb/caveat.go index c011d32a3..e87b00a99 100644 --- a/internal/datastore/crdb/caveat.go +++ b/internal/datastore/crdb/caveat.go @@ -138,9 +138,9 @@ func (rwt *crdbReadWriteTXN) WriteCaveats(ctx context.Context, caveats []*core.C if err != nil { return fmt.Errorf(errWriteCaveat, err) } - valuesToWrite := []any{caveat.Name, definitionBytes} + valuesToWrite := []any{caveat.GetName(), definitionBytes} write = write.Values(valuesToWrite...) - writtenCaveatNames = append(writtenCaveatNames, caveat.Name) + writtenCaveatNames = append(writtenCaveatNames, caveat.GetName()) } // store the new caveat diff --git a/internal/datastore/crdb/crdb_test.go b/internal/datastore/crdb/crdb_test.go index 404c2e9f2..69637201f 100644 --- a/internal/datastore/crdb/crdb_test.go +++ b/internal/datastore/crdb/crdb_test.go @@ -528,10 +528,10 @@ func RelationshipIntegrityInfoTest(t *testing.T, tester test.DatastoreTester) { rel := slice[0] require.NotNil(rel.OptionalIntegrity) - require.Equal("key1", rel.OptionalIntegrity.KeyId) - require.Equal([]byte("hash1"), rel.OptionalIntegrity.Hash) + require.Equal("key1", rel.OptionalIntegrity.GetKeyId()) + require.Equal([]byte("hash1"), rel.OptionalIntegrity.GetHash()) - require.LessOrEqual(math.Abs(float64(timestamp.Sub(rel.OptionalIntegrity.HashedAt.AsTime()).Milliseconds())), 1000.0) + require.LessOrEqual(math.Abs(float64(timestamp.Sub(rel.OptionalIntegrity.GetHashedAt().AsTime()).Milliseconds())), 1000.0) } type fakeSource struct { @@ -591,10 +591,10 @@ func BulkRelationshipIntegrityInfoTest(t *testing.T, tester test.DatastoreTester rel := slice[0] require.NotNil(rel.OptionalIntegrity) - require.Equal("key1", rel.OptionalIntegrity.KeyId) - require.Equal([]byte("hash1"), rel.OptionalIntegrity.Hash) + require.Equal("key1", rel.OptionalIntegrity.GetKeyId()) + require.Equal([]byte("hash1"), rel.OptionalIntegrity.GetHash()) - require.LessOrEqual(math.Abs(float64(timestamp.Sub(rel.OptionalIntegrity.HashedAt.AsTime()).Milliseconds())), 1000.0) + require.LessOrEqual(math.Abs(float64(timestamp.Sub(rel.OptionalIntegrity.GetHashedAt().AsTime()).Milliseconds())), 1000.0) } func RelationshipIntegrityWatchTest(t *testing.T, tester test.DatastoreTester) { @@ -638,10 +638,10 @@ func RelationshipIntegrityWatchTest(t *testing.T, tester test.DatastoreTester) { rel := change.RelationshipChanges[0].Relationship require.NotNil(rel.OptionalIntegrity) - require.Equal("key1", rel.OptionalIntegrity.KeyId) - require.Equal([]byte("hash1"), rel.OptionalIntegrity.Hash) + require.Equal("key1", rel.OptionalIntegrity.GetKeyId()) + require.Equal([]byte("hash1"), rel.OptionalIntegrity.GetHash()) - require.LessOrEqual(math.Abs(float64(timestamp.Sub(rel.OptionalIntegrity.HashedAt.AsTime()).Milliseconds())), 1000.0) + require.LessOrEqual(math.Abs(float64(timestamp.Sub(rel.OptionalIntegrity.GetHashedAt().AsTime()).Milliseconds())), 1000.0) case err := <-errchan: require.Failf("Failed waiting for changes with error", "error: %v", err) case <-time.NewTimer(10 * time.Second).C: diff --git a/internal/datastore/crdb/keys_test.go b/internal/datastore/crdb/keys_test.go index 0e287b8ab..bf405c3a0 100644 --- a/internal/datastore/crdb/keys_test.go +++ b/internal/datastore/crdb/keys_test.go @@ -169,7 +169,7 @@ func TestOverlapKeysFromContext(t *testing.T) { ctx := metadata.NewOutgoingContext(t.Context(), md) resp, err := client.Ping(ctx, &testpb.PingRequest{}) require.NoError(t, err) - require.Equal(t, tt.expected, resp.Value) + require.Equal(t, tt.expected, resp.GetValue()) }) } } diff --git a/internal/datastore/crdb/readwrite.go b/internal/datastore/crdb/readwrite.go index 6eb5800c9..4cd4a9a0c 100644 --- a/internal/datastore/crdb/readwrite.go +++ b/internal/datastore/crdb/readwrite.go @@ -298,8 +298,8 @@ func (rwt *crdbReadWriteTXN) WriteRelationships(ctx context.Context, mutations [ var caveatContext map[string]any var caveatName string if rel.OptionalCaveat != nil { - caveatName = rel.OptionalCaveat.CaveatName - caveatContext = rel.OptionalCaveat.Context.AsMap() + caveatName = rel.OptionalCaveat.GetCaveatName() + caveatContext = rel.OptionalCaveat.GetContext().AsMap() } var integrityKeyID *string @@ -311,7 +311,7 @@ func (rwt *crdbReadWriteTXN) WriteRelationships(ctx context.Context, mutations [ } integrityKeyID = &rel.OptionalIntegrity.KeyId - integrityHash = rel.OptionalIntegrity.Hash + integrityHash = rel.OptionalIntegrity.GetHash() } else if rwt.withIntegrity { return spiceerrors.MustBugf("attempted to write a relationship without integrity, but the datastore requires integrity") } @@ -416,17 +416,17 @@ func (rwt *crdbReadWriteTXN) DeleteRelationships(ctx context.Context, filter *v1 query := rwt.queryDeleteTuples(index) - if filter.ResourceType != "" { - query = query.Where(sq.Eq{schema.ColNamespace: filter.ResourceType}) + if filter.GetResourceType() != "" { + query = query.Where(sq.Eq{schema.ColNamespace: filter.GetResourceType()}) } - if filter.OptionalResourceId != "" { - query = query.Where(sq.Eq{schema.ColObjectID: filter.OptionalResourceId}) + if filter.GetOptionalResourceId() != "" { + query = query.Where(sq.Eq{schema.ColObjectID: filter.GetOptionalResourceId()}) } - if filter.OptionalRelation != "" { - query = query.Where(sq.Eq{schema.ColRelation: filter.OptionalRelation}) + if filter.GetOptionalRelation() != "" { + query = query.Where(sq.Eq{schema.ColRelation: filter.GetOptionalRelation()}) } - if filter.OptionalResourceIdPrefix != "" { - likeClause, err := common.BuildLikePrefixClause(schema.ColObjectID, filter.OptionalResourceIdPrefix) + if filter.GetOptionalResourceIdPrefix() != "" { + likeClause, err := common.BuildLikePrefixClause(schema.ColObjectID, filter.GetOptionalResourceIdPrefix()) if err != nil { return 0, false, fmt.Errorf("unable to build like clause: %w", err) } @@ -434,18 +434,18 @@ func (rwt *crdbReadWriteTXN) DeleteRelationships(ctx context.Context, filter *v1 query = query.Where(likeClause) } - rwt.addOverlapKey(filter.ResourceType) + rwt.addOverlapKey(filter.GetResourceType()) // Add clauses for the SubjectFilter - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { - query = query.Where(sq.Eq{schema.ColUsersetNamespace: subjectFilter.SubjectType}) - if subjectFilter.OptionalSubjectId != "" { - query = query.Where(sq.Eq{schema.ColUsersetObjectID: subjectFilter.OptionalSubjectId}) + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { + query = query.Where(sq.Eq{schema.ColUsersetNamespace: subjectFilter.GetSubjectType()}) + if subjectFilter.GetOptionalSubjectId() != "" { + query = query.Where(sq.Eq{schema.ColUsersetObjectID: subjectFilter.GetOptionalSubjectId()}) } - if relationFilter := subjectFilter.OptionalRelation; relationFilter != nil { - query = query.Where(sq.Eq{schema.ColUsersetRelation: cmp.Or(relationFilter.Relation, datastore.Ellipsis)}) + if relationFilter := subjectFilter.GetOptionalRelation(); relationFilter != nil { + query = query.Where(sq.Eq{schema.ColUsersetRelation: cmp.Or(relationFilter.GetRelation(), datastore.Ellipsis)}) } - rwt.addOverlapKey(subjectFilter.SubjectType) + rwt.addOverlapKey(subjectFilter.GetSubjectType()) } // Add the limit, if any. @@ -487,13 +487,13 @@ func (rwt *crdbReadWriteTXN) WriteNamespaces(ctx context.Context, newConfigs ... query := queryWriteNamespace for _, newConfig := range newConfigs { - rwt.addOverlapKey(newConfig.Name) + rwt.addOverlapKey(newConfig.GetName()) serialized, err := newConfig.MarshalVT() if err != nil { return fmt.Errorf(errUnableToWriteConfig, err) } - query = query.Values(newConfig.Name, serialized) + query = query.Values(newConfig.GetName(), serialized) } writeSQL, writeArgs, err := query.ToSql() diff --git a/internal/datastore/memdb/caveat.go b/internal/datastore/memdb/caveat.go index 2b4baca7a..53b02f0af 100644 --- a/internal/datastore/memdb/caveat.go +++ b/internal/datastore/memdb/caveat.go @@ -101,7 +101,7 @@ func (r *memdbReader) LookupCaveatsWithNames(ctx context.Context, caveatNames [] toReturn := make([]datastore.RevisionedCaveat, 0, len(caveatNames)) for _, caveat := range allCaveats { - if allowedCaveatNames.Has(caveat.Definition.Name) { + if allowedCaveatNames.Has(caveat.Definition.GetName()) { toReturn = append(toReturn, caveat) } } @@ -121,15 +121,15 @@ func (rwt *memdbReadWriteTx) WriteCaveats(_ context.Context, caveats []*core.Cav func (rwt *memdbReadWriteTx) writeCaveat(tx *memdb.Txn, caveats []*core.CaveatDefinition) error { caveatNames := mapz.NewSet[string]() for _, coreCaveat := range caveats { - if !caveatNames.Add(coreCaveat.Name) { - return fmt.Errorf("duplicate caveat %s", coreCaveat.Name) + if !caveatNames.Add(coreCaveat.GetName()) { + return fmt.Errorf("duplicate caveat %s", coreCaveat.GetName()) } marshalled, err := coreCaveat.MarshalVT() if err != nil { return err } c := caveat{ - name: coreCaveat.Name, + name: coreCaveat.GetName(), definition: marshalled, revision: rwt.newRevision, } diff --git a/internal/datastore/memdb/readonly.go b/internal/datastore/memdb/readonly.go index 2cbaab369..ad51bf91c 100644 --- a/internal/datastore/memdb/readonly.go +++ b/internal/datastore/memdb/readonly.go @@ -334,7 +334,7 @@ func (r *memdbReader) LookupNamespacesWithNames(_ context.Context, nsNames []str return nil, err } - if _, ok := nsNameMap[loaded.Name]; ok { + if _, ok := nsNameMap[loaded.GetName()]; ok { nsDefs = append(nsDefs, datastore.RevisionedNamespace{ Definition: loaded, LastWrittenRevision: found.updated, diff --git a/internal/datastore/memdb/readwrite.go b/internal/datastore/memdb/readwrite.go index d6ac7e485..ccd2ad0ab 100644 --- a/internal/datastore/memdb/readwrite.go +++ b/internal/datastore/memdb/readwrite.go @@ -40,9 +40,9 @@ func (rwt *memdbReadWriteTx) toIntegrity(mutation tuple.RelationshipUpdate) *rel var ri *relationshipIntegrity if mutation.Relationship.OptionalIntegrity != nil { ri = &relationshipIntegrity{ - keyID: mutation.Relationship.OptionalIntegrity.KeyId, - hash: mutation.Relationship.OptionalIntegrity.Hash, - timestamp: mutation.Relationship.OptionalIntegrity.HashedAt.AsTime(), + keyID: mutation.Relationship.OptionalIntegrity.GetKeyId(), + hash: mutation.Relationship.OptionalIntegrity.GetHash(), + timestamp: mutation.Relationship.OptionalIntegrity.GetHashedAt().AsTime(), } } return ri @@ -129,8 +129,8 @@ func (rwt *memdbReadWriteTx) toCaveatReference(mutation tuple.RelationshipUpdate var cr *contextualizedCaveat if mutation.Relationship.OptionalCaveat != nil { cr = &contextualizedCaveat{ - caveatName: mutation.Relationship.OptionalCaveat.CaveatName, - context: mutation.Relationship.OptionalCaveat.Context.AsMap(), + caveatName: mutation.Relationship.OptionalCaveat.GetCaveatName(), + context: mutation.Relationship.OptionalCaveat.GetContext().AsMap(), } } return cr @@ -287,7 +287,7 @@ func (rwt *memdbReadWriteTx) WriteNamespaces(_ context.Context, newConfigs ...*c return err } - newConfigEntry := &namespace{newConfig.Name, serialized, rwt.newRevision} + newConfigEntry := &namespace{newConfig.GetName(), serialized, rwt.newRevision} err = tx.Insert(tableNamespace, newConfigEntry) if err != nil { @@ -358,25 +358,25 @@ func relationshipFilterFilterFunc(filter *v1.RelationshipFilter) func(any) bool // If it doesn't match one of the resource filters, filter it. switch { - case filter.ResourceType != "" && filter.ResourceType != tuple.namespace: + case filter.GetResourceType() != "" && filter.GetResourceType() != tuple.namespace: return true - case filter.OptionalResourceId != "" && filter.OptionalResourceId != tuple.resourceID: + case filter.GetOptionalResourceId() != "" && filter.GetOptionalResourceId() != tuple.resourceID: return true - case filter.OptionalResourceIdPrefix != "" && !strings.HasPrefix(tuple.resourceID, filter.OptionalResourceIdPrefix): + case filter.GetOptionalResourceIdPrefix() != "" && !strings.HasPrefix(tuple.resourceID, filter.GetOptionalResourceIdPrefix()): return true - case filter.OptionalRelation != "" && filter.OptionalRelation != tuple.relation: + case filter.GetOptionalRelation() != "" && filter.GetOptionalRelation() != tuple.relation: return true } // If it doesn't match one of the subject filters, filter it. - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { switch { - case subjectFilter.SubjectType != tuple.subjectNamespace: + case subjectFilter.GetSubjectType() != tuple.subjectNamespace: return true - case subjectFilter.OptionalSubjectId != "" && subjectFilter.OptionalSubjectId != tuple.subjectObjectID: + case subjectFilter.GetOptionalSubjectId() != "" && subjectFilter.GetOptionalSubjectId() != tuple.subjectObjectID: return true - case subjectFilter.OptionalRelation != nil && - cmp.Or(subjectFilter.OptionalRelation.Relation, datastore.Ellipsis) != tuple.subjectRelation: + case subjectFilter.GetOptionalRelation() != nil && + cmp.Or(subjectFilter.GetOptionalRelation().GetRelation(), datastore.Ellipsis) != tuple.subjectRelation: return true } } diff --git a/internal/datastore/mysql/caveat.go b/internal/datastore/mysql/caveat.go index b5baa4b6a..71477eb38 100644 --- a/internal/datastore/mysql/caveat.go +++ b/internal/datastore/mysql/caveat.go @@ -125,8 +125,8 @@ func (rwt *mysqlReadWriteTXN) WriteCaveats(ctx context.Context, caveats []*core. return fmt.Errorf("unable to write caveat: %w", err) } - writeQuery = writeQuery.Values(newCaveat.Name, serialized, rwt.newTxnID) - caveatNamesToWrite = append(caveatNamesToWrite, newCaveat.Name) + writeQuery = writeQuery.Values(newCaveat.GetName(), serialized, rwt.newTxnID) + caveatNamesToWrite = append(caveatNamesToWrite, newCaveat.GetName()) } err := rwt.deleteCaveatsFromNames(ctx, caveatNamesToWrite) diff --git a/internal/datastore/mysql/readwrite.go b/internal/datastore/mysql/readwrite.go index 9ea1a4a10..3673e609f 100644 --- a/internal/datastore/mysql/readwrite.go +++ b/internal/datastore/mysql/readwrite.go @@ -312,8 +312,8 @@ func (rwt *mysqlReadWriteTXN) WriteRelationships(ctx context.Context, mutations var caveatName string var caveatContext structpbWrapper if rel.OptionalCaveat != nil { - caveatName = rel.OptionalCaveat.CaveatName - caveatContext = rel.OptionalCaveat.Context.AsMap() + caveatName = rel.OptionalCaveat.GetCaveatName() + caveatContext = rel.OptionalCaveat.GetContext().AsMap() } bulkWrite = bulkWrite.Values( rel.Resource.ObjectType, @@ -348,17 +348,17 @@ func (rwt *mysqlReadWriteTXN) WriteRelationships(ctx context.Context, mutations func (rwt *mysqlReadWriteTXN) DeleteRelationships(ctx context.Context, filter *v1.RelationshipFilter, opts ...options.DeleteOptionsOption) (uint64, bool, error) { // Add clauses for the ResourceFilter query := rwt.DeleteRelsQuery - if filter.ResourceType != "" { - query = query.Where(sq.Eq{colNamespace: filter.ResourceType}) + if filter.GetResourceType() != "" { + query = query.Where(sq.Eq{colNamespace: filter.GetResourceType()}) } - if filter.OptionalResourceId != "" { - query = query.Where(sq.Eq{colObjectID: filter.OptionalResourceId}) + if filter.GetOptionalResourceId() != "" { + query = query.Where(sq.Eq{colObjectID: filter.GetOptionalResourceId()}) } - if filter.OptionalRelation != "" { - query = query.Where(sq.Eq{colRelation: filter.OptionalRelation}) + if filter.GetOptionalRelation() != "" { + query = query.Where(sq.Eq{colRelation: filter.GetOptionalRelation()}) } - if filter.OptionalResourceIdPrefix != "" { - likeClause, err := common.BuildLikePrefixClause(colObjectID, filter.OptionalResourceIdPrefix) + if filter.GetOptionalResourceIdPrefix() != "" { + likeClause, err := common.BuildLikePrefixClause(colObjectID, filter.GetOptionalResourceIdPrefix()) if err != nil { return 0, false, fmt.Errorf(errUnableToDeleteRelationships, err) } @@ -366,13 +366,13 @@ func (rwt *mysqlReadWriteTXN) DeleteRelationships(ctx context.Context, filter *v } // Add clauses for the SubjectFilter - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { - query = query.Where(sq.Eq{colUsersetNamespace: subjectFilter.SubjectType}) - if subjectFilter.OptionalSubjectId != "" { - query = query.Where(sq.Eq{colUsersetObjectID: subjectFilter.OptionalSubjectId}) + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { + query = query.Where(sq.Eq{colUsersetNamespace: subjectFilter.GetSubjectType()}) + if subjectFilter.GetOptionalSubjectId() != "" { + query = query.Where(sq.Eq{colUsersetObjectID: subjectFilter.GetOptionalSubjectId()}) } - if relationFilter := subjectFilter.OptionalRelation; relationFilter != nil { - query = query.Where(sq.Eq{colUsersetRelation: cmp.Or(relationFilter.Relation, datastore.Ellipsis)}) + if relationFilter := subjectFilter.GetOptionalRelation(); relationFilter != nil { + query = query.Where(sq.Eq{colUsersetRelation: cmp.Or(relationFilter.GetRelation(), datastore.Ellipsis)}) } } @@ -426,8 +426,8 @@ func (rwt *mysqlReadWriteTXN) WriteNamespaces(ctx context.Context, newNamespaces return fmt.Errorf(errUnableToWriteConfig, err) } - deletedNamespaceClause = append(deletedNamespaceClause, sq.Eq{colNamespace: newNamespace.Name}) - writeQuery = writeQuery.Values(newNamespace.Name, serialized, rwt.newTxnID) + deletedNamespaceClause = append(deletedNamespaceClause, sq.Eq{colNamespace: newNamespace.GetName()}) + writeQuery = writeQuery.Values(newNamespace.GetName(), serialized, rwt.newTxnID) } delSQL, delArgs, err := rwt.DeleteNamespaceQuery. @@ -534,8 +534,8 @@ func (rwt *mysqlReadWriteTXN) BulkLoad(ctx context.Context, iter datastore.BulkW var caveatName string var caveatContext structpbWrapper if rel.OptionalCaveat != nil { - caveatName = rel.OptionalCaveat.CaveatName - caveatContext = rel.OptionalCaveat.Context.AsMap() + caveatName = rel.OptionalCaveat.GetCaveatName() + caveatContext = rel.OptionalCaveat.GetContext().AsMap() } args = append(args, rel.Resource.ObjectType, diff --git a/internal/datastore/postgres/caveat.go b/internal/datastore/postgres/caveat.go index aff7908c1..076ab26d2 100644 --- a/internal/datastore/postgres/caveat.go +++ b/internal/datastore/postgres/caveat.go @@ -123,10 +123,10 @@ func (rwt *pgReadWriteTXN) WriteCaveats(ctx context.Context, caveats []*core.Cav if err != nil { return fmt.Errorf(errWriteCaveats, err) } - valuesToWrite := []any{caveat.Name, definitionBytes} + valuesToWrite := []any{caveat.GetName(), definitionBytes} write = write.Values(valuesToWrite...) - if !writtenCaveatNames.Add(caveat.Name) { - return fmt.Errorf("duplicate caveat name %q", caveat.Name) + if !writtenCaveatNames.Add(caveat.GetName()) { + return fmt.Errorf("duplicate caveat name %q", caveat.GetName()) } } diff --git a/internal/datastore/postgres/common/bulk.go b/internal/datastore/postgres/common/bulk.go index 4673432a8..26a69bdd5 100644 --- a/internal/datastore/postgres/common/bulk.go +++ b/internal/datastore/postgres/common/bulk.go @@ -34,8 +34,8 @@ func (tg *tupleSourceAdapter) Values() ([]any, error) { var caveatName string var caveatContext map[string]any if tg.current.OptionalCaveat != nil { - caveatName = tg.current.OptionalCaveat.CaveatName - caveatContext = tg.current.OptionalCaveat.Context.AsMap() + caveatName = tg.current.OptionalCaveat.GetCaveatName() + caveatContext = tg.current.OptionalCaveat.GetContext().AsMap() } tg.valuesBuffer[0] = tg.current.Resource.ObjectType @@ -49,9 +49,9 @@ func (tg *tupleSourceAdapter) Values() ([]any, error) { tg.valuesBuffer[8] = tg.current.OptionalExpiration if len(tg.colNames) > 9 && tg.current.OptionalIntegrity != nil { - tg.valuesBuffer[9] = tg.current.OptionalIntegrity.KeyId - tg.valuesBuffer[10] = tg.current.OptionalIntegrity.Hash - tg.valuesBuffer[11] = tg.current.OptionalIntegrity.HashedAt.AsTime() + tg.valuesBuffer[9] = tg.current.OptionalIntegrity.GetKeyId() + tg.valuesBuffer[10] = tg.current.OptionalIntegrity.GetHash() + tg.valuesBuffer[11] = tg.current.OptionalIntegrity.GetHashedAt().AsTime() } return tg.valuesBuffer, nil diff --git a/internal/datastore/postgres/postgres_shared_test.go b/internal/datastore/postgres/postgres_shared_test.go index 3e95c37b1..5ea5fda76 100644 --- a/internal/datastore/postgres/postgres_shared_test.go +++ b/internal/datastore/postgres/postgres_shared_test.go @@ -1456,12 +1456,12 @@ func BenchmarkPostgresQuery(b *testing.B) { for i := 0; i < b.N; i++ { iter, err := ds.SnapshotReader(revision).QueryRelationships(context.Background(), datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }) require.NoError(err) for rel, err := range iter { require.NoError(err) - require.Equal(testfixtures.DocumentNS.Name, rel.Resource.ObjectType) + require.Equal(testfixtures.DocumentNS.GetName(), rel.Resource.ObjectType) } } }) @@ -1504,7 +1504,7 @@ func datastoreWithInterceptorAndTestData(t *testing.T, interceptor pgcommon.Quer rtu := tuple.Touch(tuple.Relationship{ RelationshipReference: tuple.RelationshipReference{ Resource: tuple.ObjectAndRelation{ - ObjectType: testfixtures.DocumentNS.Name, + ObjectType: testfixtures.DocumentNS.GetName(), ObjectID: fmt.Sprintf("doc%d", i), Relation: "reader", }, @@ -1557,7 +1557,7 @@ func datastoreWithInterceptorAndTestData(t *testing.T, interceptor pgcommon.Quer rtu := tuple.Delete(tuple.Relationship{ RelationshipReference: tuple.RelationshipReference{ Resource: tuple.ObjectAndRelation{ - ObjectType: testfixtures.DocumentNS.Name, + ObjectType: testfixtures.DocumentNS.GetName(), ObjectID: fmt.Sprintf("doc%d", i), Relation: "reader", }, @@ -1595,7 +1595,7 @@ func datastoreWithInterceptorAndTestData(t *testing.T, interceptor pgcommon.Quer rtu := tuple.Touch(tuple.Relationship{ RelationshipReference: tuple.RelationshipReference{ Resource: tuple.ObjectAndRelation{ - ObjectType: testfixtures.DocumentNS.Name, + ObjectType: testfixtures.DocumentNS.GetName(), ObjectID: fmt.Sprintf("doc%d", i), Relation: "reader", }, diff --git a/internal/datastore/postgres/readwrite.go b/internal/datastore/postgres/readwrite.go index 72bf8ecaf..5e05191be 100644 --- a/internal/datastore/postgres/readwrite.go +++ b/internal/datastore/postgres/readwrite.go @@ -88,8 +88,8 @@ func appendForInsertion(builder sq.InsertBuilder, tpl tuple.Relationship) sq.Ins var caveatName string var caveatContext map[string]any if tpl.OptionalCaveat != nil { - caveatName = tpl.OptionalCaveat.CaveatName - caveatContext = tpl.OptionalCaveat.Context.AsMap() + caveatName = tpl.OptionalCaveat.GetCaveatName() + caveatContext = tpl.OptionalCaveat.GetContext().AsMap() } valuesToWrite := []any{ @@ -134,7 +134,7 @@ func (rwt *pgReadWriteTXN) collectSimplifiedTouchTypes(ctx context.Context, muta nsDefByName := make(map[string]*core.NamespaceDefinition, len(namespaces)) for _, ns := range namespaces { - nsDefByName[ns.Definition.Name] = ns.Definition + nsDefByName[ns.Definition.GetName()] = ns.Definition } for _, mut := range mutations { @@ -160,7 +160,7 @@ func (rwt *pgReadWriteTXN) collectSimplifiedTouchTypes(ctx context.Context, muta } if notAllowed { - relationSupportSimplifiedTouch.Add(nsDef.Name + "#" + rel.Resource.Relation + "@" + rel.Subject.ObjectType) + relationSupportSimplifiedTouch.Add(nsDef.GetName() + "#" + rel.Resource.Relation + "@" + rel.Subject.ObjectType) continue } } @@ -449,17 +449,17 @@ func (rwt *pgReadWriteTXN) deleteRelationshipsWithLimit(ctx context.Context, fil // Construct a select query for the relationships to be removed. query := selectForDelete - if filter.ResourceType != "" { - query = query.Where(sq.Eq{schema.ColNamespace: filter.ResourceType}) + if filter.GetResourceType() != "" { + query = query.Where(sq.Eq{schema.ColNamespace: filter.GetResourceType()}) } - if filter.OptionalResourceId != "" { - query = query.Where(sq.Eq{schema.ColObjectID: filter.OptionalResourceId}) + if filter.GetOptionalResourceId() != "" { + query = query.Where(sq.Eq{schema.ColObjectID: filter.GetOptionalResourceId()}) } - if filter.OptionalRelation != "" { - query = query.Where(sq.Eq{schema.ColRelation: filter.OptionalRelation}) + if filter.GetOptionalRelation() != "" { + query = query.Where(sq.Eq{schema.ColRelation: filter.GetOptionalRelation()}) } - if filter.OptionalResourceIdPrefix != "" { - likeClause, err := common.BuildLikePrefixClause(schema.ColObjectID, filter.OptionalResourceIdPrefix) + if filter.GetOptionalResourceIdPrefix() != "" { + likeClause, err := common.BuildLikePrefixClause(schema.ColObjectID, filter.GetOptionalResourceIdPrefix()) if err != nil { return 0, false, fmt.Errorf(errUnableToDeleteRelationships, err) } @@ -467,13 +467,13 @@ func (rwt *pgReadWriteTXN) deleteRelationshipsWithLimit(ctx context.Context, fil } // Add clauses for the SubjectFilter - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { - query = query.Where(sq.Eq{schema.ColUsersetNamespace: subjectFilter.SubjectType}) - if subjectFilter.OptionalSubjectId != "" { - query = query.Where(sq.Eq{schema.ColUsersetObjectID: subjectFilter.OptionalSubjectId}) + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { + query = query.Where(sq.Eq{schema.ColUsersetNamespace: subjectFilter.GetSubjectType()}) + if subjectFilter.GetOptionalSubjectId() != "" { + query = query.Where(sq.Eq{schema.ColUsersetObjectID: subjectFilter.GetOptionalSubjectId()}) } - if relationFilter := subjectFilter.OptionalRelation; relationFilter != nil { - query = query.Where(sq.Eq{schema.ColUsersetRelation: cmp.Or(relationFilter.Relation, datastore.Ellipsis)}) + if relationFilter := subjectFilter.GetOptionalRelation(); relationFilter != nil { + query = query.Where(sq.Eq{schema.ColUsersetRelation: cmp.Or(relationFilter.GetRelation(), datastore.Ellipsis)}) } } @@ -518,17 +518,17 @@ func (rwt *pgReadWriteTXN) deleteRelationshipsWithLimit(ctx context.Context, fil func (rwt *pgReadWriteTXN) deleteRelationships(ctx context.Context, filter *v1.RelationshipFilter) (uint64, error) { // Add clauses for the ResourceFilter query := deleteTuple - if filter.ResourceType != "" { - query = query.Where(sq.Eq{schema.ColNamespace: filter.ResourceType}) + if filter.GetResourceType() != "" { + query = query.Where(sq.Eq{schema.ColNamespace: filter.GetResourceType()}) } - if filter.OptionalResourceId != "" { - query = query.Where(sq.Eq{schema.ColObjectID: filter.OptionalResourceId}) + if filter.GetOptionalResourceId() != "" { + query = query.Where(sq.Eq{schema.ColObjectID: filter.GetOptionalResourceId()}) } - if filter.OptionalRelation != "" { - query = query.Where(sq.Eq{schema.ColRelation: filter.OptionalRelation}) + if filter.GetOptionalRelation() != "" { + query = query.Where(sq.Eq{schema.ColRelation: filter.GetOptionalRelation()}) } - if filter.OptionalResourceIdPrefix != "" { - likeClause, err := common.BuildLikePrefixClause(schema.ColObjectID, filter.OptionalResourceIdPrefix) + if filter.GetOptionalResourceIdPrefix() != "" { + likeClause, err := common.BuildLikePrefixClause(schema.ColObjectID, filter.GetOptionalResourceIdPrefix()) if err != nil { return 0, fmt.Errorf(errUnableToDeleteRelationships, err) } @@ -536,13 +536,13 @@ func (rwt *pgReadWriteTXN) deleteRelationships(ctx context.Context, filter *v1.R } // Add clauses for the SubjectFilter - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { - query = query.Where(sq.Eq{schema.ColUsersetNamespace: subjectFilter.SubjectType}) - if subjectFilter.OptionalSubjectId != "" { - query = query.Where(sq.Eq{schema.ColUsersetObjectID: subjectFilter.OptionalSubjectId}) + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { + query = query.Where(sq.Eq{schema.ColUsersetNamespace: subjectFilter.GetSubjectType()}) + if subjectFilter.GetOptionalSubjectId() != "" { + query = query.Where(sq.Eq{schema.ColUsersetObjectID: subjectFilter.GetOptionalSubjectId()}) } - if relationFilter := subjectFilter.OptionalRelation; relationFilter != nil { - query = query.Where(sq.Eq{schema.ColUsersetRelation: cmp.Or(relationFilter.Relation, datastore.Ellipsis)}) + if relationFilter := subjectFilter.GetOptionalRelation(); relationFilter != nil { + query = query.Where(sq.Eq{schema.ColUsersetRelation: cmp.Or(relationFilter.GetRelation(), datastore.Ellipsis)}) } } @@ -574,9 +574,9 @@ func (rwt *pgReadWriteTXN) WriteNamespaces(ctx context.Context, newConfigs ...*c return fmt.Errorf(errUnableToWriteConfig, err) } - deletedNamespaceClause = append(deletedNamespaceClause, sq.Eq{schema.ColNamespace: newNamespace.Name}) + deletedNamespaceClause = append(deletedNamespaceClause, sq.Eq{schema.ColNamespace: newNamespace.GetName()}) - valuesToWrite := []any{newNamespace.Name, serialized} + valuesToWrite := []any{newNamespace.GetName(), serialized} writeQuery = writeQuery.Values(valuesToWrite...) } @@ -785,8 +785,8 @@ func exactRelationshipDifferentCaveatAndExpirationClause(r tuple.Relationship) s var caveatName string var caveatContext map[string]any if r.OptionalCaveat != nil { - caveatName = r.OptionalCaveat.CaveatName - caveatContext = r.OptionalCaveat.Context.AsMap() + caveatName = r.OptionalCaveat.GetCaveatName() + caveatContext = r.OptionalCaveat.GetContext().AsMap() } expiration := r.OptionalExpiration diff --git a/internal/datastore/postgres/revisions.go b/internal/datastore/postgres/revisions.go index e000b2d56..791b7dc37 100644 --- a/internal/datastore/postgres/revisions.go +++ b/internal/datastore/postgres/revisions.go @@ -199,15 +199,15 @@ func parseRevisionProto(revisionStr string) (datastore.Revision, error) { return datastore.NoRevision, fmt.Errorf(errRevisionFormat, err) } - xminInt, err := safecast.ToInt64(decoded.Xmin) + xminInt, err := safecast.ToInt64(decoded.GetXmin()) if err != nil { return datastore.NoRevision, spiceerrors.MustBugf("could not cast xmin to int64") } var xips []uint64 - if len(decoded.RelativeXips) > 0 { - xips = make([]uint64, len(decoded.RelativeXips)) - for i, relativeXip := range decoded.RelativeXips { + if len(decoded.GetRelativeXips()) > 0 { + xips = make([]uint64, len(decoded.GetRelativeXips())) + for i, relativeXip := range decoded.GetRelativeXips() { xip := xminInt + relativeXip uintXip, err := safecast.ToUint64(xip) if err != nil { @@ -217,19 +217,19 @@ func parseRevisionProto(revisionStr string) (datastore.Revision, error) { } } - xmax, err := safecast.ToUint64(xminInt + decoded.RelativeXmax) + xmax, err := safecast.ToUint64(xminInt + decoded.GetRelativeXmax()) if err != nil { return datastore.NoRevision, spiceerrors.MustBugf("could not cast xmax to int64") } return postgresRevision{ snapshot: pgSnapshot{ - xmin: decoded.Xmin, + xmin: decoded.GetXmin(), xmax: xmax, xipList: xips, }, - optionalTxID: xid8{Uint64: decoded.OptionalTxid, Valid: decoded.OptionalTxid != 0}, - optionalNanosTimestamp: decoded.OptionalTimestamp, + optionalTxID: xid8{Uint64: decoded.GetOptionalTxid(), Valid: decoded.GetOptionalTxid() != 0}, + optionalNanosTimestamp: decoded.GetOptionalTimestamp(), }, nil } diff --git a/internal/datastore/postgres/watch.go b/internal/datastore/postgres/watch.go index cf5bc68c8..e641547dc 100644 --- a/internal/datastore/postgres/watch.go +++ b/internal/datastore/postgres/watch.go @@ -441,7 +441,7 @@ func (pgd *pgDatastore) loadNamespaceChanges(ctx context.Context, xmin uint64, x } } if _, found := filter[deletedXID.Uint64]; found { - err := tracked.AddDeletedNamespace(ctx, txidToRevision[deletedXID.Uint64], loaded.Name) + err := tracked.AddDeletedNamespace(ctx, txidToRevision[deletedXID.Uint64], loaded.GetName()) if err != nil { return err } @@ -500,7 +500,7 @@ func (pgd *pgDatastore) loadCaveatChanges(ctx context.Context, xmin uint64, xmax } } if _, found := filter[deletedXID.Uint64]; found { - err := tracked.AddDeletedCaveat(ctx, txidToRevision[deletedXID.Uint64], loaded.Name) + err := tracked.AddDeletedCaveat(ctx, txidToRevision[deletedXID.Uint64], loaded.GetName()) if err != nil { return err } diff --git a/internal/datastore/proxy/observable.go b/internal/datastore/proxy/observable.go index acde6cc45..da7753d90 100644 --- a/internal/datastore/proxy/observable.go +++ b/internal/datastore/proxy/observable.go @@ -42,21 +42,21 @@ var ( ) func filterToAttributes(filter *v1.RelationshipFilter) []attribute.KeyValue { - attrs := []attribute.KeyValue{common.ObjNamespaceNameKey.String(filter.ResourceType)} - if filter.OptionalResourceId != "" { - attrs = append(attrs, common.ObjIDKey.String(filter.OptionalResourceId)) + attrs := []attribute.KeyValue{common.ObjNamespaceNameKey.String(filter.GetResourceType())} + if filter.GetOptionalResourceId() != "" { + attrs = append(attrs, common.ObjIDKey.String(filter.GetOptionalResourceId())) } - if filter.OptionalRelation != "" { - attrs = append(attrs, common.ObjRelationNameKey.String(filter.OptionalRelation)) + if filter.GetOptionalRelation() != "" { + attrs = append(attrs, common.ObjRelationNameKey.String(filter.GetOptionalRelation())) } - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { - attrs = append(attrs, common.SubNamespaceNameKey.String(subjectFilter.SubjectType)) - if subjectFilter.OptionalSubjectId != "" { - attrs = append(attrs, common.SubObjectIDKey.String(subjectFilter.OptionalSubjectId)) + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { + attrs = append(attrs, common.SubNamespaceNameKey.String(subjectFilter.GetSubjectType())) + if subjectFilter.GetOptionalSubjectId() != "" { + attrs = append(attrs, common.SubObjectIDKey.String(subjectFilter.GetOptionalSubjectId())) } - if relationFilter := subjectFilter.OptionalRelation; relationFilter != nil { - attrs = append(attrs, common.SubRelationNameKey.String(relationFilter.Relation)) + if relationFilter := subjectFilter.GetOptionalRelation(); relationFilter != nil { + attrs = append(attrs, common.SubRelationNameKey.String(relationFilter.GetRelation())) } } return attrs @@ -314,7 +314,7 @@ func (rwt *observableRWT) StoreCounterValue(ctx context.Context, name string, va func (rwt *observableRWT) WriteCaveats(ctx context.Context, caveats []*core.CaveatDefinition) error { caveatNames := make([]string, 0, len(caveats)) for _, caveat := range caveats { - caveatNames = append(caveatNames, caveat.Name) + caveatNames = append(caveatNames, caveat.GetName()) } ctx, closer := observe(ctx, "WriteCaveats", "", trace.WithAttributes( @@ -346,7 +346,7 @@ func (rwt *observableRWT) WriteRelationships(ctx context.Context, mutations []tu func (rwt *observableRWT) WriteNamespaces(ctx context.Context, newConfigs ...*core.NamespaceDefinition) error { nsNames := make([]string, 0, len(newConfigs)) for _, ns := range newConfigs { - nsNames = append(nsNames, ns.Name) + nsNames = append(nsNames, ns.GetName()) } ctx, closer := observe(ctx, "WriteNamespaces", "", trace.WithAttributes( diff --git a/internal/datastore/proxy/relationshipintegrity.go b/internal/datastore/proxy/relationshipintegrity.go index e4a628a59..948455c5c 100644 --- a/internal/datastore/proxy/relationshipintegrity.go +++ b/internal/datastore/proxy/relationshipintegrity.go @@ -220,7 +220,7 @@ func (r *relationshipIntegrityProxy) Statistics(ctx context.Context) (datastore. func (r *relationshipIntegrityProxy) validateRelationTuple(rel tuple.Relationship) error { // Ensure the relationship has integrity data. - if rel.OptionalIntegrity == nil || len(rel.OptionalIntegrity.Hash) == 0 || rel.OptionalIntegrity.KeyId == "" { + if rel.OptionalIntegrity == nil || len(rel.OptionalIntegrity.GetHash()) == 0 || rel.OptionalIntegrity.GetKeyId() == "" { str, err := tuple.String(rel) if err != nil { return err @@ -229,18 +229,18 @@ func (r *relationshipIntegrityProxy) validateRelationTuple(rel tuple.Relationshi return fmt.Errorf("relationship %s is missing required integrity data", str) } - hashWithoutByte := rel.OptionalIntegrity.Hash[1:] - if rel.OptionalIntegrity.Hash[0] != versionByte || len(hashWithoutByte) != hashLength { + hashWithoutByte := rel.OptionalIntegrity.GetHash()[1:] + if rel.OptionalIntegrity.GetHash()[0] != versionByte || len(hashWithoutByte) != hashLength { return fmt.Errorf("relationship %v has invalid integrity data", rel) } // Validate the integrity of the relationship. - key, err := r.lookupKey(rel.OptionalIntegrity.KeyId) + key, err := r.lookupKey(rel.OptionalIntegrity.GetKeyId()) if err != nil { return err } - if key.expiredAt != nil && key.expiredAt.Before(rel.OptionalIntegrity.HashedAt.AsTime()) { + if key.expiredAt != nil && key.expiredAt.Before(rel.OptionalIntegrity.GetHashedAt().AsTime()) { return fmt.Errorf("relationship %s is signed by an expired key", rel) } diff --git a/internal/datastore/proxy/schemacaching/estimatedsize_test.go b/internal/datastore/proxy/schemacaching/estimatedsize_test.go index 889601271..40f28e2a5 100644 --- a/internal/datastore/proxy/schemacaching/estimatedsize_test.go +++ b/internal/datastore/proxy/schemacaching/estimatedsize_test.go @@ -55,7 +55,7 @@ func TestEstimatedDefinitionSizes(t *testing.T) { for _, nsDef := range fullyResolved.NamespaceDefinitions { nsDef := nsDef - t.Run("namespace "+nsDef.Name, func(t *testing.T) { + t.Run("namespace "+nsDef.GetName(), func(t *testing.T) { serialized, _ := nsDef.MarshalVT() sizevt := nsDef.SizeVT() estimated := estimatedNamespaceDefinitionSize(sizevt) @@ -91,7 +91,7 @@ func TestEstimatedDefinitionSizes(t *testing.T) { for _, caveatDef := range fullyResolved.CaveatDefinitions { caveatDef := caveatDef - t.Run("caveat "+caveatDef.Name, func(t *testing.T) { + t.Run("caveat "+caveatDef.GetName(), func(t *testing.T) { t.Parallel() serialized, _ := caveatDef.MarshalVT() diff --git a/internal/datastore/proxy/schemacaching/standardcache.go b/internal/datastore/proxy/schemacaching/standardcache.go index bc270955f..03eee0492 100644 --- a/internal/datastore/proxy/schemacaching/standardcache.go +++ b/internal/datastore/proxy/schemacaching/standardcache.go @@ -269,7 +269,7 @@ func (rwt *definitionCachingRWT) WriteNamespaces(ctx context.Context, newConfigs } for _, nsDef := range newConfigs { - rwt.definitionCache.Delete("namespace:" + nsDef.Name) + rwt.definitionCache.Delete("namespace:" + nsDef.GetName()) } return nil @@ -281,7 +281,7 @@ func (rwt *definitionCachingRWT) WriteCaveats(ctx context.Context, newConfigs [] } for _, caveatDef := range newConfigs { - rwt.definitionCache.Delete("caveat:" + caveatDef.Name) + rwt.definitionCache.Delete("caveat:" + caveatDef.GetName()) } return nil diff --git a/internal/datastore/proxy/schemacaching/standardcaching_test.go b/internal/datastore/proxy/schemacaching/standardcaching_test.go index ba31a3724..7f0511a56 100644 --- a/internal/datastore/proxy/schemacaching/standardcaching_test.go +++ b/internal/datastore/proxy/schemacaching/standardcaching_test.go @@ -585,6 +585,6 @@ func TestMixedInvalidNamespacesInCache(t *testing.T) { // We're asserting that we find the thing we're looking for and don't receive a notfound value found, err := dsReader.LookupNamespacesWithNames(ctx, []string{invalidNamespace, validNamespace}) require.Len(found, 1) - require.Equal(validNamespace, found[0].Definition.Name) + require.Equal(validNamespace, found[0].Definition.GetName()) require.NoError(err) } diff --git a/internal/datastore/proxy/schemacaching/watchingcache.go b/internal/datastore/proxy/schemacaching/watchingcache.go index a4bab5b6b..a7efd2cd7 100644 --- a/internal/datastore/proxy/schemacaching/watchingcache.go +++ b/internal/datastore/proxy/schemacaching/watchingcache.go @@ -205,7 +205,7 @@ func (p *watchingCachingProxy) startSync(ctx context.Context) error { } for _, namespaceDef := range namespaces { - err := p.namespaceCache.updateDefinition(namespaceDef.Definition.Name, namespaceDef.Definition, false, headRev) + err := p.namespaceCache.updateDefinition(namespaceDef.Definition.GetName(), namespaceDef.Definition, false, headRev) if err != nil { p.namespaceCache.setFallbackMode() p.caveatCache.setFallbackMode() @@ -227,7 +227,7 @@ func (p *watchingCachingProxy) startSync(ctx context.Context) error { } for _, caveatDef := range caveats { - err := p.caveatCache.updateDefinition(caveatDef.Definition.Name, caveatDef.Definition, false, headRev) + err := p.caveatCache.updateDefinition(caveatDef.Definition.GetName(), caveatDef.Definition, false, headRev) if err != nil { p.namespaceCache.setFallbackMode() p.caveatCache.setFallbackMode() @@ -285,14 +285,14 @@ func (p *watchingCachingProxy) startSync(ctx context.Context) error { for _, changeDef := range ss.ChangedDefinitions { switch t := changeDef.(type) { case *core.NamespaceDefinition: - err := p.namespaceCache.updateDefinition(t.Name, t, false, ss.Revision) + err := p.namespaceCache.updateDefinition(t.GetName(), t, false, ss.Revision) if err != nil { p.namespaceCache.setFallbackMode() log.Warn().Err(err).Msg("received error in schema watch") } case *core.CaveatDefinition: - err := p.caveatCache.updateDefinition(t.Name, t, false, ss.Revision) + err := p.caveatCache.updateDefinition(t.GetName(), t, false, ss.Revision) if err != nil { p.caveatCache.setFallbackMode() log.Warn().Err(err).Msg("received error in schema watch") diff --git a/internal/datastore/proxy/schemacaching/watchingcache_test.go b/internal/datastore/proxy/schemacaching/watchingcache_test.go index 0bb5d80bc..29e8d70cf 100644 --- a/internal/datastore/proxy/schemacaching/watchingcache_test.go +++ b/internal/datastore/proxy/schemacaching/watchingcache_test.go @@ -50,7 +50,7 @@ func TestWatchingCacheBasicOperation(t *testing.T) { // Ensure that reading at rev 2 returns found. nsDef, _, err := wcache.SnapshotReader(rev("2")).ReadNamespaceByName(t.Context(), "somenamespace") require.NoError(t, err) - require.Equal(t, "somenamespace", nsDef.Name) + require.Equal(t, "somenamespace", nsDef.GetName()) // Disable reads. fakeDS.disableReads() @@ -67,7 +67,7 @@ func TestWatchingCacheBasicOperation(t *testing.T) { // require a datastore fallback read because the cache is not yet checkedpointed to that revision. nsDef, _, err = wcache.SnapshotReader(rev("3")).ReadNamespaceByName(t.Context(), "somenamespace") require.NoError(t, err) - require.Equal(t, "somenamespace", nsDef.Name) + require.Equal(t, "somenamespace", nsDef.GetName()) // Checkpoint to rev 4. fakeDS.sendCheckpoint(rev("4")) @@ -79,12 +79,12 @@ func TestWatchingCacheBasicOperation(t *testing.T) { // Read again, which should now be via the cache. nsDef, _, err = wcache.SnapshotReader(rev("3.0000000005")).ReadNamespaceByName(t.Context(), "somenamespace") require.NoError(t, err) - require.Equal(t, "somenamespace", nsDef.Name) + require.Equal(t, "somenamespace", nsDef.GetName()) // Read via a lookup. nsDefs, err := wcache.SnapshotReader(rev("3.0000000005")).LookupNamespacesWithNames(t.Context(), []string{"somenamespace"}) require.NoError(t, err) - require.Equal(t, "somenamespace", nsDefs[0].Definition.Name) + require.Equal(t, "somenamespace", nsDefs[0].Definition.GetName()) // Delete the namespace at revision 5. fakeDS.updateNamespace("somenamespace", nil, rev("5")) @@ -92,7 +92,7 @@ func TestWatchingCacheBasicOperation(t *testing.T) { // Re-read at an earlier revision. nsDef, _, err = wcache.SnapshotReader(rev("3.0000000005")).ReadNamespaceByName(t.Context(), "somenamespace") require.NoError(t, err) - require.Equal(t, "somenamespace", nsDef.Name) + require.Equal(t, "somenamespace", nsDef.GetName()) // Read at revision 5. _, _, err = wcache.SnapshotReader(rev("5")).ReadNamespaceByName(t.Context(), "somenamespace") @@ -110,7 +110,7 @@ func TestWatchingCacheBasicOperation(t *testing.T) { // Read at revision 6. caveatDef, _, err := wcache.SnapshotReader(rev("6")).ReadCaveatByName(t.Context(), "somecaveat") require.NoError(t, err) - require.Equal(t, "somecaveat", caveatDef.Name) + require.Equal(t, "somecaveat", caveatDef.GetName()) // Attempt to read at revision 1, which should require a read. _, _, err = wcache.SnapshotReader(rev("1")).ReadCaveatByName(t.Context(), "somecaveat") @@ -160,7 +160,7 @@ func TestWatchingCacheParallelOperations(t *testing.T) { // Read again (which should be found now) nsDef, _, err := wcache.SnapshotReader(rev("2")).ReadNamespaceByName(t.Context(), "somenamespace") firstErrs <- err - firstNsDefNames <- nsDef.Name + firstNsDefNames <- nsDef.GetName() })() go (func() { @@ -256,7 +256,7 @@ func TestWatchingCacheParallelReaderWriter(t *testing.T) { nsDef, _, err := wcache.SnapshotReader(headRevision).ReadNamespaceByName(t.Context(), "somenamespace") snapshotReaderErrors <- err - namespaceNames <- nsDef.Name + namespaceNames <- nsDef.GetName() } wg.Done() @@ -363,7 +363,7 @@ func TestWatchingCachePrepopulated(t *testing.T) { // Ensure the namespace is found. def, _, err := wcache.SnapshotReader(rev("4")).ReadNamespaceByName(t.Context(), "somenamespace") require.NoError(t, err) - require.Equal(t, "somenamespace", def.Name) + require.Equal(t, "somenamespace", def.GetName()) // Close the proxy and ensure the background goroutines are terminated. wcache.Close() diff --git a/internal/datastore/spanner/caveat.go b/internal/datastore/spanner/caveat.go index 33d254301..a88b5b8a5 100644 --- a/internal/datastore/spanner/caveat.go +++ b/internal/datastore/spanner/caveat.go @@ -93,10 +93,10 @@ func (rwt spannerReadWriteTXN) WriteCaveats(_ context.Context, caveats []*core.C names := map[string]struct{}{} mutations := make([]*spanner.Mutation, 0, len(caveats)) for _, caveat := range caveats { - if _, ok := names[caveat.Name]; ok { - return fmt.Errorf(errUnableToWriteCaveat, fmt.Errorf("duplicate caveats in input: %s", caveat.Name)) + if _, ok := names[caveat.GetName()]; ok { + return fmt.Errorf(errUnableToWriteCaveat, fmt.Errorf("duplicate caveats in input: %s", caveat.GetName())) } - names[caveat.Name] = struct{}{} + names[caveat.GetName()] = struct{}{} serialized, err := caveat.MarshalVT() if err != nil { return fmt.Errorf(errUnableToWriteCaveat, err) @@ -105,7 +105,7 @@ func (rwt spannerReadWriteTXN) WriteCaveats(_ context.Context, caveats []*core.C mutations = append(mutations, spanner.InsertOrUpdate( tableCaveat, []string{colName, colCaveatDefinition, colCaveatTS}, - []any{caveat.Name, serialized, spanner.CommitTimestamp}, + []any{caveat.GetName(), serialized, spanner.CommitTimestamp}, )) } diff --git a/internal/datastore/spanner/caveat_test.go b/internal/datastore/spanner/caveat_test.go index fca755f33..d41fd1062 100644 --- a/internal/datastore/spanner/caveat_test.go +++ b/internal/datastore/spanner/caveat_test.go @@ -23,17 +23,17 @@ func TestContextualizedCaveatFrom(t *testing.T) { res, err = ContextualizedCaveatFrom(spanner.NullString{StringVal: "test", Valid: true}, spanner.NullJSON{Value: nil, Valid: true}) require.NoError(t, err) require.NotNil(t, res) - require.Equal(t, "test", res.CaveatName) - require.NotNil(t, res.Context) - require.Empty(t, res.Context.Fields) + require.Equal(t, "test", res.GetCaveatName()) + require.NotNil(t, res.GetContext()) + require.Empty(t, res.GetContext().GetFields()) res, err = ContextualizedCaveatFrom( spanner.NullString{StringVal: "test", Valid: true}, spanner.NullJSON{Value: map[string]any{"key": "val"}, Valid: true}) require.NoError(t, err) require.NotNil(t, res) - require.Equal(t, "test", res.CaveatName) - require.NotNil(t, res.Context) - require.Len(t, res.Context.Fields, 1) - require.Equal(t, "val", res.Context.Fields["key"].GetStringValue()) + require.Equal(t, "test", res.GetCaveatName()) + require.NotNil(t, res.GetContext()) + require.Len(t, res.GetContext().GetFields(), 1) + require.Equal(t, "val", res.GetContext().GetFields()["key"].GetStringValue()) } diff --git a/internal/datastore/spanner/readwrite.go b/internal/datastore/spanner/readwrite.go index a83383369..108fef2c9 100644 --- a/internal/datastore/spanner/readwrite.go +++ b/internal/datastore/spanner/readwrite.go @@ -287,17 +287,17 @@ type builder[T any] interface { func applyFilterToQuery[T builder[T]](query T, filter *v1.RelationshipFilter) (T, error) { // Add clauses for the ResourceFilter - if filter.ResourceType != "" { - query = query.Where(sq.Eq{colNamespace: filter.ResourceType}) + if filter.GetResourceType() != "" { + query = query.Where(sq.Eq{colNamespace: filter.GetResourceType()}) } - if filter.OptionalResourceId != "" { - query = query.Where(sq.Eq{colObjectID: filter.OptionalResourceId}) + if filter.GetOptionalResourceId() != "" { + query = query.Where(sq.Eq{colObjectID: filter.GetOptionalResourceId()}) } - if filter.OptionalRelation != "" { - query = query.Where(sq.Eq{colRelation: filter.OptionalRelation}) + if filter.GetOptionalRelation() != "" { + query = query.Where(sq.Eq{colRelation: filter.GetOptionalRelation()}) } - if filter.OptionalResourceIdPrefix != "" { - likeClause, err := common.BuildLikePrefixClause(colObjectID, filter.OptionalResourceIdPrefix) + if filter.GetOptionalResourceIdPrefix() != "" { + likeClause, err := common.BuildLikePrefixClause(colObjectID, filter.GetOptionalResourceIdPrefix()) if err != nil { return query, fmt.Errorf(errUnableToDeleteRelationships, err) } @@ -305,13 +305,13 @@ func applyFilterToQuery[T builder[T]](query T, filter *v1.RelationshipFilter) (T } // Add clauses for the SubjectFilter - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { - query = query.Where(sq.Eq{colUsersetNamespace: subjectFilter.SubjectType}) - if subjectFilter.OptionalSubjectId != "" { - query = query.Where(sq.Eq{colUsersetObjectID: subjectFilter.OptionalSubjectId}) + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { + query = query.Where(sq.Eq{colUsersetNamespace: subjectFilter.GetSubjectType()}) + if subjectFilter.GetOptionalSubjectId() != "" { + query = query.Where(sq.Eq{colUsersetObjectID: subjectFilter.GetOptionalSubjectId()}) } - if relationFilter := subjectFilter.OptionalRelation; relationFilter != nil { - query = query.Where(sq.Eq{colUsersetRelation: cmp.Or(relationFilter.Relation, datastore.Ellipsis)}) + if relationFilter := subjectFilter.GetOptionalRelation(); relationFilter != nil { + query = query.Where(sq.Eq{colUsersetRelation: cmp.Or(relationFilter.GetRelation(), datastore.Ellipsis)}) } } @@ -346,9 +346,9 @@ func caveatVals(r tuple.Relationship) []any { if r.OptionalCaveat == nil { return []any{"", nil} } - vals := []any{r.OptionalCaveat.CaveatName} - if r.OptionalCaveat.Context != nil { - vals = append(vals, spanner.NullJSON{Value: r.OptionalCaveat.Context, Valid: true}) + vals := []any{r.OptionalCaveat.GetCaveatName()} + if r.OptionalCaveat.GetContext() != nil { + vals = append(vals, spanner.NullJSON{Value: r.OptionalCaveat.GetContext(), Valid: true}) } else { vals = append(vals, nil) } @@ -366,7 +366,7 @@ func (rwt spannerReadWriteTXN) WriteNamespaces(_ context.Context, newConfigs ... mutations = append(mutations, spanner.InsertOrUpdate( tableNamespace, []string{colNamespaceName, colNamespaceConfig, colTimestamp}, - []any{newConfig.Name, serialized, spanner.CommitTimestamp}, + []any{newConfig.GetName(), serialized, spanner.CommitTimestamp}, )) } @@ -382,7 +382,7 @@ func (rwt spannerReadWriteTXN) DeleteNamespaces(ctx context.Context, nsNames ... if len(namespaces) != len(nsNames) { expectedNamespaceNames := mapz.NewSet[string](nsNames...) for _, ns := range namespaces { - expectedNamespaceNames.Delete(ns.Definition.Name) + expectedNamespaceNames.Delete(ns.Definition.GetName()) } return fmt.Errorf(errUnableToDeleteConfig, fmt.Errorf("namespaces not found: %v", expectedNamespaceNames.AsSlice())) diff --git a/internal/datastore/spanner/stats.go b/internal/datastore/spanner/stats.go index 49e1869a1..37008dd50 100644 --- a/internal/datastore/spanner/stats.go +++ b/internal/datastore/spanner/stats.go @@ -96,9 +96,9 @@ func (sd *spannerDatastore) Statistics(ctx context.Context) (datastore.Stats, er return err } - relationshipByteCount := len(nextTuple.ResourceAndRelation.Namespace) + len(nextTuple.ResourceAndRelation.ObjectId) + - len(nextTuple.ResourceAndRelation.Relation) + len(nextTuple.Subject.Namespace) + len(nextTuple.Subject.ObjectId) + - len(nextTuple.Subject.Relation) + relationshipByteCount := len(nextTuple.GetResourceAndRelation().GetNamespace()) + len(nextTuple.GetResourceAndRelation().GetObjectId()) + + len(nextTuple.GetResourceAndRelation().GetRelation()) + len(nextTuple.GetSubject().GetNamespace()) + len(nextTuple.GetSubject().GetObjectId()) + + len(nextTuple.GetSubject().GetRelation()) totalRelationships++ totalByteCount += relationshipByteCount diff --git a/internal/developmentmembership/foundsubject.go b/internal/developmentmembership/foundsubject.go index 38d796169..0d991bd50 100644 --- a/internal/developmentmembership/foundsubject.go +++ b/internal/developmentmembership/foundsubject.go @@ -10,7 +10,7 @@ import ( // NewFoundSubject creates a new FoundSubject for a subject and a set of its resources. func NewFoundSubject(subject *core.DirectSubject, resources ...tuple.ObjectAndRelation) FoundSubject { - return FoundSubject{tuple.FromCoreObjectAndRelation(subject.Subject), nil, subject.CaveatExpression, NewONRSet(resources...)} + return FoundSubject{tuple.FromCoreObjectAndRelation(subject.GetSubject()), nil, subject.GetCaveatExpression(), NewONRSet(resources...)} } // FoundSubject contains a single found subject and all the relationships in which that subject diff --git a/internal/developmentmembership/membership.go b/internal/developmentmembership/membership.go index 44348d29e..220017aff 100644 --- a/internal/developmentmembership/membership.go +++ b/internal/developmentmembership/membership.go @@ -53,21 +53,21 @@ func (ms *Set) AddExpansion(onr tuple.ObjectAndRelation, expansion *core.Relatio // AccessibleExpansionSubjects returns a TrackingSubjectSet representing the set of accessible subjects in the expansion. func AccessibleExpansionSubjects(treeNode *core.RelationTupleTreeNode) (*TrackingSubjectSet, error) { - return populateFoundSubjects(tuple.FromCoreObjectAndRelation(treeNode.Expanded), treeNode) + return populateFoundSubjects(tuple.FromCoreObjectAndRelation(treeNode.GetExpanded()), treeNode) } func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.RelationTupleTreeNode) (*TrackingSubjectSet, error) { resource := rootONR - if treeNode.Expanded != nil { - resource = tuple.FromCoreObjectAndRelation(treeNode.Expanded) + if treeNode.GetExpanded() != nil { + resource = tuple.FromCoreObjectAndRelation(treeNode.GetExpanded()) } - switch typed := treeNode.NodeType.(type) { + switch typed := treeNode.GetNodeType().(type) { case *core.RelationTupleTreeNode_IntermediateNode: - switch typed.IntermediateNode.Operation { + switch typed.IntermediateNode.GetOperation() { case core.SetOperationUserset_UNION: toReturn := NewTrackingSubjectSet() - for _, child := range typed.IntermediateNode.ChildNodes { + for _, child := range typed.IntermediateNode.GetChildNodes() { tss, err := populateFoundSubjects(resource, child) if err != nil { return nil, err @@ -79,15 +79,15 @@ func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.Relat } } - toReturn.ApplyParentCaveatExpression(treeNode.CaveatExpression) + toReturn.ApplyParentCaveatExpression(treeNode.GetCaveatExpression()) return toReturn, nil case core.SetOperationUserset_INTERSECTION: - if len(typed.IntermediateNode.ChildNodes) == 0 { + if len(typed.IntermediateNode.GetChildNodes()) == 0 { return &TrackingSubjectSet{setByType: make(map[tuple.RelationReference]datasets.BaseSubjectSet[FoundSubject])}, nil } - firstChildSet, err := populateFoundSubjects(rootONR, typed.IntermediateNode.ChildNodes[0]) + firstChildSet, err := populateFoundSubjects(rootONR, typed.IntermediateNode.GetChildNodes()[0]) if err != nil { return nil, err } @@ -98,7 +98,7 @@ func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.Relat return nil, err } - for _, child := range typed.IntermediateNode.ChildNodes[1:] { + for _, child := range typed.IntermediateNode.GetChildNodes()[1:] { childSet, err := populateFoundSubjects(rootONR, child) if err != nil { return nil, err @@ -112,15 +112,15 @@ func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.Relat toReturn = updated } - toReturn.ApplyParentCaveatExpression(treeNode.CaveatExpression) + toReturn.ApplyParentCaveatExpression(treeNode.GetCaveatExpression()) return toReturn, nil case core.SetOperationUserset_EXCLUSION: - if len(typed.IntermediateNode.ChildNodes) == 0 { + if len(typed.IntermediateNode.GetChildNodes()) == 0 { return nil, errors.New("found exclusion with no children") } - firstChildSet, err := populateFoundSubjects(rootONR, typed.IntermediateNode.ChildNodes[0]) + firstChildSet, err := populateFoundSubjects(rootONR, typed.IntermediateNode.GetChildNodes()[0]) if err != nil { return nil, err } @@ -131,7 +131,7 @@ func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.Relat return nil, err } - for _, child := range typed.IntermediateNode.ChildNodes[1:] { + for _, child := range typed.IntermediateNode.GetChildNodes()[1:] { childSet, err := populateFoundSubjects(rootONR, child) if err != nil { return nil, err @@ -139,7 +139,7 @@ func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.Relat toReturn = toReturn.Exclude(childSet) } - toReturn.ApplyParentCaveatExpression(treeNode.CaveatExpression) + toReturn.ApplyParentCaveatExpression(treeNode.GetCaveatExpression()) return toReturn, nil default: @@ -148,7 +148,7 @@ func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.Relat case *core.RelationTupleTreeNode_LeafNode: toReturn := NewTrackingSubjectSet() - for _, subject := range typed.LeafNode.Subjects { + for _, subject := range typed.LeafNode.GetSubjects() { fs := NewFoundSubject(subject) err := toReturn.Add(fs) if err != nil { @@ -158,7 +158,7 @@ func populateFoundSubjects(rootONR tuple.ObjectAndRelation, treeNode *core.Relat fs.resources.Add(resource) } - toReturn.ApplyParentCaveatExpression(treeNode.CaveatExpression) + toReturn.ApplyParentCaveatExpression(treeNode.GetCaveatExpression()) return toReturn, nil default: diff --git a/internal/dispatch/caching/caching.go b/internal/dispatch/caching/caching.go index f4e04c257..2d6bef267 100644 --- a/internal/dispatch/caching/caching.go +++ b/internal/dispatch/caching/caching.go @@ -158,10 +158,10 @@ func (cd *Dispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCheckRe return &v1.DispatchCheckResponse{Metadata: &v1.ResponseMeta{}}, err } - if req.Metadata.DepthRemaining >= response.Metadata.DepthRequired { + if req.GetMetadata().GetDepthRemaining() >= response.GetMetadata().GetDepthRequired() { cd.checkFromCacheCounter.Inc() // If debugging is requested, add the req and the response to the trace. - if req.Debug == v1.DispatchCheckRequest_ENABLE_BASIC_DEBUGGING { + if req.GetDebug() == v1.DispatchCheckRequest_ENABLE_BASIC_DEBUGGING { nodeID, err := nodeid.FromContext(ctx) if err != nil { log.Err(err).Msg("failed to get nodeID from context") @@ -170,7 +170,7 @@ func (cd *Dispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCheckRe response.Metadata.DebugInfo = &v1.DebugInformation{ Check: &v1.CheckDebugTrace{ Request: req, - Results: maps.Clone(response.ResultsByResourceId), + Results: maps.Clone(response.GetResultsByResourceId()), IsCachedResult: true, SourceId: nodeID, }, @@ -187,7 +187,7 @@ func (cd *Dispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCheckRe // We only want to cache the result if there was no error if err == nil { adjustedComputed := computed.CloneVT() - adjustedComputed.Metadata.CachedDispatchCount = adjustedComputed.Metadata.DispatchCount + adjustedComputed.Metadata.CachedDispatchCount = adjustedComputed.GetMetadata().GetDispatchCount() adjustedComputed.Metadata.DispatchCount = 0 adjustedComputed.Metadata.DebugInfo = nil @@ -249,7 +249,7 @@ func (cd *Dispatcher) DispatchLookupResources2(req *v1.DispatchLookupResources2R Ctx: stream.Context(), Processor: func(result *v1.DispatchLookupResources2Response) (*v1.DispatchLookupResources2Response, bool, error) { adjustedResult := result.CloneVT() - adjustedResult.Metadata.CachedDispatchCount = adjustedResult.Metadata.DispatchCount + adjustedResult.Metadata.CachedDispatchCount = adjustedResult.GetMetadata().GetDispatchCount() adjustedResult.Metadata.DispatchCount = 0 adjustedResult.Metadata.DebugInfo = nil @@ -373,7 +373,7 @@ func (cd *Dispatcher) DispatchLookupSubjects(req *v1.DispatchLookupSubjectsReque Ctx: stream.Context(), Processor: func(result *v1.DispatchLookupSubjectsResponse) (*v1.DispatchLookupSubjectsResponse, bool, error) { adjustedResult := result.CloneVT() - adjustedResult.Metadata.CachedDispatchCount = adjustedResult.Metadata.DispatchCount + adjustedResult.Metadata.CachedDispatchCount = adjustedResult.GetMetadata().GetDispatchCount() adjustedResult.Metadata.DispatchCount = 0 adjustedResult.Metadata.DebugInfo = nil diff --git a/internal/dispatch/caching/cachingdispatch_test.go b/internal/dispatch/caching/cachingdispatch_test.go index c369a986b..bc1250fa0 100644 --- a/internal/dispatch/caching/cachingdispatch_test.go +++ b/internal/dispatch/caching/cachingdispatch_test.go @@ -138,7 +138,7 @@ func TestMaxDepthCaching(t *testing.T) { }, }) require.NoError(err) - require.Equal(v1.ResourceCheckResult_MEMBER, resp.ResultsByResourceId[parsed.ObjectID].Membership) + require.Equal(v1.ResourceCheckResult_MEMBER, resp.GetResultsByResourceId()[parsed.ObjectID].GetMembership()) // We have to sleep a while to let the cache converge time.Sleep(10 * time.Millisecond) diff --git a/internal/dispatch/dispatch.go b/internal/dispatch/dispatch.go index 4708a07c7..377876b69 100644 --- a/internal/dispatch/dispatch.go +++ b/internal/dispatch/dispatch.go @@ -92,7 +92,7 @@ func CheckDepth(ctx context.Context, req DispatchableRequest) error { return errors.New("request missing metadata") } - if metadata.DepthRemaining == 0 { + if metadata.GetDepthRemaining() == 0 { return NewMaxDepthExceededError(req) } @@ -102,7 +102,7 @@ func CheckDepth(ctx context.Context, req DispatchableRequest) error { // AddResponseMetadata adds the metadata found in the incoming metadata to the existing // metadata, *modifying it in place*. func AddResponseMetadata(existing *v1.ResponseMeta, incoming *v1.ResponseMeta) { - existing.DispatchCount += incoming.DispatchCount - existing.CachedDispatchCount += incoming.CachedDispatchCount - existing.DepthRequired = max(existing.DepthRequired, incoming.DepthRequired) + existing.DispatchCount += incoming.GetDispatchCount() + existing.CachedDispatchCount += incoming.GetCachedDispatchCount() + existing.DepthRequired = max(existing.GetDepthRequired(), incoming.GetDepthRequired()) } diff --git a/internal/dispatch/graph/check_test.go b/internal/dispatch/graph/check_test.go index 3ffab0fc8..ce341ea9b 100644 --- a/internal/dispatch/graph/check_test.go +++ b/internal/dispatch/graph/check_test.go @@ -141,12 +141,12 @@ func TestSimpleCheck(t *testing.T) { require.NoError(err) isMember := false - if found, ok := checkResult.ResultsByResourceId[tc.objectID]; ok { - isMember = found.Membership == v1.ResourceCheckResult_MEMBER + if found, ok := checkResult.GetResultsByResourceId()[tc.objectID]; ok { + isMember = found.GetMembership() == v1.ResourceCheckResult_MEMBER } - require.Equal(expected.isMember, isMember, "For object %s in %v: ", tc.objectID, checkResult.ResultsByResourceId) - require.GreaterOrEqual(checkResult.Metadata.DepthRequired, uint32(1)) + require.Equal(expected.isMember, isMember, "For object %s in %v: ", tc.objectID, checkResult.GetResultsByResourceId()) + require.GreaterOrEqual(checkResult.GetMetadata().GetDepthRequired(), uint32(1)) }) } } @@ -282,13 +282,13 @@ func TestCheckMetadata(t *testing.T) { require.NoError(err) isMember := false - if found, ok := checkResult.ResultsByResourceId[tc.objectID]; ok { - isMember = found.Membership == v1.ResourceCheckResult_MEMBER + if found, ok := checkResult.GetResultsByResourceId()[tc.objectID]; ok { + isMember = found.GetMembership() == v1.ResourceCheckResult_MEMBER } require.Equal(expected.isMember, isMember) - require.GreaterOrEqual(expected.expectedDispatchCount, int(checkResult.Metadata.DispatchCount), "dispatch count mismatch") - require.GreaterOrEqual(expected.expectedDepthRequired, int(checkResult.Metadata.DepthRequired), "depth required mismatch") + require.GreaterOrEqual(expected.expectedDispatchCount, int(checkResult.GetMetadata().GetDispatchCount()), "dispatch count mismatch") + require.GreaterOrEqual(expected.expectedDepthRequired, int(checkResult.GetMetadata().GetDepthRequired()), "depth required mismatch") }) } } @@ -1443,22 +1443,22 @@ func TestCheckPermissionOverSchema(t *testing.T) { require.NoError(err) membership := v1.ResourceCheckResult_NOT_MEMBER - if r, ok := resp.ResultsByResourceId[tc.resource.ObjectID]; ok { - membership = r.Membership + if r, ok := resp.GetResultsByResourceId()[tc.resource.ObjectID]; ok { + membership = r.GetMembership() } require.Equal(tc.expectedPermissionship, membership, "expected permissionship %s, got %s", tc.expectedPermissionship, membership) if tc.expectedCaveat != nil && tc.alternativeExpectedCaveat == nil { - require.NotEmpty(resp.ResultsByResourceId[tc.resource.ObjectID].Expression) - testutil.RequireProtoEqual(t, tc.expectedCaveat, resp.ResultsByResourceId[tc.resource.ObjectID].Expression, "mismatch in caveat") + require.NotEmpty(resp.GetResultsByResourceId()[tc.resource.ObjectID].GetExpression()) + testutil.RequireProtoEqual(t, tc.expectedCaveat, resp.GetResultsByResourceId()[tc.resource.ObjectID].GetExpression(), "mismatch in caveat") } if tc.expectedCaveat != nil && tc.alternativeExpectedCaveat != nil { - require.NotEmpty(resp.ResultsByResourceId[tc.resource.ObjectID].Expression) + require.NotEmpty(resp.GetResultsByResourceId()[tc.resource.ObjectID].GetExpression()) - if testutil.AreProtoEqual(tc.expectedCaveat, resp.ResultsByResourceId[tc.resource.ObjectID].Expression, "mismatch in caveat") != nil { - testutil.RequireProtoEqual(t, tc.alternativeExpectedCaveat, resp.ResultsByResourceId[tc.resource.ObjectID].Expression, "mismatch in caveat") + if testutil.AreProtoEqual(tc.expectedCaveat, resp.GetResultsByResourceId()[tc.resource.ObjectID].GetExpression(), "mismatch in caveat") != nil { + testutil.RequireProtoEqual(t, tc.alternativeExpectedCaveat, resp.GetResultsByResourceId()[tc.resource.ObjectID].GetExpression(), "mismatch in caveat") } } }) @@ -1466,8 +1466,8 @@ func TestCheckPermissionOverSchema(t *testing.T) { } func addFrame(trace *v1.CheckDebugTrace, foundFrames *mapz.Set[string]) { - foundFrames.Insert(fmt.Sprintf("%s:%s#%s", trace.Request.ResourceRelation.Namespace, strings.Join(trace.Request.ResourceIds, ","), trace.Request.ResourceRelation.Relation)) - for _, subTrace := range trace.SubProblems { + foundFrames.Insert(fmt.Sprintf("%s:%s#%s", trace.GetRequest().GetResourceRelation().GetNamespace(), strings.Join(trace.GetRequest().GetResourceIds(), ","), trace.GetRequest().GetResourceRelation().GetRelation())) + for _, subTrace := range trace.GetSubProblems() { addFrame(subTrace, foundFrames) } } @@ -1570,9 +1570,9 @@ func TestCheckDebugging(t *testing.T) { }) require.NoError(err) - require.NotNil(checkResult.Metadata.DebugInfo) - require.NotNil(checkResult.Metadata.DebugInfo.Check) - require.NotNil(checkResult.Metadata.DebugInfo.Check.Duration) + require.NotNil(checkResult.GetMetadata().GetDebugInfo()) + require.NotNil(checkResult.GetMetadata().GetDebugInfo().GetCheck()) + require.NotNil(checkResult.GetMetadata().GetDebugInfo().GetCheck().GetDuration()) expectedFrames := mapz.NewSet[string]() for _, expectedFrame := range tc.expectedFrames { @@ -1580,7 +1580,7 @@ func TestCheckDebugging(t *testing.T) { } foundFrames := mapz.NewSet[string]() - addFrame(checkResult.Metadata.DebugInfo.Check, foundFrames) + addFrame(checkResult.GetMetadata().GetDebugInfo().GetCheck(), foundFrames) require.Empty(expectedFrames.Subtract(foundFrames).AsSlice(), "missing expected frames: %v", expectedFrames.Subtract(foundFrames).AsSlice()) }) @@ -1949,12 +1949,12 @@ func TestCheckWithHints(t *testing.T) { }) require.NoError(err) - _, ok := resp.ResultsByResourceId[tc.resource.ObjectID] + _, ok := resp.GetResultsByResourceId()[tc.resource.ObjectID] if tc.expectedPermissionship { require.True(ok) - require.Equal(v1.ResourceCheckResult_MEMBER, resp.ResultsByResourceId[tc.resource.ObjectID].Membership) + require.Equal(v1.ResourceCheckResult_MEMBER, resp.GetResultsByResourceId()[tc.resource.ObjectID].GetMembership()) } else if ok { - require.Equal(v1.ResourceCheckResult_NOT_MEMBER, resp.ResultsByResourceId[tc.resource.ObjectID].Membership) + require.Equal(v1.ResourceCheckResult_NOT_MEMBER, resp.GetResultsByResourceId()[tc.resource.ObjectID].GetMembership()) } }) } @@ -2002,9 +2002,9 @@ func TestCheckHintsPartialApplication(t *testing.T) { }) require.NoError(err) - require.Len(resp.ResultsByResourceId, 2) - require.Equal(v1.ResourceCheckResult_MEMBER, resp.ResultsByResourceId["somedoc"].Membership) - require.Equal(v1.ResourceCheckResult_MEMBER, resp.ResultsByResourceId["anotherdoc"].Membership) + require.Len(resp.GetResultsByResourceId(), 2) + require.Equal(v1.ResourceCheckResult_MEMBER, resp.GetResultsByResourceId()["somedoc"].GetMembership()) + require.Equal(v1.ResourceCheckResult_MEMBER, resp.GetResultsByResourceId()["anotherdoc"].GetMembership()) } func TestCheckHintsPartialApplicationOverArrow(t *testing.T) { @@ -2054,9 +2054,9 @@ func TestCheckHintsPartialApplicationOverArrow(t *testing.T) { }) require.NoError(err) - require.Len(resp.ResultsByResourceId, 2) - require.Equal(v1.ResourceCheckResult_MEMBER, resp.ResultsByResourceId["somedoc"].Membership) - require.Equal(v1.ResourceCheckResult_MEMBER, resp.ResultsByResourceId["anotherdoc"].Membership) + require.Len(resp.GetResultsByResourceId(), 2) + require.Equal(v1.ResourceCheckResult_MEMBER, resp.GetResultsByResourceId()["somedoc"].GetMembership()) + require.Equal(v1.ResourceCheckResult_MEMBER, resp.GetResultsByResourceId()["anotherdoc"].GetMembership()) } func newLocalDispatcherWithConcurrencyLimit(t testing.TB, concurrencyLimit uint16) (context.Context, dispatch.Dispatcher, datastore.Revision) { diff --git a/internal/dispatch/graph/dispatch_test.go b/internal/dispatch/graph/dispatch_test.go index 218afcec9..276d1e40c 100644 --- a/internal/dispatch/graph/dispatch_test.go +++ b/internal/dispatch/graph/dispatch_test.go @@ -52,8 +52,8 @@ func TestDispatchChunking(t *testing.T) { require.NoError(t, err) require.NotNil(t, checkResult) - require.NotEmpty(t, checkResult.ResultsByResourceId, "expected membership for resource %s", tpl.Resource.ObjectID) - require.Equal(t, v1.ResourceCheckResult_MEMBER, checkResult.ResultsByResourceId[tpl.Resource.ObjectID].Membership) + require.NotEmpty(t, checkResult.GetResultsByResourceId(), "expected membership for resource %s", tpl.Resource.ObjectID) + require.Equal(t, v1.ResourceCheckResult_MEMBER, checkResult.GetResultsByResourceId()[tpl.Resource.ObjectID].GetMembership()) } }) @@ -100,9 +100,9 @@ func TestDispatchChunking(t *testing.T) { require.NoError(t, err) res := stream.Results() require.Len(t, res, 1) - require.Len(t, res[0].FoundSubjectsByResourceId, 1) - require.NotNil(t, res[0].FoundSubjectsByResourceId["res1"]) - require.Len(t, res[0].FoundSubjectsByResourceId["res1"].FoundSubjects, math.MaxUint16+1) + require.Len(t, res[0].GetFoundSubjectsByResourceId(), 1) + require.NotNil(t, res[0].GetFoundSubjectsByResourceId()["res1"]) + require.Len(t, res[0].GetFoundSubjectsByResourceId()["res1"].GetFoundSubjects(), math.MaxUint16+1) } }) } diff --git a/internal/dispatch/graph/expand_test.go b/internal/dispatch/graph/expand_test.go index 2b96fcc17..9547159a7 100644 --- a/internal/dispatch/graph/expand_test.go +++ b/internal/dispatch/graph/expand_test.go @@ -182,14 +182,14 @@ func TestExpand(t *testing.T) { }) require.NoError(err) - require.NotNil(expandResult.TreeNode) - require.GreaterOrEqual(expandResult.Metadata.DepthRequired, uint32(1)) - require.Equal(tc.expectedDispatchCount, int(expandResult.Metadata.DispatchCount), "mismatch in dispatch count") - require.Equal(tc.expectedDepthRequired, int(expandResult.Metadata.DepthRequired), "mismatch in depth required") + require.NotNil(expandResult.GetTreeNode()) + require.GreaterOrEqual(expandResult.GetMetadata().GetDepthRequired(), uint32(1)) + require.Equal(tc.expectedDispatchCount, int(expandResult.GetMetadata().GetDispatchCount()), "mismatch in dispatch count") + require.Equal(tc.expectedDepthRequired, int(expandResult.GetMetadata().GetDepthRequired()), "mismatch in depth required") - if diff := cmp.Diff(tc.expected, expandResult.TreeNode, protocmp.Transform()); diff != "" { + if diff := cmp.Diff(tc.expected, expandResult.GetTreeNode(), protocmp.Transform()); diff != "" { fset := token.NewFileSet() - err := printer.Fprint(os.Stdout, fset, serializeToFile(expandResult.TreeNode)) + err := printer.Fprint(os.Stdout, fset, serializeToFile(expandResult.GetTreeNode())) require.NoError(err) t.Errorf("unexpected difference:\n%v", diff) } @@ -225,16 +225,16 @@ func serializeToFile(node *core.RelationTupleTreeNode) *ast.File { func serialize(node *core.RelationTupleTreeNode) *ast.CallExpr { var expanded ast.Expr = ast.NewIdent("_this") - if node.Expanded != nil { - expanded = onrExpr(node.Expanded) + if node.GetExpanded() != nil { + expanded = onrExpr(node.GetExpanded()) } children := []ast.Expr{expanded} var fName string - switch node.NodeType.(type) { + switch node.GetNodeType().(type) { case *core.RelationTupleTreeNode_IntermediateNode: - switch node.GetIntermediateNode().Operation { + switch node.GetIntermediateNode().GetOperation() { case core.SetOperationUserset_EXCLUSION: fName = "graph.Exclusion" case core.SetOperationUserset_INTERSECTION: @@ -245,14 +245,14 @@ func serialize(node *core.RelationTupleTreeNode) *ast.CallExpr { panic("Unknown set operation") } - for _, child := range node.GetIntermediateNode().ChildNodes { + for _, child := range node.GetIntermediateNode().GetChildNodes() { children = append(children, serialize(child)) } case *core.RelationTupleTreeNode_LeafNode: fName = "graph.Leaf" - for _, subject := range node.GetLeafNode().Subjects { - onrExpr := onrExpr(subject.Subject) + for _, subject := range node.GetLeafNode().GetSubjects() { + onrExpr := onrExpr(subject.GetSubject()) children = append(children, &ast.CallExpr{ Fun: ast.NewIdent(""), Args: []ast.Expr{onrExpr}, @@ -270,9 +270,9 @@ func onrExpr(onr *core.ObjectAndRelation) ast.Expr { return &ast.CallExpr{ Fun: ast.NewIdent("ONR"), Args: []ast.Expr{ - ast.NewIdent("\"" + onr.Namespace + "\""), - ast.NewIdent("\"" + onr.ObjectId + "\""), - ast.NewIdent("\"" + onr.Relation + "\""), + ast.NewIdent("\"" + onr.GetNamespace() + "\""), + ast.NewIdent("\"" + onr.GetObjectId() + "\""), + ast.NewIdent("\"" + onr.GetRelation() + "\""), }, } } @@ -923,8 +923,8 @@ func TestExpandOverSchema(t *testing.T) { require.NoError(err) require.NoError(err) - require.NotNil(expandResult.TreeNode) - testutil.RequireProtoEqual(t, expectedTree, expandResult.TreeNode, "Got different expansion trees") + require.NotNil(expandResult.GetTreeNode()) + testutil.RequireProtoEqual(t, expectedTree, expandResult.GetTreeNode(), "Got different expansion trees") }) } } diff --git a/internal/dispatch/graph/graph.go b/internal/dispatch/graph/graph.go index 9a7d4d4d6..87a69a549 100644 --- a/internal/dispatch/graph/graph.go +++ b/internal/dispatch/graph/graph.go @@ -222,15 +222,15 @@ func (ld *localDispatcher) parseRevision(ctx context.Context, s string) (datasto func (ld *localDispatcher) lookupRelation(_ context.Context, ns *core.NamespaceDefinition, relationName string) (*core.Relation, error) { var relation *core.Relation - for _, candidate := range ns.Relation { - if candidate.Name == relationName { + for _, candidate := range ns.GetRelation() { + if candidate.GetName() == relationName { relation = candidate break } } if relation == nil { - return nil, NewRelationNotFoundErr(ns.Name, relationName) + return nil, NewRelationNotFoundErr(ns.GetName(), relationName) } return relation, nil @@ -238,8 +238,8 @@ func (ld *localDispatcher) lookupRelation(_ context.Context, ns *core.NamespaceD // DispatchCheck implements dispatch.Check interface func (ld *localDispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCheckRequest) (*v1.DispatchCheckResponse, error) { - resourceType := tuple.StringCoreRR(req.ResourceRelation) - spanName := "DispatchCheck → " + resourceType + "@" + req.Subject.Namespace + "#" + req.Subject.Relation + resourceType := tuple.StringCoreRR(req.GetResourceRelation()) + spanName := "DispatchCheck → " + resourceType + "@" + req.GetSubject().GetNamespace() + "#" + req.GetSubject().GetRelation() nodeID, err := nodeid.FromContext(ctx) if err != nil { @@ -248,14 +248,14 @@ func (ld *localDispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCh ctx, span := tracer.Start(ctx, spanName, trace.WithAttributes( attribute.String(otelconv.AttrDispatchResourceType, resourceType), - attribute.StringSlice(otelconv.AttrDispatchResourceIds, req.ResourceIds), - attribute.String(otelconv.AttrDispatchSubject, tuple.StringCoreONR(req.Subject)), + attribute.StringSlice(otelconv.AttrDispatchResourceIds, req.GetResourceIds()), + attribute.String(otelconv.AttrDispatchSubject, tuple.StringCoreONR(req.GetSubject())), attribute.String(otelconv.AttrDispatchNodeID, nodeID), )) defer span.End() if err := dispatch.CheckDepth(ctx, req); err != nil { - if req.Debug != v1.DispatchCheckRequest_ENABLE_BASIC_DEBUGGING { + if req.GetDebug() != v1.DispatchCheckRequest_ENABLE_BASIC_DEBUGGING { return &v1.DispatchCheckResponse{ Metadata: &v1.ResponseMeta{ DispatchCount: 0, @@ -282,17 +282,17 @@ func (ld *localDispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCh }, rewriteError(ctx, err) } - revision, err := ld.parseRevision(ctx, req.Metadata.AtRevision) + revision, err := ld.parseRevision(ctx, req.GetMetadata().GetAtRevision()) if err != nil { return &v1.DispatchCheckResponse{Metadata: emptyMetadata}, rewriteError(ctx, err) } - ns, err := ld.loadNamespace(ctx, req.ResourceRelation.Namespace, revision) + ns, err := ld.loadNamespace(ctx, req.GetResourceRelation().GetNamespace(), revision) if err != nil { return &v1.DispatchCheckResponse{Metadata: emptyMetadata}, rewriteError(ctx, err) } - relation, err := ld.lookupRelation(ctx, ns, req.ResourceRelation.Relation) + relation, err := ld.lookupRelation(ctx, ns, req.GetResourceRelation().GetRelation()) if err != nil { return &v1.DispatchCheckResponse{Metadata: emptyMetadata}, rewriteError(ctx, err) } @@ -301,8 +301,8 @@ func (ld *localDispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCh // resource, load the aliased relation and dispatch to it. We cannot use the alias if the // resource and subject types are the same because a check on the *exact same* resource and // subject must pass, and we don't know how many intermediate steps may hit that case. - if relation.AliasingRelation != "" && req.ResourceRelation.Namespace != req.Subject.Namespace { - relation, err := ld.lookupRelation(ctx, ns, relation.AliasingRelation) + if relation.GetAliasingRelation() != "" && req.GetResourceRelation().GetNamespace() != req.GetSubject().GetNamespace() { + relation, err := ld.lookupRelation(ctx, ns, relation.GetAliasingRelation()) if err != nil { return &v1.DispatchCheckResponse{Metadata: emptyMetadata}, rewriteError(ctx, err) } @@ -311,17 +311,17 @@ func (ld *localDispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCh validatedReq := graph.ValidatedCheckRequest{ DispatchCheckRequest: &v1.DispatchCheckRequest{ ResourceRelation: &core.RelationReference{ - Namespace: req.ResourceRelation.Namespace, - Relation: relation.Name, + Namespace: req.GetResourceRelation().GetNamespace(), + Relation: relation.GetName(), }, - ResourceIds: req.ResourceIds, - Subject: req.Subject, - Metadata: req.Metadata, - Debug: req.Debug, - CheckHints: req.CheckHints, + ResourceIds: req.GetResourceIds(), + Subject: req.GetSubject(), + Metadata: req.GetMetadata(), + Debug: req.GetDebug(), + CheckHints: req.GetCheckHints(), }, Revision: revision, - OriginalRelationName: req.ResourceRelation.Relation, + OriginalRelationName: req.GetResourceRelation().GetRelation(), } resp, err := ld.checker.Check(ctx, validatedReq, relation) @@ -343,7 +343,7 @@ func (ld *localDispatcher) DispatchExpand(ctx context.Context, req *v1.DispatchE } ctx, span := tracer.Start(ctx, "DispatchExpand", trace.WithAttributes( - attribute.String(otelconv.AttrDispatchStart, tuple.StringCoreONR(req.ResourceAndRelation)), + attribute.String(otelconv.AttrDispatchStart, tuple.StringCoreONR(req.GetResourceAndRelation())), attribute.String(otelconv.AttrDispatchNodeID, nodeID), )) defer span.End() @@ -352,17 +352,17 @@ func (ld *localDispatcher) DispatchExpand(ctx context.Context, req *v1.DispatchE return &v1.DispatchExpandResponse{Metadata: emptyMetadata}, err } - revision, err := ld.parseRevision(ctx, req.Metadata.AtRevision) + revision, err := ld.parseRevision(ctx, req.GetMetadata().GetAtRevision()) if err != nil { return &v1.DispatchExpandResponse{Metadata: emptyMetadata}, err } - ns, err := ld.loadNamespace(ctx, req.ResourceAndRelation.Namespace, revision) + ns, err := ld.loadNamespace(ctx, req.GetResourceAndRelation().GetNamespace(), revision) if err != nil { return &v1.DispatchExpandResponse{Metadata: emptyMetadata}, err } - relation, err := ld.lookupRelation(ctx, ns, req.ResourceAndRelation.Relation) + relation, err := ld.lookupRelation(ctx, ns, req.GetResourceAndRelation().GetRelation()) if err != nil { return &v1.DispatchExpandResponse{Metadata: emptyMetadata}, err } @@ -383,10 +383,10 @@ func (ld *localDispatcher) DispatchLookupResources2( } ctx, span := tracer.Start(stream.Context(), "DispatchLookupResources2", trace.WithAttributes( - attribute.String(otelconv.AttrDispatchResourceType, tuple.StringCoreRR(req.ResourceRelation)), - attribute.String(otelconv.AttrDispatchSubjectType, tuple.StringCoreRR(req.SubjectRelation)), - attribute.StringSlice(otelconv.AttrDispatchSubjectIDs, req.SubjectIds), - attribute.String(otelconv.AttrDispatchTerminalSubject, tuple.StringCoreONR(req.TerminalSubject)), + attribute.String(otelconv.AttrDispatchResourceType, tuple.StringCoreRR(req.GetResourceRelation())), + attribute.String(otelconv.AttrDispatchSubjectType, tuple.StringCoreRR(req.GetSubjectRelation())), + attribute.StringSlice(otelconv.AttrDispatchSubjectIDs, req.GetSubjectIds()), + attribute.String(otelconv.AttrDispatchTerminalSubject, tuple.StringCoreONR(req.GetTerminalSubject())), attribute.String(otelconv.AttrDispatchNodeID, nodeID), )) defer span.End() @@ -395,7 +395,7 @@ func (ld *localDispatcher) DispatchLookupResources2( return err } - revision, err := ld.parseRevision(ctx, req.Metadata.AtRevision) + revision, err := ld.parseRevision(ctx, req.GetMetadata().GetAtRevision()) if err != nil { return err } @@ -419,10 +419,10 @@ func (ld *localDispatcher) DispatchLookupResources3( } ctx, span := tracer.Start(stream.Context(), "DispatchLookupResources3", trace.WithAttributes( - attribute.String(otelconv.AttrDispatchResourceType, tuple.StringCoreRR(req.ResourceRelation)), - attribute.String(otelconv.AttrDispatchSubjectType, tuple.StringCoreRR(req.SubjectRelation)), - attribute.StringSlice(otelconv.AttrDispatchSubjectIDs, req.SubjectIds), - attribute.String(otelconv.AttrDispatchTerminalSubject, tuple.StringCoreONR(req.TerminalSubject)), + attribute.String(otelconv.AttrDispatchResourceType, tuple.StringCoreRR(req.GetResourceRelation())), + attribute.String(otelconv.AttrDispatchSubjectType, tuple.StringCoreRR(req.GetSubjectRelation())), + attribute.StringSlice(otelconv.AttrDispatchSubjectIDs, req.GetSubjectIds()), + attribute.String(otelconv.AttrDispatchTerminalSubject, tuple.StringCoreONR(req.GetTerminalSubject())), attribute.String(otelconv.AttrDispatchNodeID, nodeID), )) defer span.End() @@ -431,7 +431,7 @@ func (ld *localDispatcher) DispatchLookupResources3( return err } - revision, err := ld.parseRevision(ctx, req.Metadata.AtRevision) + revision, err := ld.parseRevision(ctx, req.GetMetadata().GetAtRevision()) if err != nil { return err } @@ -455,14 +455,14 @@ func (ld *localDispatcher) DispatchLookupSubjects( log.Err(err).Msg("failed to get node ID") } - resourceType := tuple.StringCoreRR(req.ResourceRelation) - subjectRelation := tuple.StringCoreRR(req.SubjectRelation) + resourceType := tuple.StringCoreRR(req.GetResourceRelation()) + subjectRelation := tuple.StringCoreRR(req.GetSubjectRelation()) spanName := "DispatchLookupSubjects → " + resourceType + "@" + subjectRelation ctx, span := tracer.Start(stream.Context(), spanName, trace.WithAttributes( attribute.String(otelconv.AttrDispatchResourceType, resourceType), attribute.String(otelconv.AttrDispatchSubjectType, subjectRelation), - attribute.StringSlice(otelconv.AttrDispatchResourceIds, req.ResourceIds), + attribute.StringSlice(otelconv.AttrDispatchResourceIds, req.GetResourceIds()), attribute.String(otelconv.AttrDispatchNodeID, nodeID), )) defer span.End() @@ -471,7 +471,7 @@ func (ld *localDispatcher) DispatchLookupSubjects( return err } - revision, err := ld.parseRevision(ctx, req.Metadata.AtRevision) + revision, err := ld.parseRevision(ctx, req.GetMetadata().GetAtRevision()) if err != nil { return err } diff --git a/internal/dispatch/graph/lookupresources2_test.go b/internal/dispatch/graph/lookupresources2_test.go index 14b1c55ad..05aac0f0b 100644 --- a/internal/dispatch/graph/lookupresources2_test.go +++ b/internal/dispatch/graph/lookupresources2_test.go @@ -209,10 +209,10 @@ func TestSimpleLookupResourcesWithCursor2(t *testing.T) { require.Len(stream.Results(), 1) - found.Insert(stream.Results()[0].Resource.ResourceId) + found.Insert(stream.Results()[0].GetResource().GetResourceId()) require.Equal(tc.expectedFirst, found.AsSlice()) - cursor := stream.Results()[0].AfterResponseCursor + cursor := stream.Results()[0].GetAfterResponseCursor() require.NotNil(cursor) stream = dispatch.NewCollectingDispatchStream[*v1.DispatchLookupResources2Response](ctx) @@ -232,7 +232,7 @@ func TestSimpleLookupResourcesWithCursor2(t *testing.T) { require.NoError(err) for _, result := range stream.Results() { - found.Insert(result.Resource.ResourceId) + found.Insert(result.GetResource().GetResourceId()) } foundResults := found.AsSlice() @@ -268,7 +268,7 @@ func TestLookupResourcesCursorStability2(t *testing.T) { require.NoError(err) require.Len(stream.Results(), 2) - cursor := stream.Results()[1].AfterResponseCursor + cursor := stream.Results()[1].GetAfterResponseCursor() require.NotNil(cursor) // Make the same request and ensure the cursor has not changed. @@ -290,7 +290,7 @@ func TestLookupResourcesCursorStability2(t *testing.T) { require.NoError(err) require.Len(stream.Results(), 2) - cursorAgain := stream.Results()[1].AfterResponseCursor + cursorAgain := stream.Results()[1].GetAfterResponseCursor() require.NotNil(cursor) require.Equal(cursor, cursorAgain) } @@ -302,10 +302,10 @@ func processResults2(stream *dispatch.CollectingDispatchStream[*v1.DispatchLooku var maxCachedDispatchCount uint32 for _, result := range stream.Results() { result.Resource.ForSubjectIds = nil - foundResources = append(foundResources, result.Resource) - maxDepthRequired = max(maxDepthRequired, result.Metadata.DepthRequired) - maxDispatchCount = max(maxDispatchCount, result.Metadata.DispatchCount) - maxCachedDispatchCount = max(maxCachedDispatchCount, result.Metadata.CachedDispatchCount) + foundResources = append(foundResources, result.GetResource()) + maxDepthRequired = max(maxDepthRequired, result.GetMetadata().GetDepthRequired()) + maxDispatchCount = max(maxDispatchCount, result.GetMetadata().GetDispatchCount()) + maxCachedDispatchCount = max(maxCachedDispatchCount, result.GetMetadata().GetCachedDispatchCount()) } return foundResources, maxDepthRequired, maxDispatchCount, maxCachedDispatchCount } @@ -805,9 +805,9 @@ func TestLookupResources2OverSchemaWithCursors(t *testing.T) { foundChunks = append(foundChunks, stream.Results()) for _, result := range stream.Results() { - require.ElementsMatch(tc.expectedMissingFields, result.Resource.MissingContextParams) - foundResourceIDs.Insert(result.Resource.ResourceId) - currentCursor = result.AfterResponseCursor + require.ElementsMatch(tc.expectedMissingFields, result.GetResource().GetMissingContextParams()) + foundResourceIDs.Insert(result.GetResource().GetResourceId()) + currentCursor = result.GetAfterResponseCursor() } if pageSize == 0 || len(stream.Results()) < pageSize { @@ -1389,12 +1389,12 @@ func TestLookupResources2EnsureCheckHints(t *testing.T) { foundResourceIDs := mapz.NewSet[string]() for _, result := range stream.Results() { - if len(result.Resource.MissingContextParams) > 0 { - foundResourceIDs.Insert(result.Resource.ResourceId + "[" + strings.Join(result.Resource.MissingContextParams, ",") + "]") + if len(result.GetResource().GetMissingContextParams()) > 0 { + foundResourceIDs.Insert(result.GetResource().GetResourceId() + "[" + strings.Join(result.GetResource().GetMissingContextParams(), ",") + "]") continue } - foundResourceIDs.Insert(result.Resource.ResourceId) + foundResourceIDs.Insert(result.GetResource().GetResourceId()) } foundResourceIDsSlice := foundResourceIDs.AsSlice() @@ -1506,10 +1506,10 @@ func processResults(stream *dispatch.CollectingDispatchStream[*v1.DispatchLookup var maxDispatchCount uint32 var maxCachedDispatchCount uint32 for _, result := range stream.Results() { - foundResources = append(foundResources, result.Resource) - maxDepthRequired = max(maxDepthRequired, result.Metadata.DepthRequired) - maxDispatchCount = max(maxDispatchCount, result.Metadata.DispatchCount) - maxCachedDispatchCount = max(maxCachedDispatchCount, result.Metadata.CachedDispatchCount) + foundResources = append(foundResources, result.GetResource()) + maxDepthRequired = max(maxDepthRequired, result.GetMetadata().GetDepthRequired()) + maxDispatchCount = max(maxDispatchCount, result.GetMetadata().GetDispatchCount()) + maxCachedDispatchCount = max(maxCachedDispatchCount, result.GetMetadata().GetCachedDispatchCount()) } return foundResources, maxDepthRequired, maxDispatchCount, maxCachedDispatchCount } diff --git a/internal/dispatch/graph/lookupresources3_test.go b/internal/dispatch/graph/lookupresources3_test.go index ab004283c..16328b8c6 100644 --- a/internal/dispatch/graph/lookupresources3_test.go +++ b/internal/dispatch/graph/lookupresources3_test.go @@ -201,10 +201,10 @@ func TestSimpleLookupResourcesWithCursor3(t *testing.T) { require.Equal(1, len(stream.Results())) - found.Insert(stream.Results()[0].Items[0].ResourceId) + found.Insert(stream.Results()[0].GetItems()[0].GetResourceId()) require.Equal(tc.expectedFirst, found.AsSlice()) - cursor := stream.Results()[0].Items[0].AfterResponseCursorSections + cursor := stream.Results()[0].GetItems()[0].GetAfterResponseCursorSections() require.NotNil(cursor) stream = dispatch.NewCloningCollectingDispatchStream[*v1.DispatchLookupResources3Response](ctx) @@ -224,8 +224,8 @@ func TestSimpleLookupResourcesWithCursor3(t *testing.T) { require.NoError(err) for _, result := range stream.Results() { - for _, item := range result.Items { - found.Insert(item.ResourceId) + for _, item := range result.GetItems() { + found.Insert(item.GetResourceId()) } } @@ -240,11 +240,11 @@ func TestSimpleLookupResourcesWithCursor3(t *testing.T) { func processResults3(stream *dispatch.CloningCollectingDispatchStream[*v1.DispatchLookupResources3Response]) []*v1.PossibleResource { foundResources := []*v1.PossibleResource{} for _, result := range stream.Results() { - for _, item := range result.Items { + for _, item := range result.GetItems() { foundResources = append(foundResources, &v1.PossibleResource{ - ResourceId: item.ResourceId, + ResourceId: item.GetResourceId(), ForSubjectIds: nil, - MissingContextParams: item.MissingContextParams, + MissingContextParams: item.GetMissingContextParams(), }) } } @@ -743,10 +743,10 @@ func TestLookupResources3OverSchemaWithCursors(t *testing.T) { itemCount := 0 for _, result := range stream.Results() { - for _, item := range result.Items { - require.ElementsMatch(tc.expectedMissingFields, item.MissingContextParams) - foundResourceIDs.Insert(item.ResourceId) - currentCursor = item.AfterResponseCursorSections + for _, item := range result.GetItems() { + require.ElementsMatch(tc.expectedMissingFields, item.GetMissingContextParams()) + foundResourceIDs.Insert(item.GetResourceId()) + currentCursor = item.GetAfterResponseCursorSections() itemCount++ } } @@ -763,7 +763,7 @@ func TestLookupResources3OverSchemaWithCursors(t *testing.T) { for _, chunk := range foundChunks[0 : len(foundChunks)-1] { chunkItemCount := 0 for _, result := range chunk { - chunkItemCount += len(result.Items) + chunkItemCount += len(result.GetItems()) } require.Equal(pageSize, chunkItemCount) } @@ -1300,13 +1300,13 @@ func TestLookupResources3EnsureCheckHints(t *testing.T) { foundResourceIDs := mapz.NewSet[string]() for _, result := range stream.Results() { - for _, item := range result.Items { - if len(item.MissingContextParams) > 0 { - foundResourceIDs.Insert(item.ResourceId + "[" + strings.Join(item.MissingContextParams, ",") + "]") + for _, item := range result.GetItems() { + if len(item.GetMissingContextParams()) > 0 { + foundResourceIDs.Insert(item.GetResourceId() + "[" + strings.Join(item.GetMissingContextParams(), ",") + "]") continue } - foundResourceIDs.Insert(item.ResourceId) + foundResourceIDs.Insert(item.GetResourceId()) } } diff --git a/internal/dispatch/graph/lookupsubjects_test.go b/internal/dispatch/graph/lookupsubjects_test.go index 1191b6794..8370f370a 100644 --- a/internal/dispatch/graph/lookupsubjects_test.go +++ b/internal/dispatch/graph/lookupsubjects_test.go @@ -155,14 +155,14 @@ func TestSimpleLookupSubjects(t *testing.T) { foundSubjectIds := []string{} for _, result := range stream.Results() { - results, ok := result.FoundSubjectsByResourceId[tc.resourceID] + results, ok := result.GetFoundSubjectsByResourceId()[tc.resourceID] if ok { - for _, found := range results.FoundSubjects { - if len(found.ExcludedSubjects) > 0 { + for _, found := range results.GetFoundSubjects() { + if len(found.GetExcludedSubjects()) > 0 { continue } - foundSubjectIds = append(foundSubjectIds, found.SubjectId) + foundSubjectIds = append(foundSubjectIds, found.GetSubjectId()) } } } @@ -185,7 +185,7 @@ func TestSimpleLookupSubjects(t *testing.T) { }) require.NoError(err) - require.Equal(v1.ResourceCheckResult_MEMBER, checkResult.ResultsByResourceId[tc.resourceID].Membership) + require.Equal(v1.ResourceCheckResult_MEMBER, checkResult.GetResultsByResourceId()[tc.resourceID].GetMembership()) } dis.Close() }) @@ -274,7 +274,7 @@ func TestLookupSubjectsDispatchCount(t *testing.T) { require.NoError(err) for _, result := range stream.Results() { - require.LessOrEqual(int(result.Metadata.DispatchCount), tc.expectedDispatchCount, "Found dispatch count greater than expected") + require.LessOrEqual(int(result.GetMetadata().GetDispatchCount()), tc.expectedDispatchCount, "Found dispatch count greater than expected") } }) } @@ -1027,8 +1027,8 @@ func TestLookupSubjectsOverSchema(t *testing.T) { results := []*v1.FoundSubject{} for _, streamResult := range stream.Results() { - for _, foundSubjects := range streamResult.FoundSubjectsByResourceId { - results = append(results, foundSubjects.FoundSubjects...) + for _, foundSubjects := range streamResult.GetFoundSubjectsByResourceId() { + results = append(results, foundSubjects.GetFoundSubjects()...) } } diff --git a/internal/dispatch/keys/computed.go b/internal/dispatch/keys/computed.go index 9174a4a8e..601a54cdc 100644 --- a/internal/dispatch/keys/computed.go +++ b/internal/dispatch/keys/computed.go @@ -37,11 +37,11 @@ var cachePrefixes = []cachePrefix{ // checkRequestToKey converts a check request into a cache key based on the relation func checkRequestToKey(req *v1.DispatchCheckRequest, option dispatchCacheKeyHashComputeOption) DispatchCacheKey { - return dispatchCacheKeyHash(checkViaRelationPrefix, req.Metadata.AtRevision, option, - hashableRelationReference{req.ResourceRelation}, - hashableIds(req.ResourceIds), - hashableOnr{req.Subject}, - hashableResultSetting(req.ResultsSetting), + return dispatchCacheKeyHash(checkViaRelationPrefix, req.GetMetadata().GetAtRevision(), option, + hashableRelationReference{req.GetResourceRelation()}, + hashableIds(req.GetResourceIds()), + hashableOnr{req.GetSubject()}, + hashableResultSetting(req.GetResultsSetting()), ) } @@ -49,16 +49,16 @@ func checkRequestToKey(req *v1.DispatchCheckRequest, option dispatchCacheKeyHash // on the canonical key. func checkRequestToKeyWithCanonical(req *v1.DispatchCheckRequest, canonicalKey string) (DispatchCacheKey, error) { // NOTE: canonical cache keys are only unique *within* a version of a namespace. - cacheKey := dispatchCacheKeyHash(checkViaCanonicalPrefix, req.Metadata.AtRevision, computeBothHashes, - hashableString(req.ResourceRelation.Namespace), + cacheKey := dispatchCacheKeyHash(checkViaCanonicalPrefix, req.GetMetadata().GetAtRevision(), computeBothHashes, + hashableString(req.GetResourceRelation().GetNamespace()), hashableString(canonicalKey), - hashableIds(req.ResourceIds), - hashableOnr{req.Subject}, - hashableResultSetting(req.ResultsSetting), + hashableIds(req.GetResourceIds()), + hashableOnr{req.GetSubject()}, + hashableResultSetting(req.GetResultsSetting()), ) if canonicalKey == "" { - return cacheKey, spiceerrors.MustBugf("given empty canonical key for request: %s => %s", req.ResourceRelation, tuple.StringCoreONR(req.Subject)) + return cacheKey, spiceerrors.MustBugf("given empty canonical key for request: %s => %s", req.GetResourceRelation(), tuple.StringCoreONR(req.GetSubject())) } return cacheKey, nil @@ -66,42 +66,42 @@ func checkRequestToKeyWithCanonical(req *v1.DispatchCheckRequest, canonicalKey s // expandRequestToKey converts an expand request into a cache key func expandRequestToKey(req *v1.DispatchExpandRequest, option dispatchCacheKeyHashComputeOption) DispatchCacheKey { - return dispatchCacheKeyHash(expandPrefix, req.Metadata.AtRevision, option, - hashableOnr{req.ResourceAndRelation}, + return dispatchCacheKeyHash(expandPrefix, req.GetMetadata().GetAtRevision(), option, + hashableOnr{req.GetResourceAndRelation()}, ) } // lookupResourcesRequest2ToKey converts a lookup request into a cache key func lookupResourcesRequest2ToKey(req *v1.DispatchLookupResources2Request, option dispatchCacheKeyHashComputeOption) DispatchCacheKey { - return dispatchCacheKeyHash(lookupPrefix, req.Metadata.AtRevision, option, - hashableRelationReference{req.ResourceRelation}, - hashableRelationReference{req.SubjectRelation}, - hashableIds(req.SubjectIds), - hashableOnr{req.TerminalSubject}, - hashableContext{HashableContext: caveats.HashableContext{Struct: req.Context}}, // NOTE: context is included here because lookup does a single dispatch - hashableCursor{req.OptionalCursor}, - hashableLimit(req.OptionalLimit), + return dispatchCacheKeyHash(lookupPrefix, req.GetMetadata().GetAtRevision(), option, + hashableRelationReference{req.GetResourceRelation()}, + hashableRelationReference{req.GetSubjectRelation()}, + hashableIds(req.GetSubjectIds()), + hashableOnr{req.GetTerminalSubject()}, + hashableContext{HashableContext: caveats.HashableContext{Struct: req.GetContext()}}, // NOTE: context is included here because lookup does a single dispatch + hashableCursor{req.GetOptionalCursor()}, + hashableLimit(req.GetOptionalLimit()), ) } // lookupResourcesRequest3ToKey converts a lookup request into a cache key func lookupResourcesRequest3ToKey(req *v1.DispatchLookupResources3Request, option dispatchCacheKeyHashComputeOption) DispatchCacheKey { - return dispatchCacheKeyHash(lookupPrefix, req.Metadata.AtRevision, option, - hashableRelationReference{req.ResourceRelation}, - hashableRelationReference{req.SubjectRelation}, - hashableIds(req.SubjectIds), - hashableOnr{req.TerminalSubject}, - hashableContext{HashableContext: caveats.HashableContext{Struct: req.Context}}, // NOTE: context is included here because lookup does a single dispatch - hashableCursorSections{req.OptionalCursor}, - hashableLimit(req.OptionalLimit), + return dispatchCacheKeyHash(lookupPrefix, req.GetMetadata().GetAtRevision(), option, + hashableRelationReference{req.GetResourceRelation()}, + hashableRelationReference{req.GetSubjectRelation()}, + hashableIds(req.GetSubjectIds()), + hashableOnr{req.GetTerminalSubject()}, + hashableContext{HashableContext: caveats.HashableContext{Struct: req.GetContext()}}, // NOTE: context is included here because lookup does a single dispatch + hashableCursorSections{req.GetOptionalCursor()}, + hashableLimit(req.GetOptionalLimit()), ) } // lookupSubjectsRequestToKey converts a lookup subjects request into a cache key func lookupSubjectsRequestToKey(req *v1.DispatchLookupSubjectsRequest, option dispatchCacheKeyHashComputeOption) DispatchCacheKey { - return dispatchCacheKeyHash(lookupSubjectsPrefix, req.Metadata.AtRevision, option, - hashableRelationReference{req.ResourceRelation}, - hashableRelationReference{req.SubjectRelation}, - hashableIds(req.ResourceIds), + return dispatchCacheKeyHash(lookupSubjectsPrefix, req.GetMetadata().GetAtRevision(), option, + hashableRelationReference{req.GetResourceRelation()}, + hashableRelationReference{req.GetSubjectRelation()}, + hashableIds(req.GetResourceIds()), ) } diff --git a/internal/dispatch/keys/computed_test.go b/internal/dispatch/keys/computed_test.go index b6e65fb1d..29e148555 100644 --- a/internal/dispatch/keys/computed_test.go +++ b/internal/dispatch/keys/computed_test.go @@ -433,14 +433,14 @@ var generatorFuncs = map[string]generatorFunc{ return checkRequestToKey(&v1.DispatchCheckRequest{ ResourceRelation: resourceRelation, ResourceIds: resourceIds, - Subject: ONR(subjectRelation.Namespace, subjectIds[0], subjectRelation.Relation), + Subject: ONR(subjectRelation.GetNamespace(), subjectIds[0], subjectRelation.GetRelation()), Metadata: metadata, }, computeBothHashes), []string{ - resourceRelation.Namespace, - resourceRelation.Relation, - subjectRelation.Namespace, + resourceRelation.GetNamespace(), + resourceRelation.GetRelation(), + subjectRelation.GetNamespace(), subjectIds[0], - subjectRelation.Relation, + subjectRelation.GetRelation(), } }, @@ -455,15 +455,15 @@ var generatorFuncs = map[string]generatorFunc{ key, _ := checkRequestToKeyWithCanonical(&v1.DispatchCheckRequest{ ResourceRelation: resourceRelation, ResourceIds: resourceIds, - Subject: ONR(subjectRelation.Namespace, subjectIds[0], subjectRelation.Relation), + Subject: ONR(subjectRelation.GetNamespace(), subjectIds[0], subjectRelation.GetRelation()), Metadata: metadata, - }, resourceRelation.Relation) + }, resourceRelation.GetRelation()) return key, append([]string{ - resourceRelation.Namespace, - resourceRelation.Relation, - subjectRelation.Namespace, + resourceRelation.GetNamespace(), + resourceRelation.GetRelation(), + subjectRelation.GetNamespace(), subjectIds[0], - subjectRelation.Relation, + subjectRelation.GetRelation(), }, resourceIds...) }, @@ -479,14 +479,14 @@ var generatorFuncs = map[string]generatorFunc{ ResourceRelation: resourceRelation, SubjectRelation: subjectRelation, SubjectIds: subjectIds, - TerminalSubject: ONR(subjectRelation.Namespace, subjectIds[0], subjectRelation.Relation), + TerminalSubject: ONR(subjectRelation.GetNamespace(), subjectIds[0], subjectRelation.GetRelation()), Metadata: metadata, }, computeBothHashes), []string{ - resourceRelation.Namespace, - resourceRelation.Relation, - subjectRelation.Namespace, + resourceRelation.GetNamespace(), + resourceRelation.GetRelation(), + subjectRelation.GetNamespace(), subjectIds[0], - subjectRelation.Relation, + subjectRelation.GetRelation(), } }, @@ -499,12 +499,12 @@ var generatorFuncs = map[string]generatorFunc{ metadata *v1.ResolverMeta, ) (DispatchCacheKey, []string) { return expandRequestToKey(&v1.DispatchExpandRequest{ - ResourceAndRelation: ONR(resourceRelation.Namespace, resourceIds[0], resourceRelation.Relation), + ResourceAndRelation: ONR(resourceRelation.GetNamespace(), resourceIds[0], resourceRelation.GetRelation()), Metadata: metadata, }, computeBothHashes), []string{ - resourceRelation.Namespace, + resourceRelation.GetNamespace(), resourceIds[0], - resourceRelation.Relation, + resourceRelation.GetRelation(), } }, @@ -522,10 +522,10 @@ var generatorFuncs = map[string]generatorFunc{ ResourceIds: resourceIds, Metadata: metadata, }, computeBothHashes), append([]string{ - resourceRelation.Namespace, - resourceRelation.Relation, - subjectRelation.Namespace, - subjectRelation.Relation, + resourceRelation.GetNamespace(), + resourceRelation.GetRelation(), + subjectRelation.GetNamespace(), + subjectRelation.GetRelation(), }, resourceIds...) }, } diff --git a/internal/dispatch/keys/keys.go b/internal/dispatch/keys/keys.go index 47c8d0449..4c8455f0d 100644 --- a/internal/dispatch/keys/keys.go +++ b/internal/dispatch/keys/keys.go @@ -98,11 +98,11 @@ func (c *CanonicalKeyHandler) CheckCacheKey(ctx context.Context, req *v1.Dispatc // NOTE: We do not use the canonicalized cache key when checking within the same namespace, as // we may get different results if the subject being checked matches the resource exactly, e.g. // a check for `somenamespace:someobject#somerel@somenamespace:someobject#somerel`. - if req.ResourceRelation.Namespace != req.Subject.Namespace { + if req.GetResourceRelation().GetNamespace() != req.GetSubject().GetNamespace() { // Load the relation to get its computed cache key, if any. ds := datastoremw.MustFromContext(ctx) - revision, err := ds.RevisionFromString(req.Metadata.AtRevision) + revision, err := ds.RevisionFromString(req.GetMetadata().GetAtRevision()) if err != nil { return emptyDispatchCacheKey, err } @@ -110,16 +110,16 @@ func (c *CanonicalKeyHandler) CheckCacheKey(ctx context.Context, req *v1.Dispatc _, relation, err := namespace.ReadNamespaceAndRelation( ctx, - req.ResourceRelation.Namespace, - req.ResourceRelation.Relation, + req.GetResourceRelation().GetNamespace(), + req.GetResourceRelation().GetRelation(), r, ) if err != nil { return emptyDispatchCacheKey, err } - if relation.CanonicalCacheKey != "" { - return checkRequestToKeyWithCanonical(req, relation.CanonicalCacheKey) + if relation.GetCanonicalCacheKey() != "" { + return checkRequestToKeyWithCanonical(req, relation.GetCanonicalCacheKey()) } } diff --git a/internal/dispatch/remote/cluster.go b/internal/dispatch/remote/cluster.go index 43954dffa..f2c4c877b 100644 --- a/internal/dispatch/remote/cluster.go +++ b/internal/dispatch/remote/cluster.go @@ -222,15 +222,15 @@ func (cr *clusterDispatcher) DispatchCheck(ctx context.Context, req *v1.Dispatch cr, "check", req, - tuple.FromCoreRelationReference(req.ResourceRelation), - tuple.RR(req.Subject.Namespace, req.Subject.Relation), + tuple.FromCoreRelationReference(req.GetResourceRelation()), + tuple.RR(req.GetSubject().GetNamespace(), req.GetSubject().GetRelation()), func(ctx context.Context, client ClusterClient) (*v1.DispatchCheckResponse, error) { resp, err := client.DispatchCheck(ctx, req) if err != nil { return resp, err } - err = adjustMetadataForDispatch(resp.Metadata) + err = adjustMetadataForDispatch(resp.GetMetadata()) return resp, err }) if err != nil { @@ -456,7 +456,7 @@ func publishClient[R any](ctx context.Context, client receiver[R], reqKey string if afterResponseCursor == nil { return spiceerrors.MustBugf("received a nil after response cursor for secondary dispatch") } - afterResponseCursor.Sections = append([]string{secondaryCursorPrefix + secondaryDispatchName}, afterResponseCursor.Sections...) + afterResponseCursor.Sections = append([]string{secondaryCursorPrefix + secondaryDispatchName}, afterResponseCursor.GetSections()...) } } @@ -500,10 +500,10 @@ func dispatchStreamingRequest[Q streamingRequestMessage, R any]( cursorLockedSecondaryName := "" if cursorSupports, ok := any(req).(requestMessageWithCursor); ok { cursor := cursorSupports.GetOptionalCursor() - if cursor != nil && len(cursor.Sections) > 0 { - if strings.HasPrefix(cursor.Sections[0], secondaryCursorPrefix) { - cursorLockedSecondaryName = strings.TrimPrefix(cursor.Sections[0], secondaryCursorPrefix) - cursor.Sections = cursor.Sections[1:] + if cursor != nil && len(cursor.GetSections()) > 0 { + if strings.HasPrefix(cursor.GetSections()[0], secondaryCursorPrefix) { + cursorLockedSecondaryName = strings.TrimPrefix(cursor.GetSections()[0], secondaryCursorPrefix) + cursor.Sections = cursor.GetSections()[1:] } } } @@ -738,7 +738,7 @@ func adjustMetadataForDispatch(metadata *v1.ResponseMeta) error { // NOTE: We only add 1 to the dispatch count if it was not already handled by the downstream dispatch, // which will only be the case in a fully cached or further undispatched call. - if metadata.DispatchCount == 0 { + if metadata.GetDispatchCount() == 0 { metadata.DispatchCount++ } @@ -765,7 +765,7 @@ func (cr *clusterDispatcher) DispatchExpand(ctx context.Context, req *v1.Dispatc return &v1.DispatchExpandResponse{Metadata: requestFailureMetadata}, err } - err = adjustMetadataForDispatch(resp.Metadata) + err = adjustMetadataForDispatch(resp.GetMetadata()) return resp, err } @@ -952,9 +952,9 @@ func (srst *supportedResourceSubjectTracker) updateForError(err error) { } // If the error is an unsupported resource or subject, add it to the tracker. - if errDetail.Reason == "UNSUPPORTED_RESOURCE_RELATION" { - definitionName := errDetail.Metadata["definition_name"] - relationName := errDetail.Metadata["relation_name"] + if errDetail.GetReason() == "UNSUPPORTED_RESOURCE_RELATION" { + definitionName := errDetail.GetMetadata()["definition_name"] + relationName := errDetail.GetMetadata()["relation_name"] rr := tuple.RR(definitionName, relationName) existing, loaded := srst.unsupportedResources.LoadOrStore(rr, true) if !loaded || !existing.(bool) { @@ -962,9 +962,9 @@ func (srst *supportedResourceSubjectTracker) updateForError(err error) { } } - if errDetail.Reason == "UNSUPPORTED_SUBJECT_RELATION" { - definitionName := errDetail.Metadata["definition_name"] - relationName := errDetail.Metadata["relation_name"] + if errDetail.GetReason() == "UNSUPPORTED_SUBJECT_RELATION" { + definitionName := errDetail.GetMetadata()["definition_name"] + relationName := errDetail.GetMetadata()["relation_name"] rr := tuple.RR(definitionName, relationName) existing, loaded := srst.unsupportedSubjects.LoadOrStore(rr, true) if !loaded || !existing.(bool) { diff --git a/internal/dispatch/remote/cluster_test.go b/internal/dispatch/remote/cluster_test.go index da0c333e3..5c1a02dc7 100644 --- a/internal/dispatch/remote/cluster_test.go +++ b/internal/dispatch/remote/cluster_test.go @@ -84,7 +84,7 @@ func (fds *fakeDispatchSvc) DispatchLookupSubjects(req *v1.DispatchLookupSubject time.Sleep(fds.sleepTime) if err := srv.Send(&v1.DispatchLookupSubjectsResponse{ FoundSubjectsByResourceId: map[string]*v1.FoundSubjects{ - req.ResourceIds[0]: { + req.GetResourceIds()[0]: { FoundSubjects: []*v1.FoundSubject{ { SubjectId: fmt.Sprintf("%d", i), @@ -218,7 +218,7 @@ func TestDispatchTimeout(t *testing.T) { } else { require.NoError(t, err) require.NotNil(t, resp) - require.GreaterOrEqual(t, resp.Metadata.DispatchCount, uint32(1)) + require.GreaterOrEqual(t, resp.GetMetadata().GetDispatchCount(), uint32(1)) } // Invoke a dispatched "LookupSubjects" and test as well. @@ -348,7 +348,7 @@ func TestCheckSecondaryDispatch(t *testing.T) { resp, err := dispatcher.DispatchCheck(t.Context(), tc.request) require.NoError(t, err) - require.Equal(t, tc.expectedResult, resp.Metadata.DispatchCount) + require.Equal(t, tc.expectedResult, resp.GetMetadata().GetDispatchCount()) }) } } @@ -624,7 +624,7 @@ func TestLRSecondaryDispatch(t *testing.T) { } else { require.NoError(t, err) require.Len(t, stream.Results(), 2) - require.Equal(t, tc.expectedDispatchCount, stream.Results()[0].Metadata.DispatchCount) + require.Equal(t, tc.expectedDispatchCount, stream.Results()[0].GetMetadata().GetDispatchCount()) } }) } @@ -672,8 +672,8 @@ func TestLRDispatchFallbackToPrimary(t *testing.T) { require.NoError(t, err) require.Len(t, stream.Results(), int(results)) - require.Equal(t, uint32(1), stream.Results()[0].Metadata.DispatchCount) - require.Equal(t, "0", stream.Results()[0].Resource.ResourceId) + require.Equal(t, uint32(1), stream.Results()[0].GetMetadata().GetDispatchCount()) + require.Equal(t, "0", stream.Results()[0].GetResource().GetResourceId()) } func TestLSSecondaryDispatch(t *testing.T) { @@ -752,7 +752,7 @@ func TestLSSecondaryDispatch(t *testing.T) { } else { require.NoError(t, err) require.Len(t, stream.Results(), 2) - require.Equal(t, tc.expectedDispatchCount, stream.Results()[0].Metadata.DispatchCount) + require.Equal(t, tc.expectedDispatchCount, stream.Results()[0].GetMetadata().GetDispatchCount()) } }) } @@ -795,8 +795,8 @@ func TestLSDispatchFallbackToPrimary(t *testing.T) { require.NoError(t, err) require.Len(t, stream.Results(), int(results)) - require.Equal(t, uint32(1), stream.Results()[0].Metadata.DispatchCount) - require.Equal(t, "0", stream.Results()[0].FoundSubjectsByResourceId["foo"].FoundSubjects[0].SubjectId) + require.Equal(t, uint32(1), stream.Results()[0].GetMetadata().GetDispatchCount()) + require.Equal(t, "0", stream.Results()[0].GetFoundSubjectsByResourceId()["foo"].GetFoundSubjects()[0].GetSubjectId()) } func TestCheckUsesDelayByDefaultForPrimary(t *testing.T) { @@ -826,7 +826,7 @@ func TestCheckUsesDelayByDefaultForPrimary(t *testing.T) { Subject: &corev1.ObjectAndRelation{Namespace: "foo", ObjectId: "bar", Relation: "..."}, }) require.NoError(t, err) - require.Equal(t, uint32(2), resp.Metadata.DispatchCount) + require.Equal(t, uint32(2), resp.GetMetadata().GetDispatchCount()) // Ensure the digest for the check was updated. cast := dispatcher.(*clusterDispatcher) @@ -869,7 +869,7 @@ func TestStreamingDispatchDelayByDefaultForPrimary(t *testing.T) { }, stream) require.NoError(t, err) - require.Equal(t, uint32(2), stream.Results()[0].Metadata.DispatchCount) + require.Equal(t, uint32(2), stream.Results()[0].GetMetadata().GetDispatchCount()) require.Len(t, stream.Results(), 2) // Ensure the digest for the lookupsubjects was updated. @@ -949,7 +949,7 @@ func TestCheckUsesMaximumDelayByDefaultForPrimary(t *testing.T) { Subject: &corev1.ObjectAndRelation{Namespace: "foo", ObjectId: "bar", Relation: "..."}, }) require.NoError(t, err) - require.Equal(t, uint32(1), resp.Metadata.DispatchCount) + require.Equal(t, uint32(1), resp.GetMetadata().GetDispatchCount()) } func connectionForDispatching(t *testing.T, svc v1.DispatchServiceServer) *grpc.ClientConn { @@ -1085,7 +1085,7 @@ func TestCheckToUnsupportedRemovesHedgingDelay(t *testing.T) { Subject: &corev1.ObjectAndRelation{Namespace: "foo", ObjectId: "bar", Relation: "..."}, }) require.NoError(t, err) - require.Equal(t, uint32(1), resp.Metadata.DispatchCount) + require.Equal(t, uint32(1), resp.GetMetadata().GetDispatchCount()) // Ensure the resource relation was marked as unsupported. cast := dispatcher.(*clusterDispatcher) @@ -1102,7 +1102,7 @@ func TestCheckToUnsupportedRemovesHedgingDelay(t *testing.T) { }) endTime := time.Now() require.NoError(t, err) - require.Equal(t, uint32(1), resp.Metadata.DispatchCount) + require.Equal(t, uint32(1), resp.GetMetadata().GetDispatchCount()) require.LessOrEqual(t, endTime.Sub(startTime), 25*time.Millisecond) } diff --git a/internal/dispatch/singleflight/singleflight.go b/internal/dispatch/singleflight/singleflight.go index 48b2f0693..58b55f120 100644 --- a/internal/dispatch/singleflight/singleflight.go +++ b/internal/dispatch/singleflight/singleflight.go @@ -55,7 +55,7 @@ func (d *Dispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCheckReq // this is in place so that upgrading to a SpiceDB version with traversal bloom does not cause dispatch failures // if this is observed frequently it suggests a callsite is missing setting the bloom filter. // Since there is no bloom filter, there is no guarantee recursion won't happen, so it's safer not to singleflight - if len(req.Metadata.TraversalBloom) == 0 { + if len(req.GetMetadata().GetTraversalBloom()) == 0 { tb, err := v1.NewTraversalBloomFilter(50) if err != nil { return &v1.DispatchCheckResponse{Metadata: &v1.ResponseMeta{DispatchCount: 1}}, status.Error(codes.Internal, fmt.Errorf("unable to create traversal bloom filter: %w", err).Error()) @@ -70,7 +70,7 @@ func (d *Dispatcher) DispatchCheck(ctx context.Context, req *v1.DispatchCheckReq // likely recursive call, so we dispatch it to the delegate to avoid the singleflight from blocking it. // If the bloom filter presents a false positive, a dispatch will happen, which is a small inefficiency // traded-off to prevent a recursive-call deadlock - possiblyLoop, err := req.Metadata.RecordTraversal(keyString) + possiblyLoop, err := req.GetMetadata().RecordTraversal(keyString) if err != nil { return &v1.DispatchCheckResponse{Metadata: &v1.ResponseMeta{DispatchCount: 1}}, err } else if possiblyLoop { @@ -103,7 +103,7 @@ func (d *Dispatcher) DispatchExpand(ctx context.Context, req *v1.DispatchExpandR // this is in place so that upgrading to a SpiceDB version with traversal bloom does not cause dispatch failures // if this is observed frequently it suggests a callsite is missing setting the bloom filter // Since there is no bloom filter, there is no guarantee recursion won't happen, so it's safer not to singleflight - if len(req.Metadata.TraversalBloom) == 0 { + if len(req.GetMetadata().GetTraversalBloom()) == 0 { tb, err := v1.NewTraversalBloomFilter(50) if err != nil { return &v1.DispatchExpandResponse{Metadata: &v1.ResponseMeta{DispatchCount: 1}}, status.Error(codes.Internal, fmt.Errorf("unable to create traversal bloom filter: %w", err).Error()) @@ -114,7 +114,7 @@ func (d *Dispatcher) DispatchExpand(ctx context.Context, req *v1.DispatchExpandR return d.delegate.DispatchExpand(ctx, req) } - possiblyLoop, err := req.Metadata.RecordTraversal(keyString) + possiblyLoop, err := req.GetMetadata().RecordTraversal(keyString) if err != nil { return &v1.DispatchExpandResponse{Metadata: &v1.ResponseMeta{DispatchCount: 1}}, err } else if possiblyLoop { diff --git a/internal/dispatch/singleflight/singleflight_test.go b/internal/dispatch/singleflight/singleflight_test.go index ca0a39ca6..e2816efaa 100644 --- a/internal/dispatch/singleflight/singleflight_test.go +++ b/internal/dispatch/singleflight/singleflight_test.go @@ -333,8 +333,8 @@ func assertCounterWithLabel(t *testing.T, gatherer prometheus.Gatherer, expected found := false require.Len(t, mf.GetMetric(), expectedMetricsCount) for _, metric := range mf.GetMetric() { - for _, label := range metric.Label { - if *label.Value == labelName { + for _, label := range metric.GetLabel() { + if label.GetValue() == labelName { found = true } } diff --git a/internal/graph/check.go b/internal/graph/check.go index 025406113..42ad4f703 100644 --- a/internal/graph/check.go +++ b/internal/graph/check.go @@ -111,7 +111,7 @@ func (cc *ConcurrentChecker) Check(ctx context.Context, req ValidatedCheckReques } resolved := cc.checkInternal(ctx, req, relation) - resolved.Resp.Metadata = addCallToResponseMetadata(resolved.Resp.Metadata) + resolved.Resp.Metadata = addCallToResponseMetadata(resolved.Resp.GetMetadata()) if req.Debug == v1.DispatchCheckRequest_NO_DEBUG { return resolved.Resp, resolved.Err } @@ -124,7 +124,7 @@ func (cc *ConcurrentChecker) Check(ctx context.Context, req ValidatedCheckReques } // Add debug information if requested. - debugInfo := resolved.Resp.Metadata.DebugInfo + debugInfo := resolved.Resp.GetMetadata().GetDebugInfo() if debugInfo == nil { debugInfo = &v1.DebugInformation{ Check: &v1.CheckDebugTrace{ @@ -132,7 +132,7 @@ func (cc *ConcurrentChecker) Check(ctx context.Context, req ValidatedCheckReques SourceId: nodeID, }, } - } else if debugInfo.Check != nil && debugInfo.Check.SourceId == "" { + } else if debugInfo.GetCheck() != nil && debugInfo.GetCheck().GetSourceId() == "" { debugInfo.Check.SourceId = nodeID } @@ -153,7 +153,7 @@ func (cc *ConcurrentChecker) Check(ctx context.Context, req ValidatedCheckReques // Build the results for the debug trace. results := make(map[string]*v1.ResourceCheckResult, len(req.ResourceIds)) for _, resourceID := range req.ResourceIds { - if found, ok := resolved.Resp.ResultsByResourceId[resourceID]; ok { + if found, ok := resolved.Resp.GetResultsByResourceId()[resourceID]; ok { results[resourceID] = found } } @@ -162,7 +162,7 @@ func (cc *ConcurrentChecker) Check(ctx context.Context, req ValidatedCheckReques // If there is existing debug information in the error, then place it as the subproblem of the current // debug information. if existingDebugInfo, ok := spiceerrors.GetDetails[*v1.DebugInformation](resolved.Err); ok { - debugInfo.Check.SubProblems = []*v1.CheckDebugTrace{existingDebugInfo.Check} + debugInfo.Check.SubProblems = []*v1.CheckDebugTrace{existingDebugInfo.GetCheck()} } resolved.Resp.Metadata.DebugInfo = debugInfo @@ -188,7 +188,7 @@ func (cc *ConcurrentChecker) checkInternal(ctx context.Context, req ValidatedChe } // Ensure that we are not performing a check for a wildcard as the subject. - if req.Subject.ObjectId == tuple.PublicWildcard { + if req.Subject.GetObjectId() == tuple.PublicWildcard { return checkResultError(NewWildcardNotAllowedErr("cannot perform check on wildcard subject", "subject.object_id"), emptyMetadata) } @@ -211,14 +211,14 @@ func (cc *ConcurrentChecker) checkInternal(ctx context.Context, req ValidatedChe subject := tuple.FromCoreObjectAndRelation(req.Subject) filteredResourcesIdsSet := mapz.NewSet(filteredResourcesIds...) for _, checkHint := range req.CheckHints { - resourceID, ok := hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.Namespace, req.ResourceRelation.Relation, subject) + resourceID, ok := hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.GetNamespace(), req.ResourceRelation.GetRelation(), subject) if ok { filteredResourcesIdsSet.Delete(resourceID) continue } if req.OriginalRelationName != "" { - resourceID, ok = hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.Namespace, req.OriginalRelationName, subject) + resourceID, ok = hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.GetNamespace(), req.OriginalRelationName, subject) if ok { filteredResourcesIdsSet.Delete(resourceID) } @@ -249,11 +249,11 @@ func (cc *ConcurrentChecker) checkInternal(ctx context.Context, req ValidatedChe crc.dispatchChunkSize = 1 } - if relation.UsersetRewrite == nil { + if relation.GetUsersetRewrite() == nil { return combineWithCheckHints(combineResultWithFoundResources(cc.checkDirect(ctx, crc, relation), membershipSet), req) } - return combineWithCheckHints(combineResultWithFoundResources(cc.checkUsersetRewrite(ctx, crc, relation.UsersetRewrite), membershipSet), req) + return combineWithCheckHints(combineResultWithFoundResources(cc.checkUsersetRewrite(ctx, crc, relation.GetUsersetRewrite()), membershipSet), req) } func combineWithComputedHints(result CheckResult, hints map[string]*v1.ResourceCheckResult) CheckResult { @@ -262,7 +262,7 @@ func combineWithComputedHints(result CheckResult, hints map[string]*v1.ResourceC } for resourceID, hint := range hints { - if _, ok := result.Resp.ResultsByResourceId[resourceID]; ok { + if _, ok := result.Resp.GetResultsByResourceId()[resourceID]; ok { return checkResultError( spiceerrors.MustBugf("check hint for resource ID %q, which already exists", resourceID), emptyMetadata, @@ -285,10 +285,10 @@ func combineWithCheckHints(result CheckResult, req ValidatedCheckRequest) CheckR subject := tuple.FromCoreObjectAndRelation(req.Subject) for _, checkHint := range req.CheckHints { - resourceID, ok := hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.Namespace, req.ResourceRelation.Relation, subject) + resourceID, ok := hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.GetNamespace(), req.ResourceRelation.GetRelation(), subject) if !ok { if req.OriginalRelationName != "" { - resourceID, ok = hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.Namespace, req.OriginalRelationName, subject) + resourceID, ok = hints.AsCheckHintForComputedUserset(checkHint, req.ResourceRelation.GetNamespace(), req.OriginalRelationName, subject) } if !ok { @@ -300,14 +300,14 @@ func combineWithCheckHints(result CheckResult, req ValidatedCheckRequest) CheckR result.Resp.ResultsByResourceId = make(map[string]*v1.ResourceCheckResult) } - if _, ok := result.Resp.ResultsByResourceId[resourceID]; ok { + if _, ok := result.Resp.GetResultsByResourceId()[resourceID]; ok { return checkResultError( spiceerrors.MustBugf("check hint for resource ID %q, which already exists", resourceID), emptyMetadata, ) } - result.Resp.ResultsByResourceId[resourceID] = checkHint.Result + result.Resp.ResultsByResourceId[resourceID] = checkHint.GetResult() } return result @@ -350,18 +350,18 @@ func (cc *ConcurrentChecker) checkDirect(ctx context.Context, crc currentRequest // cases to optimize: // 1) Finding the target subject itself, as a direct lookup // 2) Finding a wildcard for the subject type+relation - if allowedDirectRelation.GetNamespace() == crc.parentReq.Subject.Namespace { + if allowedDirectRelation.GetNamespace() == crc.parentReq.Subject.GetNamespace() { if allowedDirectRelation.GetPublicWildcard() != nil { totalWildcardSubjects++ - } else if allowedDirectRelation.GetRelation() == crc.parentReq.Subject.Relation { + } else if allowedDirectRelation.GetRelation() == crc.parentReq.Subject.GetRelation() { totalDirectSubjects++ } - if allowedDirectRelation.RequiredCaveat == nil { + if allowedDirectRelation.GetRequiredCaveat() == nil { directSubjectsAndWildcardsWithoutCaveats++ } - if allowedDirectRelation.RequiredExpiration == nil { + if allowedDirectRelation.GetRequiredExpiration() == nil { directSubjectsAndWildcardsWithoutExpiration++ } } @@ -373,10 +373,10 @@ func (cc *ConcurrentChecker) checkDirect(ctx context.Context, crc currentRequest // relations can reach the target subject type. if allowedDirectRelation.GetRelation() != tuple.Ellipsis { totalNonTerminals++ - if allowedDirectRelation.RequiredCaveat == nil { + if allowedDirectRelation.GetRequiredCaveat() == nil { nonTerminalsWithoutCaveats++ } - if allowedDirectRelation.RequiredExpiration == nil { + if allowedDirectRelation.GetRequiredExpiration() == nil { nonTerminalsWithoutExpiration++ } } @@ -405,24 +405,24 @@ func (cc *ConcurrentChecker) checkDirect(ctx context.Context, crc currentRequest if hasDirectSubject { subjectSelectors = append(subjectSelectors, datastore.SubjectsSelector{ - OptionalSubjectType: crc.parentReq.Subject.Namespace, - OptionalSubjectIds: []string{crc.parentReq.Subject.ObjectId}, - RelationFilter: datastore.SubjectRelationFilter{}.WithRelation(crc.parentReq.Subject.Relation), + OptionalSubjectType: crc.parentReq.Subject.GetNamespace(), + OptionalSubjectIds: []string{crc.parentReq.Subject.GetObjectId()}, + RelationFilter: datastore.SubjectRelationFilter{}.WithRelation(crc.parentReq.Subject.GetRelation()), }) } if hasWildcardSubject { subjectSelectors = append(subjectSelectors, datastore.SubjectsSelector{ - OptionalSubjectType: crc.parentReq.Subject.Namespace, + OptionalSubjectType: crc.parentReq.Subject.GetNamespace(), OptionalSubjectIds: []string{tuple.PublicWildcard}, RelationFilter: datastore.SubjectRelationFilter{}.WithEllipsisRelation(), }) } filter := datastore.RelationshipsFilter{ - OptionalResourceType: crc.parentReq.ResourceRelation.Namespace, + OptionalResourceType: crc.parentReq.ResourceRelation.GetNamespace(), OptionalResourceIds: crc.filteredResourceIDs, - OptionalResourceRelation: crc.parentReq.ResourceRelation.Relation, + OptionalResourceRelation: crc.parentReq.ResourceRelation.GetRelation(), OptionalSubjectsSelectors: subjectSelectors, } @@ -469,9 +469,9 @@ func (cc *ConcurrentChecker) checkDirect(ctx context.Context, crc currentRequest // Otherwise, for any remaining resource IDs, query for redispatch. filter := datastore.RelationshipsFilter{ - OptionalResourceType: crc.parentReq.ResourceRelation.Namespace, + OptionalResourceType: crc.parentReq.ResourceRelation.GetNamespace(), OptionalResourceIds: furtherFilteredResourceIDs, - OptionalResourceRelation: crc.parentReq.ResourceRelation.Relation, + OptionalResourceRelation: crc.parentReq.ResourceRelation.GetRelation(), OptionalSubjectsSelectors: []datastore.SubjectsSelector{ { RelationFilter: datastore.SubjectRelationFilter{}.WithOnlyNonEllipsisRelations(), @@ -537,7 +537,7 @@ func (cc *ConcurrentChecker) checkDirect(ctx context.Context, crc currentRequest func mapFoundResources(result CheckResult, resourceType tuple.RelationReference, checksToDispatch *checkDispatchSet) CheckResult { // Map any resources found to the parent resource IDs. membershipSet := NewMembershipSet() - for foundResourceID, result := range result.Resp.ResultsByResourceId { + for foundResourceID, result := range result.Resp.GetResultsByResourceId() { resourceIDAndCaveats := checksToDispatch.mappingsForSubject(resourceType.ObjectType, foundResourceID, resourceType.Relation) spiceerrors.DebugAssertf(func() bool { @@ -545,34 +545,34 @@ func mapFoundResources(result CheckResult, resourceType tuple.RelationReference, }, "found resource ID without associated caveats") for _, riac := range resourceIDAndCaveats { - membershipSet.AddMemberWithParentCaveat(riac.resourceID, result.Expression, riac.caveat) + membershipSet.AddMemberWithParentCaveat(riac.resourceID, result.GetExpression(), riac.caveat) } } if membershipSet.IsEmpty() { - return noMembersWithMetadata(result.Resp.Metadata) + return noMembersWithMetadata(result.Resp.GetMetadata()) } - return checkResultsForMembership(membershipSet, result.Resp.Metadata) + return checkResultsForMembership(membershipSet, result.Resp.GetMetadata()) } func (cc *ConcurrentChecker) checkUsersetRewrite(ctx context.Context, crc currentRequestContext, rewrite *core.UsersetRewrite) CheckResult { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: - if len(rw.Union.Child) > 1 { + if len(rw.Union.GetChild()) > 1 { var span trace.Span ctx, span = tracer.Start(ctx, "+") defer span.End() } - return union(ctx, crc, rw.Union.Child, cc.runSetOperation, cc.concurrencyLimit) + return union(ctx, crc, rw.Union.GetChild(), cc.runSetOperation, cc.concurrencyLimit) case *core.UsersetRewrite_Intersection: ctx, span := tracer.Start(ctx, "&") defer span.End() - return all(ctx, crc, rw.Intersection.Child, cc.runSetOperation, cc.concurrencyLimit) + return all(ctx, crc, rw.Intersection.GetChild(), cc.runSetOperation, cc.concurrencyLimit) case *core.UsersetRewrite_Exclusion: ctx, span := tracer.Start(ctx, "-") defer span.End() - return difference(ctx, crc, rw.Exclusion.Child, cc.runSetOperation, cc.concurrencyLimit) + return difference(ctx, crc, rw.Exclusion.GetChild(), cc.runSetOperation, cc.concurrencyLimit) default: return checkResultError(spiceerrors.MustBugf("unknown userset rewrite operator"), emptyMetadata) } @@ -585,7 +585,7 @@ func (cc *ConcurrentChecker) dispatch(ctx context.Context, _ currentRequestConte } func (cc *ConcurrentChecker) runSetOperation(ctx context.Context, crc currentRequestContext, childOneof *core.SetOperation_Child) CheckResult { - switch child := childOneof.ChildType.(type) { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_XThis: return checkResultError(spiceerrors.MustBugf("use of _this is unsupported; please rewrite your schema"), emptyMetadata) case *core.SetOperation_Child_ComputedUserset: @@ -595,7 +595,7 @@ func (cc *ConcurrentChecker) runSetOperation(ctx context.Context, crc currentReq case *core.SetOperation_Child_TupleToUserset: return checkTupleToUserset(ctx, cc, crc, child.TupleToUserset) case *core.SetOperation_Child_FunctionedTupleToUserset: - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ANY: return checkTupleToUserset(ctx, cc, crc, child.FunctionedTupleToUserset) @@ -603,7 +603,7 @@ func (cc *ConcurrentChecker) runSetOperation(ctx context.Context, crc currentReq return checkIntersectionTupleToUserset(ctx, cc, crc, child.FunctionedTupleToUserset) default: - return checkResultError(spiceerrors.MustBugf("unknown userset function `%s`", child.FunctionedTupleToUserset.Function), emptyMetadata) + return checkResultError(spiceerrors.MustBugf("unknown userset function `%s`", child.FunctionedTupleToUserset.GetFunction()), emptyMetadata) } case *core.SetOperation_Child_XNil: @@ -614,12 +614,12 @@ func (cc *ConcurrentChecker) runSetOperation(ctx context.Context, crc currentReq } func (cc *ConcurrentChecker) checkComputedUserset(ctx context.Context, crc currentRequestContext, cu *core.ComputedUserset, rr *tuple.RelationReference, resourceIds []string) CheckResult { - ctx, span := tracer.Start(ctx, cu.Relation) + ctx, span := tracer.Start(ctx, cu.GetRelation()) defer span.End() var startNamespace string var targetResourceIds []string - switch cu.Object { + switch cu.GetObject() { case core.ComputedUserset_TUPLE_USERSET_OBJECT: if rr == nil || len(resourceIds) == 0 { return checkResultError(spiceerrors.MustBugf("computed userset for tupleset without tuples"), emptyMetadata) @@ -632,13 +632,13 @@ func (cc *ConcurrentChecker) checkComputedUserset(ctx context.Context, crc curre return checkResultError(spiceerrors.MustBugf("computed userset for tupleset with wrong object type"), emptyMetadata) } - startNamespace = crc.parentReq.ResourceRelation.Namespace + startNamespace = crc.parentReq.ResourceRelation.GetNamespace() targetResourceIds = crc.filteredResourceIDs } targetRR := &core.RelationReference{ Namespace: startNamespace, - Relation: cu.Relation, + Relation: cu.GetRelation(), } // If we will be dispatching to the goal's ONR, then we know that the ONR is a member. @@ -650,9 +650,9 @@ func (cc *ConcurrentChecker) checkComputedUserset(ctx context.Context, crc curre // Check if the target relation exists. If not, return nothing. This is only necessary // for TTU-based computed usersets, as directly computed ones reference relations within // the same namespace as the caller, and thus must be fully typed checked. - if cu.Object == core.ComputedUserset_TUPLE_USERSET_OBJECT { + if cu.GetObject() == core.ComputedUserset_TUPLE_USERSET_OBJECT { ds := datastoremw.MustFromContext(ctx).SnapshotReader(crc.parentReq.Revision) - err := namespace.CheckNamespaceAndRelation(ctx, targetRR.Namespace, targetRR.Relation, true, ds) + err := namespace.CheckNamespaceAndRelation(ctx, targetRR.GetNamespace(), targetRR.GetRelation(), true, ds) if err != nil { if errors.As(err, &namespace.RelationNotFoundError{}) { return noMembers() @@ -693,26 +693,26 @@ func TraitsForArrowRelation(ctx context.Context, reader datastore.Reader, namesp } var relation *core.Relation - for _, rel := range nsDef.Relation { - if rel.Name == relationName { + for _, rel := range nsDef.GetRelation() { + if rel.GetName() == relationName { relation = rel break } } - if relation == nil || relation.TypeInformation == nil { + if relation == nil || relation.GetTypeInformation() == nil { return Traits{}, fmt.Errorf("relation %q not found", relationName) } hasCaveats := false hasExpiration := false - for _, allowedDirectRelation := range relation.TypeInformation.GetAllowedDirectRelations() { - if allowedDirectRelation.RequiredCaveat != nil { + for _, allowedDirectRelation := range relation.GetTypeInformation().GetAllowedDirectRelations() { + if allowedDirectRelation.GetRequiredCaveat() != nil { hasCaveats = true } - if allowedDirectRelation.RequiredExpiration != nil { + if allowedDirectRelation.GetRequiredExpiration() != nil { hasExpiration = true } } @@ -744,12 +744,12 @@ func queryOptionsForArrowRelation(ctx context.Context, ds datastore.Reader, name } func filterForFoundMemberResource(resourceRelation *core.RelationReference, resourceIds []string, subject *core.ObjectAndRelation) (*MembershipSet, []string) { - if resourceRelation.Namespace != subject.Namespace || resourceRelation.Relation != subject.Relation { + if resourceRelation.GetNamespace() != subject.GetNamespace() || resourceRelation.GetRelation() != subject.GetRelation() { return nil, resourceIds } for index, resourceID := range resourceIds { - if subject.ObjectId == resourceID { + if subject.GetObjectId() == resourceID { membershipSet := NewMembershipSet() membershipSet.AddDirectMember(resourceID, nil) return membershipSet, removeIndexFromSlice(resourceIds, index) @@ -787,19 +787,19 @@ func checkIntersectionTupleToUserset( ttu *core.FunctionedTupleToUserset, ) CheckResult { // TODO(jschorr): use check hints here - ctx, span := tracer.Start(ctx, ttu.GetTupleset().GetRelation()+"-(all)->"+ttu.GetComputedUserset().Relation) + ctx, span := tracer.Start(ctx, ttu.GetTupleset().GetRelation()+"-(all)->"+ttu.GetComputedUserset().GetRelation()) defer span.End() // Query for the subjects over which to walk the TTU. log.Ctx(ctx).Trace().Object("intersectionttu", crc.parentReq).Send() ds := datastoremw.MustFromContext(ctx).SnapshotReader(crc.parentReq.Revision) - queryOpts, err := queryOptionsForArrowRelation(ctx, ds, crc.parentReq.ResourceRelation.Namespace, ttu.GetTupleset().GetRelation()) + queryOpts, err := queryOptionsForArrowRelation(ctx, ds, crc.parentReq.ResourceRelation.GetNamespace(), ttu.GetTupleset().GetRelation()) if err != nil { return checkResultError(NewCheckFailureErr(err), emptyMetadata) } it, err := ds.QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: crc.parentReq.ResourceRelation.Namespace, + OptionalResourceType: crc.parentReq.ResourceRelation.GetNamespace(), OptionalResourceIds: crc.filteredResourceIDs, OptionalResourceRelation: ttu.GetTupleset().GetRelation(), }, queryOpts...) @@ -862,8 +862,8 @@ func checkIntersectionTupleToUserset( resultsByDispatchedSubject[result.relationType] = NewMembershipSet() } - resultsByDispatchedSubject[result.relationType].UnionWith(result.Resp.ResultsByResourceId) - combinedMetadata = combineResponseMetadata(ctx, combinedMetadata, result.Resp.Metadata) + resultsByDispatchedSubject[result.relationType].UnionWith(result.Resp.GetResultsByResourceId()) + combinedMetadata = combineResponseMetadata(ctx, combinedMetadata, result.Resp.GetMetadata()) } // For each resource ID, check that there exist some sort of permission for *each* subject. If not, then the @@ -934,9 +934,9 @@ func checkTupleToUserset[T relation]( for _, checkHint := range crc.parentReq.CheckHints { resourceID, ok := hints.AsCheckHintForArrow( checkHint, - crc.parentReq.ResourceRelation.Namespace, + crc.parentReq.ResourceRelation.GetNamespace(), ttu.GetTupleset().GetRelation(), - ttu.GetComputedUserset().Relation, + ttu.GetComputedUserset().GetRelation(), tuple.FromCoreObjectAndRelation(crc.parentReq.Subject), ) if !ok { @@ -944,7 +944,7 @@ func checkTupleToUserset[T relation]( } filteredResourcesIdsSet.Delete(resourceID) - hintsToReturn[resourceID] = checkHint.Result + hintsToReturn[resourceID] = checkHint.GetResult() } filteredResourceIDs = filteredResourcesIdsSet.AsSlice() @@ -954,19 +954,19 @@ func checkTupleToUserset[T relation]( return combineWithComputedHints(noMembers(), hintsToReturn) } - ctx, span := tracer.Start(ctx, ttu.GetTupleset().GetRelation()+"->"+ttu.GetComputedUserset().Relation) + ctx, span := tracer.Start(ctx, ttu.GetTupleset().GetRelation()+"->"+ttu.GetComputedUserset().GetRelation()) defer span.End() log.Ctx(ctx).Trace().Object("ttu", crc.parentReq).Send() ds := datastoremw.MustFromContext(ctx).SnapshotReader(crc.parentReq.Revision) - queryOpts, err := queryOptionsForArrowRelation(ctx, ds, crc.parentReq.ResourceRelation.Namespace, ttu.GetTupleset().GetRelation()) + queryOpts, err := queryOptionsForArrowRelation(ctx, ds, crc.parentReq.ResourceRelation.GetNamespace(), ttu.GetTupleset().GetRelation()) if err != nil { return checkResultError(NewCheckFailureErr(err), emptyMetadata) } it, err := ds.QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: crc.parentReq.ResourceRelation.Namespace, + OptionalResourceType: crc.parentReq.ResourceRelation.GetNamespace(), OptionalResourceIds: filteredResourceIDs, OptionalResourceRelation: ttu.GetTupleset().GetRelation(), }, queryOpts...) @@ -1007,7 +1007,7 @@ func withDistinctMetadata(ctx context.Context, result CheckResult) CheckResult { // NOTE: This is necessary to ensure unique debug information on the request and that debug // information from the child metadata is *not* copied over. clonedResp := result.Resp.CloneVT() - clonedResp.Metadata = combineResponseMetadata(ctx, emptyMetadata, clonedResp.Metadata) + clonedResp.Metadata = combineResponseMetadata(ctx, emptyMetadata, clonedResp.GetMetadata()) return CheckResult{ Resp: clonedResp, Err: result.Err, @@ -1078,12 +1078,12 @@ func union[T any]( select { case result := <-resultChan: log.Ctx(ctx).Trace().Object("anyResult", result.Resp).Send() - responseMetadata = combineResponseMetadata(ctx, responseMetadata, result.Resp.Metadata) + responseMetadata = combineResponseMetadata(ctx, responseMetadata, result.Resp.GetMetadata()) if result.Err != nil { return checkResultError(result.Err, responseMetadata) } - membershipSet.UnionWith(result.Resp.ResultsByResourceId) + membershipSet.UnionWith(result.Resp.GetResultsByResourceId()) if membershipSet.HasDeterminedMember() && crc.resultsSetting == v1.DispatchCheckRequest_ALLOW_SINGLE_RESULT { return checkResultsForMembership(membershipSet, responseMetadata) } @@ -1129,16 +1129,16 @@ func all[T any]( for i := 0; i < len(children); i++ { select { case result := <-resultChan: - responseMetadata = combineResponseMetadata(ctx, responseMetadata, result.Resp.Metadata) + responseMetadata = combineResponseMetadata(ctx, responseMetadata, result.Resp.GetMetadata()) if result.Err != nil { return checkResultError(result.Err, responseMetadata) } if membershipSet == nil { membershipSet = NewMembershipSet() - membershipSet.UnionWith(result.Resp.ResultsByResourceId) + membershipSet.UnionWith(result.Resp.GetResultsByResourceId()) } else { - membershipSet.IntersectWith(result.Resp.ResultsByResourceId) + membershipSet.IntersectWith(result.Resp.GetResultsByResourceId()) } if membershipSet.IsEmpty() { @@ -1196,13 +1196,13 @@ func difference[T any]( // Wait for the base set to return. select { case base := <-baseChan: - responseMetadata = combineResponseMetadata(ctx, responseMetadata, base.Resp.Metadata) + responseMetadata = combineResponseMetadata(ctx, responseMetadata, base.Resp.GetMetadata()) if base.Err != nil { return checkResultError(base.Err, responseMetadata) } - membershipSet.UnionWith(base.Resp.ResultsByResourceId) + membershipSet.UnionWith(base.Resp.GetResultsByResourceId()) if membershipSet.IsEmpty() { return noMembersWithMetadata(responseMetadata) } @@ -1215,13 +1215,13 @@ func difference[T any]( for i := 1; i < len(children); i++ { select { case sub := <-othersChan: - responseMetadata = combineResponseMetadata(ctx, responseMetadata, sub.Resp.Metadata) + responseMetadata = combineResponseMetadata(ctx, responseMetadata, sub.Resp.GetMetadata()) if sub.Err != nil { return checkResultError(sub.Err, responseMetadata) } - membershipSet.Subtract(sub.Resp.ResultsByResourceId) + membershipSet.Subtract(sub.Resp.GetResultsByResourceId()) if membershipSet.IsEmpty() { return noMembersWithMetadata(responseMetadata) } @@ -1305,11 +1305,11 @@ func combineResultWithFoundResources(result CheckResult, foundResources *Members return result } - foundResources.UnionWith(result.Resp.ResultsByResourceId) + foundResources.UnionWith(result.Resp.GetResultsByResourceId()) return CheckResult{ Resp: &v1.DispatchCheckResponse{ ResultsByResourceId: foundResources.AsCheckResultsMap(), - Metadata: result.Resp.Metadata, + Metadata: result.Resp.GetMetadata(), }, Err: result.Err, } @@ -1317,12 +1317,12 @@ func combineResultWithFoundResources(result CheckResult, foundResources *Members func combineResponseMetadata(ctx context.Context, existing *v1.ResponseMeta, responseMetadata *v1.ResponseMeta) *v1.ResponseMeta { combined := &v1.ResponseMeta{ - DispatchCount: existing.DispatchCount + responseMetadata.DispatchCount, - DepthRequired: max(existing.DepthRequired, responseMetadata.DepthRequired), - CachedDispatchCount: existing.CachedDispatchCount + responseMetadata.CachedDispatchCount, + DispatchCount: existing.GetDispatchCount() + responseMetadata.GetDispatchCount(), + DepthRequired: max(existing.GetDepthRequired(), responseMetadata.GetDepthRequired()), + CachedDispatchCount: existing.GetCachedDispatchCount() + responseMetadata.GetCachedDispatchCount(), } - if existing.DebugInfo == nil && responseMetadata.DebugInfo == nil { + if existing.GetDebugInfo() == nil && responseMetadata.GetDebugInfo() == nil { return combined } @@ -1338,19 +1338,19 @@ func combineResponseMetadata(ctx context.Context, existing *v1.ResponseMeta, res }, } - if existing.DebugInfo != nil { - if existing.DebugInfo.Check.Request != nil { - debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, existing.DebugInfo.Check) + if existing.GetDebugInfo() != nil { + if existing.GetDebugInfo().GetCheck().GetRequest() != nil { + debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, existing.GetDebugInfo().GetCheck()) } else { - debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, existing.DebugInfo.Check.SubProblems...) + debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, existing.GetDebugInfo().GetCheck().GetSubProblems()...) } } - if responseMetadata.DebugInfo != nil { - if responseMetadata.DebugInfo.Check.Request != nil { - debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, responseMetadata.DebugInfo.Check) + if responseMetadata.GetDebugInfo() != nil { + if responseMetadata.GetDebugInfo().GetCheck().GetRequest() != nil { + debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, responseMetadata.GetDebugInfo().GetCheck()) } else { - debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, responseMetadata.DebugInfo.Check.SubProblems...) + debugInfo.Check.SubProblems = append(debugInfo.Check.SubProblems, responseMetadata.GetDebugInfo().GetCheck().GetSubProblems()...) } } diff --git a/internal/graph/checkdispatchset.go b/internal/graph/checkdispatchset.go index 65666fd91..ac6ba66fc 100644 --- a/internal/graph/checkdispatchset.go +++ b/internal/graph/checkdispatchset.go @@ -76,7 +76,7 @@ func (s *checkDispatchSet) addForRelationship(rel tuple.Relationship) { // Add the subject ID to the map of subjects for the type of subject. siac := subjectIDAndHasCaveat{ objectID: rel.Subject.ObjectID, - hasIncomingCaveats: rel.OptionalCaveat != nil && rel.OptionalCaveat.CaveatName != "", + hasIncomingCaveats: rel.OptionalCaveat != nil && rel.OptionalCaveat.GetCaveatName() != "", } subjectIDsForType, ok := s.bySubjectType[rel.Subject.RelationReference()] diff --git a/internal/graph/computed/computecheck.go b/internal/graph/computed/computecheck.go index be493dc74..96abd0f13 100644 --- a/internal/graph/computed/computecheck.go +++ b/internal/graph/computed/computecheck.go @@ -66,7 +66,7 @@ func ComputeCheck( } spiceerrors.DebugAssertf(func() bool { - return (len(di) == 0 && meta.DebugInfo == nil) || (len(di) == 1 && meta.DebugInfo != nil) + return (len(di) == 0 && meta.GetDebugInfo() == nil) || (len(di) == 1 && meta.GetDebugInfo() != nil) }, "mismatch in debug information returned from computeCheck") return resultsMap[resourceID], meta, err @@ -133,17 +133,17 @@ func computeCheck(ctx context.Context, CheckHints: params.CheckHints, }) - if checkResult.Metadata.DebugInfo != nil { - debugInfo = append(debugInfo, checkResult.Metadata.DebugInfo) + if checkResult.GetMetadata().GetDebugInfo() != nil { + debugInfo = append(debugInfo, checkResult.GetMetadata().GetDebugInfo()) } if len(resourceIDs) == 1 { - metadata = checkResult.Metadata + metadata = checkResult.GetMetadata() } else { metadata = &v1.ResponseMeta{ - DispatchCount: metadata.DispatchCount + checkResult.Metadata.DispatchCount, - DepthRequired: max(metadata.DepthRequired, checkResult.Metadata.DepthRequired), - CachedDispatchCount: metadata.CachedDispatchCount + checkResult.Metadata.CachedDispatchCount, + DispatchCount: metadata.GetDispatchCount() + checkResult.GetMetadata().GetDispatchCount(), + DepthRequired: max(metadata.GetDepthRequired(), checkResult.GetMetadata().GetDepthRequired()), + CachedDispatchCount: metadata.GetCachedDispatchCount() + checkResult.GetMetadata().GetCachedDispatchCount(), DebugInfo: nil, } } @@ -166,21 +166,21 @@ func computeCheck(ctx context.Context, } func computeCaveatedCheckResult(ctx context.Context, runner *cexpr.CaveatRunner, params CheckParameters, resourceID string, checkResult *v1.DispatchCheckResponse) (*v1.ResourceCheckResult, error) { - result, ok := checkResult.ResultsByResourceId[resourceID] + result, ok := checkResult.GetResultsByResourceId()[resourceID] if !ok { return &v1.ResourceCheckResult{ Membership: v1.ResourceCheckResult_NOT_MEMBER, }, nil } - if result.Membership == v1.ResourceCheckResult_MEMBER { + if result.GetMembership() == v1.ResourceCheckResult_MEMBER { return result, nil } ds := datastoremw.MustFromContext(ctx) reader := ds.SnapshotReader(params.AtRevision) - caveatResult, err := runner.RunCaveatExpression(ctx, result.Expression, params.CaveatContext, reader, cexpr.RunCaveatExpressionNoDebugging) + caveatResult, err := runner.RunCaveatExpression(ctx, result.GetExpression(), params.CaveatContext, reader, cexpr.RunCaveatExpressionNoDebugging) if err != nil { return nil, err } @@ -189,7 +189,7 @@ func computeCaveatedCheckResult(ctx context.Context, runner *cexpr.CaveatRunner, missingFields, _ := caveatResult.MissingVarNames() return &v1.ResourceCheckResult{ Membership: v1.ResourceCheckResult_CAVEATED_MEMBER, - Expression: result.Expression, + Expression: result.GetExpression(), MissingExprFields: missingFields, }, nil } diff --git a/internal/graph/computed/computecheck_test.go b/internal/graph/computed/computecheck_test.go index aa6151900..42a25f897 100644 --- a/internal/graph/computed/computecheck_test.go +++ b/internal/graph/computed/computecheck_test.go @@ -840,10 +840,10 @@ func TestComputeCheckWithCaveats(t *testing.T) { require.Equal(t, err.Error(), r.error) } else { require.NoError(t, err) - require.Equal(t, v1.ResourceCheckResult_Membership_name[int32(r.member)], v1.ResourceCheckResult_Membership_name[int32(result.Membership)], "mismatch for %s with context %v", r.check, r.context) + require.Equal(t, v1.ResourceCheckResult_Membership_name[int32(r.member)], v1.ResourceCheckResult_Membership_name[int32(result.GetMembership())], "mismatch for %s with context %v", r.check, r.context) - if result.Membership == v1.ResourceCheckResult_CAVEATED_MEMBER { - foundFields := result.MissingExprFields + if result.GetMembership() == v1.ResourceCheckResult_CAVEATED_MEMBER { + foundFields := result.GetMissingExprFields() sort.Strings(foundFields) sort.Strings(r.expectedMissingFields) @@ -928,10 +928,10 @@ func TestComputeBulkCheck(t *testing.T) { ) require.NoError(t, err) - require.Equal(t, v1.ResourceCheckResult_MEMBER, resp["direct"].Membership) - require.Equal(t, v1.ResourceCheckResult_MEMBER, resp["first"].Membership) - require.Equal(t, v1.ResourceCheckResult_CAVEATED_MEMBER, resp["second"].Membership) - require.Equal(t, v1.ResourceCheckResult_NOT_MEMBER, resp["third"].Membership) + require.Equal(t, v1.ResourceCheckResult_MEMBER, resp["direct"].GetMembership()) + require.Equal(t, v1.ResourceCheckResult_MEMBER, resp["first"].GetMembership()) + require.Equal(t, v1.ResourceCheckResult_CAVEATED_MEMBER, resp["second"].GetMembership()) + require.Equal(t, v1.ResourceCheckResult_NOT_MEMBER, resp["third"].GetMembership()) } func writeCaveatedTuples(ctx context.Context, _ *testing.T, ds datastore.Datastore, schema string, updates []caveatedUpdate) (datastore.Revision, error) { diff --git a/internal/graph/cursors.go b/internal/graph/cursors.go index ad3d705f9..2e26e747d 100644 --- a/internal/graph/cursors.go +++ b/internal/graph/cursors.go @@ -40,7 +40,7 @@ type cursorInformation struct { // newCursorInformation constructs a new cursorInformation struct from the incoming cursor (which // may be nil) func newCursorInformation(incomingCursor *v1.Cursor, limits *limitTracker, dispatchCursorVersion uint32) (cursorInformation, error) { - if incomingCursor != nil && incomingCursor.DispatchVersion != dispatchCursorVersion { + if incomingCursor != nil && incomingCursor.GetDispatchVersion() != dispatchCursorVersion { return cursorInformation{}, NewInvalidCursorErr(dispatchCursorVersion, incomingCursor) } @@ -77,11 +77,11 @@ func (ci cursorInformation) withClonedLimits() cursorInformation { // headSectionValue returns the string value found at the head of the incoming cursor. // If the incoming cursor is empty, returns empty. func (ci cursorInformation) headSectionValue() (string, bool) { - if ci.currentCursor == nil || len(ci.currentCursor.Sections) < 1 { + if ci.currentCursor == nil || len(ci.currentCursor.GetSections()) < 1 { return "", false } - return ci.currentCursor.Sections[0], true + return ci.currentCursor.GetSections()[0], true } // integerSectionValue returns the *integer* found at the head of the incoming cursor. @@ -108,12 +108,12 @@ func (ci cursorInformation) withOutgoingSection(value string) (cursorInformation ocs = append(ocs, ci.outgoingCursorSections...) ocs = append(ocs, value) - if ci.currentCursor != nil && len(ci.currentCursor.Sections) > 0 { + if ci.currentCursor != nil && len(ci.currentCursor.GetSections()) > 0 { // If the cursor already has values, replace them with those specified. return cursorInformation{ currentCursor: &v1.Cursor{ DispatchVersion: ci.dispatchCursorVersion, - Sections: ci.currentCursor.Sections[1:], + Sections: ci.currentCursor.GetSections()[1:], }, outgoingCursorSections: ocs, limits: ci.limits, @@ -268,20 +268,20 @@ func withSubsetInCursor( // combineCursors combines the given cursors into one resulting cursor. func combineCursors(cursor *v1.Cursor, toAdd *v1.Cursor) (*v1.Cursor, error) { - if toAdd == nil || len(toAdd.Sections) == 0 { + if toAdd == nil || len(toAdd.GetSections()) == 0 { return nil, spiceerrors.MustBugf("supplied toAdd cursor was nil or empty") } - if cursor == nil || len(cursor.Sections) == 0 { + if cursor == nil || len(cursor.GetSections()) == 0 { return toAdd, nil } - sections := make([]string, 0, len(cursor.Sections)+len(toAdd.Sections)) - sections = append(sections, cursor.Sections...) - sections = append(sections, toAdd.Sections...) + sections := make([]string, 0, len(cursor.GetSections())+len(toAdd.GetSections())) + sections = append(sections, cursor.GetSections()...) + sections = append(sections, toAdd.GetSections()...) return &v1.Cursor{ - DispatchVersion: toAdd.DispatchVersion, + DispatchVersion: toAdd.GetDispatchVersion(), Sections: sections, }, nil } diff --git a/internal/graph/cursors_test.go b/internal/graph/cursors_test.go index 38a7f9d61..54b8364ac 100644 --- a/internal/graph/cursors_test.go +++ b/internal/graph/cursors_test.go @@ -23,16 +23,16 @@ func TestCursorProduction(t *testing.T) { require.NoError(t, err) cursor := ci.responsePartialCursor() - require.Equal(t, uint32(42), cursor.DispatchVersion) - require.Empty(t, cursor.Sections) + require.Equal(t, uint32(42), cursor.GetDispatchVersion()) + require.Empty(t, cursor.GetSections()) cci, err := ci.withOutgoingSection("4") require.NoError(t, err) ccursor := cci.responsePartialCursor() - require.Equal(t, uint32(42), ccursor.DispatchVersion) - require.Equal(t, []string{"4"}, ccursor.Sections) + require.Equal(t, uint32(42), ccursor.GetDispatchVersion()) + require.Equal(t, []string{"4"}, ccursor.GetSections()) } func TestCursorDifferentDispatchVersion(t *testing.T) { @@ -158,7 +158,7 @@ func TestCombineCursors(t *testing.T) { combined, err := combineCursors(cursor1, cursor2) require.NoError(t, err) - require.Equal(t, []string{"a", "b", "c", "d", "e", "f"}, combined.Sections) + require.Equal(t, []string{"a", "b", "c", "d", "e", "f"}, combined.GetSections()) } func TestCombineCursorsWithNil(t *testing.T) { @@ -169,7 +169,7 @@ func TestCombineCursorsWithNil(t *testing.T) { combined, err := combineCursors(nil, cursor2) require.NoError(t, err) - require.Equal(t, []string{"d", "e", "f"}, combined.Sections) + require.Equal(t, []string{"d", "e", "f"}, combined.GetSections()) } func TestWithParallelizedStreamingIterableInCursor(t *testing.T) { diff --git a/internal/graph/errors.go b/internal/graph/errors.go index 31577d95e..c642b8bf7 100644 --- a/internal/graph/errors.go +++ b/internal/graph/errors.go @@ -194,7 +194,7 @@ type InvalidCursorError struct { // NewInvalidCursorErr constructs a new unimplemented error. func NewInvalidCursorErr(dispatchCursorVersion uint32, cursor *dispatch.Cursor) error { return InvalidCursorError{ - error: fmt.Errorf("the supplied cursor is no longer valid: found version %d, expected version %d", cursor.DispatchVersion, dispatchCursorVersion), + error: fmt.Errorf("the supplied cursor is no longer valid: found version %d, expected version %d", cursor.GetDispatchVersion(), dispatchCursorVersion), } } diff --git a/internal/graph/expand.go b/internal/graph/expand.go index ebb1db3a4..b77bae36a 100644 --- a/internal/graph/expand.go +++ b/internal/graph/expand.go @@ -41,14 +41,14 @@ func (ce *ConcurrentExpander) Expand(ctx context.Context, req ValidatedExpandReq log.Ctx(ctx).Trace().Object("expand", req).Send() var directFunc ReduceableExpandFunc - if relation.UsersetRewrite == nil { + if relation.GetUsersetRewrite() == nil { directFunc = ce.expandDirect(ctx, req) } else { - directFunc = ce.expandUsersetRewrite(ctx, req, relation.UsersetRewrite) + directFunc = ce.expandUsersetRewrite(ctx, req, relation.GetUsersetRewrite()) } resolved := expandOne(ctx, directFunc) - resolved.Resp.Metadata = addCallToResponseMetadata(resolved.Resp.Metadata) + resolved.Resp.Metadata = addCallToResponseMetadata(resolved.Resp.GetMetadata()) return resolved.Resp, resolved.Err } @@ -60,9 +60,9 @@ func (ce *ConcurrentExpander) expandDirect( return func(ctx context.Context, resultChan chan<- ExpandResult) { ds := datastoremw.MustFromContext(ctx).SnapshotReader(req.Revision) it, err := ds.QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: req.ResourceAndRelation.Namespace, - OptionalResourceIds: []string{req.ResourceAndRelation.ObjectId}, - OptionalResourceRelation: req.ResourceAndRelation.Relation, + OptionalResourceType: req.ResourceAndRelation.GetNamespace(), + OptionalResourceIds: []string{req.ResourceAndRelation.GetObjectId()}, + OptionalResourceRelation: req.ResourceAndRelation.GetRelation(), }, options.WithQueryShape(queryshape.AllSubjectsForResources)) if err != nil { resultChan <- expandResultError(NewExpansionFailureErr(err), emptyMetadata) @@ -112,14 +112,14 @@ func (ce *ConcurrentExpander) expandDirect( for _, nonTerminalUser := range foundNonTerminalUsersets { toDispatch := ce.dispatch(ValidatedExpandRequest{ &v1.DispatchExpandRequest{ - ResourceAndRelation: nonTerminalUser.Subject, + ResourceAndRelation: nonTerminalUser.GetSubject(), Metadata: decrementDepth(req.Metadata), ExpansionMode: req.ExpansionMode, }, req.Revision, }) - requestsToDispatch = append(requestsToDispatch, decorateWithCaveatIfNecessary(toDispatch, nonTerminalUser.CaveatExpression)) + requestsToDispatch = append(requestsToDispatch, decorateWithCaveatIfNecessary(toDispatch, nonTerminalUser.GetCaveatExpression())) } result := expandAny(ctx, req.ResourceAndRelation, requestsToDispatch) @@ -128,7 +128,7 @@ func (ce *ConcurrentExpander) expandDirect( return } - unionNode := result.Resp.TreeNode.GetIntermediateNode() + unionNode := result.Resp.GetTreeNode().GetIntermediateNode() unionNode.ChildNodes = append(unionNode.ChildNodes, &core.RelationTupleTreeNode{ NodeType: &core.RelationTupleTreeNode_LeafNode{ LeafNode: &core.DirectSubjects{ @@ -165,7 +165,7 @@ func decorateWithCaveatIfNecessary(toDispatch ReduceableExpandFunc, caveatExpr * } func (ce *ConcurrentExpander) expandUsersetRewrite(ctx context.Context, req ValidatedExpandRequest, usr *core.UsersetRewrite) ReduceableExpandFunc { - switch rw := usr.RewriteOperation.(type) { + switch rw := usr.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: log.Ctx(ctx).Trace().Msg("union") return ce.expandSetOperation(ctx, req, rw.Union, expandAny) @@ -182,8 +182,8 @@ func (ce *ConcurrentExpander) expandUsersetRewrite(ctx context.Context, req Vali func (ce *ConcurrentExpander) expandSetOperation(ctx context.Context, req ValidatedExpandRequest, so *core.SetOperation, reducer ExpandReducer) ReduceableExpandFunc { var requests []ReduceableExpandFunc - for _, childOneof := range so.Child { - switch child := childOneof.ChildType.(type) { + for _, childOneof := range so.GetChild() { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_XThis: return expandError(errors.New("use of _this is unsupported; please rewrite your schema")) case *core.SetOperation_Child_ComputedUserset: @@ -193,7 +193,7 @@ func (ce *ConcurrentExpander) expandSetOperation(ctx context.Context, req Valida case *core.SetOperation_Child_TupleToUserset: requests = append(requests, expandTupleToUserset(ctx, ce, req, child.TupleToUserset, expandAny)) case *core.SetOperation_Child_FunctionedTupleToUserset: - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ANY: requests = append(requests, expandTupleToUserset(ctx, ce, req, child.FunctionedTupleToUserset, expandAny)) @@ -201,7 +201,7 @@ func (ce *ConcurrentExpander) expandSetOperation(ctx context.Context, req Valida requests = append(requests, expandTupleToUserset(ctx, ce, req, child.FunctionedTupleToUserset, expandAll)) default: - return expandError(spiceerrors.MustBugf("unknown function `%s` in expand", child.FunctionedTupleToUserset.Function)) + return expandError(spiceerrors.MustBugf("unknown function `%s` in expand", child.FunctionedTupleToUserset.GetFunction())) } case *core.SetOperation_Child_XNil: requests = append(requests, emptyExpansion(req.ResourceAndRelation)) @@ -223,9 +223,9 @@ func (ce *ConcurrentExpander) dispatch(req ValidatedExpandRequest) ReduceableExp } func (ce *ConcurrentExpander) expandComputedUserset(ctx context.Context, req ValidatedExpandRequest, cu *core.ComputedUserset, rel *tuple.Relationship) ReduceableExpandFunc { - log.Ctx(ctx).Trace().Str("relation", cu.Relation).Msg("computed userset") + log.Ctx(ctx).Trace().Str("relation", cu.GetRelation()).Msg("computed userset") var start tuple.ObjectAndRelation - switch cu.Object { + switch cu.GetObject() { case core.ComputedUserset_TUPLE_USERSET_OBJECT: if rel == nil { return expandError(spiceerrors.MustBugf("computed userset for tupleset without tuple")) @@ -242,7 +242,7 @@ func (ce *ConcurrentExpander) expandComputedUserset(ctx context.Context, req Val // Check if the target relation exists. If not, return nothing. ds := datastoremw.MustFromContext(ctx).SnapshotReader(req.Revision) - err := namespace.CheckNamespaceAndRelation(ctx, start.ObjectType, cu.Relation, true, ds) + err := namespace.CheckNamespaceAndRelation(ctx, start.ObjectType, cu.GetRelation(), true, ds) if err != nil { if errors.As(err, &namespace.RelationNotFoundError{}) { return emptyExpansion(req.ResourceAndRelation) @@ -256,7 +256,7 @@ func (ce *ConcurrentExpander) expandComputedUserset(ctx context.Context, req Val ResourceAndRelation: &core.ObjectAndRelation{ Namespace: start.ObjectType, ObjectId: start.ObjectID, - Relation: cu.Relation, + Relation: cu.GetRelation(), }, Metadata: decrementDepth(req.Metadata), ExpansionMode: req.ExpansionMode, @@ -277,8 +277,8 @@ func expandTupleToUserset[T relation]( return func(ctx context.Context, resultChan chan<- ExpandResult) { ds := datastoremw.MustFromContext(ctx).SnapshotReader(req.Revision) it, err := ds.QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: req.ResourceAndRelation.Namespace, - OptionalResourceIds: []string{req.ResourceAndRelation.ObjectId}, + OptionalResourceType: req.ResourceAndRelation.GetNamespace(), + OptionalResourceIds: []string{req.ResourceAndRelation.GetObjectId()}, OptionalResourceRelation: ttu.GetTupleset().GetRelation(), }, options.WithQueryShape(queryshape.AllSubjectsForResources)) if err != nil { @@ -347,11 +347,11 @@ func expandSetOperation( for _, resultChan := range resultChans { select { case result := <-resultChan: - responseMetadata = combineResponseMetadata(ctx, responseMetadata, result.Resp.Metadata) + responseMetadata = combineResponseMetadata(ctx, responseMetadata, result.Resp.GetMetadata()) if result.Err != nil { return expandResultError(result.Err, responseMetadata) } - children = append(children, result.Resp.TreeNode) + children = append(children, result.Resp.GetTreeNode()) case <-ctx.Done(): return expandResultError(context.Canceled, responseMetadata) } diff --git a/internal/graph/graph.go b/internal/graph/graph.go index 40a2bb9fe..699f0d360 100644 --- a/internal/graph/graph.go +++ b/internal/graph/graph.go @@ -47,9 +47,9 @@ type ExpandReducer func( func decrementDepth(md *v1.ResolverMeta) *v1.ResolverMeta { return &v1.ResolverMeta{ - AtRevision: md.AtRevision, - DepthRemaining: md.DepthRemaining - 1, - TraversalBloom: md.TraversalBloom, + AtRevision: md.GetAtRevision(), + DepthRemaining: md.GetDepthRemaining() - 1, + TraversalBloom: md.GetTraversalBloom(), } } @@ -61,28 +61,28 @@ func ensureMetadata(subProblemMetadata *v1.ResponseMeta) *v1.ResponseMeta { } return &v1.ResponseMeta{ - DispatchCount: subProblemMetadata.DispatchCount, - DepthRequired: subProblemMetadata.DepthRequired, - CachedDispatchCount: subProblemMetadata.CachedDispatchCount, - DebugInfo: subProblemMetadata.DebugInfo, + DispatchCount: subProblemMetadata.GetDispatchCount(), + DepthRequired: subProblemMetadata.GetDepthRequired(), + CachedDispatchCount: subProblemMetadata.GetCachedDispatchCount(), + DebugInfo: subProblemMetadata.GetDebugInfo(), } } func addCallToResponseMetadata(metadata *v1.ResponseMeta) *v1.ResponseMeta { // + 1 for the current call. return &v1.ResponseMeta{ - DispatchCount: metadata.DispatchCount + 1, - DepthRequired: metadata.DepthRequired + 1, - CachedDispatchCount: metadata.CachedDispatchCount, - DebugInfo: metadata.DebugInfo, + DispatchCount: metadata.GetDispatchCount() + 1, + DepthRequired: metadata.GetDepthRequired() + 1, + CachedDispatchCount: metadata.GetCachedDispatchCount(), + DebugInfo: metadata.GetDebugInfo(), } } func addAdditionalDepthRequired(metadata *v1.ResponseMeta) *v1.ResponseMeta { return &v1.ResponseMeta{ - DispatchCount: metadata.DispatchCount, - DepthRequired: metadata.DepthRequired + 1, - CachedDispatchCount: metadata.CachedDispatchCount, - DebugInfo: metadata.DebugInfo, + DispatchCount: metadata.GetDispatchCount(), + DepthRequired: metadata.GetDepthRequired() + 1, + CachedDispatchCount: metadata.GetCachedDispatchCount(), + DebugInfo: metadata.GetDebugInfo(), } } diff --git a/internal/graph/hints/checkhints.go b/internal/graph/hints/checkhints.go index 485a3bf49..83af5fcfb 100644 --- a/internal/graph/hints/checkhints.go +++ b/internal/graph/hints/checkhints.go @@ -37,12 +37,12 @@ func CheckHintForArrow(resourceType string, resourceID string, tuplesetRelation // AsCheckHintForComputedUserset returns the resourceID if the checkHint is for the given relation and subject. func AsCheckHintForComputedUserset(checkHint *v1.CheckHint, resourceType string, relationName string, subject tuple.ObjectAndRelation) (string, bool) { - if checkHint.TtuComputedUsersetRelation != "" { + if checkHint.GetTtuComputedUsersetRelation() != "" { return "", false } - if checkHint.Resource.Namespace == resourceType && checkHint.Resource.Relation == relationName && checkHint.Subject.EqualVT(subject.ToCoreONR()) { - return checkHint.Resource.ObjectId, true + if checkHint.GetResource().GetNamespace() == resourceType && checkHint.GetResource().GetRelation() == relationName && checkHint.GetSubject().EqualVT(subject.ToCoreONR()) { + return checkHint.GetResource().GetObjectId(), true } return "", false @@ -50,12 +50,12 @@ func AsCheckHintForComputedUserset(checkHint *v1.CheckHint, resourceType string, // AsCheckHintForArrow returns the resourceID if the checkHint is for the given arrow and subject. func AsCheckHintForArrow(checkHint *v1.CheckHint, resourceType string, tuplesetRelation string, computedUsersetRelation string, subject tuple.ObjectAndRelation) (string, bool) { - if checkHint.TtuComputedUsersetRelation != computedUsersetRelation { + if checkHint.GetTtuComputedUsersetRelation() != computedUsersetRelation { return "", false } - if checkHint.Resource.Namespace == resourceType && checkHint.Resource.Relation == tuplesetRelation && checkHint.Subject.EqualVT(subject.ToCoreONR()) { - return checkHint.Resource.ObjectId, true + if checkHint.GetResource().GetNamespace() == resourceType && checkHint.GetResource().GetRelation() == tuplesetRelation && checkHint.GetSubject().EqualVT(subject.ToCoreONR()) { + return checkHint.GetResource().GetObjectId(), true } return "", false diff --git a/internal/graph/hints/checkhints_test.go b/internal/graph/hints/checkhints_test.go index 96c6a6897..a1a9cd4dd 100644 --- a/internal/graph/hints/checkhints_test.go +++ b/internal/graph/hints/checkhints_test.go @@ -144,12 +144,12 @@ func TestCheckHintForComputedUserset(t *testing.T) { checkHint := CheckHintForComputedUserset(resourceType, resourceID, relation, subject, result) - require.Equal(t, resourceType, checkHint.Resource.Namespace) - require.Equal(t, resourceID, checkHint.Resource.ObjectId) - require.Equal(t, relation, checkHint.Resource.Relation) - require.Equal(t, subject.ToCoreONR(), checkHint.Subject) - require.Equal(t, result, checkHint.Result) - require.Empty(t, checkHint.TtuComputedUsersetRelation) + require.Equal(t, resourceType, checkHint.GetResource().GetNamespace()) + require.Equal(t, resourceID, checkHint.GetResource().GetObjectId()) + require.Equal(t, relation, checkHint.GetResource().GetRelation()) + require.Equal(t, subject.ToCoreONR(), checkHint.GetSubject()) + require.Equal(t, result, checkHint.GetResult()) + require.Empty(t, checkHint.GetTtuComputedUsersetRelation()) resourceID, ok := AsCheckHintForComputedUserset(checkHint, resourceType, relation, subject) require.True(t, ok) @@ -168,12 +168,12 @@ func TestCheckHintForArrow(t *testing.T) { checkHint := CheckHintForArrow(resourceType, resourceID, tuplesetRelation, computedUsersetRelation, subject, result) - require.Equal(t, resourceType, checkHint.Resource.Namespace) - require.Equal(t, resourceID, checkHint.Resource.ObjectId) - require.Equal(t, tuplesetRelation, checkHint.Resource.Relation) - require.Equal(t, subject.ToCoreONR(), checkHint.Subject) - require.Equal(t, result, checkHint.Result) - require.Equal(t, computedUsersetRelation, checkHint.TtuComputedUsersetRelation) + require.Equal(t, resourceType, checkHint.GetResource().GetNamespace()) + require.Equal(t, resourceID, checkHint.GetResource().GetObjectId()) + require.Equal(t, tuplesetRelation, checkHint.GetResource().GetRelation()) + require.Equal(t, subject.ToCoreONR(), checkHint.GetSubject()) + require.Equal(t, result, checkHint.GetResult()) + require.Equal(t, computedUsersetRelation, checkHint.GetTtuComputedUsersetRelation()) resourceID, ok := AsCheckHintForArrow(checkHint, resourceType, tuplesetRelation, computedUsersetRelation, subject) require.True(t, ok) diff --git a/internal/graph/lookupresources2.go b/internal/graph/lookupresources2.go index 053279c9f..abce1bc62 100644 --- a/internal/graph/lookupresources2.go +++ b/internal/graph/lookupresources2.go @@ -82,8 +82,8 @@ func (crr *CursoredLookupResources2) LookupResources2( func(currentOffset int, nextCursorWith afterResponseCursor) error { // If the resource type matches the subject type, yield directly as a one-to-one result // for each subjectID. - if req.SubjectRelation.Namespace == req.ResourceRelation.Namespace && - req.SubjectRelation.Relation == req.ResourceRelation.Relation { + if req.SubjectRelation.GetNamespace() == req.ResourceRelation.GetNamespace() && + req.SubjectRelation.GetRelation() == req.ResourceRelation.GetRelation() { for index, subjectID := range req.SubjectIds { if index < currentOffset { continue @@ -119,7 +119,7 @@ func (crr *CursoredLookupResources2) afterSameType( req ValidatedLookupResources2Request, parentStream dispatch.LookupResources2Stream, ) error { - reachabilityForString := req.ResourceRelation.Namespace + "#" + req.ResourceRelation.Relation + reachabilityForString := req.ResourceRelation.GetNamespace() + "#" + req.ResourceRelation.GetRelation() ctx, span := tracer.Start(ctx, "reachability: "+reachabilityForString) defer span.End() @@ -129,15 +129,15 @@ func (crr *CursoredLookupResources2) afterSameType( ds := datastoremw.MustFromContext(ctx) reader := ds.SnapshotReader(req.Revision) ts := schema.NewTypeSystem(schema.ResolverForDatastoreReader(reader)) - vdef, err := ts.GetValidatedDefinition(ctx, req.ResourceRelation.Namespace) + vdef, err := ts.GetValidatedDefinition(ctx, req.ResourceRelation.GetNamespace()) if err != nil { return err } rg := vdef.Reachability() entrypoints, err := rg.FirstEntrypointsForSubjectToResource(ctx, &core.RelationReference{ - Namespace: req.SubjectRelation.Namespace, - Relation: req.SubjectRelation.Relation, + Namespace: req.SubjectRelation.GetNamespace(), + Relation: req.SubjectRelation.GetRelation(), }, req.ResourceRelation) if err != nil { return err @@ -160,8 +160,8 @@ func (crr *CursoredLookupResources2) afterSameType( case core.ReachabilityEntrypoint_COMPUTED_USERSET_ENTRYPOINT: containingRelation := entrypoint.ContainingRelationOrPermission() rewrittenSubjectRelation := &core.RelationReference{ - Namespace: containingRelation.Namespace, - Relation: containingRelation.Relation, + Namespace: containingRelation.GetNamespace(), + Relation: containingRelation.GetRelation(), } rsm := subjectIDsToResourcesMap2(rewrittenSubjectRelation, req.SubjectIds) @@ -204,16 +204,16 @@ func (crr *CursoredLookupResources2) lookupRelationEntrypoint( return err } - relDefinition, err := ts.GetValidatedDefinition(ctx, relationReference.Namespace) + relDefinition, err := ts.GetValidatedDefinition(ctx, relationReference.GetNamespace()) if err != nil { return err } // Build the list of subjects to lookup based on the type information available. isDirectAllowed, err := relDefinition.IsAllowedDirectRelation( - relationReference.Relation, - req.SubjectRelation.Namespace, - req.SubjectRelation.Relation, + relationReference.GetRelation(), + req.SubjectRelation.GetNamespace(), + req.SubjectRelation.GetRelation(), ) if err != nil { return err @@ -224,8 +224,8 @@ func (crr *CursoredLookupResources2) lookupRelationEntrypoint( subjectIds = append(subjectIds, req.SubjectIds...) } - if req.SubjectRelation.Relation == tuple.Ellipsis { - isWildcardAllowed, err := relDefinition.IsAllowedPublicNamespace(relationReference.Relation, req.SubjectRelation.Namespace) + if req.SubjectRelation.GetRelation() == tuple.Ellipsis { + isWildcardAllowed, err := relDefinition.IsAllowedPublicNamespace(relationReference.GetRelation(), req.SubjectRelation.GetNamespace()) if err != nil { return err } @@ -237,17 +237,17 @@ func (crr *CursoredLookupResources2) lookupRelationEntrypoint( // Lookup the subjects and then redispatch/report results. relationFilter := datastore.SubjectRelationFilter{ - NonEllipsisRelation: req.SubjectRelation.Relation, + NonEllipsisRelation: req.SubjectRelation.GetRelation(), } - if req.SubjectRelation.Relation == tuple.Ellipsis { + if req.SubjectRelation.GetRelation() == tuple.Ellipsis { relationFilter = datastore.SubjectRelationFilter{ IncludeEllipsisRelation: true, } } subjectsFilter := datastore.SubjectsFilter{ - SubjectType: req.SubjectRelation.Namespace, + SubjectType: req.SubjectRelation.GetNamespace(), OptionalSubjectIds: subjectIds, RelationFilter: relationFilter, } @@ -297,19 +297,19 @@ func (crr *CursoredLookupResources2) redispatchOrReportOverDatabaseQuery( config redispatchOverDatabaseConfig2, ) error { ctx, span := tracer.Start(ctx, "datastorequery", trace.WithAttributes( - attribute.String(otelconv.AttrGraphSourceResourceTypeNamespace, config.sourceResourceType.Namespace), - attribute.String(otelconv.AttrGraphSourceResourceTypeRelation, config.sourceResourceType.Relation), + attribute.String(otelconv.AttrGraphSourceResourceTypeNamespace, config.sourceResourceType.GetNamespace()), + attribute.String(otelconv.AttrGraphSourceResourceTypeRelation, config.sourceResourceType.GetRelation()), attribute.String(otelconv.AttrGraphSubjectsFilterSubjectType, config.subjectsFilter.SubjectType), attribute.Int(otelconv.AttrGraphSubjectsFilterSubjectIdsCount, len(config.subjectsFilter.OptionalSubjectIds)), )) defer span.End() - vts, err := config.ts.GetValidatedDefinition(ctx, config.sourceResourceType.Namespace) + vts, err := config.ts.GetValidatedDefinition(ctx, config.sourceResourceType.GetNamespace()) if err != nil { return err } - possibleTraits, err := vts.PossibleTraitsForSubject(config.sourceResourceType.Relation, config.subjectsFilter.SubjectType) + possibleTraits, err := vts.PossibleTraitsForSubject(config.sourceResourceType.GetRelation(), config.subjectsFilter.SubjectType) if err != nil { return err } @@ -324,8 +324,8 @@ func (crr *CursoredLookupResources2) redispatchOrReportOverDatabaseQuery( ctx, config.subjectsFilter, options.WithResRelation(&options.ResourceRelation{ - Namespace: config.sourceResourceType.Namespace, - Relation: config.sourceResourceType.Relation, + Namespace: config.sourceResourceType.GetNamespace(), + Relation: config.sourceResourceType.GetRelation(), }), options.WithSortForReverse(options.BySubject), options.WithAfterForReverse(queryCursor), @@ -352,7 +352,7 @@ func (crr *CursoredLookupResources2) redispatchOrReportOverDatabaseQuery( var missingContextParameters []string // If a caveat exists on the relationship, run it and filter the results, marking those that have missing context. - if rel.OptionalCaveat != nil && rel.OptionalCaveat.CaveatName != "" { + if rel.OptionalCaveat != nil && rel.OptionalCaveat.GetCaveatName() != "" { caveatExpr := caveats.CaveatAsExpr(rel.OptionalCaveat) runResult, err := caveatRunner.RunCaveatExpression(ctx, caveatExpr, config.parentRequest.Context.AsMap(), config.reader, caveats.RunCaveatExpressionNoDebugging) if err != nil { @@ -431,7 +431,7 @@ func (crr *CursoredLookupResources2) lookupTTUEntrypoint(ctx context.Context, ) error { containingRelation := entrypoint.ContainingRelationOrPermission() - ttuDef, err := ts.GetValidatedDefinition(ctx, containingRelation.Namespace) + ttuDef, err := ts.GetValidatedDefinition(ctx, containingRelation.GetNamespace()) if err != nil { return err } @@ -444,7 +444,7 @@ func (crr *CursoredLookupResources2) lookupTTUEntrypoint(ctx context.Context, // Determine whether this TTU should be followed, which will be the case if the subject relation's namespace // is allowed in any form on the relation; since arrows ignore the subject's relation (if any), we check // for the subject namespace as a whole. - allowedRelations, err := ttuDef.GetAllowedDirectNamespaceSubjectRelations(tuplesetRelation, req.SubjectRelation.Namespace) + allowedRelations, err := ttuDef.GetAllowedDirectNamespaceSubjectRelations(tuplesetRelation, req.SubjectRelation.GetNamespace()) if err != nil { return err } @@ -455,7 +455,7 @@ func (crr *CursoredLookupResources2) lookupTTUEntrypoint(ctx context.Context, // Search for the resolved subjects in the tupleset of the TTU. subjectsFilter := datastore.SubjectsFilter{ - SubjectType: req.SubjectRelation.Namespace, + SubjectType: req.SubjectRelation.GetNamespace(), OptionalSubjectIds: req.SubjectIds, } @@ -467,7 +467,7 @@ func (crr *CursoredLookupResources2) lookupTTUEntrypoint(ctx context.Context, } tuplesetRelationReference := &core.RelationReference{ - Namespace: containingRelation.Namespace, + Namespace: containingRelation.GetNamespace(), Relation: tuplesetRelation, } @@ -528,7 +528,7 @@ func (crr *CursoredLookupResources2) redispatchOrReport( func(currentOffset int, nextCursorWith afterResponseCursor) error { if !hasResourceEntrypoints { // If the found resource matches the target resource type and relation, potentially yield the resource. - if foundResourceType.Namespace == parentRequest.ResourceRelation.Namespace && foundResourceType.Relation == parentRequest.ResourceRelation.Relation { + if foundResourceType.GetNamespace() == parentRequest.ResourceRelation.GetNamespace() && foundResourceType.GetRelation() == parentRequest.ResourceRelation.GetRelation() { resources := foundResources.asPossibleResources() if len(resources) == 0 { return nil @@ -558,11 +558,11 @@ func (crr *CursoredLookupResources2) redispatchOrReport( resourceIDs := make([]string, 0, len(offsetted)) checkHints := make([]*v1.CheckHint, 0, len(offsetted)) for _, resource := range offsetted { - resourceIDs = append(resourceIDs, resource.ResourceId) + resourceIDs = append(resourceIDs, resource.GetResourceId()) checkHint, err := hints.HintForEntrypoint( entrypoint, - resource.ResourceId, + resource.GetResourceId(), tuple.FromCoreObjectAndRelation(parentRequest.TerminalSubject), &v1.ResourceCheckResult{ Membership: v1.ResourceCheckResult_MEMBER, @@ -578,7 +578,7 @@ func (crr *CursoredLookupResources2) redispatchOrReport( Subject: tuple.FromCoreObjectAndRelation(parentRequest.TerminalSubject), CaveatContext: parentRequest.Context.AsMap(), AtRevision: parentRequest.Revision, - MaximumDepth: parentRequest.Metadata.DepthRemaining - 1, + MaximumDepth: parentRequest.Metadata.GetDepthRemaining() - 1, DebugOption: computed.NoDebugging, CheckHints: checkHints, }, resourceIDs, crr.dispatchChunkSize) @@ -590,12 +590,12 @@ func (crr *CursoredLookupResources2) redispatchOrReport( filtered = make([]possibleResourceAndIndex, 0, len(offsetted)) for index, resource := range offsetted { - result, ok := resultsByResourceID[resource.ResourceId] + result, ok := resultsByResourceID[resource.GetResourceId()] if !ok { continue } - switch result.Membership { + switch result.GetMembership() { case v1.ResourceCheckResult_MEMBER: filtered = append(filtered, possibleResourceAndIndex{ resource: resource, @@ -603,13 +603,13 @@ func (crr *CursoredLookupResources2) redispatchOrReport( }) case v1.ResourceCheckResult_CAVEATED_MEMBER: - missingContextParams := mapz.NewSet(result.MissingExprFields...) - missingContextParams.Extend(resource.MissingContextParams) + missingContextParams := mapz.NewSet(result.GetMissingExprFields()...) + missingContextParams.Extend(resource.GetMissingContextParams()) filtered = append(filtered, possibleResourceAndIndex{ resource: &v1.PossibleResource{ - ResourceId: resource.ResourceId, - ForSubjectIds: resource.ForSubjectIds, + ResourceId: resource.GetResourceId(), + ForSubjectIds: resource.GetForSubjectIds(), MissingContextParams: missingContextParams.AsSlice(), }, index: index, @@ -619,7 +619,7 @@ func (crr *CursoredLookupResources2) redispatchOrReport( // Skip. default: - return spiceerrors.MustBugf("unexpected result from check: %v", result.Membership) + return spiceerrors.MustBugf("unexpected result from check: %v", result.GetMembership()) } } } @@ -669,7 +669,7 @@ func (crr *CursoredLookupResources2) redispatchOrReport( TerminalSubject: parentRequest.TerminalSubject, Metadata: &v1.ResolverMeta{ AtRevision: parentRequest.Revision.String(), - DepthRemaining: parentRequest.Metadata.DepthRemaining - 1, + DepthRemaining: parentRequest.Metadata.GetDepthRemaining() - 1, }, OptionalCursor: ci.currentCursor, OptionalLimit: parentRequest.OptionalLimit, diff --git a/internal/graph/lookupresources3.go b/internal/graph/lookupresources3.go index 001196419..c9d67ef5b 100644 --- a/internal/graph/lookupresources3.go +++ b/internal/graph/lookupresources3.go @@ -230,11 +230,11 @@ func (crr *CursoredLookupResources3) LookupResources3(req ValidatedLookupResourc stream.Context(), otelconv.EventDispatchLookupResources3, trace.WithAttributes( - attribute.String(otelconv.AttrDispatchResourceType, req.ResourceRelation.Namespace), - attribute.String(otelconv.AttrDispatchResourceRelation, req.ResourceRelation.Relation), - attribute.String(otelconv.AttrDispatchSubjectType, req.SubjectRelation.Namespace), + attribute.String(otelconv.AttrDispatchResourceType, req.ResourceRelation.GetNamespace()), + attribute.String(otelconv.AttrDispatchResourceRelation, req.ResourceRelation.GetRelation()), + attribute.String(otelconv.AttrDispatchSubjectType, req.SubjectRelation.GetNamespace()), attribute.StringSlice(otelconv.AttrDispatchSubjectIDs, req.SubjectIds), - attribute.String(otelconv.AttrDispatchSubjectRelation, req.SubjectRelation.Relation), + attribute.String(otelconv.AttrDispatchSubjectRelation, req.SubjectRelation.GetRelation()), attribute.String(otelconv.AttrDispatchTerminalSubject, tuple.StringCoreONR(req.TerminalSubject)), attribute.Int(otelconv.AttrDispatchCursorLimit, int(req.OptionalLimit)), ), @@ -377,8 +377,8 @@ func (crr *CursoredLookupResources3) unlimitedLookupResourcesIter( func(ctx context.Context, startIndex int) iter.Seq2[possibleResource, error] { // If the subject relation does not match the resource relation, we cannot yield any results for this // portion. - if refs.req.SubjectRelation.Namespace != refs.req.ResourceRelation.Namespace || - refs.req.SubjectRelation.Relation != refs.req.ResourceRelation.Relation { + if refs.req.SubjectRelation.GetNamespace() != refs.req.ResourceRelation.GetNamespace() || + refs.req.SubjectRelation.GetRelation() != refs.req.ResourceRelation.GetRelation() { return cter.UncursoredEmpty[possibleResource]() } @@ -399,8 +399,8 @@ func (crr *CursoredLookupResources3) unlimitedLookupResourcesIter( iter, tracer, otelconv.EventDispatchLR3UnlimitedResultsDirectSubjects, - attribute.String(otelconv.AttrDispatchSubjectType, refs.req.SubjectRelation.Namespace), - attribute.String(otelconv.AttrDispatchSubjectRelation, refs.req.SubjectRelation.Relation), + attribute.String(otelconv.AttrDispatchSubjectType, refs.req.SubjectRelation.GetNamespace()), + attribute.String(otelconv.AttrDispatchSubjectRelation, refs.req.SubjectRelation.GetRelation()), ) }, @@ -464,15 +464,15 @@ func (crr *CursoredLookupResources3) entrypointsIter(refs lr3refs) cter.Next[pos func (crr *CursoredLookupResources3) loadEntrypoints(ctx context.Context, refs lr3refs) ([]schema.ReachabilityEntrypoint, error) { // The entrypoints for a particular subject relation to a resource relation are defined by the reachability // graph, which is built from the type system definition. - vdef, err := refs.ts.GetValidatedDefinition(ctx, refs.req.ResourceRelation.Namespace) + vdef, err := refs.ts.GetValidatedDefinition(ctx, refs.req.ResourceRelation.GetNamespace()) if err != nil { return nil, err } rg := vdef.Reachability() return rg.FirstEntrypointsForSubjectToResource(ctx, &core.RelationReference{ - Namespace: refs.req.SubjectRelation.Namespace, - Relation: refs.req.SubjectRelation.Relation, + Namespace: refs.req.SubjectRelation.GetNamespace(), + Relation: refs.req.SubjectRelation.GetRelation(), }, refs.req.ResourceRelation) } @@ -503,8 +503,8 @@ func (crr *CursoredLookupResources3) entrypointIter(refs lr3refs, entrypoint sch case core.ReachabilityEntrypoint_COMPUTED_USERSET_ENTRYPOINT: containingRelation := entrypoint.ContainingRelationOrPermission() rewrittenSubjectRelation := &core.RelationReference{ - Namespace: containingRelation.Namespace, - Relation: containingRelation.Relation, + Namespace: containingRelation.GetNamespace(), + Relation: containingRelation.GetRelation(), } // Since this is a structural rewriting, the *entire set* of subject IDs is provided as the basis for @@ -548,16 +548,16 @@ func (crr *CursoredLookupResources3) relationEntrypointIter( return cter.YieldsError[result](err) } - relDefinition, err := refs.ts.GetValidatedDefinition(ctx, relationReference.Namespace) + relDefinition, err := refs.ts.GetValidatedDefinition(ctx, relationReference.GetNamespace()) if err != nil { return cter.YieldsError[result](err) } // Build the list of subjects to lookup based on the type information available. isDirectAllowed, err := relDefinition.IsAllowedDirectRelation( - relationReference.Relation, - refs.req.SubjectRelation.Namespace, - refs.req.SubjectRelation.Relation, + relationReference.GetRelation(), + refs.req.SubjectRelation.GetNamespace(), + refs.req.SubjectRelation.GetRelation(), ) if err != nil { return cter.YieldsError[result](err) @@ -574,8 +574,8 @@ func (crr *CursoredLookupResources3) relationEntrypointIter( // If the subject relation is a terminal subject, check for a wildcard. For example, // if the subject type is `user`, then `user:*` would also match any subjects of that // type. - if refs.req.SubjectRelation.Relation == tuple.Ellipsis { - isWildcardAllowed, err := relDefinition.IsAllowedPublicNamespace(relationReference.Relation, refs.req.SubjectRelation.Namespace) + if refs.req.SubjectRelation.GetRelation() == tuple.Ellipsis { + isWildcardAllowed, err := relDefinition.IsAllowedPublicNamespace(relationReference.GetRelation(), refs.req.SubjectRelation.GetNamespace()) if err != nil { return cter.YieldsError[result](err) } @@ -586,17 +586,17 @@ func (crr *CursoredLookupResources3) relationEntrypointIter( } relationFilter := datastore.SubjectRelationFilter{ - NonEllipsisRelation: refs.req.SubjectRelation.Relation, + NonEllipsisRelation: refs.req.SubjectRelation.GetRelation(), } - if refs.req.SubjectRelation.Relation == tuple.Ellipsis { + if refs.req.SubjectRelation.GetRelation() == tuple.Ellipsis { relationFilter = datastore.SubjectRelationFilter{ IncludeEllipsisRelation: true, } } subjectsFilter := datastore.SubjectsFilter{ - SubjectType: refs.req.SubjectRelation.Namespace, + SubjectType: refs.req.SubjectRelation.GetNamespace(), OptionalSubjectIds: subjectIds, RelationFilter: relationFilter, } @@ -620,7 +620,7 @@ func (crr *CursoredLookupResources3) ttuEntrypointIter( ) iter.Seq2[result, error] { containingRelation := entrypoint.ContainingRelationOrPermission() - ttuDef, err := refs.ts.GetValidatedDefinition(ctx, containingRelation.Namespace) + ttuDef, err := refs.ts.GetValidatedDefinition(ctx, containingRelation.GetNamespace()) if err != nil { return cter.YieldsError[result](err) } @@ -633,7 +633,7 @@ func (crr *CursoredLookupResources3) ttuEntrypointIter( // Determine whether this TTU should be followed, which will be the case if the subject relation's namespace // is allowed in any form on the relation; since arrows ignore the subject's relation (if any), we check // for the subject namespace as a whole. - allowedRelations, err := ttuDef.GetAllowedDirectNamespaceSubjectRelations(tuplesetRelation, refs.req.SubjectRelation.Namespace) + allowedRelations, err := ttuDef.GetAllowedDirectNamespaceSubjectRelations(tuplesetRelation, refs.req.SubjectRelation.GetNamespace()) if err != nil { return cter.YieldsError[result](err) } @@ -644,7 +644,7 @@ func (crr *CursoredLookupResources3) ttuEntrypointIter( // Search for the resolved subjects in the tupleset of the TTU. subjectsFilter := datastore.SubjectsFilter{ - SubjectType: refs.req.SubjectRelation.Namespace, + SubjectType: refs.req.SubjectRelation.GetNamespace(), OptionalSubjectIds: refs.req.SubjectIds, } @@ -656,7 +656,7 @@ func (crr *CursoredLookupResources3) ttuEntrypointIter( } tuplesetRelationReference := &core.RelationReference{ - Namespace: containingRelation.Namespace, + Namespace: containingRelation.GetNamespace(), Relation: tuplesetRelation, } @@ -755,13 +755,13 @@ func (crr *CursoredLookupResources3) relationshipsIter( } // Determine whether we need to fetch caveats and/or expiration. - vts, err := refs.ts.GetValidatedDefinition(ctx, config.sourceResourceType.Namespace) + vts, err := refs.ts.GetValidatedDefinition(ctx, config.sourceResourceType.GetNamespace()) if err != nil { yieldError(err) return } - possibleTraits, err := vts.PossibleTraitsForSubject(config.sourceResourceType.Relation, config.subjectsFilter.SubjectType) + possibleTraits, err := vts.PossibleTraitsForSubject(config.sourceResourceType.GetRelation(), config.subjectsFilter.SubjectType) if err != nil { yieldError(err) return @@ -775,8 +775,8 @@ func (crr *CursoredLookupResources3) relationshipsIter( ctx, config.subjectsFilter, options.WithResRelation(&options.ResourceRelation{ - Namespace: config.sourceResourceType.Namespace, - Relation: config.sourceResourceType.Relation, + Namespace: config.sourceResourceType.GetNamespace(), + Relation: config.sourceResourceType.GetRelation(), }), options.WithSortForReverse(options.BySubject), options.WithAfterForReverse(dbCursor), @@ -800,7 +800,7 @@ func (crr *CursoredLookupResources3) relationshipsIter( // If a caveat exists on the relationship, run it and filter the results, marking those that have missing context. var missingContextParameters []string - if rel.OptionalCaveat != nil && rel.OptionalCaveat.CaveatName != "" { + if rel.OptionalCaveat != nil && rel.OptionalCaveat.GetCaveatName() != "" { caveatExpr := caveats.CaveatAsExpr(rel.OptionalCaveat) runResult, err := refs.caveatRunner.RunCaveatExpression(ctx, caveatExpr, refs.req.Context.AsMap(), refs.reader, caveats.RunCaveatExpressionNoDebugging) if err != nil { @@ -935,7 +935,7 @@ func (crr *CursoredLookupResources3) dispatchIter( TerminalSubject: refs.req.TerminalSubject, Metadata: &v1.ResolverMeta{ AtRevision: refs.req.Revision.String(), - DepthRemaining: refs.req.Metadata.DepthRemaining - 1, + DepthRemaining: refs.req.Metadata.GetDepthRemaining() - 1, }, OptionalCursor: currentCursor, OptionalLimit: refs.req.OptionalLimit, @@ -990,7 +990,7 @@ func (crr *CursoredLookupResources3) filterSubjectsByCheck( Subject: tuple.FromCoreObjectAndRelation(refs.req.TerminalSubject), CaveatContext: refs.req.Context.AsMap(), AtRevision: refs.req.Revision, - MaximumDepth: refs.req.Metadata.DepthRemaining - 1, + MaximumDepth: refs.req.Metadata.GetDepthRemaining() - 1, DebugOption: computed.NoDebugging, CheckHints: checkHints, }, resourceIDsToCheck, crr.dispatchChunkSize) @@ -1006,7 +1006,7 @@ func (crr *CursoredLookupResources3) filterSubjectsByCheck( continue } - switch result.Membership { + switch result.GetMembership() { case v1.ResourceCheckResult_MEMBER: // If the found resource is a member, we copy the relationships from the // relationships chunk to the updated chunk, as this is a valid resource. @@ -1015,7 +1015,7 @@ func (crr *CursoredLookupResources3) filterSubjectsByCheck( case v1.ResourceCheckResult_CAVEATED_MEMBER: // If the found resource is a caveated member, we copy the relationships from the // relationships chunk to the updated chunk, but also include the missing context parameters. - updatedChunk.copyRelationshipsFrom(rm, resourceID, result.MissingExprFields) + updatedChunk.copyRelationshipsFrom(rm, resourceID, result.GetMissingExprFields()) case v1.ResourceCheckResult_NOT_MEMBER: // If the found resource is not a member, we do not include it in the updated chunk. @@ -1023,7 +1023,7 @@ func (crr *CursoredLookupResources3) filterSubjectsByCheck( continue default: - return nil, spiceerrors.MustBugf("unexpected result from check: %v", result.Membership) + return nil, spiceerrors.MustBugf("unexpected result from check: %v", result.GetMembership()) } } @@ -1078,11 +1078,11 @@ func (y *yieldingStream) Publish(resp *v1.DispatchLookupResources3Response) erro // Map the possible resource from the response, which combines missing context parameters // from the existing possible resource with that published. - for _, item := range resp.Items { + for _, item := range resp.GetItems() { mappedPossibleResource, err := y.rm.mapPossibleResource(possibleResource{ - resourceID: item.ResourceId, - forSubjectIDs: item.ForSubjectIds, - missingContextParams: item.MissingContextParams, + resourceID: item.GetResourceId(), + forSubjectIDs: item.GetForSubjectIds(), + missingContextParams: item.GetMissingContextParams(), }) if err != nil { return err @@ -1090,7 +1090,7 @@ func (y *yieldingStream) Publish(resp *v1.DispatchLookupResources3Response) erro if !y.yield(result{ Item: mappedPossibleResource, - Cursor: item.AfterResponseCursorSections, + Cursor: item.GetAfterResponseCursorSections(), }, nil) { y.canceled = true y.cancel() @@ -1288,14 +1288,14 @@ func subjectIDsToRelationshipsChunk( rel := tuple.Relationship{ RelationshipReference: tuple.RelationshipReference{ Resource: tuple.ObjectAndRelation{ - ObjectType: rewrittenSubjectRelation.Namespace, + ObjectType: rewrittenSubjectRelation.GetNamespace(), ObjectID: subjectID, - Relation: rewrittenSubjectRelation.Relation, + Relation: rewrittenSubjectRelation.GetRelation(), }, Subject: tuple.ObjectAndRelation{ - ObjectType: subjectRelation.Namespace, + ObjectType: subjectRelation.GetNamespace(), ObjectID: subjectID, - Relation: subjectRelation.Relation, + Relation: subjectRelation.GetRelation(), }, }, } diff --git a/internal/graph/lookupsubjects.go b/internal/graph/lookupsubjects.go index 9a0f4ce7c..9930960da 100644 --- a/internal/graph/lookupsubjects.go +++ b/internal/graph/lookupsubjects.go @@ -57,8 +57,8 @@ func (cl *ConcurrentLookupSubjects) LookupSubjects( } // If the resource type matches the subject type, yield directly. - if req.SubjectRelation.Namespace == req.ResourceRelation.Namespace && - req.SubjectRelation.Relation == req.ResourceRelation.Relation { + if req.SubjectRelation.GetNamespace() == req.ResourceRelation.GetNamespace() && + req.SubjectRelation.GetRelation() == req.ResourceRelation.GetRelation() { if err := stream.Publish(&v1.DispatchLookupSubjectsResponse{ FoundSubjectsByResourceId: subjectsForConcreteIds(req.ResourceIds), Metadata: emptyMetadata, @@ -71,8 +71,8 @@ func (cl *ConcurrentLookupSubjects) LookupSubjects( reader := ds.SnapshotReader(req.Revision) _, relation, err := namespace.ReadNamespaceAndRelation( ctx, - req.ResourceRelation.Namespace, - req.ResourceRelation.Relation, + req.ResourceRelation.GetNamespace(), + req.ResourceRelation.GetRelation(), reader) if err != nil { return err @@ -80,12 +80,12 @@ func (cl *ConcurrentLookupSubjects) LookupSubjects( ts := schema.NewTypeSystem(schema.ResolverForDatastoreReader(reader)) - if relation.UsersetRewrite == nil { + if relation.GetUsersetRewrite() == nil { // Direct lookup of subjects. return cl.lookupDirectSubjects(ctx, req, stream, ts, reader) } - return cl.lookupViaRewrite(ctx, req, stream, ts, relation.UsersetRewrite) + return cl.lookupViaRewrite(ctx, req, stream, ts, relation.GetUsersetRewrite()) } func subjectsForConcreteIds(subjectIds []string) map[string]*v1.FoundSubjects { @@ -139,14 +139,14 @@ func (cl *ConcurrentLookupSubjects) lookupDirectSubjects( foundSubjectsByResourceID := datasets.NewSubjectSetByResourceID() relationshipsBySubjectONR := mapz.NewMultiMap[tuple.ObjectAndRelation, tuple.Relationship]() - opts, err := cl.queryOptionsForRelation(ctx, ts, req.ResourceRelation.Namespace, req.ResourceRelation.Relation) + opts, err := cl.queryOptionsForRelation(ctx, ts, req.ResourceRelation.GetNamespace(), req.ResourceRelation.GetRelation()) if err != nil { return err } it, err := reader.QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: req.ResourceRelation.Namespace, - OptionalResourceRelation: req.ResourceRelation.Relation, + OptionalResourceType: req.ResourceRelation.GetNamespace(), + OptionalResourceRelation: req.ResourceRelation.GetRelation(), OptionalResourceIds: req.ResourceIds, }, opts...) if err != nil { @@ -158,8 +158,8 @@ func (cl *ConcurrentLookupSubjects) lookupDirectSubjects( return err } - if rel.Subject.ObjectType == req.SubjectRelation.Namespace && - rel.Subject.Relation == req.SubjectRelation.Relation { + if rel.Subject.ObjectType == req.SubjectRelation.GetNamespace() && + rel.Subject.Relation == req.SubjectRelation.GetRelation() { if err := foundSubjectsByResourceID.AddFromRelationship(rel); err != nil { return fmt.Errorf("failed to call AddFromRelationship in lookupDirectSubjects: %w", err) } @@ -195,7 +195,7 @@ func (cl *ConcurrentLookupSubjects) lookupViaComputed( cu *core.ComputedUserset, ) error { ds := datastoremw.MustFromContext(ctx).SnapshotReader(parentRequest.Revision) - if err := namespace.CheckNamespaceAndRelation(ctx, parentRequest.ResourceRelation.Namespace, cu.Relation, true, ds); err != nil { + if err := namespace.CheckNamespaceAndRelation(ctx, parentRequest.ResourceRelation.GetNamespace(), cu.GetRelation(), true, ds); err != nil { if errors.As(err, &namespace.RelationNotFoundError{}) { return nil } @@ -208,22 +208,22 @@ func (cl *ConcurrentLookupSubjects) lookupViaComputed( Ctx: ctx, Processor: func(result *v1.DispatchLookupSubjectsResponse) (*v1.DispatchLookupSubjectsResponse, bool, error) { return &v1.DispatchLookupSubjectsResponse{ - FoundSubjectsByResourceId: result.FoundSubjectsByResourceId, - Metadata: addCallToResponseMetadata(result.Metadata), + FoundSubjectsByResourceId: result.GetFoundSubjectsByResourceId(), + Metadata: addCallToResponseMetadata(result.GetMetadata()), }, true, nil }, } return cl.d.DispatchLookupSubjects(&v1.DispatchLookupSubjectsRequest{ ResourceRelation: &core.RelationReference{ - Namespace: parentRequest.ResourceRelation.Namespace, - Relation: cu.Relation, + Namespace: parentRequest.ResourceRelation.GetNamespace(), + Relation: cu.GetRelation(), }, ResourceIds: parentRequest.ResourceIds, SubjectRelation: parentRequest.SubjectRelation, Metadata: &v1.ResolverMeta{ AtRevision: parentRequest.Revision.String(), - DepthRemaining: parentRequest.Metadata.DepthRemaining - 1, + DepthRemaining: parentRequest.Metadata.GetDepthRemaining() - 1, }, }, stream) } @@ -251,13 +251,13 @@ func lookupViaIntersectionTupleToUserset( ttu *core.FunctionedTupleToUserset, ) error { ds := datastoremw.MustFromContext(ctx).SnapshotReader(parentRequest.Revision) - opts, err := cl.queryOptionsForRelation(ctx, ts, parentRequest.ResourceRelation.Namespace, ttu.GetTupleset().GetRelation()) + opts, err := cl.queryOptionsForRelation(ctx, ts, parentRequest.ResourceRelation.GetNamespace(), ttu.GetTupleset().GetRelation()) if err != nil { return err } it, err := ds.QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: parentRequest.ResourceRelation.Namespace, + OptionalResourceType: parentRequest.ResourceRelation.GetNamespace(), OptionalResourceRelation: ttu.GetTupleset().GetRelation(), OptionalResourceIds: parentRequest.ResourceIds, }, opts...) @@ -288,7 +288,7 @@ func lookupViaIntersectionTupleToUserset( ttuCaveat = caveatAnd(ttuCaveat, wrapCaveat(rel.OptionalCaveat)) } - if err := namespace.CheckNamespaceAndRelation(ctx, rel.Subject.ObjectType, ttu.GetComputedUserset().Relation, false, ds); err != nil { + if err := namespace.CheckNamespaceAndRelation(ctx, rel.Subject.ObjectType, ttu.GetComputedUserset().GetRelation(), false, ds); err != nil { if !errors.As(err, &namespace.RelationNotFoundError{}) { return err } @@ -323,13 +323,13 @@ func lookupViaIntersectionTupleToUserset( err := cl.d.DispatchLookupSubjects(&v1.DispatchLookupSubjectsRequest{ ResourceRelation: &core.RelationReference{ Namespace: rel.Subject.ObjectType, - Relation: ttu.GetComputedUserset().Relation, + Relation: ttu.GetComputedUserset().GetRelation(), }, ResourceIds: []string{rel.Subject.ObjectID}, SubjectRelation: parentRequest.SubjectRelation, Metadata: &v1.ResolverMeta{ AtRevision: parentRequest.Revision.String(), - DepthRemaining: parentRequest.Metadata.DepthRemaining - 1, + DepthRemaining: parentRequest.Metadata.GetDepthRemaining() - 1, }, }, collectingStream) if err != nil { @@ -356,9 +356,9 @@ func lookupViaIntersectionTupleToUserset( results := datasets.NewSubjectSet() collectedMetadata := emptyMetadata for _, result := range collectingStream.Results() { - collectedMetadata = combineResponseMetadata(ctx, collectedMetadata, result.Metadata) - for _, foundSubjects := range result.FoundSubjectsByResourceId { - if err := results.UnionWith(foundSubjects.FoundSubjects); err != nil { + collectedMetadata = combineResponseMetadata(ctx, collectedMetadata, result.GetMetadata()) + for _, foundSubjects := range result.GetFoundSubjectsByResourceId() { + if err := results.UnionWith(foundSubjects.GetFoundSubjects()); err != nil { return fmt.Errorf("failed to UnionWith under lookupSubjectsIntersection: %w", err) } } @@ -426,13 +426,13 @@ func lookupViaTupleToUserset[T relation]( relationshipsBySubjectONR := mapz.NewMultiMap[tuple.ObjectAndRelation, tuple.Relationship]() ds := datastoremw.MustFromContext(ctx).SnapshotReader(parentRequest.Revision) - opts, err := cl.queryOptionsForRelation(ctx, ts, parentRequest.ResourceRelation.Namespace, ttu.GetTupleset().GetRelation()) + opts, err := cl.queryOptionsForRelation(ctx, ts, parentRequest.ResourceRelation.GetNamespace(), ttu.GetTupleset().GetRelation()) if err != nil { return err } it, err := ds.QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: parentRequest.ResourceRelation.Namespace, + OptionalResourceType: parentRequest.ResourceRelation.GetNamespace(), OptionalResourceRelation: ttu.GetTupleset().GetRelation(), OptionalResourceIds: parentRequest.ResourceIds, }, opts...) @@ -453,12 +453,12 @@ func lookupViaTupleToUserset[T relation]( // Add the *rewritten* subject to the relationships multimap for mapping back to the associated // relationship, as we will be mapping from the computed relation, not the tupleset relation. - relationshipsBySubjectONR.Add(tuple.ONR(rel.Subject.ObjectType, rel.Subject.ObjectID, ttu.GetComputedUserset().Relation), rel) + relationshipsBySubjectONR.Add(tuple.ONR(rel.Subject.ObjectType, rel.Subject.ObjectID, ttu.GetComputedUserset().GetRelation()), rel) } // Map the found subject types by the computed userset relation, so that we dispatch to it. toDispatchByComputedRelationType, err := toDispatchByTuplesetType.Map(func(resourceType *core.RelationReference) (*core.RelationReference, error) { - if err := namespace.CheckNamespaceAndRelation(ctx, resourceType.Namespace, ttu.GetComputedUserset().Relation, false, ds); err != nil { + if err := namespace.CheckNamespaceAndRelation(ctx, resourceType.GetNamespace(), ttu.GetComputedUserset().GetRelation(), false, ds); err != nil { if errors.As(err, &namespace.RelationNotFoundError{}) { return nil, nil } @@ -467,8 +467,8 @@ func lookupViaTupleToUserset[T relation]( } return &core.RelationReference{ - Namespace: resourceType.Namespace, - Relation: ttu.GetComputedUserset().Relation, + Namespace: resourceType.GetNamespace(), + Relation: ttu.GetComputedUserset().GetRelation(), }, nil }) if err != nil { @@ -485,7 +485,7 @@ func (cl *ConcurrentLookupSubjects) lookupViaRewrite( ts *schema.TypeSystem, usr *core.UsersetRewrite, ) error { - switch rw := usr.RewriteOperation.(type) { + switch rw := usr.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: log.Ctx(ctx).Trace().Msg("union") return cl.lookupSetOperation(ctx, req, rw.Union, ts, newLookupSubjectsUnion(stream)) @@ -513,10 +513,10 @@ func (cl *ConcurrentLookupSubjects) lookupSetOperation( g, subCtx := errgroup.WithContext(cancelCtx) g.SetLimit(int(cl.concurrencyLimit)) - for index, childOneof := range so.Child { + for index, childOneof := range so.GetChild() { stream := reducer.ForIndex(subCtx, index) - switch child := childOneof.ChildType.(type) { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_XThis: return errors.New("use of _this is unsupported; please rewrite your schema") @@ -536,7 +536,7 @@ func (cl *ConcurrentLookupSubjects) lookupSetOperation( }) case *core.SetOperation_Child_FunctionedTupleToUserset: - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ANY: g.Go(func() error { return lookupViaTupleToUserset(subCtx, cl, req, stream, ts, child.FunctionedTupleToUserset) @@ -548,7 +548,7 @@ func (cl *ConcurrentLookupSubjects) lookupSetOperation( }) default: - return spiceerrors.MustBugf("unknown function in lookup subjects: %v", child.FunctionedTupleToUserset.Function) + return spiceerrors.MustBugf("unknown function in lookup subjects: %v", child.FunctionedTupleToUserset.GetFunction()) } case *core.SetOperation_Child_XNil: @@ -589,7 +589,7 @@ func (cl *ConcurrentLookupSubjects) dispatchTo( slice := foundSubjects.AsSlice() resourceIds := make([]string, 0, len(slice)) for _, foundSubject := range slice { - resourceIds = append(resourceIds, foundSubject.SubjectId) + resourceIds = append(resourceIds, foundSubject.GetSubjectId()) } stream := &dispatch.WrappedDispatchStream[*v1.DispatchLookupSubjectsResponse]{ @@ -611,8 +611,8 @@ func (cl *ConcurrentLookupSubjects) dispatchTo( // - firstdoc => {user:tom, user:sarah, user:fred[somecaveat]} // mappedFoundSubjects := make(map[string]*v1.FoundSubjects) - for childResourceID, foundSubjects := range result.FoundSubjectsByResourceId { - subjectKey := tuple.ONR(resourceType.Namespace, childResourceID, resourceType.Relation) + for childResourceID, foundSubjects := range result.GetFoundSubjectsByResourceId() { + subjectKey := tuple.ONR(resourceType.GetNamespace(), childResourceID, resourceType.GetRelation()) relationships, _ := relationshipsBySubjectONR.Get(subjectKey) if len(relationships) == 0 { return nil, false, fmt.Errorf("missing relationships for subject key %v; please report this error", subjectKey) @@ -633,7 +633,7 @@ func (cl *ConcurrentLookupSubjects) dispatchTo( // Otherwise, apply the caveat to all found subjects for that resource and map to the resource ID. foundSubjectSet := datasets.NewSubjectSet() - err := foundSubjectSet.UnionWith(foundSubjects.FoundSubjects) + err := foundSubjectSet.UnionWith(foundSubjects.GetFoundSubjects()) if err != nil { return nil, false, fmt.Errorf("could not combine subject sets: %w", err) } @@ -652,7 +652,7 @@ func (cl *ConcurrentLookupSubjects) dispatchTo( return &v1.DispatchLookupSubjectsResponse{ FoundSubjectsByResourceId: mappedFoundSubjects, - Metadata: addCallToResponseMetadata(result.Metadata), + Metadata: addCallToResponseMetadata(result.GetMetadata()), }, true, nil }, } @@ -666,7 +666,7 @@ func (cl *ConcurrentLookupSubjects) dispatchTo( SubjectRelation: parentRequest.SubjectRelation, Metadata: &v1.ResolverMeta{ AtRevision: parentRequest.Revision.String(), - DepthRemaining: parentRequest.Metadata.DepthRemaining - 1, + DepthRemaining: parentRequest.Metadata.GetDepthRemaining() - 1, }, }, stream) }) @@ -686,7 +686,7 @@ func combineFoundSubjects(existing *v1.FoundSubjects, toAdd *v1.FoundSubjects) ( } return &v1.FoundSubjects{ - FoundSubjects: append(existing.FoundSubjects, toAdd.FoundSubjects...), + FoundSubjects: append(existing.FoundSubjects, toAdd.GetFoundSubjects()...), }, nil } @@ -725,8 +725,8 @@ func (lsu *lookupSubjectsUnion) CompletedChildOperations(ctx context.Context) er } for _, result := range collector.Results() { - metadata = combineResponseMetadata(ctx, metadata, result.Metadata) - if err := foundSubjects.UnionWith(result.FoundSubjectsByResourceId); err != nil { + metadata = combineResponseMetadata(ctx, metadata, result.GetMetadata()) + if err := foundSubjects.UnionWith(result.GetFoundSubjectsByResourceId()); err != nil { return fmt.Errorf("failed to UnionWith under lookupSubjectsUnion: %w", err) } } @@ -773,8 +773,8 @@ func (lsi *lookupSubjectsIntersection) CompletedChildOperations(ctx context.Cont results := datasets.NewSubjectSetByResourceID() for _, result := range collector.Results() { - metadata = combineResponseMetadata(ctx, metadata, result.Metadata) - if err := results.UnionWith(result.FoundSubjectsByResourceId); err != nil { + metadata = combineResponseMetadata(ctx, metadata, result.GetMetadata()) + if err := results.UnionWith(result.GetFoundSubjectsByResourceId()); err != nil { return fmt.Errorf("failed to UnionWith under lookupSubjectsIntersection: %w", err) } } @@ -826,8 +826,8 @@ func (lse *lookupSubjectsExclusion) CompletedChildOperations(ctx context.Context collector := lse.collectors[index] results := datasets.NewSubjectSetByResourceID() for _, result := range collector.Results() { - metadata = combineResponseMetadata(ctx, metadata, result.Metadata) - if err := results.UnionWith(result.FoundSubjectsByResourceId); err != nil { + metadata = combineResponseMetadata(ctx, metadata, result.GetMetadata()) + if err := results.UnionWith(result.GetFoundSubjectsByResourceId()); err != nil { return fmt.Errorf("failed to UnionWith under lookupSubjectsExclusion: %w", err) } } diff --git a/internal/graph/lr2streams.go b/internal/graph/lr2streams.go index f27638156..12b7dc5e2 100644 --- a/internal/graph/lr2streams.go +++ b/internal/graph/lr2streams.go @@ -137,7 +137,7 @@ func (rdc *checkAndDispatchRunner) runChecker(ctx context.Context, startingIndex Subject: tuple.FromCoreObjectAndRelation(rdc.parentRequest.TerminalSubject), CaveatContext: rdc.parentRequest.Context.AsMap(), AtRevision: rdc.parentRequest.Revision, - MaximumDepth: rdc.parentRequest.Metadata.DepthRemaining - 1, + MaximumDepth: rdc.parentRequest.Metadata.GetDepthRemaining() - 1, DebugOption: computed.NoDebugging, CheckHints: checkHints, }, resourceIDsToCheck, rdc.dispatchChunkSize) @@ -155,13 +155,13 @@ func (rdc *checkAndDispatchRunner) runChecker(ctx context.Context, startingIndex continue } - switch result.Membership { + switch result.GetMembership() { case v1.ResourceCheckResult_MEMBER: fallthrough case v1.ResourceCheckResult_CAVEATED_MEMBER: // Record any additional caveats missing from the check. - adjustedResources.withAdditionalMissingContextForDispatchedResourceID(resourceID, result.MissingExprFields) + adjustedResources.withAdditionalMissingContextForDispatchedResourceID(resourceID, result.GetMissingExprFields()) resourceIDToDispatch = append(resourceIDToDispatch, resourceID) case v1.ResourceCheckResult_NOT_MEMBER: @@ -169,7 +169,7 @@ func (rdc *checkAndDispatchRunner) runChecker(ctx context.Context, startingIndex continue default: - return spiceerrors.MustBugf("unexpected result from check: %v", result.Membership) + return spiceerrors.MustBugf("unexpected result from check: %v", result.GetMembership()) } } @@ -241,7 +241,7 @@ func (rdc *checkAndDispatchRunner) runDispatch( TerminalSubject: rdc.parentRequest.TerminalSubject, Metadata: &v1.ResolverMeta{ AtRevision: rdc.parentRequest.Revision.String(), - DepthRemaining: rdc.parentRequest.Metadata.DepthRemaining - 1, + DepthRemaining: rdc.parentRequest.Metadata.GetDepthRemaining() - 1, }, OptionalCursor: updatedCi.currentCursor, OptionalLimit: rdc.ci.limits.currentLimit, @@ -293,7 +293,7 @@ func publishResultToParentStream( ) error { // Map the found resources via the subject+resources used for dispatching, to determine // if any need to be made conditional due to caveats. - mappedResource, err := foundResources.mapPossibleResource(result.Resource) + mappedResource, err := foundResources.mapPossibleResource(result.GetResource()) if err != nil { return err } @@ -305,13 +305,13 @@ func publishResultToParentStream( // The cursor for the response is that of the parent response + the cursor from the result itself. afterResponseCursor, err := combineCursors( responseCursor, - result.AfterResponseCursor, + result.GetAfterResponseCursor(), ) if err != nil { return err } - metadata := result.Metadata + metadata := result.GetMetadata() if isFirstPublishCall { metadata = addCallToResponseMetadata(metadata) metadata = combineResponseMetadata(ctx, metadata, additionalMetadata) @@ -319,8 +319,8 @@ func publishResultToParentStream( metadata = addAdditionalDepthRequired(metadata) } - missingContextParameters := mapz.NewSet(mappedResource.MissingContextParams...) - missingContextParameters.Extend(result.Resource.MissingContextParams) + missingContextParameters := mapz.NewSet(mappedResource.GetMissingContextParams()...) + missingContextParameters.Extend(result.GetResource().GetMissingContextParams()) missingContextParameters.Extend(additionalMissingContext) mappedResource.MissingContextParams = missingContextParameters.AsSlice() diff --git a/internal/graph/membershipset.go b/internal/graph/membershipset.go index d7d672674..5a473cfd6 100644 --- a/internal/graph/membershipset.go +++ b/internal/graph/membershipset.go @@ -121,8 +121,8 @@ func (ms *MembershipSet) addMember(resourceID string, caveatExpr *core.CaveatExp // The changes are made in-place. func (ms *MembershipSet) UnionWith(resultsMap CheckResultsMap) { for resourceID, details := range resultsMap { - if details.Membership != v1.ResourceCheckResult_NOT_MEMBER { - ms.addMember(resourceID, details.Expression) + if details.GetMembership() != v1.ResourceCheckResult_NOT_MEMBER { + ms.addMember(resourceID, details.GetExpression()) } } } @@ -131,7 +131,7 @@ func (ms *MembershipSet) UnionWith(resultsMap CheckResultsMap) { // The changes are made in-place. func (ms *MembershipSet) IntersectWith(resultsMap CheckResultsMap) { for resourceID := range ms.membersByID { - if details, ok := resultsMap[resourceID]; !ok || details.Membership == v1.ResourceCheckResult_NOT_MEMBER { + if details, ok := resultsMap[resourceID]; !ok || details.GetMembership() == v1.ResourceCheckResult_NOT_MEMBER { delete(ms.membersByID, resourceID) } } @@ -139,15 +139,15 @@ func (ms *MembershipSet) IntersectWith(resultsMap CheckResultsMap) { ms.hasDeterminedMember = false for resourceID, details := range resultsMap { existing, ok := ms.membersByID[resourceID] - if !ok || details.Membership == v1.ResourceCheckResult_NOT_MEMBER { + if !ok || details.GetMembership() == v1.ResourceCheckResult_NOT_MEMBER { continue } - if existing == nil && details.Expression == nil { + if existing == nil && details.GetExpression() == nil { ms.hasDeterminedMember = true continue } - ms.membersByID[resourceID] = caveatAnd(existing, details.Expression) + ms.membersByID[resourceID] = caveatAnd(existing, details.GetExpression()) } } @@ -156,16 +156,16 @@ func (ms *MembershipSet) IntersectWith(resultsMap CheckResultsMap) { func (ms *MembershipSet) Subtract(resultsMap CheckResultsMap) { ms.hasDeterminedMember = false for resourceID, expression := range ms.membersByID { - if details, ok := resultsMap[resourceID]; ok && details.Membership != v1.ResourceCheckResult_NOT_MEMBER { + if details, ok := resultsMap[resourceID]; ok && details.GetMembership() != v1.ResourceCheckResult_NOT_MEMBER { // If the incoming member has no caveat, then this removal is absolute. - if details.Expression == nil { + if details.GetExpression() == nil { delete(ms.membersByID, resourceID) continue } // Otherwise, the caveat expression gets combined with an intersection of the inversion // of the expression. - ms.membersByID[resourceID] = caveatSub(expression, details.Expression) + ms.membersByID[resourceID] = caveatSub(expression, details.GetExpression()) } else if expression == nil { ms.hasDeterminedMember = true } diff --git a/internal/graph/resourcesubjectsmap2.go b/internal/graph/resourcesubjectsmap2.go index 7d7dee260..4583a1e18 100644 --- a/internal/graph/resourcesubjectsmap2.go +++ b/internal/graph/resourcesubjectsmap2.go @@ -71,7 +71,7 @@ func subjectIDsToResourcesMap2(resourceType *core.RelationReference, subjectIDs // the resource of the relationship to the subject, as well as whether the relationship was caveated. func (rsm resourcesSubjectMap2) addRelationship(rel tuple.Relationship, missingContextParameters []string) error { spiceerrors.DebugAssertf(func() bool { - return rel.Resource.ObjectType == rsm.resourceType.Namespace && rel.Resource.Relation == rsm.resourceType.Relation + return rel.Resource.ObjectType == rsm.resourceType.GetNamespace() && rel.Resource.Relation == rsm.resourceType.GetRelation() }, "invalid relationship for addRelationship. expected: %v, found: %v", rsm.resourceType, rel.Resource) spiceerrors.DebugAssertf(func() bool { @@ -143,9 +143,9 @@ func (rsm dispatchableResourcesSubjectMap2) filterSubjectIDsToDispatch(dispatche filtered := make([]string, 0, len(resourceIDs)) for _, resourceID := range resourceIDs { if dispatched.Add(&core.ObjectAndRelation{ - Namespace: dispatchSubjectType.Namespace, + Namespace: dispatchSubjectType.GetNamespace(), ObjectId: resourceID, - Relation: dispatchSubjectType.Relation, + Relation: dispatchSubjectType.GetRelation(), }) { filtered = append(filtered, resourceID) } @@ -213,7 +213,7 @@ func (rsm dispatchableResourcesSubjectMap2) mapPossibleResource(foundResource *v nonCaveatedSubjectIDs := mapz.NewSet[string]() missingContextParameters := mapz.NewSet[string]() - for _, forSubjectID := range foundResource.ForSubjectIds { + for _, forSubjectID := range foundResource.GetForSubjectIds() { // Map from the incoming subject ID to the subject ID(s) that caused the dispatch. infos, ok := rsm.resourcesAndSubjects.Get(forSubjectID) if !ok { @@ -233,7 +233,7 @@ func (rsm dispatchableResourcesSubjectMap2) mapPossibleResource(foundResource *v // If there are some non-caveated IDs, return those and mark as the parent status. if nonCaveatedSubjectIDs.Len() > 0 { return &v1.PossibleResource{ - ResourceId: foundResource.ResourceId, + ResourceId: foundResource.GetResourceId(), ForSubjectIds: nonCaveatedSubjectIDs.AsSlice(), }, nil } @@ -241,7 +241,7 @@ func (rsm dispatchableResourcesSubjectMap2) mapPossibleResource(foundResource *v // Otherwise, everything is caveated, so return the full set of subject IDs and mark // as a check is required. return &v1.PossibleResource{ - ResourceId: foundResource.ResourceId, + ResourceId: foundResource.GetResourceId(), ForSubjectIds: forSubjectIDs.AsSlice(), MissingContextParams: missingContextParameters.AsSlice(), }, nil diff --git a/internal/graph/resourcesubjectsmap2_test.go b/internal/graph/resourcesubjectsmap2_test.go index 500a476cb..018d2fe63 100644 --- a/internal/graph/resourcesubjectsmap2_test.go +++ b/internal/graph/resourcesubjectsmap2_test.go @@ -19,8 +19,8 @@ func TestResourcesSubjectsMap2Basic(t *testing.T) { Relation: "view", }) - require.Equal(t, "document", rsm.resourceType.Namespace) - require.Equal(t, "view", rsm.resourceType.Relation) + require.Equal(t, "document", rsm.resourceType.GetNamespace()) + require.Equal(t, "view", rsm.resourceType.GetRelation()) require.Equal(t, 0, rsm.len()) rsm.addSubjectIDAsFoundResourceID("first") @@ -157,7 +157,7 @@ func TestResourcesSubjectsMap2MapFoundResources(t *testing.T) { expected := make([]*v1.PossibleResource, 0, len(tc.expected)) for _, expectedResource := range tc.expected { cloned := expectedResource.CloneVT() - sort.Strings(cloned.ForSubjectIds) + sort.Strings(cloned.GetForSubjectIds()) expected = append(expected, cloned) } @@ -171,8 +171,8 @@ func TestResourcesSubjectsMap2MapFoundResources(t *testing.T) { } for _, r := range resources { - sort.Strings(r.ForSubjectIds) - sort.Strings(r.MissingContextParams) + sort.Strings(r.GetForSubjectIds()) + sort.Strings(r.GetMissingContextParams()) } testutil.RequireProtoSlicesEqual(t, expected, resources, sortPossibleByResource, "different resources") @@ -221,5 +221,5 @@ func TestFilterSubjectIDsToDispatch(t *testing.T) { } func sortPossibleByResource(first *v1.PossibleResource, second *v1.PossibleResource) int { - return strings.Compare(first.ResourceId, second.ResourceId) + return strings.Compare(first.GetResourceId(), second.GetResourceId()) } diff --git a/internal/lsp/handlers.go b/internal/lsp/handlers.go index a2425ea0d..5f873ec57 100644 --- a/internal/lsp/handlers.go +++ b/internal/lsp/handlers.go @@ -70,10 +70,10 @@ func (s *Server) computeDiagnostics(ctx context.Context, uri lsp.DocumentURI) ([ diagnostics = append(diagnostics, lsp.Diagnostic{ Severity: lsp.Error, Range: lsp.Range{ - Start: lsp.Position{Line: int(devErr.Line) - 1, Character: int(devErr.Column) - 1}, - End: lsp.Position{Line: int(devErr.Line) - 1, Character: int(devErr.Column) - 1}, + Start: lsp.Position{Line: int(devErr.GetLine()) - 1, Character: int(devErr.GetColumn()) - 1}, + End: lsp.Position{Line: int(devErr.GetLine()) - 1, Character: int(devErr.GetColumn()) - 1}, }, - Message: devErr.Message, + Message: devErr.GetMessage(), }) } @@ -88,10 +88,10 @@ func (s *Server) computeDiagnostics(ctx context.Context, uri lsp.DocumentURI) ([ diagnostics = append(diagnostics, lsp.Diagnostic{ Severity: lsp.Warning, Range: lsp.Range{ - Start: lsp.Position{Line: int(devWarning.Line) - 1, Character: int(devWarning.Column) - 1}, - End: lsp.Position{Line: int(devWarning.Line) - 1, Character: int(devWarning.Column) - 1}, + Start: lsp.Position{Line: int(devWarning.GetLine()) - 1, Character: int(devWarning.GetColumn()) - 1}, + End: lsp.Position{Line: int(devWarning.GetLine()) - 1, Character: int(devWarning.GetColumn()) - 1}, }, - Message: devWarning.Message, + Message: devWarning.GetMessage(), }) } } diff --git a/internal/middleware/perfinsights/perfinsights_test.go b/internal/middleware/perfinsights/perfinsights_test.go index 8c7b4dcd8..61c2dcabc 100644 --- a/internal/middleware/perfinsights/perfinsights_test.go +++ b/internal/middleware/perfinsights/perfinsights_test.go @@ -95,11 +95,11 @@ func TestObserveShapeLatency(t *testing.T) { require.Equal(t, io_prometheus_client.MetricType_HISTOGRAM, metric.GetType()) - require.Equal(t, uint64(1), metric.GetMetric()[0].Histogram.GetSampleCount()) - require.Equal(t, float64(0.1), metric.GetMetric()[0].Histogram.GetSampleSum()) - require.Equal(t, "testMethod", metric.GetMetric()[0].Label[0].GetValue()) + require.Equal(t, uint64(1), metric.GetMetric()[0].GetHistogram().GetSampleCount()) + require.Equal(t, float64(0.1), metric.GetMetric()[0].GetHistogram().GetSampleSum()) + require.Equal(t, "testMethod", metric.GetMetric()[0].GetLabel()[0].GetValue()) - for _, label := range metric.GetMetric()[0].Label { + for _, label := range metric.GetMetric()[0].GetLabel() { if label.GetName() == "api_kind" { require.Equal(t, "testMethod", label.GetValue()) continue diff --git a/internal/middleware/pertoken/pertoken_test.go b/internal/middleware/pertoken/pertoken_test.go index 4914aa8ae..3e1b67f58 100644 --- a/internal/middleware/pertoken/pertoken_test.go +++ b/internal/middleware/pertoken/pertoken_test.go @@ -42,7 +42,7 @@ func (t testServer) Ping(ctx context.Context, req *testpb.PingRequest) (*testpb. return nil, errors.New("no datastore in context") } - if req.Value == "createrel" { + if req.GetValue() == "createrel" { // Create a new relationship in the datastore _, err := ds.ReadWriteTx(ctx, func(ctx context.Context, tx datastore.ReadWriteTransaction) error { return tx.WriteRelationships(ctx, []tuple.RelationshipUpdate{ @@ -163,28 +163,28 @@ validation: null func (s *perTokenMiddlewareTestSuite) TestUnaryInterceptor_WithMissingToken() { resp, err := s.Client.Ping(s.SimpleCtx(), &testpb.PingRequest{Value: "test"}) s.Require().NoError(err) - s.Require().Equal("3", resp.Value) + s.Require().Equal("3", resp.GetValue()) } func (s *perTokenMiddlewareTestSuite) TestUnaryInterceptor_WithEmptyToken() { ctx := metadata.AppendToOutgoingContext(s.SimpleCtx(), "authorization", "") resp, err := s.Client.Ping(ctx, &testpb.PingRequest{Value: "test"}) s.Require().NoError(err) - s.Require().Equal("3", resp.Value) + s.Require().Equal("3", resp.GetValue()) } func (s *perTokenMiddlewareTestSuite) TestUnaryInterceptor_WithIncorrectToken() { ctx := metadata.AppendToOutgoingContext(s.SimpleCtx(), "authorization", "missingbearer") resp, err := s.Client.Ping(ctx, &testpb.PingRequest{Value: "test"}) s.Require().NoError(err) - s.Require().Equal("3", resp.Value) + s.Require().Equal("3", resp.GetValue()) } func (s *perTokenMiddlewareTestSuite) TestUnaryInterceptor_WithDefinedToken() { ctx := metadata.AppendToOutgoingContext(s.SimpleCtx(), "authorization", "bearer sometoken") resp, err := s.Client.Ping(ctx, &testpb.PingRequest{Value: "test"}) s.Require().NoError(err) - s.Require().Equal("3", resp.Value) + s.Require().Equal("3", resp.GetValue()) } func (s *perTokenMiddlewareTestSuite) TestUnaryInterceptor_WithDifferentToken() { @@ -192,11 +192,11 @@ func (s *perTokenMiddlewareTestSuite) TestUnaryInterceptor_WithDifferentToken() ctx := metadata.AppendToOutgoingContext(s.SimpleCtx(), "authorization", "bearer sometoken") resp, err := s.Client.Ping(ctx, &testpb.PingRequest{Value: "createrel"}) s.Require().NoError(err) - s.Require().Equal("4", resp.Value) + s.Require().Equal("4", resp.GetValue()) // Connect with a different token, which should not see the new relationship. ctx = metadata.AppendToOutgoingContext(s.SimpleCtx(), "authorization", "bearer differenttoken") resp, err = s.Client.Ping(ctx, &testpb.PingRequest{Value: "test"}) s.Require().NoError(err) - s.Require().Equal("3", resp.Value) + s.Require().Equal("3", resp.GetValue()) } diff --git a/internal/middleware/streamtimeout/streamtimeout_test.go b/internal/middleware/streamtimeout/streamtimeout_test.go index 533180967..a3b5c1419 100644 --- a/internal/middleware/streamtimeout/streamtimeout_test.go +++ b/internal/middleware/streamtimeout/streamtimeout_test.go @@ -83,7 +83,7 @@ func (s *testSuite) TestStreamTimeout() { // Ensure that we produced a *maximum* of 6 responses (timeout is 50ms and each response // should take 10ms * counter). This ensures that we timed out (roughly) when expected. - maxCounter = resp.Counter + maxCounter = resp.GetCounter() s.Require().LessOrEqual(maxCounter, int32(6), "stream was not properly canceled: %d", maxCounter) } } diff --git a/internal/middleware/usagemetrics/usagemetrics.go b/internal/middleware/usagemetrics/usagemetrics.go index a4dc63104..fecb6b65a 100644 --- a/internal/middleware/usagemetrics/usagemetrics.go +++ b/internal/middleware/usagemetrics/usagemetrics.go @@ -80,12 +80,12 @@ func StreamServerInterceptor() grpc.StreamServerInterceptor { } func annotateAndReportForMetadata(ctx context.Context, methodName string, metadata *dispatch.ResponseMeta) error { - DispatchedCountHistogram.WithLabelValues(methodName, "false").Observe(float64(metadata.DispatchCount)) - DispatchedCountHistogram.WithLabelValues(methodName, "true").Observe(float64(metadata.CachedDispatchCount)) + DispatchedCountHistogram.WithLabelValues(methodName, "false").Observe(float64(metadata.GetDispatchCount())) + DispatchedCountHistogram.WithLabelValues(methodName, "true").Observe(float64(metadata.GetCachedDispatchCount())) return responsemeta.SetResponseTrailerMetadata(ctx, map[responsemeta.ResponseMetadataTrailerKey]string{ - responsemeta.DispatchedOperationsCount: strconv.Itoa(int(metadata.DispatchCount)), - responsemeta.CachedOperationsCount: strconv.Itoa(int(metadata.CachedDispatchCount)), + responsemeta.DispatchedOperationsCount: strconv.Itoa(int(metadata.GetDispatchCount())), + responsemeta.CachedOperationsCount: strconv.Itoa(int(metadata.GetCachedDispatchCount())), }) } diff --git a/internal/namespace/aliasing.go b/internal/namespace/aliasing.go index adbaa9468..f701ce707 100644 --- a/internal/namespace/aliasing.go +++ b/internal/namespace/aliasing.go @@ -14,43 +14,43 @@ func computePermissionAliases(typeDefinition *schema.ValidatedDefinition) (map[s done := map[string]struct{}{} unresolvedAliases := map[string]string{} - for _, rel := range typeDefinition.Namespace().Relation { + for _, rel := range typeDefinition.Namespace().GetRelation() { // Ensure the relation has a rewrite... if rel.GetUsersetRewrite() == nil { - done[rel.Name] = struct{}{} + done[rel.GetName()] = struct{}{} continue } // ... with a union ... union := rel.GetUsersetRewrite().GetUnion() if union == nil { - done[rel.Name] = struct{}{} + done[rel.GetName()] = struct{}{} continue } // ... with a single child ... - if len(union.Child) != 1 { - done[rel.Name] = struct{}{} + if len(union.GetChild()) != 1 { + done[rel.GetName()] = struct{}{} continue } // ... that is a computed userset. - computedUserset := union.Child[0].GetComputedUserset() + computedUserset := union.GetChild()[0].GetComputedUserset() if computedUserset == nil { - done[rel.Name] = struct{}{} + done[rel.GetName()] = struct{}{} continue } // If the aliased item is a relation, then we've found the alias target. aliasedPermOrRel := computedUserset.GetRelation() if !typeDefinition.IsPermission(aliasedPermOrRel) { - done[rel.Name] = struct{}{} - aliases[rel.Name] = aliasedPermOrRel + done[rel.GetName()] = struct{}{} + aliases[rel.GetName()] = aliasedPermOrRel continue } // Otherwise, add the permission to the working set. - unresolvedAliases[rel.Name] = aliasedPermOrRel + unresolvedAliases[rel.GetName()] = aliasedPermOrRel } for len(unresolvedAliases) > 0 { @@ -74,7 +74,7 @@ func computePermissionAliases(typeDefinition *schema.ValidatedDefinition) (map[s keys = append(keys, key) } sort.Strings(keys) - return nil, NewPermissionsCycleErr(typeDefinition.Namespace().Name, keys) + return nil, NewPermissionsCycleErr(typeDefinition.Namespace().GetName(), keys) } } diff --git a/internal/namespace/annotate.go b/internal/namespace/annotate.go index d85edff16..5b5caa152 100644 --- a/internal/namespace/annotate.go +++ b/internal/namespace/annotate.go @@ -15,12 +15,12 @@ func AnnotateNamespace(def *schema.ValidatedDefinition) error { return cerr } - for _, rel := range def.Namespace().Relation { - if alias, ok := aliases[rel.Name]; ok { + for _, rel := range def.Namespace().GetRelation() { + if alias, ok := aliases[rel.GetName()]; ok { rel.AliasingRelation = alias } - if cacheKey, ok := cacheKeys[rel.Name]; ok { + if cacheKey, ok := cacheKeys[rel.GetName()]; ok { rel.CanonicalCacheKey = cacheKey } } diff --git a/internal/namespace/canonicalization.go b/internal/namespace/canonicalization.go index b7fac3b62..d17db5e92 100644 --- a/internal/namespace/canonicalization.go +++ b/internal/namespace/canonicalization.go @@ -55,7 +55,7 @@ const computedKeyPrefix = "%" // representing the same *logical* expressions for a permission, even if the relations have // different names. func computeCanonicalCacheKeys(typeDef *schema.ValidatedDefinition, aliasMap map[string]string) (map[string]string, error) { - varMap, err := buildBddVarMap(typeDef.Namespace().Relation, aliasMap) + varMap, err := buildBddVarMap(typeDef.Namespace().GetRelation(), aliasMap) if err != nil { return nil, err } @@ -70,13 +70,13 @@ func computeCanonicalCacheKeys(typeDef *schema.ValidatedDefinition, aliasMap map } // For each permission, build a canonicalized cache key based on its expression. - cacheKeys := make(map[string]string, len(typeDef.Namespace().Relation)) - for _, rel := range typeDef.Namespace().Relation { + cacheKeys := make(map[string]string, len(typeDef.Namespace().GetRelation())) + for _, rel := range typeDef.Namespace().GetRelation() { rewrite := rel.GetUsersetRewrite() if rewrite == nil { // If the relation has no rewrite (making it a pure relation), then its canonical // key is simply the relation's name. - cacheKeys[rel.Name] = rel.Name + cacheKeys[rel.GetName()] = rel.GetName() continue } @@ -87,14 +87,14 @@ func computeCanonicalCacheKeys(typeDef *schema.ValidatedDefinition, aliasMap map } bdd.Print(hasher, node) - cacheKeys[rel.Name] = computedKeyPrefix + hex.EncodeToString(hasher.Sum(nil)) + cacheKeys[rel.GetName()] = computedKeyPrefix + hex.EncodeToString(hasher.Sum(nil)) } return cacheKeys, nil } func convertRewriteToBdd(relation *core.Relation, bdd *rudd.BDD, rewrite *core.UsersetRewrite, varMap bddVarMap) (rudd.Node, error) { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: return convertToBdd(relation, bdd, rw.Union, bdd.Or, func(childIndex int, varIndex int) rudd.Node { return bdd.Ithvar(varIndex) @@ -124,14 +124,14 @@ type ( ) func convertToBdd(relation *core.Relation, bdd *rudd.BDD, so *core.SetOperation, combiner combiner, builder builder, varMap bddVarMap) (rudd.Node, error) { - values := make([]rudd.Node, 0, len(so.Child)) - for index, childOneof := range so.Child { - switch child := childOneof.ChildType.(type) { + values := make([]rudd.Node, 0, len(so.GetChild())) + for index, childOneof := range so.GetChild() { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_XThis: return nil, spiceerrors.MustBugf("use of _this is disallowed") case *core.SetOperation_Child_ComputedUserset: - cuIndex, err := varMap.Get(child.ComputedUserset.Relation) + cuIndex, err := varMap.Get(child.ComputedUserset.GetRelation()) if err != nil { return nil, err } @@ -147,7 +147,7 @@ func convertToBdd(relation *core.Relation, bdd *rudd.BDD, so *core.SetOperation, values = append(values, node) case *core.SetOperation_Child_TupleToUserset: - arrowIndex, err := varMap.GetArrow(child.TupleToUserset.Tupleset.Relation, child.TupleToUserset.ComputedUserset.Relation) + arrowIndex, err := varMap.GetArrow(child.TupleToUserset.GetTupleset().GetRelation(), child.TupleToUserset.GetComputedUserset().GetRelation()) if err != nil { return nil, err } @@ -155,9 +155,9 @@ func convertToBdd(relation *core.Relation, bdd *rudd.BDD, so *core.SetOperation, values = append(values, builder(index, arrowIndex)) case *core.SetOperation_Child_FunctionedTupleToUserset: - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ANY: - arrowIndex, err := varMap.GetArrow(child.FunctionedTupleToUserset.Tupleset.Relation, child.FunctionedTupleToUserset.ComputedUserset.Relation) + arrowIndex, err := varMap.GetArrow(child.FunctionedTupleToUserset.GetTupleset().GetRelation(), child.FunctionedTupleToUserset.GetComputedUserset().GetRelation()) if err != nil { return nil, err } @@ -165,7 +165,7 @@ func convertToBdd(relation *core.Relation, bdd *rudd.BDD, so *core.SetOperation, values = append(values, builder(index, arrowIndex)) case core.FunctionedTupleToUserset_FUNCTION_ALL: - arrowIndex, err := varMap.GetIntersectionArrow(child.FunctionedTupleToUserset.Tupleset.Relation, child.FunctionedTupleToUserset.ComputedUserset.Relation) + arrowIndex, err := varMap.GetIntersectionArrow(child.FunctionedTupleToUserset.GetTupleset().GetRelation(), child.FunctionedTupleToUserset.GetComputedUserset().GetRelation()) if err != nil { return nil, err } @@ -173,7 +173,7 @@ func convertToBdd(relation *core.Relation, bdd *rudd.BDD, so *core.SetOperation, values = append(values, builder(index, arrowIndex)) default: - return nil, spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.Function) + return nil, spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.GetFunction()) } case *core.SetOperation_Child_XNil: @@ -232,11 +232,11 @@ func (bvm bddVarMap) Len() int { func buildBddVarMap(relations []*core.Relation, aliasMap map[string]string) (bddVarMap, error) { varMap := map[string]int{} for _, rel := range relations { - if _, ok := aliasMap[rel.Name]; ok { + if _, ok := aliasMap[rel.GetName()]; ok { continue } - varMap[rel.Name] = len(varMap) + varMap[rel.GetName()] = len(varMap) rewrite := rel.GetUsersetRewrite() if rewrite == nil { @@ -244,24 +244,24 @@ func buildBddVarMap(relations []*core.Relation, aliasMap map[string]string) (bdd } _, err := graph.WalkRewrite(rewrite, func(childOneof *core.SetOperation_Child) (any, error) { - switch child := childOneof.ChildType.(type) { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_TupleToUserset: - key := child.TupleToUserset.Tupleset.Relation + "->" + child.TupleToUserset.ComputedUserset.Relation + key := child.TupleToUserset.GetTupleset().GetRelation() + "->" + child.TupleToUserset.GetComputedUserset().GetRelation() if _, ok := varMap[key]; !ok { varMap[key] = len(varMap) } case *core.SetOperation_Child_FunctionedTupleToUserset: - key := child.FunctionedTupleToUserset.Tupleset.Relation + "->" + child.FunctionedTupleToUserset.ComputedUserset.Relation + key := child.FunctionedTupleToUserset.GetTupleset().GetRelation() + "->" + child.FunctionedTupleToUserset.GetComputedUserset().GetRelation() - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ANY: // Use the key. case core.FunctionedTupleToUserset_FUNCTION_ALL: - key = child.FunctionedTupleToUserset.Tupleset.Relation + "-(all)->" + child.FunctionedTupleToUserset.ComputedUserset.Relation + key = child.FunctionedTupleToUserset.GetTupleset().GetRelation() + "-(all)->" + child.FunctionedTupleToUserset.GetComputedUserset().GetRelation() default: - return nil, spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.Function) + return nil, spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.GetFunction()) } if _, ok := varMap[key]; !ok { diff --git a/internal/namespace/caveats.go b/internal/namespace/caveats.go index 2a05631c3..85174fc35 100644 --- a/internal/namespace/caveats.go +++ b/internal/namespace/caveats.go @@ -15,42 +15,42 @@ import ( // definition, including usage of the parameters. func ValidateCaveatDefinition(ts *caveattypes.TypeSet, caveat *core.CaveatDefinition) error { // Ensure all parameters are used by the caveat expression itself. - parameterTypes, err := caveattypes.DecodeParameterTypes(ts, caveat.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(ts, caveat.GetParameterTypes()) if err != nil { return schema.NewTypeWithSourceError( - fmt.Errorf("could not decode caveat parameters `%s`: %w", caveat.Name, err), + fmt.Errorf("could not decode caveat parameters `%s`: %w", caveat.GetName(), err), caveat, - caveat.Name, + caveat.GetName(), ) } - deserialized, err := caveats.DeserializeCaveatWithTypeSet(ts, caveat.SerializedExpression, parameterTypes) + deserialized, err := caveats.DeserializeCaveatWithTypeSet(ts, caveat.GetSerializedExpression(), parameterTypes) if err != nil { return schema.NewTypeWithSourceError( - fmt.Errorf("could not decode caveat `%s`: %w", caveat.Name, err), + fmt.Errorf("could not decode caveat `%s`: %w", caveat.GetName(), err), caveat, - caveat.Name, + caveat.GetName(), ) } - if len(caveat.ParameterTypes) == 0 { + if len(caveat.GetParameterTypes()) == 0 { return schema.NewTypeWithSourceError( - fmt.Errorf("caveat `%s` must have at least one parameter defined", caveat.Name), + fmt.Errorf("caveat `%s` must have at least one parameter defined", caveat.GetName()), caveat, - caveat.Name, + caveat.GetName(), ) } - referencedNames, err := deserialized.ReferencedParameters(slices.Collect(maps.Keys(caveat.ParameterTypes))) + referencedNames, err := deserialized.ReferencedParameters(slices.Collect(maps.Keys(caveat.GetParameterTypes()))) if err != nil { return err } - for paramName, paramType := range caveat.ParameterTypes { + for paramName, paramType := range caveat.GetParameterTypes() { _, err := caveattypes.DecodeParameterType(ts, paramType) if err != nil { return schema.NewTypeWithSourceError( - fmt.Errorf("type error for parameter `%s` for caveat `%s`: %w", paramName, caveat.Name, err), + fmt.Errorf("type error for parameter `%s` for caveat `%s`: %w", paramName, caveat.GetName(), err), caveat, paramName, ) @@ -58,7 +58,7 @@ func ValidateCaveatDefinition(ts *caveattypes.TypeSet, caveat *core.CaveatDefini if !referencedNames.Has(paramName) { return schema.NewTypeWithSourceError( - NewUnusedCaveatParameterErr(caveat.Name, paramName), + NewUnusedCaveatParameterErr(caveat.GetName(), paramName), caveat, paramName, ) diff --git a/internal/namespace/caveats_test.go b/internal/namespace/caveats_test.go index 71ecb593b..1ac8913a6 100644 --- a/internal/namespace/caveats_test.go +++ b/internal/namespace/caveats_test.go @@ -48,7 +48,7 @@ func TestValidateCaveatDefinition(t *testing.T) { for _, tc := range tcs { tc := tc - t.Run(tc.caveat.Name, func(t *testing.T) { + t.Run(tc.caveat.GetName(), func(t *testing.T) { err := ValidateCaveatDefinition(caveattypes.Default.TypeSet, tc.caveat) if tc.expectedError != "" { require.Error(t, err) diff --git a/internal/namespace/test/serialization_test.go b/internal/namespace/test/serialization_test.go index e22d14736..18b6754c8 100644 --- a/internal/namespace/test/serialization_test.go +++ b/internal/namespace/test/serialization_test.go @@ -94,23 +94,23 @@ func TestSerialization(t *testing.T) { for _, objectDef := range compiled.ObjectDefinitions { protoSerialized, err := proto.Marshal(objectDef) require.NoError(err) - err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-definition-%s.proto", test.schema, objectDef.Name), protoSerialized, 0o600) + err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-definition-%s.proto", test.schema, objectDef.GetName()), protoSerialized, 0o600) require.NoError(err) vtSerialized, err := objectDef.MarshalVT() require.NoError(err) - err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-definition-%s.vtproto", test.schema, objectDef.Name), vtSerialized, 0o600) + err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-definition-%s.vtproto", test.schema, objectDef.GetName()), vtSerialized, 0o600) require.NoError(err) } for _, caveatDef := range compiled.CaveatDefinitions { protoSerialized, err := proto.Marshal(caveatDef) require.NoError(err) - err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-caveat-%s.proto", test.schema, caveatDef.Name), protoSerialized, 0o600) + err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-caveat-%s.proto", test.schema, caveatDef.GetName()), protoSerialized, 0o600) require.NoError(err) vtSerialized, err := caveatDef.MarshalVT() require.NoError(err) - err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-caveat-%s.vtproto", test.schema, caveatDef.Name), vtSerialized, 0o600) + err = os.WriteFile(fmt.Sprintf("testdata/proto/%s-caveat-%s.vtproto", test.schema, caveatDef.GetName()), vtSerialized, 0o600) require.NoError(err) } } else { diff --git a/internal/namespace/util.go b/internal/namespace/util.go index 497bdfbf2..b7da45d91 100644 --- a/internal/namespace/util.go +++ b/internal/namespace/util.go @@ -25,8 +25,8 @@ func ReadNamespaceAndRelation( return nil, nil, err } - for _, rel := range config.Relation { - if rel.Name == relation { + for _, rel := range config.GetRelation() { + if rel.GetName() == relation { return config, rel, nil } } @@ -68,7 +68,7 @@ func CheckNamespaceAndRelations(ctx context.Context, checks []TypeAndRelationToC mappedNamespaces := make(map[string]*core.NamespaceDefinition, len(namespaces)) for _, namespace := range namespaces { - mappedNamespaces[namespace.Definition.Name] = namespace.Definition + mappedNamespaces[namespace.Definition.GetName()] = namespace.Definition } for _, toCheck := range checks { @@ -82,8 +82,8 @@ func CheckNamespaceAndRelations(ctx context.Context, checks []TypeAndRelationToC } foundRelation := false - for _, rel := range nsDef.Relation { - if rel.Name == toCheck.RelationName { + for _, rel := range nsDef.GetRelation() { + if rel.GetName() == toCheck.RelationName { foundRelation = true break } @@ -119,8 +119,8 @@ func CheckNamespaceAndRelation( return nil } - for _, rel := range config.Relation { - if rel.Name == relation { + for _, rel := range config.GetRelation() { + if rel.GetName() == relation { return nil } } @@ -134,11 +134,11 @@ func CheckNamespaceAndRelation( func ListReferencedNamespaces(nsdefs []*core.NamespaceDefinition) []string { referencedNamespaceNamesSet := mapz.NewSet[string]() for _, nsdef := range nsdefs { - referencedNamespaceNamesSet.Insert(nsdef.Name) + referencedNamespaceNamesSet.Insert(nsdef.GetName()) - for _, relation := range nsdef.Relation { + for _, relation := range nsdef.GetRelation() { if relation.GetTypeInformation() != nil { - for _, allowedRel := range relation.GetTypeInformation().AllowedDirectRelations { + for _, allowedRel := range relation.GetTypeInformation().GetAllowedDirectRelations() { referencedNamespaceNamesSet.Insert(allowedRel.GetNamespace()) } } diff --git a/internal/relationships/errors.go b/internal/relationships/errors.go index f3619c4ca..4877b2e07 100644 --- a/internal/relationships/errors.go +++ b/internal/relationships/errors.go @@ -45,12 +45,12 @@ func NewInvalidSubjectTypeError( allowedCaveatsForSubject := mapz.NewSet[string]() for _, allowedType := range allowedTypes { - if allowedType.RequiredCaveat != nil && - allowedType.RequiredCaveat.CaveatName != "" && - allowedType.Namespace == relationship.Subject.ObjectType && + if allowedType.GetRequiredCaveat() != nil && + allowedType.GetRequiredCaveat().GetCaveatName() != "" && + allowedType.GetNamespace() == relationship.Subject.ObjectType && allowedType.GetRelation() == relationship.Subject.Relation && - (allowedType.RequiredExpiration != nil) == (relationship.OptionalExpiration != nil) { - allowedCaveatsForSubject.Add(allowedType.RequiredCaveat.CaveatName) + (allowedType.GetRequiredExpiration() != nil) == (relationship.OptionalExpiration != nil) { + allowedCaveatsForSubject.Add(allowedType.GetRequiredCaveat().GetCaveatName()) } } @@ -173,7 +173,7 @@ func NewCaveatNotFoundError(relationship tuple.Relationship) CaveatNotFoundError return CaveatNotFoundError{ error: fmt.Errorf( "the caveat `%s` was not found for relationship `%s`", - relationship.OptionalCaveat.CaveatName, + relationship.OptionalCaveat.GetCaveatName(), tuple.MustString(relationship), ), relationship: relationship, @@ -188,7 +188,7 @@ func (err CaveatNotFoundError) GRPCStatus() *status.Status { spiceerrors.ForReason( v1.ErrorReason_ERROR_REASON_UNKNOWN_CAVEAT, map[string]string{ - "caveat_name": err.relationship.OptionalCaveat.CaveatName, + "caveat_name": err.relationship.OptionalCaveat.GetCaveatName(), }, ), ) diff --git a/internal/relationships/validation.go b/internal/relationships/validation.go index 611f805c7..19a4cb468 100644 --- a/internal/relationships/validation.go +++ b/internal/relationships/validation.go @@ -94,7 +94,7 @@ func loadNamespacesAndCaveats(ctx context.Context, rels []tuple.Relationship, re referencedNamespaceNames.Insert(rel.Resource.ObjectType) referencedNamespaceNames.Insert(rel.Subject.ObjectType) if hasNonEmptyCaveatContext(rel) { - referencedCaveatNamesWithContext.Insert(rel.OptionalCaveat.CaveatName) + referencedCaveatNamesWithContext.Insert(rel.OptionalCaveat.GetCaveatName()) } } @@ -115,7 +115,7 @@ func loadNamespacesAndCaveats(ctx context.Context, rels []tuple.Relationship, re return nil, nil, err } - referencedNamespaceMap[nsDef.Definition.Name] = nts + referencedNamespaceMap[nsDef.Definition.GetName()] = nts } } @@ -127,7 +127,7 @@ func loadNamespacesAndCaveats(ctx context.Context, rels []tuple.Relationship, re referencedCaveatMap = make(map[string]*core.CaveatDefinition, len(foundCaveats)) for _, caveatDef := range foundCaveats { - referencedCaveatMap[caveatDef.Definition.Name] = caveatDef.Definition + referencedCaveatMap[caveatDef.Definition.GetName()] = caveatDef.Definition } } return referencedNamespaceMap, referencedCaveatMap, nil @@ -191,7 +191,7 @@ func ValidateOneRelationship( // Validate the subject against the allowed relation(s). var caveat *core.AllowedCaveat if rel.OptionalCaveat != nil { - caveat = ns.AllowedCaveat(rel.OptionalCaveat.CaveatName) + caveat = ns.AllowedCaveat(rel.OptionalCaveat.GetCaveatName()) } var relationToCheck *core.AllowedRelation @@ -250,7 +250,7 @@ func ValidateOneRelationship( // Validate caveat and its context, if applicable. if hasNonEmptyCaveatContext(rel) { - caveat, ok := caveatMap[rel.OptionalCaveat.CaveatName] + caveat, ok := caveatMap[rel.OptionalCaveat.GetCaveatName()] if !ok { // Should ideally never happen since the caveat is type checked above, but just in case. return NewCaveatNotFoundError(rel) @@ -259,8 +259,8 @@ func ValidateOneRelationship( // Verify that the provided context information matches the types of the parameters defined. _, err := caveats.ConvertContextToParameters( caveatTypeSet, - rel.OptionalCaveat.Context.AsMap(), - caveat.ParameterTypes, + rel.OptionalCaveat.GetContext().AsMap(), + caveat.GetParameterTypes(), caveats.ErrorForUnknownParameters, ) if err != nil { @@ -273,7 +273,7 @@ func ValidateOneRelationship( func hasNonEmptyCaveatContext(relationship tuple.Relationship) bool { return relationship.OptionalCaveat != nil && - relationship.OptionalCaveat.CaveatName != "" && - relationship.OptionalCaveat.Context != nil && - len(relationship.OptionalCaveat.Context.GetFields()) > 0 + relationship.OptionalCaveat.GetCaveatName() != "" && + relationship.OptionalCaveat.GetContext() != nil && + len(relationship.OptionalCaveat.GetContext().GetFields()) > 0 } diff --git a/internal/services/integrationtesting/cert_test.go b/internal/services/integrationtesting/cert_test.go index 72abd4fb6..cb7cf7f9a 100644 --- a/internal/services/integrationtesting/cert_test.go +++ b/internal/services/integrationtesting/cert_test.go @@ -215,9 +215,9 @@ func TestCertRotation(t *testing.T) { AtLeastAsFresh: zedtoken.MustNewFromRevisionForTesting(revision), }, }, - Resource: rel.Resource, + Resource: rel.GetResource(), Permission: "viewer", - Subject: rel.Subject, + Subject: rel.GetSubject(), }) require.NoError(t, err) @@ -268,9 +268,9 @@ func TestCertRotation(t *testing.T) { AtLeastAsFresh: zedtoken.MustNewFromRevisionForTesting(revision), }, }, - Resource: rel.Resource, + Resource: rel.GetResource(), Permission: "viewer", - Subject: rel.Subject, + Subject: rel.GetSubject(), }) require.NoError(t, err) time.Sleep(initialValidDuration) diff --git a/internal/services/integrationtesting/consistency_test.go b/internal/services/integrationtesting/consistency_test.go index 0a4cca66b..fffd645db 100644 --- a/internal/services/integrationtesting/consistency_test.go +++ b/internal/services/integrationtesting/consistency_test.go @@ -90,7 +90,7 @@ func runConsistencyTestSuiteForFile(t *testing.T, filePath string, useCachingDis ts := schema.NewTypeSystem(schema.ResolverForDatastoreReader(cad.DataStore.SnapshotReader(headRevision))) for _, nsDef := range cad.Populated.NamespaceDefinitions { - _, err := ts.GetValidatedDefinition(cad.Ctx, nsDef.Name) + _, err := ts.GetValidatedDefinition(cad.Ctx, nsDef.GetName()) require.NoError(t, err) } @@ -190,22 +190,22 @@ func testForEachResource( t.Helper() for _, resourceType := range vctx.clusterAndData.Populated.NamespaceDefinitions { - resources, ok := vctx.accessibilitySet.ResourcesByNamespace.Get(resourceType.Name) + resources, ok := vctx.accessibilitySet.ResourcesByNamespace.Get(resourceType.GetName()) if !ok { continue } resourceType := resourceType - for _, relation := range resourceType.Relation { + for _, relation := range resourceType.GetRelation() { relation := relation for _, resource := range resources { resource := resource - t.Run(fmt.Sprintf("%s_%s_%s_%s", prefix, resourceType.Name, resource.ObjectID, relation.Name), + t.Run(fmt.Sprintf("%s_%s_%s_%s", prefix, resourceType.GetName(), resource.ObjectID, relation.GetName()), func(t *testing.T) { handler(t, tuple.ObjectAndRelation{ - ObjectType: resourceType.Name, + ObjectType: resourceType.GetName(), ObjectID: resource.ObjectID, - Relation: relation.Name, + Relation: relation.GetName(), }) }) } @@ -222,13 +222,13 @@ func testForEachResourceType( ) { for _, resourceType := range vctx.clusterAndData.Populated.NamespaceDefinitions { resourceType := resourceType - for _, relation := range resourceType.Relation { + for _, relation := range resourceType.GetRelation() { relation := relation - t.Run(fmt.Sprintf("%s_%s_%s_", prefix, resourceType.Name, relation.Name), + t.Run(fmt.Sprintf("%s_%s_%s_", prefix, resourceType.GetName(), relation.GetName()), func(t *testing.T) { handler(t, tuple.RelationReference{ - ObjectType: resourceType.Name, - Relation: relation.Name, + ObjectType: resourceType.GetName(), + Relation: relation.GetName(), }) }) } @@ -238,7 +238,7 @@ func testForEachResourceType( // ensureRelationshipWrites ensures that all relationships can be written via the API. func ensureRelationshipWrites(t *testing.T, vctx validationContext) { for _, nsDef := range vctx.clusterAndData.Populated.NamespaceDefinitions { - relationships, ok := vctx.accessibilitySet.RelationshipsByResourceNamespace.Get(nsDef.Name) + relationships, ok := vctx.accessibilitySet.RelationshipsByResourceNamespace.Get(nsDef.GetName()) if !ok { continue } @@ -303,7 +303,7 @@ func validateExpansionSubjects(t *testing.T, vctx validationContext) { require.NoError(t, err) // Build an accessible subject set from the expansion tree. - subjectsFoundSet, err := developmentmembership.AccessibleExpansionSubjects(resp.TreeNode) + subjectsFoundSet, err := developmentmembership.AccessibleExpansionSubjects(resp.GetTreeNode()) require.NoError(t, err) // Ensure all non-wildcard terminal subjects that were found in the expansion are accessible. @@ -388,7 +388,7 @@ func validateLookupResources(t *testing.T, vctx validationContext) { currentCursor = lastCursor for _, resource := range foundResources { - resolvedResources[resource.ResourceObjectId] = resource + resolvedResources[resource.GetResourceObjectId()] = resource } if pageSize == 0 || len(foundResources) < int(pageSize) { @@ -409,7 +409,7 @@ func validateLookupResources(t *testing.T, vctx validationContext) { permissionship, err := vctx.serviceTester.Check(t.Context(), tuple.ObjectAndRelation{ ObjectType: resourceRelation.ObjectType, - ObjectID: resolvedResource.ResourceObjectId, + ObjectID: resolvedResource.GetResourceObjectId(), Relation: resourceRelation.Relation, }, subject, @@ -418,11 +418,11 @@ func validateLookupResources(t *testing.T, vctx validationContext) { ) expectedPermissionship := v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION - if resolvedResource.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { + if resolvedResource.GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { expectedPermissionship = v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION } - expectedBulkPermissions[resolvedResource.ResourceObjectId] = expectedPermissionship + expectedBulkPermissions[resolvedResource.GetResourceObjectId()] = expectedPermissionship require.NoError(t, err) require.Equal(t, @@ -430,7 +430,7 @@ func validateLookupResources(t *testing.T, vctx validationContext) { permissionship, "Found Check failure for relation %s:%s#%s and subject %s in lookup resources; LR permission %v, Check Permission %v", resourceRelation.ObjectType, - resolvedResource.ResourceObjectId, + resolvedResource.GetResourceObjectId(), resourceRelation.Relation, tuple.StringONR(subject), expectedPermissionship, @@ -440,7 +440,7 @@ func validateLookupResources(t *testing.T, vctx validationContext) { checkBulkItems = append(checkBulkItems, &v1.CheckBulkPermissionsRequestItem{ Resource: &v1.ObjectReference{ ObjectType: resourceRelation.ObjectType, - ObjectId: resolvedResource.ResourceObjectId, + ObjectId: resolvedResource.GetResourceObjectId(), }, Permission: resourceRelation.Relation, Subject: &v1.SubjectReference{ @@ -460,7 +460,7 @@ func validateLookupResources(t *testing.T, vctx validationContext) { ) require.NoError(t, err) for _, result := range results { - require.Equal(t, expectedBulkPermissions[result.Request.Resource.ObjectId], result.GetItem().Permissionship) + require.Equal(t, expectedBulkPermissions[result.GetRequest().GetResource().GetObjectId()], result.GetItem().GetPermissionship()) } }) } @@ -536,16 +536,16 @@ func validateLookupSubjects(t *testing.T, vctx validationContext) { require.True(t, ok, "expected wildcard in lookupsubjects response for assertion `%s`", assertion.RelationshipWithContextString) if entry.requiresPermission { - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, resolvedSubject.Subject.Permissionship) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, resolvedSubject.GetSubject().GetPermissionship()) } // Ensure that the subject is not excluded. If a caveated assertion, then the exclusion // can be caveated. - for _, excludedSubject := range resolvedSubject.ExcludedSubjects { + for _, excludedSubject := range resolvedSubject.GetExcludedSubjects() { if entry.requiresPermission { - require.NotEqual(t, excludedSubject.SubjectObjectId, assertionRel.Subject.ObjectID, "wildcard excludes the asserted subject ID: %s", assertionRel.Subject.ObjectID) - } else if excludedSubject.SubjectObjectId == assertionRel.Subject.ObjectID { - require.NotEqual(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, excludedSubject.Permissionship, "wildcard concretely excludes the asserted subject ID: %s", assertionRel.Subject.ObjectID) + require.NotEqual(t, excludedSubject.GetSubjectObjectId(), assertionRel.Subject.ObjectID, "wildcard excludes the asserted subject ID: %s", assertionRel.Subject.ObjectID) + } else if excludedSubject.GetSubjectObjectId() == assertionRel.Subject.ObjectID { + require.NotEqual(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, excludedSubject.GetPermissionship(), "wildcard concretely excludes the asserted subject ID: %s", assertionRel.Subject.ObjectID) } } continue @@ -559,16 +559,16 @@ func validateLookupSubjects(t *testing.T, vctx validationContext) { // Ensure that all excluded subjects from wildcards do not have access. for _, resolvedSubject := range resolvedSubjects { - if resolvedSubject.Subject.SubjectObjectId != tuple.PublicWildcard { + if resolvedSubject.GetSubject().GetSubjectObjectId() != tuple.PublicWildcard { continue } - for _, excludedSubject := range resolvedSubject.ExcludedSubjects { + for _, excludedSubject := range resolvedSubject.GetExcludedSubjects() { permissionship, err := vctx.serviceTester.Check(t.Context(), resource, tuple.ObjectAndRelation{ ObjectType: subjectType.ObjectType, - ObjectID: excludedSubject.SubjectObjectId, + ObjectID: excludedSubject.GetSubjectObjectId(), Relation: subjectType.Relation, }, vctx.revision, @@ -577,10 +577,10 @@ func validateLookupSubjects(t *testing.T, vctx validationContext) { require.NoError(t, err) expectedPermissionship := v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION - if resolvedSubject.Subject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { + if resolvedSubject.GetSubject().GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { expectedPermissionship = v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION } - if excludedSubject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { + if excludedSubject.GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { expectedPermissionship = v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION } @@ -589,20 +589,20 @@ func validateLookupSubjects(t *testing.T, vctx validationContext) { permissionship, "Found Check failure for resource %s and excluded subject %s in lookup subjects", tuple.StringONR(resource), - excludedSubject.SubjectObjectId, + excludedSubject.GetSubjectObjectId(), ) } } // Ensure that every returned defined, non-wildcard subject found checks as expected. for _, resolvedSubject := range resolvedSubjects { - if resolvedSubject.Subject.SubjectObjectId == tuple.PublicWildcard { + if resolvedSubject.GetSubject().GetSubjectObjectId() == tuple.PublicWildcard { continue } subject := tuple.ObjectAndRelation{ ObjectType: subjectType.ObjectType, - ObjectID: resolvedSubject.Subject.SubjectObjectId, + ObjectID: resolvedSubject.GetSubject().GetSubjectObjectId(), Relation: subjectType.Relation, } @@ -615,7 +615,7 @@ func validateLookupSubjects(t *testing.T, vctx validationContext) { require.NoError(t, err) expectedPermissionship := v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION - if resolvedSubject.Subject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { + if resolvedSubject.GetSubject().GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { expectedPermissionship = v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION } @@ -673,9 +673,9 @@ func runAssertions(t *testing.T, vctx validationContext) { rel := tuple.ToV1Relationship(assertion.Relationship) bulkCheckItems = append(bulkCheckItems, &v1.BulkCheckPermissionRequestItem{ - Resource: rel.Resource, - Permission: rel.Relation, - Subject: rel.Subject, + Resource: rel.GetResource(), + Permission: rel.GetRelation(), + Subject: rel.GetSubject(), Context: caveatContext, }) @@ -693,7 +693,7 @@ func runAssertions(t *testing.T, vctx validationContext) { resolvedDirectResourcesMap := map[string]*v1.LookupResourcesResponse{} for _, resource := range resolvedDirectResources { - resolvedDirectResourcesMap[resource.ResourceObjectId] = resource + resolvedDirectResourcesMap[resource.GetResourceObjectId()] = resource } // Ensure the assertion passes LookupResources without context, indirectly. @@ -702,7 +702,7 @@ func runAssertions(t *testing.T, vctx validationContext) { resolvedIndirectResourcesMap := map[string]*v1.LookupResourcesResponse{} for _, resource := range resolvedIndirectResources { - resolvedIndirectResourcesMap[resource.ResourceObjectId] = resource + resolvedIndirectResourcesMap[resource.GetResourceObjectId()] = resource } // Check the assertion was returned for a direct (with context) lookup. @@ -713,11 +713,11 @@ func runAssertions(t *testing.T, vctx validationContext) { case v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION: require.Contains(t, resolvedDirectResourceIds, rel.Resource.ObjectID, "Missing object %s in lookup for assertion %s", rel.Resource, rel) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, resolvedDirectResourcesMap[rel.Resource.ObjectID].Permissionship) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, resolvedDirectResourcesMap[rel.Resource.ObjectID].GetPermissionship()) case v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION: require.Contains(t, resolvedDirectResourceIds, rel.Resource.ObjectID, "Missing object %s in lookup for assertion %s", rel.Resource, rel) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resolvedDirectResourcesMap[rel.Resource.ObjectID].Permissionship, + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resolvedDirectResourcesMap[rel.Resource.ObjectID].GetPermissionship(), "Expected caveated permission in direct lookup for assertion %s", rel, ) } @@ -735,11 +735,11 @@ func runAssertions(t *testing.T, vctx validationContext) { require.NotContains(t, resolvedIndirectResourceIds, rel.Resource.ObjectID, "Found unexpected object %s in indirect lookup for assertion %s", rel.Resource, rel) case accessibility == consistencytestutil.NotAccessible: found, ok := resolvedIndirectResourcesMap[rel.Resource.ObjectID] - require.True(t, !ok || found.Permissionship != v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION) // LookupResources can be caveated, since we didn't rerun LookupResources with the context + require.True(t, !ok || found.GetPermissionship() != v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION) // LookupResources can be caveated, since we didn't rerun LookupResources with the context case accessibility != consistencytestutil.NotAccessibleDueToPrespecifiedCaveat: found, ok := resolvedIndirectResourcesMap[rel.Resource.ObjectID] require.True(t, ok, "Missing expected object %s in indirect lookup for assertion %s", rel.Resource, rel) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, found.Permissionship, + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, found.GetPermissionship(), "Expected caveated permission in indirect lookup for assertion %s", rel, ) } @@ -749,12 +749,12 @@ func runAssertions(t *testing.T, vctx validationContext) { // If the caveat context given is empty, then the lookup result must be fully permissioned. // Otherwise, it *could* be caveated or fully permissioned, depending on the context given. if len(assertion.CaveatContext) == 0 { - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, resolvedIndirectResourcesMap[rel.Resource.ObjectID].Permissionship) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, resolvedIndirectResourcesMap[rel.Resource.ObjectID].GetPermissionship()) } case v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION: require.Contains(t, resolvedIndirectResourceIds, rel.Resource.ObjectID, "Missing object %s in lookup for assertion %s", rel.Resource, rel) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resolvedIndirectResourcesMap[rel.Resource.ObjectID].Permissionship) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resolvedIndirectResourcesMap[rel.Resource.ObjectID].GetPermissionship()) default: panic("unknown permissionship") @@ -766,7 +766,7 @@ func runAssertions(t *testing.T, vctx validationContext) { require.NoError(t, err) for _, result := range results { - require.Equal(t, entry.expectedPermissionship, result.GetItem().Permissionship, "Bulk check for assertion request `%s` returned %s; expected %s", result.GetRequest(), result.GetItem().Permissionship, entry.expectedPermissionship) + require.Equal(t, entry.expectedPermissionship, result.GetItem().GetPermissionship(), "Bulk check for assertion request `%s` returned %s; expected %s", result.GetRequest(), result.GetItem().GetPermissionship(), entry.expectedPermissionship) } } }) diff --git a/internal/services/integrationtesting/consistencytestutil/accessibilityset.go b/internal/services/integrationtesting/consistencytestutil/accessibilityset.go index 6099d8a9f..52a6cbe57 100644 --- a/internal/services/integrationtesting/consistencytestutil/accessibilityset.go +++ b/internal/services/integrationtesting/consistencytestutil/accessibilityset.go @@ -118,15 +118,15 @@ func BuildAccessibilitySet(t *testing.T, ccd ConsistencyClusterAndData) *Accessi for _, resourceType := range ccd.Populated.NamespaceDefinitions { for _, possibleResourceID := range allObjectIds.AsSlice() { - for _, relationOrPermission := range resourceType.Relation { + for _, relationOrPermission := range resourceType.GetRelation() { for _, subject := range subjectsByNamespace.Values() { if subject.ObjectID == tuple.PublicWildcard { continue } resourceRelation := tuple.RelationReference{ - ObjectType: resourceType.Name, - Relation: relationOrPermission.Name, + ObjectType: resourceType.GetName(), + Relation: relationOrPermission.GetName(), } results, err := dispatcher.DispatchCheck(ccd.Ctx, &dispatchv1.DispatchCheckRequest{ @@ -143,9 +143,9 @@ func BuildAccessibilitySet(t *testing.T, ccd ConsistencyClusterAndData) *Accessi require.NoError(t, err) resourceAndRelation := tuple.ObjectAndRelation{ - ObjectType: resourceType.Name, + ObjectType: resourceType.GetName(), ObjectID: possibleResourceID, - Relation: relationOrPermission.Name, + Relation: relationOrPermission.GetName(), } permString := tuple.MustString(tuple.Relationship{ RelationshipReference: tuple.RelationshipReference{ @@ -154,8 +154,8 @@ func BuildAccessibilitySet(t *testing.T, ccd ConsistencyClusterAndData) *Accessi }, }) - if result, ok := results.ResultsByResourceId[possibleResourceID]; ok { - membership := result.Membership + if result, ok := results.GetResultsByResourceId()[possibleResourceID]; ok { + membership := result.GetMembership() uncomputedPermissionshipByRelationship[permString] = membership // If the subject is caveated, run a computed check to determine if it @@ -175,7 +175,7 @@ func BuildAccessibilitySet(t *testing.T, ccd ConsistencyClusterAndData) *Accessi 100, ) require.NoError(t, err) - membership = cr.Membership + membership = cr.GetMembership() } permissionshipByRelationship[permString] = membership @@ -374,7 +374,7 @@ func isAccessibleViaWildcardOnly( }) require.NoError(t, err) - subjectsFound, err := developmentmembership.AccessibleExpansionSubjects(resp.TreeNode) + subjectsFound, err := developmentmembership.AccessibleExpansionSubjects(resp.GetTreeNode()) require.NoError(t, err) return !subjectsFound.Contains(subject) } diff --git a/internal/services/integrationtesting/consistencytestutil/servicetester.go b/internal/services/integrationtesting/consistencytestutil/servicetester.go index 987347d44..e73349ea0 100644 --- a/internal/services/integrationtesting/consistencytestutil/servicetester.go +++ b/internal/services/integrationtesting/consistencytestutil/servicetester.go @@ -87,7 +87,7 @@ func (v1st v1ServiceTester) Check(ctx context.Context, resource tuple.ObjectAndR if err != nil { return v1.CheckPermissionResponse_PERMISSIONSHIP_UNSPECIFIED, err } - return checkResp.Permissionship, nil + return checkResp.GetPermissionship(), nil } func (v1st v1ServiceTester) Expand(ctx context.Context, resource tuple.ObjectAndRelation, atRevision datastore.Revision) (*core.RelationTupleTreeNode, error) { @@ -106,7 +106,7 @@ func (v1st v1ServiceTester) Expand(ctx context.Context, resource tuple.ObjectAnd if err != nil { return nil, err } - return v1svc.TranslateRelationshipTree(expandResp.TreeRoot), nil + return v1svc.TranslateRelationshipTree(expandResp.GetTreeRoot()), nil } func (v1st v1ServiceTester) Write(ctx context.Context, relationship tuple.Relationship) error { @@ -154,7 +154,7 @@ func (v1st v1ServiceTester) Read(_ context.Context, namespaceName string, atRevi return nil, err } - rels = append(rels, tuple.FromV1Relationship(resp.Relationship)) + rels = append(rels, tuple.FromV1Relationship(resp.GetRelationship())) } return rels, nil @@ -206,7 +206,7 @@ func (v1st v1ServiceTester) LookupResources(_ context.Context, resourceRelation } found = append(found, resp) - lastCursor = resp.AfterResultCursor + lastCursor = resp.GetAfterResultCursor() } return found, lastCursor, nil } @@ -251,7 +251,7 @@ func (v1st v1ServiceTester) LookupSubjects(_ context.Context, resource tuple.Obj return nil, err } - found[resp.Subject.SubjectObjectId] = resp + found[resp.GetSubject().GetSubjectObjectId()] = resp } return found, nil } @@ -269,7 +269,7 @@ func (v1st v1ServiceTester) BulkCheck(ctx context.Context, items []*v1.BulkCheck return nil, err } - return result.Pairs, nil + return result.GetPairs(), nil } func (v1st v1ServiceTester) CheckBulk(ctx context.Context, items []*v1.CheckBulkPermissionsRequestItem, atRevision datastore.Revision) ([]*v1.CheckBulkPermissionsPair, error) { @@ -285,5 +285,5 @@ func (v1st v1ServiceTester) CheckBulk(ctx context.Context, items []*v1.CheckBulk return nil, err } - return result.Pairs, nil + return result.GetPairs(), nil } diff --git a/internal/services/integrationtesting/dispatch_test.go b/internal/services/integrationtesting/dispatch_test.go index 80930a8b8..2ebf2a06f 100644 --- a/internal/services/integrationtesting/dispatch_test.go +++ b/internal/services/integrationtesting/dispatch_test.go @@ -65,7 +65,7 @@ func TestDispatchIntegration(t *testing.T) { cresp, err := client.CheckPermission(context.Background(), &v1.CheckPermissionRequest{ Consistency: &v1.Consistency{ Requirement: &v1.Consistency_AtLeastAsFresh{ - AtLeastAsFresh: resp.WrittenAt, + AtLeastAsFresh: resp.GetWrittenAt(), }, }, Resource: &v1.ObjectReference{ @@ -81,12 +81,12 @@ func TestDispatchIntegration(t *testing.T) { }, }) require.NoError(t, err) - require.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, cresp.Permissionship) + require.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, cresp.GetPermissionship()) cresp2, err := client.CheckPermission(context.Background(), &v1.CheckPermissionRequest{ Consistency: &v1.Consistency{ Requirement: &v1.Consistency_AtLeastAsFresh{ - AtLeastAsFresh: resp.WrittenAt, + AtLeastAsFresh: resp.GetWrittenAt(), }, }, Resource: &v1.ObjectReference{ @@ -102,7 +102,7 @@ func TestDispatchIntegration(t *testing.T) { }, }) require.NoError(t, err) - require.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, cresp2.Permissionship) + require.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, cresp2.GetPermissionship()) }, }, { @@ -130,7 +130,7 @@ func TestDispatchIntegration(t *testing.T) { cresp, err := client.CheckPermission(context.Background(), &v1.CheckPermissionRequest{ Consistency: &v1.Consistency{ Requirement: &v1.Consistency_AtLeastAsFresh{ - AtLeastAsFresh: resp.WrittenAt, + AtLeastAsFresh: resp.GetWrittenAt(), }, }, Resource: &v1.ObjectReference{ @@ -146,7 +146,7 @@ func TestDispatchIntegration(t *testing.T) { }, }) require.NoError(t, err) - require.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION, cresp.Permissionship) + require.Equal(t, v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION, cresp.GetPermissionship()) }, }, { @@ -171,7 +171,7 @@ func TestDispatchIntegration(t *testing.T) { _, cerr := client.CheckPermission(context.Background(), &v1.CheckPermissionRequest{ Consistency: &v1.Consistency{ Requirement: &v1.Consistency_AtLeastAsFresh{ - AtLeastAsFresh: resp.WrittenAt, + AtLeastAsFresh: resp.GetWrittenAt(), }, }, Resource: &v1.ObjectReference{ @@ -310,7 +310,7 @@ func TestDispatchIntegration(t *testing.T) { }, }) require.NoError(t, derr) - require.NotNil(t, resp.DeletedAt) + require.NotNil(t, resp.GetDeletedAt()) }, }, } diff --git a/internal/services/integrationtesting/ops_test.go b/internal/services/integrationtesting/ops_test.go index 679c9989e..cb0fb5015 100644 --- a/internal/services/integrationtesting/ops_test.go +++ b/internal/services/integrationtesting/ops_test.go @@ -833,5 +833,5 @@ func (st v1OpsTester) ReadSchema(ctx context.Context) (string, error) { if err != nil { return "", err } - return resp.SchemaText, nil + return resp.GetSchemaText(), nil } diff --git a/internal/services/integrationtesting/perf_test.go b/internal/services/integrationtesting/perf_test.go index 705c42a60..9ad84cc35 100644 --- a/internal/services/integrationtesting/perf_test.go +++ b/internal/services/integrationtesting/perf_test.go @@ -63,9 +63,9 @@ func TestBurst(t *testing.T) { AtLeastAsFresh: zedtoken.MustNewFromRevisionForTesting(revision), }, }, - Resource: rel.Resource, + Resource: rel.GetResource(), Permission: "viewer", - Subject: rel.Subject, + Subject: rel.GetSubject(), }) require.NoError(t, err) }() diff --git a/internal/services/shared/schema.go b/internal/services/shared/schema.go index 0e1501189..62c550e35 100644 --- a/internal/services/shared/schema.go +++ b/internal/services/shared/schema.go @@ -39,7 +39,7 @@ func ValidateSchemaChanges(ctx context.Context, compiled *compiler.CompiledSchem return nil, err } - newCaveatDefNames.Insert(caveatDef.Name) + newCaveatDefNames.Insert(caveatDef.GetName()) } // 2) Validate the namespaces defined. @@ -57,8 +57,8 @@ func ValidateSchemaChanges(ctx context.Context, compiled *compiler.CompiledSchem return nil, err } - validatedTypeSystems[nsdef.Name] = vts - newObjectDefNames.Insert(nsdef.Name) + validatedTypeSystems[nsdef.GetName()] = vts + newObjectDefNames.Insert(nsdef.GetName()) } return &ValidatedSchemaChanges{ @@ -120,8 +120,8 @@ func ApplySchemaChangesOverExisting( existingCaveatDefNames := mapz.NewSet[string]() for _, existingCaveat := range existingCaveats { - existingCaveatDefMap[existingCaveat.Name] = existingCaveat - existingCaveatDefNames.Insert(existingCaveat.Name) + existingCaveatDefMap[existingCaveat.GetName()] = existingCaveat + existingCaveatDefNames.Insert(existingCaveat.GetName()) } // For each caveat definition, perform a diff and ensure the changes will not result in type errors. @@ -143,8 +143,8 @@ func ApplySchemaChangesOverExisting( existingObjectDefMap := make(map[string]*core.NamespaceDefinition, len(existingObjectDefs)) existingObjectDefNames := mapz.NewSet[string]() for _, existingDef := range existingObjectDefs { - existingObjectDefMap[existingDef.Name] = existingDef - existingObjectDefNames.Insert(existingDef.Name) + existingObjectDefMap[existingDef.GetName()] = existingDef + existingObjectDefNames.Insert(existingDef.GetName()) } // For each definition, perform a diff and ensure the changes will not result in any @@ -159,9 +159,9 @@ func ApplySchemaChangesOverExisting( if len(diff.Deltas()) > 0 { objectDefsWithChanges = append(objectDefsWithChanges, nsdef) - vts, ok := validated.validatedTypeSystems[nsdef.Name] + vts, ok := validated.validatedTypeSystems[nsdef.GetName()] if !ok { - return nil, spiceerrors.MustBugf("validated type system not found for namespace `%s`", nsdef.Name) + return nil, spiceerrors.MustBugf("validated type system not found for namespace `%s`", nsdef.GetName()) } if err := namespace.AnnotateNamespace(vts); err != nil { @@ -248,7 +248,7 @@ func sanityCheckCaveatChanges( existingDefs map[string]*core.CaveatDefinition, ) (*caveatdiff.Diff, error) { // Ensure that the updated namespace does not break the existing tuple data. - existing := existingDefs[caveatDef.Name] + existing := existingDefs[caveatDef.GetName()] diff, err := caveatdiff.DiffCaveats(existing, caveatDef, caveatTypeSet) if err != nil { return nil, err @@ -257,15 +257,15 @@ func sanityCheckCaveatChanges( for _, delta := range diff.Deltas() { switch delta.Type { case caveatdiff.RemovedParameter: - return diff, NewSchemaWriteDataValidationError("cannot remove parameter `%s` on caveat `%s`", []any{delta.ParameterName, caveatDef.Name}, map[string]string{ - "caveat_name": caveatDef.Name, + return diff, NewSchemaWriteDataValidationError("cannot remove parameter `%s` on caveat `%s`", []any{delta.ParameterName, caveatDef.GetName()}, map[string]string{ + "caveat_name": caveatDef.GetName(), "parameter_name": delta.ParameterName, "operation": "remove_parameter", }) case caveatdiff.ParameterTypeChanged: - return diff, NewSchemaWriteDataValidationError("cannot change the type of parameter `%s` on caveat `%s`", []any{delta.ParameterName, caveatDef.Name}, map[string]string{ - "caveat_name": caveatDef.Name, + return diff, NewSchemaWriteDataValidationError("cannot change the type of parameter `%s` on caveat `%s`", []any{delta.ParameterName, caveatDef.GetName()}, map[string]string{ + "caveat_name": caveatDef.GetName(), "parameter_name": delta.ParameterName, "operation": "change_parameter_type", }) @@ -308,7 +308,7 @@ func sanityCheckNamespaceChanges( existingDefs map[string]*core.NamespaceDefinition, ) (*nsdiff.Diff, error) { // Ensure that the updated namespace does not break the existing tuple data. - existing := existingDefs[nsdef.Name] + existing := existingDefs[nsdef.GetName()] diff, err := nsdiff.DiffNamespaces(existing, nsdef) if err != nil { return nil, err @@ -322,8 +322,8 @@ func sanityCheckNamespaceChanges( // *is* an index that has {subject_namespace, subject_relation, namespace, relation}, we can // force the datastore to use the reverse index by adding the subject filters. var previousRelation *core.Relation - for _, relation := range existing.Relation { - if relation.Name == delta.RelationName { + for _, relation := range existing.GetRelation() { + if relation.GetName() == delta.RelationName { previousRelation = relation break } @@ -333,10 +333,10 @@ func sanityCheckNamespaceChanges( return nil, spiceerrors.MustBugf("relation `%s` not found in existing namespace definition", delta.RelationName) } - subjectSelectors := make([]datastore.SubjectsSelector, 0, len(previousRelation.TypeInformation.AllowedDirectRelations)) - for _, allowedType := range previousRelation.TypeInformation.AllowedDirectRelations { + subjectSelectors := make([]datastore.SubjectsSelector, 0, len(previousRelation.GetTypeInformation().GetAllowedDirectRelations())) + for _, allowedType := range previousRelation.GetTypeInformation().GetAllowedDirectRelations() { subjectSelectors = append(subjectSelectors, datastore.SubjectsSelector{ - OptionalSubjectType: allowedType.Namespace, + OptionalSubjectType: allowedType.GetNamespace(), RelationFilter: subjectRelationFilterForAllowedType(allowedType), }) } @@ -344,7 +344,7 @@ func sanityCheckNamespaceChanges( qy, qyErr := rwt.QueryRelationships( ctx, datastore.RelationshipsFilter{ - OptionalResourceType: nsdef.Name, + OptionalResourceType: nsdef.GetName(), OptionalResourceRelation: delta.RelationName, OptionalSubjectsSelectors: subjectSelectors, }, @@ -358,9 +358,9 @@ func sanityCheckNamespaceChanges( qy, qyErr, "cannot delete relation `%s` in object definition `%s`, as at least one relationship exists under it", - []any{delta.RelationName, nsdef.Name}, + []any{delta.RelationName, nsdef.GetName()}, map[string]string{ - "resource_type": nsdef.Name, + "resource_type": nsdef.GetName(), "relation": delta.RelationName, "operation": "delete_relation", }, @@ -377,7 +377,7 @@ func sanityCheckNamespaceChanges( qy, qyErr = rwt.ReverseQueryRelationships( ctx, datastore.SubjectsFilter{ - SubjectType: nsdef.Name, + SubjectType: nsdef.GetName(), RelationFilter: datastore.SubjectRelationFilter{}.WithRelation(delta.RelationName), }, options.WithLimitForReverse(options.LimitOne), @@ -389,9 +389,9 @@ func sanityCheckNamespaceChanges( qy, qyErr, "cannot delete relation `%s` in object definition `%s`, as at least one relationship references it as part of a subject", - []any{delta.RelationName, nsdef.Name}, + []any{delta.RelationName, nsdef.GetName()}, map[string]string{ - "resource_type": nsdef.Name, + "resource_type": nsdef.GetName(), "relation": delta.RelationName, "operation": "delete_relation_reverse_check", }, @@ -407,25 +407,25 @@ func sanityCheckNamespaceChanges( optionalSubjectIds = []string{tuple.PublicWildcard} } - if delta.AllowedType.GetRequiredCaveat() != nil && delta.AllowedType.GetRequiredCaveat().CaveatName != "" { - optionalCaveatNameFilter = datastore.WithCaveatName(delta.AllowedType.GetRequiredCaveat().CaveatName) + if delta.AllowedType.GetRequiredCaveat() != nil && delta.AllowedType.GetRequiredCaveat().GetCaveatName() != "" { + optionalCaveatNameFilter = datastore.WithCaveatName(delta.AllowedType.GetRequiredCaveat().GetCaveatName()) } else { optionalCaveatNameFilter = datastore.WithNoCaveat() } expirationOption := datastore.ExpirationFilterOptionNoExpiration - if delta.AllowedType.RequiredExpiration != nil { + if delta.AllowedType.GetRequiredExpiration() != nil { expirationOption = datastore.ExpirationFilterOptionHasExpiration } qyr, qyrErr := rwt.QueryRelationships( ctx, datastore.RelationshipsFilter{ - OptionalResourceType: nsdef.Name, + OptionalResourceType: nsdef.GetName(), OptionalResourceRelation: delta.RelationName, OptionalSubjectsSelectors: []datastore.SubjectsSelector{ { - OptionalSubjectType: delta.AllowedType.Namespace, + OptionalSubjectType: delta.AllowedType.GetNamespace(), OptionalSubjectIds: optionalSubjectIds, RelationFilter: subjectRelationFilterForAllowedType(delta.AllowedType), }, @@ -441,9 +441,9 @@ func sanityCheckNamespaceChanges( qyr, qyrErr, "cannot remove allowed type `%s` from relation `%s` in object definition `%s`, as a relationship exists with it", - []any{schema.SourceForAllowedRelation(delta.AllowedType), delta.RelationName, nsdef.Name}, + []any{schema.SourceForAllowedRelation(delta.AllowedType), delta.RelationName, nsdef.GetName()}, map[string]string{ - "resource_type": nsdef.Name, + "resource_type": nsdef.GetName(), "relation": delta.RelationName, "allowed_type": schema.SourceForAllowedRelation(delta.AllowedType), "operation": "remove_allowed_type", diff --git a/internal/services/steelthreadtesting/operations.go b/internal/services/steelthreadtesting/operations.go index 11085a66e..57e8f993f 100644 --- a/internal/services/steelthreadtesting/operations.go +++ b/internal/services/steelthreadtesting/operations.go @@ -188,7 +188,7 @@ func cursoredLookupResources(parameters map[string]any, clients stClients) (any, } foundResources.Add(formatResolvedResource(resp)) - currentCursor = resp.AfterResultCursor + currentCursor = resp.GetAfterResultCursor() resultCount++ } @@ -270,8 +270,8 @@ func bulkImportExportRelationships(parameters map[string]any, clients stClients) return nil, err } - if uint64(len(importRels)) != resp.NumLoaded { - return nil, fmt.Errorf("expected %d relationships to be loaded, got %d", len(importRels), resp.NumLoaded) + if uint64(len(importRels)) != resp.GetNumLoaded() { + return nil, fmt.Errorf("expected %d relationships to be loaded, got %d", len(importRels), resp.GetNumLoaded()) } // Run bulk export and return the results. @@ -317,7 +317,7 @@ func bulkImportExportRelationships(parameters map[string]any, clients stClients) return nil, err } - for _, rel := range resp.Relationships { + for _, rel := range resp.GetRelationships() { exportedRels = append(exportedRels, yaml.Node{ Kind: yaml.ScalarNode, Value: tuple.MustV1RelString(rel), @@ -343,13 +343,13 @@ func bulkCheckPermissions(parameters map[string]any, clients stClients) (any, er var context *structpb.Struct if parsed.GetOptionalCaveat() != nil { - context = parsed.GetOptionalCaveat().Context + context = parsed.GetOptionalCaveat().GetContext() } checkRequests = append(checkRequests, &v1.CheckBulkPermissionsRequestItem{ - Resource: parsed.Resource, - Permission: parsed.Relation, - Subject: parsed.Subject, + Resource: parsed.GetResource(), + Permission: parsed.GetRelation(), + Subject: parsed.GetSubject(), Context: context, }) } @@ -367,10 +367,10 @@ func bulkCheckPermissions(parameters map[string]any, clients stClients) (any, er } respItems := make([]yaml.Node, 0) - for index, pair := range resp.Pairs { + for index, pair := range resp.GetPairs() { prefix := itemStrings[index] + " -> " if pair.GetItem() != nil { - resultStr := pair.GetItem().Permissionship.String() + resultStr := pair.GetItem().GetPermissionship().String() respItems = append(respItems, yaml.Node{ Kind: yaml.ScalarNode, Value: prefix + resultStr, @@ -379,7 +379,7 @@ func bulkCheckPermissions(parameters map[string]any, clients stClients) (any, er } else { respItems = append(respItems, yaml.Node{ Kind: yaml.ScalarNode, - Value: prefix + pair.GetError().Message, + Value: prefix + pair.GetError().GetMessage(), Style: yaml.SingleQuotedStyle, }) } @@ -417,9 +417,9 @@ var operations = map[string]stOperation{ func formatResolvedResource(resource *v1.LookupResourcesResponse) string { var sb strings.Builder - sb.WriteString(resource.ResourceObjectId) + sb.WriteString(resource.GetResourceObjectId()) - if resource.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { + if resource.GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { sb.WriteString(" (conditional)") } @@ -428,13 +428,13 @@ func formatResolvedResource(resource *v1.LookupResourcesResponse) string { func formatResolvedSubject(sub *v1.LookupSubjectsResponse) string { var sb strings.Builder - sb.WriteString(sub.Subject.SubjectObjectId) + sb.WriteString(sub.GetSubject().GetSubjectObjectId()) - if len(sub.ExcludedSubjects) > 0 { - excludedSubjectStrings := make([]string, 0, len(sub.ExcludedSubjects)) - for _, excluded := range sub.ExcludedSubjects { - excludedSubjectString := excluded.SubjectObjectId - if excluded.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { + if len(sub.GetExcludedSubjects()) > 0 { + excludedSubjectStrings := make([]string, 0, len(sub.GetExcludedSubjects())) + for _, excluded := range sub.GetExcludedSubjects() { + excludedSubjectString := excluded.GetSubjectObjectId() + if excluded.GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { excludedSubjectString += " (conditional)" } @@ -447,7 +447,7 @@ func formatResolvedSubject(sub *v1.LookupSubjectsResponse) string { sb.WriteString("]") } - if sub.Subject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { + if sub.GetSubject().GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION { sb.WriteString(" (conditional)") } diff --git a/internal/services/v1/bulkcheck.go b/internal/services/v1/bulkcheck.go index 0d103d007..5e7f5fba6 100644 --- a/internal/services/v1/bulkcheck.go +++ b/internal/services/v1/bulkcheck.go @@ -46,25 +46,25 @@ type bulkChecker struct { const maxBulkCheckCount = 10000 func (bc *bulkChecker) checkBulkPermissions(ctx context.Context, req *v1.CheckBulkPermissionsRequest) (*v1.CheckBulkPermissionsResponse, error) { - telemetry.LogicalChecks.Add(float64(len(req.Items))) + telemetry.LogicalChecks.Add(float64(len(req.GetItems()))) atRevision, checkedAt, err := consistency.RevisionFromContext(ctx) if err != nil { return nil, err } - if len(req.Items) > maxBulkCheckCount { - return nil, NewExceedsMaximumChecksErr(uint64(len(req.Items)), maxBulkCheckCount) + if len(req.GetItems()) > maxBulkCheckCount { + return nil, NewExceedsMaximumChecksErr(uint64(len(req.GetItems())), maxBulkCheckCount) } // Compute a hash for each requested item and record its index(es) for the items, to be used for sorting of results. - itemCount, err := genutil.EnsureUInt32(len(req.Items)) + itemCount, err := genutil.EnsureUInt32(len(req.GetItems())) if err != nil { return nil, err } itemIndexByHash := mapz.NewMultiMapWithCap[string, int](itemCount) - for index, item := range req.Items { + for index, item := range req.GetItems() { itemHash, err := computeCheckBulkPermissionsItemHash(item) if err != nil { return nil, err @@ -79,8 +79,8 @@ func (bc *bulkChecker) checkBulkPermissions(ctx context.Context, req *v1.CheckBu atRevision: atRevision, maxCaveatContextSize: bc.maxCaveatContextSize, maximumAPIDepth: bc.maxAPIDepth, - withTracing: req.WithTracing, - }, req.Items) + withTracing: req.GetWithTracing(), + }, req.GetItems()) if err != nil { return nil, err } @@ -101,10 +101,10 @@ func (bc *bulkChecker) checkBulkPermissions(ctx context.Context, req *v1.CheckBu } usagemetrics.SetInContext(ctx, respMetadata) - orderedPairs := make([]*v1.CheckBulkPermissionsPair, len(req.Items)) + orderedPairs := make([]*v1.CheckBulkPermissionsPair, len(req.GetItems())) addPair := func(pair *v1.CheckBulkPermissionsPair) error { - pairItemHash, err := computeCheckBulkPermissionsItemHash(pair.Request) + pairItemHash, err := computeCheckBulkPermissionsItemHash(pair.GetRequest()) if err != nil { return err } @@ -180,7 +180,7 @@ func (bc *bulkChecker) checkBulkPermissions(ctx context.Context, req *v1.CheckBu // Find the debug info that matches the resource ID. var debugInfo *dispatchv1.DebugInformation for _, di := range debugInfos { - if slices.Contains(di.Check.Request.ResourceIds, resourceID) { + if slices.Contains(di.GetCheck().GetRequest().GetResourceIds(), resourceID) { debugInfo = di break } @@ -196,21 +196,21 @@ func (bc *bulkChecker) checkBulkPermissions(ctx context.Context, req *v1.CheckBu wrappedDebugInfo := &dispatchv1.DebugInformation{ Check: &dispatchv1.CheckDebugTrace{ Request: &dispatchv1.DispatchCheckRequest{ - ResourceRelation: debugInfo.Check.Request.ResourceRelation, + ResourceRelation: debugInfo.GetCheck().GetRequest().GetResourceRelation(), ResourceIds: []string{resourceID}, - Subject: debugInfo.Check.Request.Subject, - ResultsSetting: debugInfo.Check.Request.ResultsSetting, - Debug: debugInfo.Check.Request.Debug, + Subject: debugInfo.GetCheck().GetRequest().GetSubject(), + ResultsSetting: debugInfo.GetCheck().GetRequest().GetResultsSetting(), + Debug: debugInfo.GetCheck().GetRequest().GetDebug(), }, - ResourceRelationType: debugInfo.Check.ResourceRelationType, + ResourceRelationType: debugInfo.GetCheck().GetResourceRelationType(), IsCachedResult: false, SubProblems: []*dispatchv1.CheckDebugTrace{ - debugInfo.Check, + debugInfo.GetCheck(), }, Results: localResults, Duration: durationpb.New(time.Duration(0)), TraceId: graph.NewTraceID(), - SourceId: debugInfo.Check.SourceId, + SourceId: debugInfo.GetCheck().GetSourceId(), }, } @@ -236,8 +236,8 @@ func (bc *bulkChecker) checkBulkPermissions(ctx context.Context, req *v1.CheckBu } } - respMetadata.DispatchCount += metadata.DispatchCount - respMetadata.CachedDispatchCount += metadata.CachedDispatchCount + respMetadata.DispatchCount += metadata.GetDispatchCount() + respMetadata.CachedDispatchCount += metadata.GetCachedDispatchCount() return nil } @@ -296,13 +296,13 @@ func (bc *bulkChecker) checkBulkPermissions(ctx context.Context, req *v1.CheckBu } func toCheckBulkPermissionsRequest(req *v1.BulkCheckPermissionRequest) *v1.CheckBulkPermissionsRequest { - items := make([]*v1.CheckBulkPermissionsRequestItem, len(req.Items)) - for i, item := range req.Items { + items := make([]*v1.CheckBulkPermissionsRequestItem, len(req.GetItems())) + for i, item := range req.GetItems() { items[i] = &v1.CheckBulkPermissionsRequestItem{ - Resource: item.Resource, - Permission: item.Permission, - Subject: item.Subject, - Context: item.Context, + Resource: item.GetResource(), + Permission: item.GetPermission(), + Subject: item.GetSubject(), + Context: item.GetContext(), } } @@ -310,22 +310,22 @@ func toCheckBulkPermissionsRequest(req *v1.BulkCheckPermissionRequest) *v1.Check } func toBulkCheckPermissionResponse(resp *v1.CheckBulkPermissionsResponse) *v1.BulkCheckPermissionResponse { - pairs := make([]*v1.BulkCheckPermissionPair, len(resp.Pairs)) - for i, pair := range resp.Pairs { + pairs := make([]*v1.BulkCheckPermissionPair, len(resp.GetPairs())) + for i, pair := range resp.GetPairs() { pairs[i] = &v1.BulkCheckPermissionPair{} pairs[i].Request = &v1.BulkCheckPermissionRequestItem{ - Resource: pair.Request.Resource, - Permission: pair.Request.Permission, - Subject: pair.Request.Subject, - Context: pair.Request.Context, + Resource: pair.GetRequest().GetResource(), + Permission: pair.GetRequest().GetPermission(), + Subject: pair.GetRequest().GetSubject(), + Context: pair.GetRequest().GetContext(), } - switch t := pair.Response.(type) { + switch t := pair.GetResponse().(type) { case *v1.CheckBulkPermissionsPair_Item: pairs[i].Response = &v1.BulkCheckPermissionPair_Item{ Item: &v1.BulkCheckPermissionResponseItem{ - Permissionship: t.Item.Permissionship, - PartialCaveatInfo: t.Item.PartialCaveatInfo, + Permissionship: t.Item.GetPermissionship(), + PartialCaveatInfo: t.Item.GetPartialCaveatInfo(), }, } case *v1.CheckBulkPermissionsPair_Error: @@ -338,7 +338,7 @@ func toBulkCheckPermissionResponse(resp *v1.CheckBulkPermissionsResponse) *v1.Bu } return &v1.BulkCheckPermissionResponse{ - CheckedAt: resp.CheckedAt, + CheckedAt: resp.GetCheckedAt(), Pairs: pairs, } } diff --git a/internal/services/v1/debug.go b/internal/services/v1/debug.go index c4f2154b8..c37017a9c 100644 --- a/internal/services/v1/debug.go +++ b/internal/services/v1/debug.go @@ -76,7 +76,7 @@ func convertCheckDispatchDebugInformationWithSchema( caveatTypeSet *caveattypes.TypeSet, schema string, ) (*v1.DebugInformation, error) { - converted, err := convertCheckTrace(ctx, caveatContext, debugInfo.Check, reader, caveatTypeSet) + converted, err := convertCheckTrace(ctx, caveatContext, debugInfo.GetCheck(), reader, caveatTypeSet) if err != nil { return nil, err } @@ -89,27 +89,27 @@ func convertCheckDispatchDebugInformationWithSchema( func convertCheckTrace(ctx context.Context, caveatContext map[string]any, ct *dispatch.CheckDebugTrace, reader datastore.Reader, caveatTypeSet *caveattypes.TypeSet) (*v1.CheckDebugTrace, error) { permissionType := v1.CheckDebugTrace_PERMISSION_TYPE_UNSPECIFIED - switch ct.ResourceRelationType { + switch ct.GetResourceRelationType() { case dispatch.CheckDebugTrace_PERMISSION: permissionType = v1.CheckDebugTrace_PERMISSION_TYPE_PERMISSION case dispatch.CheckDebugTrace_RELATION: permissionType = v1.CheckDebugTrace_PERMISSION_TYPE_RELATION } - subRelation := ct.Request.Subject.Relation + subRelation := ct.GetRequest().GetSubject().GetRelation() if subRelation == tuple.Ellipsis { subRelation = "" } permissionship := v1.CheckDebugTrace_PERMISSIONSHIP_NO_PERMISSION var partialResults []*dispatch.ResourceCheckResult - for _, checkResult := range ct.Results { - if checkResult.Membership == dispatch.ResourceCheckResult_MEMBER { + for _, checkResult := range ct.GetResults() { + if checkResult.GetMembership() == dispatch.ResourceCheckResult_MEMBER { permissionship = v1.CheckDebugTrace_PERMISSIONSHIP_HAS_PERMISSION break } - if checkResult.Membership == dispatch.ResourceCheckResult_CAVEATED_MEMBER && permissionship != v1.CheckDebugTrace_PERMISSIONSHIP_HAS_PERMISSION { + if checkResult.GetMembership() == dispatch.ResourceCheckResult_CAVEATED_MEMBER && permissionship != v1.CheckDebugTrace_PERMISSIONSHIP_HAS_PERMISSION { permissionship = v1.CheckDebugTrace_PERMISSIONSHIP_CONDITIONAL_PERMISSION partialResults = append(partialResults, checkResult) } @@ -121,11 +121,11 @@ func convertCheckTrace(ctx context.Context, caveatContext map[string]any, ct *di // evaluation. In that case, we skip re-evaluating here. // TODO(jschorr): Add support for evaluating *each* result distinctly. if permissionship == v1.CheckDebugTrace_PERMISSIONSHIP_CONDITIONAL_PERMISSION && len(partialResults) == 1 && - len(partialResults[0].MissingExprFields) == 0 { + len(partialResults[0].GetMissingExprFields()) == 0 { partialCheckResult := partialResults[0] - spiceerrors.DebugAssertNotNilf(partialCheckResult.Expression, "got nil caveat expression") + spiceerrors.DebugAssertNotNilf(partialCheckResult.GetExpression(), "got nil caveat expression") - computedResult, err := cexpr.RunSingleCaveatExpression(ctx, caveatTypeSet, partialCheckResult.Expression, caveatContext, reader, cexpr.RunCaveatExpressionWithDebugInformation) + computedResult, err := cexpr.RunSingleCaveatExpression(ctx, caveatTypeSet, partialCheckResult.GetExpression(), caveatContext, reader, cexpr.RunCaveatExpressionWithDebugInformation) if err != nil { return nil, err } @@ -148,8 +148,8 @@ func convertCheckTrace(ctx context.Context, caveatContext map[string]any, ct *di } caveatName := "" - if partialCheckResult.Expression.GetCaveat() != nil { - caveatName = partialCheckResult.Expression.GetCaveat().CaveatName + if partialCheckResult.GetExpression().GetCaveat() != nil { + caveatName = partialCheckResult.GetExpression().GetCaveat().GetCaveatName() } caveatEvalInfo = &v1.CaveatEvalInfo{ @@ -164,11 +164,11 @@ func convertCheckTrace(ctx context.Context, caveatContext map[string]any, ct *di // If there is more than a single result, mark the overall permissionship // as unspecified if *all* results needed to be true and at least one is not. permissionshipResult := permissionship - if len(ct.Request.ResourceIds) > 1 && ct.Request.ResultsSetting == dispatch.DispatchCheckRequest_REQUIRE_ALL_RESULTS { + if len(ct.GetRequest().GetResourceIds()) > 1 && ct.GetRequest().GetResultsSetting() == dispatch.DispatchCheckRequest_REQUIRE_ALL_RESULTS { permissionshipsFound := mapz.NewSet[dispatch.ResourceCheckResult_Membership]() - for _, resourceID := range ct.Request.ResourceIds { - if result, ok := ct.Results[resourceID]; ok { - permissionshipsFound.Add(result.Membership) + for _, resourceID := range ct.GetRequest().GetResourceIds() { + if result, ok := ct.GetResults()[resourceID]; ok { + permissionshipsFound.Add(result.GetMembership()) } else { permissionshipsFound.Add(dispatch.ResourceCheckResult_NOT_MEMBER) } @@ -179,9 +179,9 @@ func convertCheckTrace(ctx context.Context, caveatContext map[string]any, ct *di } } - if len(ct.SubProblems) > 0 { - subProblems := make([]*v1.CheckDebugTrace, 0, len(ct.SubProblems)) - for _, subProblem := range ct.SubProblems { + if len(ct.GetSubProblems()) > 0 { + subProblems := make([]*v1.CheckDebugTrace, 0, len(ct.GetSubProblems())) + for _, subProblem := range ct.GetSubProblems() { converted, err := convertCheckTrace(ctx, caveatContext, subProblem, reader, caveatTypeSet) if err != nil { return nil, err @@ -191,21 +191,21 @@ func convertCheckTrace(ctx context.Context, caveatContext map[string]any, ct *di } slices.SortFunc(subProblems, func(a, b *v1.CheckDebugTrace) int { - return cmp.Compare(tuple.V1StringObjectRef(a.Resource), tuple.V1StringObjectRef(a.Resource)) + return cmp.Compare(tuple.V1StringObjectRef(a.GetResource()), tuple.V1StringObjectRef(a.GetResource())) }) return &v1.CheckDebugTrace{ - TraceOperationId: ct.TraceId, + TraceOperationId: ct.GetTraceId(), Resource: &v1.ObjectReference{ - ObjectType: ct.Request.ResourceRelation.Namespace, - ObjectId: strings.Join(ct.Request.ResourceIds, ","), + ObjectType: ct.GetRequest().GetResourceRelation().GetNamespace(), + ObjectId: strings.Join(ct.GetRequest().GetResourceIds(), ","), }, - Permission: ct.Request.ResourceRelation.Relation, + Permission: ct.GetRequest().GetResourceRelation().GetRelation(), PermissionType: permissionType, Subject: &v1.SubjectReference{ Object: &v1.ObjectReference{ - ObjectType: ct.Request.Subject.Namespace, - ObjectId: ct.Request.Subject.ObjectId, + ObjectType: ct.GetRequest().GetSubject().GetNamespace(), + ObjectId: ct.GetRequest().GetSubject().GetObjectId(), }, OptionalRelation: subRelation, }, @@ -216,32 +216,32 @@ func convertCheckTrace(ctx context.Context, caveatContext map[string]any, ct *di Traces: subProblems, }, }, - Duration: ct.Duration, - Source: ct.SourceId, + Duration: ct.GetDuration(), + Source: ct.GetSourceId(), }, nil } return &v1.CheckDebugTrace{ - TraceOperationId: ct.TraceId, + TraceOperationId: ct.GetTraceId(), Resource: &v1.ObjectReference{ - ObjectType: ct.Request.ResourceRelation.Namespace, - ObjectId: strings.Join(ct.Request.ResourceIds, ","), + ObjectType: ct.GetRequest().GetResourceRelation().GetNamespace(), + ObjectId: strings.Join(ct.GetRequest().GetResourceIds(), ","), }, - Permission: ct.Request.ResourceRelation.Relation, + Permission: ct.GetRequest().GetResourceRelation().GetRelation(), PermissionType: permissionType, Subject: &v1.SubjectReference{ Object: &v1.ObjectReference{ - ObjectType: ct.Request.Subject.Namespace, - ObjectId: ct.Request.Subject.ObjectId, + ObjectType: ct.GetRequest().GetSubject().GetNamespace(), + ObjectId: ct.GetRequest().GetSubject().GetObjectId(), }, OptionalRelation: subRelation, }, CaveatEvaluationInfo: caveatEvalInfo, Result: permissionshipResult, Resolution: &v1.CheckDebugTrace_WasCachedResult{ - WasCachedResult: ct.IsCachedResult, + WasCachedResult: ct.GetIsCachedResult(), }, - Duration: ct.Duration, - Source: ct.SourceId, + Duration: ct.GetDuration(), + Source: ct.GetSourceId(), }, nil } diff --git a/internal/services/v1/debug_test.go b/internal/services/v1/debug_test.go index 7259ac30a..4a2a09904 100644 --- a/internal/services/v1/debug_test.go +++ b/internal/services/v1/debug_test.go @@ -46,9 +46,9 @@ type debugCheckInfo struct { func expectDebugFrames(permissionNames ...string) rda { return func(req *require.Assertions, debugInfo *v1.DebugInformation) { found := mapz.NewSet[string]() - for _, sp := range debugInfo.Check.GetSubProblems().Traces { + for _, sp := range debugInfo.GetCheck().GetSubProblems().GetTraces() { for _, permissionName := range permissionNames { - if sp.Permission == permissionName { + if sp.GetPermission() == permissionName { found.Insert(permissionName) } } @@ -64,27 +64,27 @@ func expectDebugFrames(permissionNames ...string) rda { func expectCaveat(caveatExpression string) rda { return func(req *require.Assertions, debugInfo *v1.DebugInformation) { - req.Equal(caveatExpression, debugInfo.Check.CaveatEvaluationInfo.Expression) + req.Equal(caveatExpression, debugInfo.GetCheck().GetCaveatEvaluationInfo().GetExpression()) } } func expectMissingContext(context ...string) rda { sort.Strings(context) return func(req *require.Assertions, debugInfo *v1.DebugInformation) { - missing := debugInfo.Check.CaveatEvaluationInfo.PartialCaveatInfo.MissingRequiredContext + missing := debugInfo.GetCheck().GetCaveatEvaluationInfo().GetPartialCaveatInfo().GetMissingRequiredContext() sort.Strings(missing) req.Equal(context, missing) } } func findFrame(checkTrace *v1.CheckDebugTrace, resourceType string, permissionName string) *v1.CheckDebugTrace { - if checkTrace.Resource.ObjectType == resourceType && checkTrace.Permission == permissionName { + if checkTrace.GetResource().GetObjectType() == resourceType && checkTrace.GetPermission() == permissionName { return checkTrace } subProblems := checkTrace.GetSubProblems() if subProblems != nil { - for _, sp := range subProblems.Traces { + for _, sp := range subProblems.GetTraces() { found := findFrame(sp, resourceType, permissionName) if found != nil { return found @@ -291,13 +291,13 @@ func TestCheckPermissionWithDebug(t *testing.T) { expectDebugFrames("viewer"), func(req *require.Assertions, debugInfo *v1.DebugInformation) { // Ensure that all the resource IDs are batched into a single frame. - found := findFrame(debugInfo.Check, "folder", "fview") + found := findFrame(debugInfo.GetCheck(), "folder", "fview") req.NotNil(found) - req.Len(strings.Split(found.Resource.ObjectId, ","), 6) + req.Len(strings.Split(found.GetResource().GetObjectId(), ","), 6) // Ensure there are no more than 2 subframes, to verify we haven't // accidentally fanned out. - req.LessOrEqual(2, len(found.GetSubProblems().Traces)) + req.LessOrEqual(2, len(found.GetSubProblems().GetTraces())) }, }, }, @@ -518,7 +518,7 @@ func TestCheckPermissionWithDebug(t *testing.T) { }, grpc.Trailer(&trailer)) req.NoError(err) - req.Equal(stc.expectedPermission, checkResp.Permissionship) + req.Equal(stc.expectedPermission, checkResp.GetPermissionship()) encodedDebugInfo, err := responsemeta.GetResponseTrailerMetadataOrNil(trailer, responsemeta.DebugInformation) req.NoError(err) @@ -526,15 +526,15 @@ func TestCheckPermissionWithDebug(t *testing.T) { // DebugInfo No longer comes as part of the trailer req.Nil(encodedDebugInfo) - debugInfo := checkResp.DebugTrace - req.NotEmpty(debugInfo.SchemaUsed) + debugInfo := checkResp.GetDebugTrace() + req.NotEmpty(debugInfo.GetSchemaUsed()) - req.Equal(stc.checkRequest.resource.ObjectType, debugInfo.Check.Resource.ObjectType) - req.Equal(stc.checkRequest.resource.ObjectId, debugInfo.Check.Resource.ObjectId) - req.Equal(stc.checkRequest.permission, debugInfo.Check.Permission) + req.Equal(stc.checkRequest.resource.GetObjectType(), debugInfo.GetCheck().GetResource().GetObjectType()) + req.Equal(stc.checkRequest.resource.GetObjectId(), debugInfo.GetCheck().GetResource().GetObjectId()) + req.Equal(stc.checkRequest.permission, debugInfo.GetCheck().GetPermission()) - if debugInfo.Check.GetSubProblems() != nil { - req.GreaterOrEqual(len(debugInfo.Check.GetSubProblems().Traces), stc.expectedMinimumSubProblemCount, "found traces: %s", prototext.Format(debugInfo.Check)) + if debugInfo.GetCheck().GetSubProblems() != nil { + req.GreaterOrEqual(len(debugInfo.GetCheck().GetSubProblems().GetTraces()), stc.expectedMinimumSubProblemCount, "found traces: %s", prototext.Format(debugInfo.GetCheck())) } else { req.Equal(0, stc.expectedMinimumSubProblemCount) } @@ -562,7 +562,7 @@ type frameInfo struct { func expectOrderedFrames(frames ...frameInfo) rda { return func(req *require.Assertions, debugInfo *v1.DebugInformation) { - expectFrames(req, frames, debugInfo.Check) + expectFrames(req, frames, debugInfo.GetCheck()) } } @@ -572,15 +572,15 @@ func expectFrames(req *require.Assertions, frames []frameInfo, check *v1.CheckDe } frame := frames[0] - req.Equal(frame.resourceType, check.Resource.ObjectType) - req.Equal(frame.resourceIDs, strings.Split(check.Resource.ObjectId, ",")) - req.Equal(frame.permission, check.Permission) - req.Equal(frame.permissionship, check.Result, "frame: %s", prototext.Format(check)) + req.Equal(frame.resourceType, check.GetResource().GetObjectType()) + req.Equal(frame.resourceIDs, strings.Split(check.GetResource().GetObjectId(), ",")) + req.Equal(frame.permission, check.GetPermission()) + req.Equal(frame.permissionship, check.GetResult(), "frame: %s", prototext.Format(check)) remainingFrames := frames[1:] if len(remainingFrames) > 0 { req.NotNil(check.GetSubProblems(), "expected subproblems") - expectFrames(req, remainingFrames, check.GetSubProblems().Traces[0]) + expectFrames(req, remainingFrames, check.GetSubProblems().GetTraces()[0]) } } @@ -897,9 +897,9 @@ func TestBulkCheckPermissionWithDebug(t *testing.T) { for _, bci := range tc.toTest { parsed := tuple.MustParseV1Rel(bci.toCheck) items = append(items, &v1.CheckBulkPermissionsRequestItem{ - Resource: parsed.Resource, - Permission: parsed.Relation, - Subject: parsed.Subject, + Resource: parsed.GetResource(), + Permission: parsed.GetRelation(), + Subject: parsed.GetSubject(), }) } @@ -916,7 +916,7 @@ func TestBulkCheckPermissionWithDebug(t *testing.T) { for idx, bci := range tc.toTest { pair := checkResp.GetPairs()[idx] - debugInfo := pair.GetItem().DebugTrace + debugInfo := pair.GetItem().GetDebugTrace() for _, rda := range bci.rda { rda(req, debugInfo) diff --git a/internal/services/v1/debug_unit_test.go b/internal/services/v1/debug_unit_test.go index 3782df0c7..10486d4e1 100644 --- a/internal/services/v1/debug_unit_test.go +++ b/internal/services/v1/debug_unit_test.go @@ -77,8 +77,8 @@ func TestConvertCheckTrace_MultipleResourceIds_RequireAllResults(t *testing.T) { req.NoError(err) // Verify the expected result - req.Equal(tt.expectedResult, converted.Result) - req.Equal("resource1,resource2,resource3", converted.Resource.ObjectId) + req.Equal(tt.expectedResult, converted.GetResult()) + req.Equal("resource1,resource2,resource3", converted.GetResource().GetObjectId()) }) } } diff --git a/internal/services/v1/errors.go b/internal/services/v1/errors.go index bd2b76aa5..fec831c4b 100644 --- a/internal/services/v1/errors.go +++ b/internal/services/v1/errors.go @@ -185,34 +185,34 @@ func NewPreconditionFailedErr(precondition *v1.Precondition) error { // GRPCStatus implements retrieving the gRPC status for the error. func (err PreconditionFailedError) GRPCStatus() *status.Status { metadata := map[string]string{ - "precondition_operation": v1.Precondition_Operation_name[int32(err.precondition.Operation)], + "precondition_operation": v1.Precondition_Operation_name[int32(err.precondition.GetOperation())], } - if err.precondition.Filter.ResourceType != "" { - metadata["precondition_resource_type"] = err.precondition.Filter.ResourceType + if err.precondition.GetFilter().GetResourceType() != "" { + metadata["precondition_resource_type"] = err.precondition.GetFilter().GetResourceType() } - if err.precondition.Filter.OptionalResourceId != "" { - metadata["precondition_resource_id"] = err.precondition.Filter.OptionalResourceId + if err.precondition.GetFilter().GetOptionalResourceId() != "" { + metadata["precondition_resource_id"] = err.precondition.GetFilter().GetOptionalResourceId() } - if err.precondition.Filter.OptionalResourceIdPrefix != "" { - metadata["precondition_resource_id_prefix"] = err.precondition.Filter.OptionalResourceIdPrefix + if err.precondition.GetFilter().GetOptionalResourceIdPrefix() != "" { + metadata["precondition_resource_id_prefix"] = err.precondition.GetFilter().GetOptionalResourceIdPrefix() } - if err.precondition.Filter.OptionalRelation != "" { - metadata["precondition_relation"] = err.precondition.Filter.OptionalRelation + if err.precondition.GetFilter().GetOptionalRelation() != "" { + metadata["precondition_relation"] = err.precondition.GetFilter().GetOptionalRelation() } - if err.precondition.Filter.OptionalSubjectFilter != nil { - metadata["precondition_subject_type"] = err.precondition.Filter.OptionalSubjectFilter.SubjectType + if err.precondition.GetFilter().GetOptionalSubjectFilter() != nil { + metadata["precondition_subject_type"] = err.precondition.GetFilter().GetOptionalSubjectFilter().GetSubjectType() - if err.precondition.Filter.OptionalSubjectFilter.OptionalSubjectId != "" { - metadata["precondition_subject_id"] = err.precondition.Filter.OptionalSubjectFilter.OptionalSubjectId + if err.precondition.GetFilter().GetOptionalSubjectFilter().GetOptionalSubjectId() != "" { + metadata["precondition_subject_id"] = err.precondition.GetFilter().GetOptionalSubjectFilter().GetOptionalSubjectId() } - if err.precondition.Filter.OptionalSubjectFilter.OptionalRelation != nil { - metadata["precondition_subject_relation"] = err.precondition.Filter.OptionalSubjectFilter.OptionalRelation.Relation + if err.precondition.GetFilter().GetOptionalSubjectFilter().GetOptionalRelation() != nil { + metadata["precondition_subject_relation"] = err.precondition.GetFilter().GetOptionalSubjectFilter().GetOptionalRelation().GetRelation() } } @@ -237,7 +237,7 @@ func NewDuplicateRelationshipErr(update *v1.RelationshipUpdate) DuplicateRelatio return DuplicateRelationErrorshipError{ error: fmt.Errorf( "found more than one update with relationship `%s` in this request; a relationship can only be specified in an update once per overall WriteRelationships request", - tuple.V1StringRelationshipWithoutCaveatOrExpiration(update.Relationship), + tuple.V1StringRelationshipWithoutCaveatOrExpiration(update.GetRelationship()), ), update: update, } @@ -251,8 +251,8 @@ func (err DuplicateRelationErrorshipError) GRPCStatus() *status.Status { spiceerrors.ForReason( v1.ErrorReason_ERROR_REASON_UPDATES_ON_SAME_RELATIONSHIP, map[string]string{ - "definition_name": err.update.Relationship.Resource.ObjectType, - "relationship": tuple.MustV1StringRelationship(err.update.Relationship), + "definition_name": err.update.GetRelationship().GetResource().GetObjectType(), + "relationship": tuple.MustV1StringRelationship(err.update.GetRelationship()), }, ), ) @@ -271,7 +271,7 @@ func NewMaxRelationshipContextError(update *v1.RelationshipUpdate, maxAllowedSiz return ErrMaxRelationshipContextError{ error: fmt.Errorf( "provided relationship `%s` exceeded maximum allowed caveat size of %d", - tuple.V1StringRelationshipWithoutCaveatOrExpiration(update.Relationship), + tuple.V1StringRelationshipWithoutCaveatOrExpiration(update.GetRelationship()), maxAllowedSize, ), update: update, @@ -287,9 +287,9 @@ func (err ErrMaxRelationshipContextError) GRPCStatus() *status.Status { spiceerrors.ForReason( v1.ErrorReason_ERROR_REASON_MAX_RELATIONSHIP_CONTEXT_SIZE, map[string]string{ - "relationship": tuple.V1StringRelationshipWithoutCaveatOrExpiration(err.update.Relationship), + "relationship": tuple.V1StringRelationshipWithoutCaveatOrExpiration(err.update.GetRelationship()), "max_allowed_size": strconv.Itoa(err.maxAllowedSize), - "context_size": strconv.Itoa(proto.Size(err.update.Relationship)), + "context_size": strconv.Itoa(proto.Size(err.update.GetRelationship())), }, ), ) @@ -318,26 +318,26 @@ func NewCouldNotTransactionallyDeleteErr(filter *v1.RelationshipFilter, limit ui func (err CouldNotTransactionallyDeleteError) GRPCStatus() *status.Status { metadata := map[string]string{ "limit": strconv.Itoa(int(err.limit)), - "filter_resource_type": err.filter.ResourceType, + "filter_resource_type": err.filter.GetResourceType(), } - if err.filter.OptionalResourceId != "" { - metadata["filter_resource_id"] = err.filter.OptionalResourceId + if err.filter.GetOptionalResourceId() != "" { + metadata["filter_resource_id"] = err.filter.GetOptionalResourceId() } - if err.filter.OptionalRelation != "" { - metadata["filter_relation"] = err.filter.OptionalRelation + if err.filter.GetOptionalRelation() != "" { + metadata["filter_relation"] = err.filter.GetOptionalRelation() } - if err.filter.OptionalSubjectFilter != nil { - metadata["filter_subject_type"] = err.filter.OptionalSubjectFilter.SubjectType + if err.filter.GetOptionalSubjectFilter() != nil { + metadata["filter_subject_type"] = err.filter.GetOptionalSubjectFilter().GetSubjectType() - if err.filter.OptionalSubjectFilter.OptionalSubjectId != "" { - metadata["filter_subject_id"] = err.filter.OptionalSubjectFilter.OptionalSubjectId + if err.filter.GetOptionalSubjectFilter().GetOptionalSubjectId() != "" { + metadata["filter_subject_id"] = err.filter.GetOptionalSubjectFilter().GetOptionalSubjectId() } - if err.filter.OptionalSubjectFilter.OptionalRelation != nil { - metadata["filter_subject_relation"] = err.filter.OptionalSubjectFilter.OptionalRelation.Relation + if err.filter.GetOptionalSubjectFilter().GetOptionalRelation() != nil { + metadata["filter_subject_relation"] = err.filter.GetOptionalSubjectFilter().GetOptionalRelation().GetRelation() } } diff --git a/internal/services/v1/experimental.go b/internal/services/v1/experimental.go index 8eb2d52f2..07214b12a 100644 --- a/internal/services/v1/experimental.go +++ b/internal/services/v1/experimental.go @@ -160,7 +160,7 @@ func (a *bulkLoadAdapter) Next(_ context.Context) (*tuple.Relationship, error) { return nil, a.err } - a.currentBatch = batch.Relationships + a.currentBatch = batch.GetRelationships() a.numSent = 0 a.awaitingNamespaces, a.awaitingCaveats = extractBatchNewReferencedNamespacesAndCaveats( @@ -175,23 +175,23 @@ func (a *bulkLoadAdapter) Next(_ context.Context) (*tuple.Relationship, error) { return nil, nil } - a.current.Resource.ObjectType = a.currentBatch[a.numSent].Resource.ObjectType - a.current.Resource.ObjectID = a.currentBatch[a.numSent].Resource.ObjectId - a.current.Resource.Relation = a.currentBatch[a.numSent].Relation - a.current.Subject.ObjectType = a.currentBatch[a.numSent].Subject.Object.ObjectType - a.current.Subject.ObjectID = a.currentBatch[a.numSent].Subject.Object.ObjectId - a.current.Subject.Relation = cmp.Or(a.currentBatch[a.numSent].Subject.OptionalRelation, tuple.Ellipsis) + a.current.Resource.ObjectType = a.currentBatch[a.numSent].GetResource().GetObjectType() + a.current.Resource.ObjectID = a.currentBatch[a.numSent].GetResource().GetObjectId() + a.current.Resource.Relation = a.currentBatch[a.numSent].GetRelation() + a.current.Subject.ObjectType = a.currentBatch[a.numSent].GetSubject().GetObject().GetObjectType() + a.current.Subject.ObjectID = a.currentBatch[a.numSent].GetSubject().GetObject().GetObjectId() + a.current.Subject.Relation = cmp.Or(a.currentBatch[a.numSent].GetSubject().GetOptionalRelation(), tuple.Ellipsis) - if a.currentBatch[a.numSent].OptionalCaveat != nil { - a.caveat.CaveatName = a.currentBatch[a.numSent].OptionalCaveat.CaveatName - a.caveat.Context = a.currentBatch[a.numSent].OptionalCaveat.Context + if a.currentBatch[a.numSent].GetOptionalCaveat() != nil { + a.caveat.CaveatName = a.currentBatch[a.numSent].GetOptionalCaveat().GetCaveatName() + a.caveat.Context = a.currentBatch[a.numSent].GetOptionalCaveat().GetContext() a.current.OptionalCaveat = &a.caveat } else { a.current.OptionalCaveat = nil } - if a.currentBatch[a.numSent].OptionalExpiresAt != nil { - t := a.currentBatch[a.numSent].OptionalExpiresAt.AsTime() + if a.currentBatch[a.numSent].GetOptionalExpiresAt() != nil { + t := a.currentBatch[a.numSent].GetOptionalExpiresAt().AsTime() a.current.OptionalExpiration = &t } else { a.current.OptionalExpiration = nil @@ -221,15 +221,15 @@ func extractBatchNewReferencedNamespacesAndCaveats( newNamespaces := make(map[string]struct{}, 2) newCaveats := make(map[string]struct{}, 0) for _, rel := range batch { - if _, ok := existingNamespaces[rel.Resource.ObjectType]; !ok { - newNamespaces[rel.Resource.ObjectType] = struct{}{} + if _, ok := existingNamespaces[rel.GetResource().GetObjectType()]; !ok { + newNamespaces[rel.GetResource().GetObjectType()] = struct{}{} } - if _, ok := existingNamespaces[rel.Subject.Object.ObjectType]; !ok { - newNamespaces[rel.Subject.Object.ObjectType] = struct{}{} + if _, ok := existingNamespaces[rel.GetSubject().GetObject().GetObjectType()]; !ok { + newNamespaces[rel.GetSubject().GetObject().GetObjectType()] = struct{}{} } - if rel.OptionalCaveat != nil { - if _, ok := existingCaveats[rel.OptionalCaveat.CaveatName]; !ok { - newCaveats[rel.OptionalCaveat.CaveatName] = struct{}{} + if rel.GetOptionalCaveat() != nil { + if _, ok := existingCaveats[rel.GetOptionalCaveat().GetCaveatName()]; !ok { + newCaveats[rel.GetOptionalCaveat().GetCaveatName()] = struct{}{} } } } @@ -277,7 +277,7 @@ func (es *experimentalServer) BulkImportRelationships(stream v1.ExperimentalServ return err } - loadedNamespaces[nsDef.Definition.Name] = newDef + loadedNamespaces[nsDef.Definition.GetName()] = newDef } adapter.awaitingNamespaces = nil } @@ -289,7 +289,7 @@ func (es *experimentalServer) BulkImportRelationships(stream v1.ExperimentalServ } for _, caveat := range caveats { - loadedCaveats[caveat.Definition.Name] = caveat.Definition + loadedCaveats[caveat.Definition.GetName()] = caveat.Definition } adapter.awaitingCaveats = nil } @@ -331,16 +331,16 @@ func (es *experimentalServer) BulkExportRelationships( // export stream via the sender all relationships matched by the incoming request. // If no cursor is provided, it will fallback to the provided revision. func BulkExport(ctx context.Context, ds datastore.ReadOnlyDatastore, batchSize uint64, req *v1.BulkExportRelationshipsRequest, fallbackRevision datastore.Revision, sender func(response *v1.BulkExportRelationshipsResponse) error) error { - if req.OptionalLimit > 0 && uint64(req.OptionalLimit) > batchSize { - return shared.RewriteErrorWithoutConfig(ctx, NewExceedsMaximumLimitErr(uint64(req.OptionalLimit), batchSize)) + if req.GetOptionalLimit() > 0 && uint64(req.GetOptionalLimit()) > batchSize { + return shared.RewriteErrorWithoutConfig(ctx, NewExceedsMaximumLimitErr(uint64(req.GetOptionalLimit()), batchSize)) } atRevision := fallbackRevision var curNamespace string var cur dsoptions.Cursor - if req.OptionalCursor != nil { + if req.GetOptionalCursor() != nil { var err error - atRevision, curNamespace, cur, err = decodeCursor(ds, req.OptionalCursor) + atRevision, curNamespace, cur, err = decodeCursor(ds, req.GetOptionalCursor()) if err != nil { return shared.RewriteErrorWithoutConfig(ctx, err) } @@ -358,17 +358,17 @@ func BulkExport(ctx context.Context, ds datastore.ReadOnlyDatastore, batchSize u lhs datastore.RevisionedDefinition[*core.NamespaceDefinition], rhs datastore.RevisionedDefinition[*core.NamespaceDefinition], ) int { - return strings.Compare(lhs.Definition.Name, rhs.Definition.Name) + return strings.Compare(lhs.Definition.GetName(), rhs.Definition.GetName()) }) // Skip the namespaces that are already fully returned - for cur != nil && len(namespaces) > 0 && namespaces[0].Definition.Name < curNamespace { + for cur != nil && len(namespaces) > 0 && namespaces[0].Definition.GetName() < curNamespace { namespaces = namespaces[1:] } limit := batchSize - if req.OptionalLimit > 0 { - limit = uint64(req.OptionalLimit) + if req.GetOptionalLimit() > 0 { + limit = uint64(req.GetOptionalLimit()) } // Pre-allocate all of the relationships that we might need in order to @@ -389,27 +389,27 @@ func BulkExport(ctx context.Context, ds datastore.ReadOnlyDatastore, batchSize u rels := emptyRels // Reset the cursor between namespaces. - if ns.Definition.Name != curNamespace { + if ns.Definition.GetName() != curNamespace { cur = nil } // Skip this namespace if a resource type filter was specified. - if req.OptionalRelationshipFilter != nil && req.OptionalRelationshipFilter.ResourceType != "" { - if ns.Definition.Name != req.OptionalRelationshipFilter.ResourceType { + if req.GetOptionalRelationshipFilter() != nil && req.GetOptionalRelationshipFilter().GetResourceType() != "" { + if ns.Definition.GetName() != req.GetOptionalRelationshipFilter().GetResourceType() { continue } } // Setup the filter to use for the relationships. - relationshipFilter := datastore.RelationshipsFilter{OptionalResourceType: ns.Definition.Name} - if req.OptionalRelationshipFilter != nil { - rf, err := datastore.RelationshipsFilterFromPublicFilter(req.OptionalRelationshipFilter) + relationshipFilter := datastore.RelationshipsFilter{OptionalResourceType: ns.Definition.GetName()} + if req.GetOptionalRelationshipFilter() != nil { + rf, err := datastore.RelationshipsFilterFromPublicFilter(req.GetOptionalRelationshipFilter()) if err != nil { return shared.RewriteErrorWithoutConfig(ctx, err) } // Overload the namespace name with the one from the request, because each iteration is for a different namespace. - rf.OptionalResourceType = ns.Definition.Name + rf.OptionalResourceType = ns.Definition.GetName() relationshipFilter = rf } @@ -433,8 +433,8 @@ func BulkExport(ctx context.Context, ds datastore.ReadOnlyDatastore, batchSize u v1Rel.Subject.OptionalRelation = denormalizeSubjectRelation(rel.Subject.Relation) if rel.OptionalCaveat != nil { - caveatArray[offset].CaveatName = rel.OptionalCaveat.CaveatName - caveatArray[offset].Context = rel.OptionalCaveat.Context + caveatArray[offset].CaveatName = rel.OptionalCaveat.GetCaveatName() + caveatArray[offset].Context = rel.OptionalCaveat.GetContext() v1Rel.OptionalCaveat = &caveatArray[offset] } else { v1Rel.OptionalCaveat = nil @@ -470,7 +470,7 @@ func BulkExport(ctx context.Context, ds datastore.ReadOnlyDatastore, batchSize u V1: &implv1.V1Cursor{ Revision: atRevision.String(), Sections: []string{ - ns.Definition.Name, + ns.Definition.GetName(), tuple.MustString(*dsoptions.ToRelationship(cur)), }, }, @@ -512,7 +512,7 @@ func (es *experimentalServer) ExperimentalReflectSchema(ctx context.Context, req return nil, shared.RewriteErrorWithoutConfig(ctx, err) } - filters, err := newexpSchemaFilters(req.OptionalFilters) + filters, err := newexpSchemaFilters(req.GetOptionalFilters()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } @@ -566,7 +566,7 @@ func (es *experimentalServer) ExperimentalDiffSchema(ctx context.Context, req *v return nil, err } - diff, existingSchema, comparisonSchema, err := schemaDiff(ctx, req.ComparisonSchema, es.caveatTypeSet) + diff, existingSchema, comparisonSchema, err := schemaDiff(ctx, req.GetComparisonSchema(), es.caveatTypeSet) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } @@ -582,9 +582,9 @@ func (es *experimentalServer) ExperimentalDiffSchema(ctx context.Context, req *v func (es *experimentalServer) ExperimentalComputablePermissions(ctx context.Context, req *v1.ExperimentalComputablePermissionsRequest) (*v1.ExperimentalComputablePermissionsResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.DefinitionName, - perfinsights.ResourceRelationLabel: req.RelationName, - perfinsights.FilterLabel: req.OptionalDefinitionNameFilter, + perfinsights.ResourceTypeLabel: req.GetDefinitionName(), + perfinsights.ResourceRelationLabel: req.GetRelationName(), + perfinsights.FilterLabel: req.GetOptionalDefinitionNameFilter(), } }) @@ -595,17 +595,17 @@ func (es *experimentalServer) ExperimentalComputablePermissions(ctx context.Cont ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) ts := schema.NewTypeSystem(schema.ResolverForDatastoreReader(ds)) - vdef, err := ts.GetValidatedDefinition(ctx, req.DefinitionName) + vdef, err := ts.GetValidatedDefinition(ctx, req.GetDefinitionName()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } - relationName := req.RelationName + relationName := req.GetRelationName() if relationName == "" { relationName = tuple.Ellipsis } else { if _, ok := vdef.GetRelation(relationName); !ok { - return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.DefinitionName, relationName)) + return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.GetDefinitionName(), relationName)) } } @@ -621,7 +621,7 @@ func (es *experimentalServer) ExperimentalComputablePermissions(ctx context.Cont rg := vdef.Reachability() rr, err := rg.RelationsEncounteredForSubject(ctx, allDefinitions, &core.RelationReference{ - Namespace: req.DefinitionName, + Namespace: req.GetDefinitionName(), Relation: relationName, }) if err != nil { @@ -630,31 +630,31 @@ func (es *experimentalServer) ExperimentalComputablePermissions(ctx context.Cont relations := make([]*v1.ExpRelationReference, 0, len(rr)) for _, r := range rr { - if r.Namespace == req.DefinitionName && r.Relation == req.RelationName { + if r.GetNamespace() == req.GetDefinitionName() && r.GetRelation() == req.GetRelationName() { continue } - if req.OptionalDefinitionNameFilter != "" && !strings.HasPrefix(r.Namespace, req.OptionalDefinitionNameFilter) { + if req.GetOptionalDefinitionNameFilter() != "" && !strings.HasPrefix(r.GetNamespace(), req.GetOptionalDefinitionNameFilter()) { continue } - def, err := ts.GetValidatedDefinition(ctx, r.Namespace) + def, err := ts.GetValidatedDefinition(ctx, r.GetNamespace()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } relations = append(relations, &v1.ExpRelationReference{ - DefinitionName: r.Namespace, - RelationName: r.Relation, - IsPermission: def.IsPermission(r.Relation), + DefinitionName: r.GetNamespace(), + RelationName: r.GetRelation(), + IsPermission: def.IsPermission(r.GetRelation()), }) } sort.Slice(relations, func(i, j int) bool { - if relations[i].DefinitionName == relations[j].DefinitionName { - return relations[i].RelationName < relations[j].RelationName + if relations[i].GetDefinitionName() == relations[j].GetDefinitionName() { + return relations[i].GetRelationName() < relations[j].GetRelationName() } - return relations[i].DefinitionName < relations[j].DefinitionName + return relations[i].GetDefinitionName() < relations[j].GetDefinitionName() }) return &v1.ExperimentalComputablePermissionsResponse{ @@ -666,8 +666,8 @@ func (es *experimentalServer) ExperimentalComputablePermissions(ctx context.Cont func (es *experimentalServer) ExperimentalDependentRelations(ctx context.Context, req *v1.ExperimentalDependentRelationsRequest) (*v1.ExperimentalDependentRelationsResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.DefinitionName, - perfinsights.ResourceRelationLabel: req.PermissionName, + perfinsights.ResourceTypeLabel: req.GetDefinitionName(), + perfinsights.ResourceRelationLabel: req.GetPermissionName(), } }) @@ -678,24 +678,24 @@ func (es *experimentalServer) ExperimentalDependentRelations(ctx context.Context ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) ts := schema.NewTypeSystem(schema.ResolverForDatastoreReader(ds)) - vdef, err := ts.GetValidatedDefinition(ctx, req.DefinitionName) + vdef, err := ts.GetValidatedDefinition(ctx, req.GetDefinitionName()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } - _, ok := vdef.GetRelation(req.PermissionName) + _, ok := vdef.GetRelation(req.GetPermissionName()) if !ok { - return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.DefinitionName, req.PermissionName)) + return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.GetDefinitionName(), req.GetPermissionName())) } - if !vdef.IsPermission(req.PermissionName) { - return nil, shared.RewriteErrorWithoutConfig(ctx, NewNotAPermissionError(req.PermissionName)) + if !vdef.IsPermission(req.GetPermissionName()) { + return nil, shared.RewriteErrorWithoutConfig(ctx, NewNotAPermissionError(req.GetPermissionName())) } rg := vdef.Reachability() rr, err := rg.RelationsEncounteredForResource(ctx, &core.RelationReference{ - Namespace: req.DefinitionName, - Relation: req.PermissionName, + Namespace: req.GetDefinitionName(), + Relation: req.GetPermissionName(), }) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) @@ -703,28 +703,28 @@ func (es *experimentalServer) ExperimentalDependentRelations(ctx context.Context relations := make([]*v1.ExpRelationReference, 0, len(rr)) for _, r := range rr { - if r.Namespace == req.DefinitionName && r.Relation == req.PermissionName { + if r.GetNamespace() == req.GetDefinitionName() && r.GetRelation() == req.GetPermissionName() { continue } - ts, err := ts.GetDefinition(ctx, r.Namespace) + ts, err := ts.GetDefinition(ctx, r.GetNamespace()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } relations = append(relations, &v1.ExpRelationReference{ - DefinitionName: r.Namespace, - RelationName: r.Relation, - IsPermission: ts.IsPermission(r.Relation), + DefinitionName: r.GetNamespace(), + RelationName: r.GetRelation(), + IsPermission: ts.IsPermission(r.GetRelation()), }) } sort.Slice(relations, func(i, j int) bool { - if relations[i].DefinitionName == relations[j].DefinitionName { - return relations[i].RelationName < relations[j].RelationName + if relations[i].GetDefinitionName() == relations[j].GetDefinitionName() { + return relations[i].GetRelationName() < relations[j].GetRelationName() } - return relations[i].DefinitionName < relations[j].DefinitionName + return relations[i].GetDefinitionName() < relations[j].GetDefinitionName() }) return &v1.ExperimentalDependentRelationsResponse{ @@ -736,23 +736,23 @@ func (es *experimentalServer) ExperimentalDependentRelations(ctx context.Context func (es *experimentalServer) ExperimentalRegisterRelationshipCounter(ctx context.Context, req *v1.ExperimentalRegisterRelationshipCounterRequest) (*v1.ExperimentalRegisterRelationshipCounterResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.NameLabel: req.Name, + perfinsights.NameLabel: req.GetName(), } }) ds := datastoremw.MustFromContext(ctx) - if req.Name == "" { + if req.GetName() == "" { return nil, shared.RewriteErrorWithoutConfig(ctx, spiceerrors.WithCodeAndReason(errors.New("name must be provided"), codes.InvalidArgument, v1.ErrorReason_ERROR_REASON_UNSPECIFIED)) } _, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { - if err := validateRelationshipsFilter(ctx, req.RelationshipFilter, rwt); err != nil { + if err := validateRelationshipsFilter(ctx, req.GetRelationshipFilter(), rwt); err != nil { return err } - coreFilter := datastore.CoreFilterFromRelationshipFilter(req.RelationshipFilter) - return rwt.RegisterCounter(ctx, req.Name, coreFilter) + coreFilter := datastore.CoreFilterFromRelationshipFilter(req.GetRelationshipFilter()) + return rwt.RegisterCounter(ctx, req.GetName(), coreFilter) }) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) @@ -764,18 +764,18 @@ func (es *experimentalServer) ExperimentalRegisterRelationshipCounter(ctx contex func (es *experimentalServer) ExperimentalUnregisterRelationshipCounter(ctx context.Context, req *v1.ExperimentalUnregisterRelationshipCounterRequest) (*v1.ExperimentalUnregisterRelationshipCounterResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.NameLabel: req.Name, + perfinsights.NameLabel: req.GetName(), } }) ds := datastoremw.MustFromContext(ctx) - if req.Name == "" { + if req.GetName() == "" { return nil, shared.RewriteErrorWithoutConfig(ctx, spiceerrors.WithCodeAndReason(errors.New("name must be provided"), codes.InvalidArgument, v1.ErrorReason_ERROR_REASON_UNSPECIFIED)) } _, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { - return rwt.UnregisterCounter(ctx, req.Name) + return rwt.UnregisterCounter(ctx, req.GetName()) }) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) @@ -787,11 +787,11 @@ func (es *experimentalServer) ExperimentalUnregisterRelationshipCounter(ctx cont func (es *experimentalServer) ExperimentalCountRelationships(ctx context.Context, req *v1.ExperimentalCountRelationshipsRequest) (*v1.ExperimentalCountRelationshipsResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.NameLabel: req.Name, + perfinsights.NameLabel: req.GetName(), } }) - if req.Name == "" { + if req.GetName() == "" { return nil, shared.RewriteErrorWithoutConfig(ctx, spiceerrors.WithCodeAndReason(errors.New("name must be provided"), codes.InvalidArgument, v1.ErrorReason_ERROR_REASON_UNSPECIFIED)) } @@ -802,7 +802,7 @@ func (es *experimentalServer) ExperimentalCountRelationships(ctx context.Context } snapshotReader := ds.SnapshotReader(headRev) - count, err := snapshotReader.CountRelationships(ctx, req.Name) + count, err := snapshotReader.CountRelationships(ctx, req.GetName()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } @@ -861,11 +861,11 @@ func decodeCursor(ds datastore.ReadOnlyDatastore, encoded *v1.Cursor) (datastore return datastore.NoRevision, "", nil, errors.New("malformed cursor: no V1 in OneOf") } - if len(decoded.GetV1().Sections) != 2 { + if len(decoded.GetV1().GetSections()) != 2 { return datastore.NoRevision, "", nil, errors.New("malformed cursor: wrong number of components") } - atRevision, err := ds.RevisionFromString(decoded.GetV1().Revision) + atRevision, err := ds.RevisionFromString(decoded.GetV1().GetRevision()) if err != nil { return datastore.NoRevision, "", nil, err } diff --git a/internal/services/v1/experimental_test.go b/internal/services/v1/experimental_test.go index 8908badb5..5d490c2e1 100644 --- a/internal/services/v1/experimental_test.go +++ b/internal/services/v1/experimental_test.go @@ -74,10 +74,10 @@ func TestBulkImportRelationships(t *testing.T) { for i := uint64(0); i < batchSize; i++ { if withCaveats { batch = append(batch, mustRelWithCaveatAndContext( - tf.DocumentNS.Name, + tf.DocumentNS.GetName(), strconv.Itoa(batchNum)+"_"+strconv.FormatUint(i, 10), "caveated_viewer", - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.FormatUint(i, 10), "", "test", @@ -85,10 +85,10 @@ func TestBulkImportRelationships(t *testing.T) { )) } else { batch = append(batch, rel( - tf.DocumentNS.Name, + tf.DocumentNS.GetName(), strconv.Itoa(batchNum)+"_"+strconv.FormatUint(i, 10), "viewer", - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.FormatUint(i, 10), "", )) @@ -105,12 +105,12 @@ func TestBulkImportRelationships(t *testing.T) { resp, err := writer.CloseAndRecv() require.NoError(err) - require.Equal(expectedTotal, resp.NumLoaded) + require.Equal(expectedTotal, resp.GetNumLoaded()) readerClient := v1.NewPermissionsServiceClient(conn) stream, err := readerClient.ReadRelationships(ctx, &v1.ReadRelationshipsRequest{ RelationshipFilter: &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), }, Consistency: &v1.Consistency{ Requirement: &v1.Consistency_FullyConsistent{FullyConsistent: true}, @@ -171,14 +171,14 @@ func TestBulkExportRelationships(t *testing.T) { namespace string relation string }{ - {tf.DocumentNS.Name, "viewer"}, - {tf.FolderNS.Name, "viewer"}, - {tf.DocumentNS.Name, "owner"}, - {tf.FolderNS.Name, "owner"}, - {tf.DocumentNS.Name, "editor"}, - {tf.FolderNS.Name, "editor"}, - {tf.DocumentNS.Name, "caveated_viewer"}, - {tf.DocumentNS.Name, "expiring_viewer"}, + {tf.DocumentNS.GetName(), "viewer"}, + {tf.FolderNS.GetName(), "viewer"}, + {tf.DocumentNS.GetName(), "owner"}, + {tf.FolderNS.GetName(), "owner"}, + {tf.DocumentNS.GetName(), "editor"}, + {tf.FolderNS.GetName(), "editor"}, + {tf.DocumentNS.GetName(), "caveated_viewer"}, + {tf.DocumentNS.GetName(), "expiring_viewer"}, } totalToWrite := 1_000 @@ -201,7 +201,7 @@ func TestBulkExportRelationships(t *testing.T) { resp, err := writer.CloseAndRecv() require.NoError(t, err) - numLoaded, err := safecast.ToInt(resp.NumLoaded) + numLoaded, err := safecast.ToInt(resp.GetNumLoaded()) require.NoError(t, err) require.Equal(t, totalToWrite, numLoaded) @@ -243,14 +243,14 @@ func TestBulkExportRelationships(t *testing.T) { } require.NoError(err) - require.LessOrEqual(uint64(len(batch.Relationships)), uint64(tc.batchSize)) - require.NotNil(batch.AfterResultCursor) - require.NotEmpty(batch.AfterResultCursor.Token) + require.LessOrEqual(uint64(len(batch.GetRelationships())), uint64(tc.batchSize)) + require.NotNil(batch.GetAfterResultCursor()) + require.NotEmpty(batch.GetAfterResultCursor().GetToken()) - cursor = batch.AfterResultCursor - totalRead += len(batch.Relationships) + cursor = batch.GetAfterResultCursor() + totalRead += len(batch.GetRelationships()) - for _, rel := range batch.Relationships { + for _, rel := range batch.GetRelationships() { remainingRels.Delete(tuple.MustV1RelString(rel)) } } @@ -275,7 +275,7 @@ func TestBulkExportRelationshipsWithFilter(t *testing.T) { { "basic filter", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), }, 625, }, @@ -296,7 +296,7 @@ func TestBulkExportRelationshipsWithFilter(t *testing.T) { { "filter by resource ID prefix and resource type", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalResourceIdPrefix: "1", }, 69, @@ -326,14 +326,14 @@ func TestBulkExportRelationshipsWithFilter(t *testing.T) { namespace string relation string }{ - {tf.DocumentNS.Name, "viewer"}, - {tf.FolderNS.Name, "viewer"}, - {tf.DocumentNS.Name, "owner"}, - {tf.FolderNS.Name, "owner"}, - {tf.DocumentNS.Name, "editor"}, - {tf.FolderNS.Name, "editor"}, - {tf.DocumentNS.Name, "caveated_viewer"}, - {tf.DocumentNS.Name, "expiring_viewer"}, + {tf.DocumentNS.GetName(), "viewer"}, + {tf.FolderNS.GetName(), "viewer"}, + {tf.DocumentNS.GetName(), "owner"}, + {tf.FolderNS.GetName(), "owner"}, + {tf.DocumentNS.GetName(), "editor"}, + {tf.FolderNS.GetName(), "editor"}, + {tf.DocumentNS.GetName(), "caveated_viewer"}, + {tf.DocumentNS.GetName(), "expiring_viewer"}, } expectedRels := mapz.NewSet[string]() @@ -389,16 +389,16 @@ func TestBulkExportRelationshipsWithFilter(t *testing.T) { } require.NoError(err) - relLength, err := safecast.ToUint32(len(batch.Relationships)) + relLength, err := safecast.ToUint32(len(batch.GetRelationships())) require.NoError(err) require.LessOrEqual(relLength, batchSize) - require.NotNil(batch.AfterResultCursor) - require.NotEmpty(batch.AfterResultCursor.Token) + require.NotNil(batch.GetAfterResultCursor()) + require.NotEmpty(batch.GetAfterResultCursor().GetToken()) - cursor = batch.AfterResultCursor - totalRead += uint64(len(batch.Relationships)) + cursor = batch.GetAfterResultCursor() + totalRead += uint64(len(batch.GetRelationships())) - for _, rel := range batch.Relationships { + for _, rel := range batch.GetRelationships() { if tc.filter != nil { filter, err := datastore.RelationshipsFilterFromPublicFilter(tc.filter) require.NoError(err) @@ -635,7 +635,7 @@ func TestBulkCheckPermission(t *testing.T) { Response: resp, } if reqRel.OptionalCaveat != nil { - pair.Request.Context = reqRel.OptionalCaveat.Context + pair.Request.Context = reqRel.OptionalCaveat.GetContext() } if len(r.partial) > 0 { resp.Item.PartialCaveatInfo = &v1.PartialCaveatInfo{ @@ -658,7 +658,7 @@ func TestBulkCheckPermission(t *testing.T) { actual, err := client.BulkCheckPermission(t.Context(), &req, grpc.Trailer(&trailer)) require.NoError(t, err) - testutil.RequireProtoSlicesEqual(t, expected, actual.Pairs, nil, "response bulk check pairs did not match") + testutil.RequireProtoSlicesEqual(t, expected, actual.GetPairs(), nil, "response bulk check pairs did not match") }) } } @@ -682,7 +682,7 @@ func relToBulkRequestItem(rel string) *v1.BulkCheckPermissionRequestItem { }, } if r.OptionalCaveat != nil { - item.Context = r.OptionalCaveat.Context + item.Context = r.OptionalCaveat.GetContext() } return item } @@ -772,7 +772,7 @@ func TestExperimentalSchemaDiff(t *testing.T) { grpcutil.RequireStatus(t, tt.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, tt.expectedResponse, actual, "mismatch in response") @@ -1186,7 +1186,7 @@ definition user {}`, grpcutil.RequireStatus(t, tt.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, tt.expectedResponse, actual, "mismatch in response") @@ -1419,7 +1419,7 @@ func TestExperimentalDependentRelations(t *testing.T) { grpcutil.RequireStatus(t, tc.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, &v1.ExperimentalDependentRelationsResponse{ @@ -1620,7 +1620,7 @@ func TestExperimentalComputablePermissions(t *testing.T) { grpcutil.RequireStatus(t, tc.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, &v1.ExperimentalComputablePermissionsResponse{ @@ -1713,14 +1713,14 @@ func TestExperimentalCountRelationships(t *testing.T) { Name: "somedocfilter", }) require.NoError(t, err) - require.Equal(t, uint64(9), actual.GetReadCounterValue().RelationshipCount) - require.NotNil(t, actual.GetReadCounterValue().ReadAt) + require.Equal(t, uint64(9), actual.GetReadCounterValue().GetRelationshipCount()) + require.NotNil(t, actual.GetReadCounterValue().GetReadAt()) actual, err = expClient.ExperimentalCountRelationships(t.Context(), &v1.ExperimentalCountRelationshipsRequest{ Name: "someotherfilter", }) require.NoError(t, err) - require.Equal(t, uint64(7), actual.GetReadCounterValue().RelationshipCount) + require.Equal(t, uint64(7), actual.GetReadCounterValue().GetRelationshipCount()) // Register one more filter. _, err = expClient.ExperimentalRegisterRelationshipCounter(t.Context(), &v1.ExperimentalRegisterRelationshipCounterRequest{ @@ -1736,5 +1736,5 @@ func TestExperimentalCountRelationships(t *testing.T) { Name: "somethirdfilter", }) require.NoError(t, err) - require.Equal(t, uint64(2), actual.GetReadCounterValue().RelationshipCount) + require.Equal(t, uint64(2), actual.GetReadCounterValue().GetRelationshipCount()) } diff --git a/internal/services/v1/expreflection.go b/internal/services/v1/expreflection.go index da29db3a7..589bd3bb1 100644 --- a/internal/services/v1/expreflection.go +++ b/internal/services/v1/expreflection.go @@ -31,24 +31,24 @@ type expSchemaFilters struct { func newexpSchemaFilters(filters []*v1.ExpSchemaFilter) (*expSchemaFilters, error) { for _, filter := range filters { - if filter.OptionalDefinitionNameFilter != "" { - if filter.OptionalCaveatNameFilter != "" { + if filter.GetOptionalDefinitionNameFilter() != "" { + if filter.GetOptionalCaveatNameFilter() != "" { return nil, NewInvalidFilterErr("cannot filter by both definition and caveat name", filter.String()) } } - if filter.OptionalRelationNameFilter != "" { - if filter.OptionalDefinitionNameFilter == "" { + if filter.GetOptionalRelationNameFilter() != "" { + if filter.GetOptionalDefinitionNameFilter() == "" { return nil, NewInvalidFilterErr("relation name match requires definition name match", filter.String()) } - if filter.OptionalPermissionNameFilter != "" { + if filter.GetOptionalPermissionNameFilter() != "" { return nil, NewInvalidFilterErr("cannot filter by both relation and permission name", filter.String()) } } - if filter.OptionalPermissionNameFilter != "" { - if filter.OptionalDefinitionNameFilter == "" { + if filter.GetOptionalPermissionNameFilter() != "" { + if filter.GetOptionalDefinitionNameFilter() == "" { return nil, NewInvalidFilterErr("permission name match requires definition name match", filter.String()) } } @@ -63,7 +63,7 @@ func (sf *expSchemaFilters) HasNamespaces() bool { } for _, filter := range sf.filters { - if filter.OptionalDefinitionNameFilter != "" { + if filter.GetOptionalDefinitionNameFilter() != "" { return true } } @@ -77,7 +77,7 @@ func (sf *expSchemaFilters) HasCaveats() bool { } for _, filter := range sf.filters { - if filter.OptionalCaveatNameFilter != "" { + if filter.GetOptionalCaveatNameFilter() != "" { return true } } @@ -92,12 +92,12 @@ func (sf *expSchemaFilters) HasNamespace(namespaceName string) bool { hasDefinitionFilter := false for _, filter := range sf.filters { - if filter.OptionalDefinitionNameFilter == "" { + if filter.GetOptionalDefinitionNameFilter() == "" { continue } hasDefinitionFilter = true - isMatch := strings.HasPrefix(namespaceName, filter.OptionalDefinitionNameFilter) + isMatch := strings.HasPrefix(namespaceName, filter.GetOptionalDefinitionNameFilter()) if isMatch { return true } @@ -113,12 +113,12 @@ func (sf *expSchemaFilters) HasCaveat(caveatName string) bool { hasCaveatFilter := false for _, filter := range sf.filters { - if filter.OptionalCaveatNameFilter == "" { + if filter.GetOptionalCaveatNameFilter() == "" { continue } hasCaveatFilter = true - isMatch := strings.HasPrefix(caveatName, filter.OptionalCaveatNameFilter) + isMatch := strings.HasPrefix(caveatName, filter.GetOptionalCaveatNameFilter()) if isMatch { return true } @@ -134,17 +134,17 @@ func (sf *expSchemaFilters) HasRelation(namespaceName, relationName string) bool hasRelationFilter := false for _, filter := range sf.filters { - if filter.OptionalRelationNameFilter == "" { + if filter.GetOptionalRelationNameFilter() == "" { continue } hasRelationFilter = true - isMatch := strings.HasPrefix(relationName, filter.OptionalRelationNameFilter) + isMatch := strings.HasPrefix(relationName, filter.GetOptionalRelationNameFilter()) if !isMatch { continue } - isMatch = strings.HasPrefix(namespaceName, filter.OptionalDefinitionNameFilter) + isMatch = strings.HasPrefix(namespaceName, filter.GetOptionalDefinitionNameFilter()) if isMatch { return true } @@ -160,17 +160,17 @@ func (sf *expSchemaFilters) HasPermission(namespaceName, permissionName string) hasPermissionFilter := false for _, filter := range sf.filters { - if filter.OptionalPermissionNameFilter == "" { + if filter.GetOptionalPermissionNameFilter() == "" { continue } hasPermissionFilter = true - isMatch := strings.HasPrefix(permissionName, filter.OptionalPermissionNameFilter) + isMatch := strings.HasPrefix(permissionName, filter.GetOptionalPermissionNameFilter()) if !isMatch { continue } - isMatch = strings.HasPrefix(namespaceName, filter.OptionalDefinitionNameFilter) + isMatch = strings.HasPrefix(namespaceName, filter.GetOptionalDefinitionNameFilter()) if isMatch { return true } @@ -490,7 +490,7 @@ func expConvertDiff( Diff: &v1.ExpSchemaDiff_CaveatParameterTypeChanged{ CaveatParameterTypeChanged: &v1.ExpCaveatParameterTypeChange{ Parameter: paramDef, - PreviousType: previousParamDef.Type, + PreviousType: previousParamDef.GetType(), }, }, }) @@ -542,16 +542,16 @@ func expNamespaceAPIReprForName(namespaceName string, schema *diff.DiffableSchem } func expNamespaceAPIRepr(nsDef *core.NamespaceDefinition, expSchemaFilters *expSchemaFilters) (*v1.ExpDefinition, error) { - if expSchemaFilters != nil && !expSchemaFilters.HasNamespace(nsDef.Name) { + if expSchemaFilters != nil && !expSchemaFilters.HasNamespace(nsDef.GetName()) { return nil, nil } - relations := make([]*v1.ExpRelation, 0, len(nsDef.Relation)) - permissions := make([]*v1.ExpPermission, 0, len(nsDef.Relation)) + relations := make([]*v1.ExpRelation, 0, len(nsDef.GetRelation())) + permissions := make([]*v1.ExpPermission, 0, len(nsDef.GetRelation())) - for _, rel := range nsDef.Relation { + for _, rel := range nsDef.GetRelation() { if namespace.GetRelationKind(rel) == iv1.RelationMetadata_PERMISSION { - permission, err := expPermissionAPIRepr(rel, nsDef.Name, expSchemaFilters) + permission, err := expPermissionAPIRepr(rel, nsDef.GetName(), expSchemaFilters) if err != nil { return nil, err } @@ -562,7 +562,7 @@ func expNamespaceAPIRepr(nsDef *core.NamespaceDefinition, expSchemaFilters *expS continue } - relation, err := expRelationAPIRepr(rel, nsDef.Name, expSchemaFilters) + relation, err := expRelationAPIRepr(rel, nsDef.GetName(), expSchemaFilters) if err != nil { return nil, err } @@ -572,9 +572,9 @@ func expNamespaceAPIRepr(nsDef *core.NamespaceDefinition, expSchemaFilters *expS } } - comments := namespace.GetComments(nsDef.Metadata) + comments := namespace.GetComments(nsDef.GetMetadata()) return &v1.ExpDefinition{ - Name: nsDef.Name, + Name: nsDef.GetName(), Comment: strings.Join(comments, "\n"), Relations: relations, Permissions: permissions, @@ -583,13 +583,13 @@ func expNamespaceAPIRepr(nsDef *core.NamespaceDefinition, expSchemaFilters *expS // expPermissionAPIRepr builds an API representation of a permission. func expPermissionAPIRepr(relation *core.Relation, parentDefName string, expSchemaFilters *expSchemaFilters) (*v1.ExpPermission, error) { - if expSchemaFilters != nil && !expSchemaFilters.HasPermission(parentDefName, relation.Name) { + if expSchemaFilters != nil && !expSchemaFilters.HasPermission(parentDefName, relation.GetName()) { return nil, nil } - comments := namespace.GetComments(relation.Metadata) + comments := namespace.GetComments(relation.GetMetadata()) return &v1.ExpPermission{ - Name: relation.Name, + Name: relation.GetName(), Comment: strings.Join(comments, "\n"), ParentDefinitionName: parentDefName, }, nil @@ -597,23 +597,23 @@ func expPermissionAPIRepr(relation *core.Relation, parentDefName string, expSche // expRelationAPIRepr builds an API representation of a relation. func expRelationAPIRepr(relation *core.Relation, parentDefName string, expSchemaFilters *expSchemaFilters) (*v1.ExpRelation, error) { - if expSchemaFilters != nil && !expSchemaFilters.HasRelation(parentDefName, relation.Name) { + if expSchemaFilters != nil && !expSchemaFilters.HasRelation(parentDefName, relation.GetName()) { return nil, nil } - comments := namespace.GetComments(relation.Metadata) + comments := namespace.GetComments(relation.GetMetadata()) var subjectTypes []*v1.ExpTypeReference - if relation.TypeInformation != nil { - subjectTypes = make([]*v1.ExpTypeReference, 0, len(relation.TypeInformation.AllowedDirectRelations)) - for _, subjectType := range relation.TypeInformation.AllowedDirectRelations { + if relation.GetTypeInformation() != nil { + subjectTypes = make([]*v1.ExpTypeReference, 0, len(relation.GetTypeInformation().GetAllowedDirectRelations())) + for _, subjectType := range relation.GetTypeInformation().GetAllowedDirectRelations() { typeref := expTypeAPIRepr(subjectType) subjectTypes = append(subjectTypes, typeref) } } return &v1.ExpRelation{ - Name: relation.Name, + Name: relation.GetName(), Comment: strings.Join(comments, "\n"), ParentDefinitionName: parentDefName, SubjectTypes: subjectTypes, @@ -623,7 +623,7 @@ func expRelationAPIRepr(relation *core.Relation, parentDefName string, expSchema // expTypeAPIRepr builds an API representation of a type. func expTypeAPIRepr(subjectType *core.AllowedRelation) *v1.ExpTypeReference { typeref := &v1.ExpTypeReference{ - SubjectDefinitionName: subjectType.Namespace, + SubjectDefinitionName: subjectType.GetNamespace(), Typeref: &v1.ExpTypeReference_IsTerminalSubject{}, } @@ -638,7 +638,7 @@ func expTypeAPIRepr(subjectType *core.AllowedRelation) *v1.ExpTypeReference { } if subjectType.GetRequiredCaveat() != nil { - typeref.OptionalCaveatName = subjectType.GetRequiredCaveat().CaveatName + typeref.OptionalCaveatName = subjectType.GetRequiredCaveat().GetCaveatName() } return typeref @@ -656,18 +656,18 @@ func expCaveatAPIReprForName(caveatName string, schema *diff.DiffableSchema, cav // expCaveatAPIRepr builds an API representation of a caveat. func expCaveatAPIRepr(caveatDef *core.CaveatDefinition, expSchemaFilters *expSchemaFilters, caveatTypeSet *caveattypes.TypeSet) (*v1.ExpCaveat, error) { - if expSchemaFilters != nil && !expSchemaFilters.HasCaveat(caveatDef.Name) { + if expSchemaFilters != nil && !expSchemaFilters.HasCaveat(caveatDef.GetName()) { return nil, nil } - parameters := make([]*v1.ExpCaveatParameter, 0, len(caveatDef.ParameterTypes)) - paramNames := slices.Collect(maps.Keys(caveatDef.ParameterTypes)) + parameters := make([]*v1.ExpCaveatParameter, 0, len(caveatDef.GetParameterTypes())) + paramNames := slices.Collect(maps.Keys(caveatDef.GetParameterTypes())) sort.Strings(paramNames) for _, paramName := range paramNames { - paramType, ok := caveatDef.ParameterTypes[paramName] + paramType, ok := caveatDef.GetParameterTypes()[paramName] if !ok { - return nil, spiceerrors.MustBugf("parameter %q not found in caveat %q", paramName, caveatDef.Name) + return nil, spiceerrors.MustBugf("parameter %q not found in caveat %q", paramName, caveatDef.GetName()) } decoded, err := caveattypes.DecodeParameterType(caveatTypeSet, paramType) @@ -678,16 +678,16 @@ func expCaveatAPIRepr(caveatDef *core.CaveatDefinition, expSchemaFilters *expSch parameters = append(parameters, &v1.ExpCaveatParameter{ Name: paramName, Type: decoded.String(), - ParentCaveatName: caveatDef.Name, + ParentCaveatName: caveatDef.GetName(), }) } - parameterTypes, err := caveattypes.DecodeParameterTypes(caveatTypeSet, caveatDef.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(caveatTypeSet, caveatDef.GetParameterTypes()) if err != nil { return nil, spiceerrors.MustBugf("invalid caveat parameters: %v", err) } - deserializedExpression, err := caveats.DeserializeCaveatWithTypeSet(caveatTypeSet, caveatDef.SerializedExpression, parameterTypes) + deserializedExpression, err := caveats.DeserializeCaveatWithTypeSet(caveatTypeSet, caveatDef.GetSerializedExpression(), parameterTypes) if err != nil { return nil, spiceerrors.MustBugf("invalid caveat expression bytes: %v", err) } @@ -697,9 +697,9 @@ func expCaveatAPIRepr(caveatDef *core.CaveatDefinition, expSchemaFilters *expSch return nil, spiceerrors.MustBugf("invalid caveat expression: %v", err) } - comments := namespace.GetComments(caveatDef.Metadata) + comments := namespace.GetComments(caveatDef.GetMetadata()) return &v1.ExpCaveat{ - Name: caveatDef.Name, + Name: caveatDef.GetName(), Comment: strings.Join(comments, "\n"), Parameters: parameters, Expression: exprString, @@ -713,7 +713,7 @@ func expCaveatAPIParamRepr(paramName, parentCaveatName string, schema *diff.Diff return nil, spiceerrors.MustBugf("caveat %q not found in schema", parentCaveatName) } - paramType, ok := caveatDef.ParameterTypes[paramName] + paramType, ok := caveatDef.GetParameterTypes()[paramName] if !ok { return nil, spiceerrors.MustBugf("parameter %q not found in caveat %q", paramName, parentCaveatName) } diff --git a/internal/services/v1/expreflection_test.go b/internal/services/v1/expreflection_test.go index f742f84d1..fe8d77468 100644 --- a/internal/services/v1/expreflection_test.go +++ b/internal/services/v1/expreflection_test.go @@ -568,9 +568,9 @@ func TestExpConvertDiff(t *testing.T) { t.Fatalf("unexpected error: %v", err) } - testutil.RequireProtoEqual(t, tc.expectedResponse, &v1.ExperimentalDiffSchemaResponse{Diffs: resp.Diffs}, "got mismatch") + testutil.RequireProtoEqual(t, tc.expectedResponse, &v1.ExperimentalDiffSchemaResponse{Diffs: resp.GetDiffs()}, "got mismatch") - for _, diff := range resp.Diffs { + for _, diff := range resp.GetDiffs() { name := reflect.TypeOf(diff.GetDiff()).String() encounteredDiffTypes.Add(strings.ToLower(strings.Split(name, "_")[1])) } diff --git a/internal/services/v1/grouping.go b/internal/services/v1/grouping.go index 99b681d2e..e11cc52dc 100644 --- a/internal/services/v1/grouping.go +++ b/internal/services/v1/grouping.go @@ -34,17 +34,17 @@ func groupItems(ctx context.Context, params groupingParameters, items []*v1.Chec } if _, ok := res[hash]; !ok { - caveatContext, err := GetCaveatContext(ctx, item.Context, params.maxCaveatContextSize) + caveatContext, err := GetCaveatContext(ctx, item.GetContext(), params.maxCaveatContextSize) if err != nil { return nil, err } res[hash] = &groupedCheckParameters{ params: checkParametersFromCheckBulkPermissionsRequestItem(item, params, caveatContext), - resourceIDs: []string{item.Resource.ObjectId}, + resourceIDs: []string{item.GetResource().GetObjectId()}, } } else { - res[hash].resourceIDs = append(res[hash].resourceIDs, item.Resource.ObjectId) + res[hash].resourceIDs = append(res[hash].resourceIDs, item.GetResource().GetObjectId()) } } @@ -62,8 +62,8 @@ func checkParametersFromCheckBulkPermissionsRequestItem( } return &computed.CheckParameters{ - ResourceType: tuple.RR(bc.Resource.ObjectType, bc.Permission), - Subject: tuple.ONR(bc.Subject.Object.ObjectType, bc.Subject.Object.ObjectId, normalizeSubjectRelation(bc.Subject)), + ResourceType: tuple.RR(bc.GetResource().GetObjectType(), bc.GetPermission()), + Subject: tuple.ONR(bc.GetSubject().GetObject().GetObjectType(), bc.GetSubject().GetObject().GetObjectId(), normalizeSubjectRelation(bc.GetSubject())), CaveatContext: caveatContext, AtRevision: params.atRevision, MaximumDepth: params.maximumAPIDepth, diff --git a/internal/services/v1/grouping_test.go b/internal/services/v1/grouping_test.go index 545549fc9..dd56c1a5f 100644 --- a/internal/services/v1/grouping_test.go +++ b/internal/services/v1/grouping_test.go @@ -185,12 +185,12 @@ func TestGroupItems(t *testing.T) { require.NoError(t, err) item := &v1.CheckBulkPermissionsRequestItem{ - Resource: rel.Resource, - Permission: rel.Relation, - Subject: rel.Subject, + Resource: rel.GetResource(), + Permission: rel.GetRelation(), + Subject: rel.GetSubject(), } - if rel.OptionalCaveat != nil { - item.Context = rel.OptionalCaveat.Context + if rel.GetOptionalCaveat() != nil { + item.Context = rel.GetOptionalCaveat().GetContext() } items = append(items, item) } @@ -260,10 +260,10 @@ func TestCaveatContextSizeLimitIsEnforced(t *testing.T) { items := []*v1.CheckBulkPermissionsRequestItem{ { - Resource: rel.Resource, - Permission: rel.Relation, - Subject: rel.Subject, - Context: rel.OptionalCaveat.Context, + Resource: rel.GetResource(), + Permission: rel.GetRelation(), + Subject: rel.GetSubject(), + Context: rel.GetOptionalCaveat().GetContext(), }, } _, err = groupItems(t.Context(), cp, items) diff --git a/internal/services/v1/hash.go b/internal/services/v1/hash.go index a9012517d..c9e49e472 100644 --- a/internal/services/v1/hash.go +++ b/internal/services/v1/hash.go @@ -14,56 +14,56 @@ import ( func computeCheckBulkPermissionsItemHashWithoutResourceID(req *v1.CheckBulkPermissionsRequestItem) (string, error) { return computeCallHash("v1.checkbulkpermissionsrequestitem", nil, map[string]any{ - "resource-type": req.Resource.ObjectType, - "permission": req.Permission, - "subject-type": req.Subject.Object.ObjectType, - "subject-id": req.Subject.Object.ObjectId, - "subject-relation": req.Subject.OptionalRelation, - "context": req.Context, + "resource-type": req.GetResource().GetObjectType(), + "permission": req.GetPermission(), + "subject-type": req.GetSubject().GetObject().GetObjectType(), + "subject-id": req.GetSubject().GetObject().GetObjectId(), + "subject-relation": req.GetSubject().GetOptionalRelation(), + "context": req.GetContext(), }) } func computeCheckBulkPermissionsItemHash(req *v1.CheckBulkPermissionsRequestItem) (string, error) { return computeCallHash("v1.checkbulkpermissionsrequestitem", nil, map[string]any{ - "resource-type": req.Resource.ObjectType, - "resource-id": req.Resource.ObjectId, - "permission": req.Permission, - "subject-type": req.Subject.Object.ObjectType, - "subject-id": req.Subject.Object.ObjectId, - "subject-relation": req.Subject.OptionalRelation, - "context": req.Context, + "resource-type": req.GetResource().GetObjectType(), + "resource-id": req.GetResource().GetObjectId(), + "permission": req.GetPermission(), + "subject-type": req.GetSubject().GetObject().GetObjectType(), + "subject-id": req.GetSubject().GetObject().GetObjectId(), + "subject-relation": req.GetSubject().GetOptionalRelation(), + "context": req.GetContext(), }) } func computeReadRelationshipsRequestHash(req *v1.ReadRelationshipsRequest) (string, error) { - osf := req.RelationshipFilter.OptionalSubjectFilter + osf := req.GetRelationshipFilter().GetOptionalSubjectFilter() if osf == nil { osf = &v1.SubjectFilter{} } srf := "(none)" - if osf.OptionalRelation != nil { - srf = osf.OptionalRelation.Relation + if osf.GetOptionalRelation() != nil { + srf = osf.GetOptionalRelation().GetRelation() } - return computeCallHash("v1.readrelationships", req.Consistency, map[string]any{ - "filter-resource-type": req.RelationshipFilter.ResourceType, - "filter-relation": req.RelationshipFilter.OptionalRelation, - "filter-resource-id": req.RelationshipFilter.OptionalResourceId, - "subject-type": osf.SubjectType, + return computeCallHash("v1.readrelationships", req.GetConsistency(), map[string]any{ + "filter-resource-type": req.GetRelationshipFilter().GetResourceType(), + "filter-relation": req.GetRelationshipFilter().GetOptionalRelation(), + "filter-resource-id": req.GetRelationshipFilter().GetOptionalResourceId(), + "subject-type": osf.GetSubjectType(), "subject-relation": srf, - "subject-resource-id": osf.OptionalSubjectId, - "limit": req.OptionalLimit, + "subject-resource-id": osf.GetOptionalSubjectId(), + "limit": req.GetOptionalLimit(), }) } func computeLRRequestHash(req *v1.LookupResourcesRequest) (string, error) { - return computeCallHash("v1.lookupresources", req.Consistency, map[string]any{ - "resource-type": req.ResourceObjectType, - "permission": req.Permission, - "subject": tuple.V1StringSubjectRef(req.Subject), - "limit": req.OptionalLimit, - "context": req.Context, + return computeCallHash("v1.lookupresources", req.GetConsistency(), map[string]any{ + "resource-type": req.GetResourceObjectType(), + "permission": req.GetPermission(), + "subject": tuple.V1StringSubjectRef(req.GetSubject()), + "limit": req.GetOptionalLimit(), + "context": req.GetContext(), }) } diff --git a/internal/services/v1/metadata_test.go b/internal/services/v1/metadata_test.go index 5c6dce549..e30550b0f 100644 --- a/internal/services/v1/metadata_test.go +++ b/internal/services/v1/metadata_test.go @@ -224,7 +224,7 @@ func TestAllMethodsReturnMetadata(t *testing.T) { var trailer metadata.MD _, err = client.WriteSchema(ctx, &v1.WriteSchemaRequest{ - Schema: resp.SchemaText + "\ndefinition foo {}", + Schema: resp.GetSchemaText() + "\ndefinition foo {}", }, grpc.Trailer(&trailer)) require.NoError(t, err) return trailer diff --git a/internal/services/v1/permissions.go b/internal/services/v1/permissions.go index 2ccc0dc54..78406f645 100644 --- a/internal/services/v1/permissions.go +++ b/internal/services/v1/permissions.go @@ -61,10 +61,10 @@ func (ps *permissionServer) rewriteErrorWithOptionalDebugTrace(ctx context.Conte func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPermissionRequest) (*v1.CheckPermissionResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.Resource.ObjectType, - perfinsights.ResourceRelationLabel: req.Permission, - perfinsights.SubjectTypeLabel: req.Subject.Object.ObjectType, - perfinsights.SubjectRelationLabel: req.Subject.OptionalRelation, + perfinsights.ResourceTypeLabel: req.GetResource().GetObjectType(), + perfinsights.ResourceRelationLabel: req.GetPermission(), + perfinsights.SubjectTypeLabel: req.GetSubject().GetObject().GetObjectType(), + perfinsights.SubjectRelationLabel: req.GetSubject().GetOptionalRelation(), } }) @@ -77,7 +77,7 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) - caveatContext, err := GetCaveatContext(ctx, req.Context, ps.config.MaxCaveatContextSize) + caveatContext, err := GetCaveatContext(ctx, req.GetContext(), ps.config.MaxCaveatContextSize) if err != nil { return nil, ps.rewriteError(ctx, err) } @@ -85,13 +85,13 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe if err := namespace.CheckNamespaceAndRelations(ctx, []namespace.TypeAndRelationToCheck{ { - NamespaceName: req.Resource.ObjectType, - RelationName: req.Permission, + NamespaceName: req.GetResource().GetObjectType(), + RelationName: req.GetPermission(), AllowEllipsis: false, }, { - NamespaceName: req.Subject.Object.ObjectType, - RelationName: normalizeSubjectRelation(req.Subject), + NamespaceName: req.GetSubject().GetObject().GetObjectType(), + RelationName: normalizeSubjectRelation(req.GetSubject()), AllowEllipsis: true, }, }, ds); err != nil { @@ -107,29 +107,29 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe } } - if req.WithTracing { + if req.GetWithTracing() { debugOption = computed.BasicDebuggingEnabled } cr, metadata, err := computed.ComputeCheck(ctx, ps.dispatch, ps.config.CaveatTypeSet, computed.CheckParameters{ - ResourceType: tuple.RR(req.Resource.ObjectType, req.Permission), - Subject: tuple.ONR(req.Subject.Object.ObjectType, req.Subject.Object.ObjectId, normalizeSubjectRelation(req.Subject)), + ResourceType: tuple.RR(req.GetResource().GetObjectType(), req.GetPermission()), + Subject: tuple.ONR(req.GetSubject().GetObject().GetObjectType(), req.GetSubject().GetObject().GetObjectId(), normalizeSubjectRelation(req.GetSubject())), CaveatContext: caveatContext, AtRevision: atRevision, MaximumDepth: ps.config.MaximumAPIDepth, DebugOption: debugOption, }, - req.Resource.ObjectId, + req.GetResource().GetObjectId(), ps.config.DispatchChunkSize, ) usagemetrics.SetInContext(ctx, metadata) var debugTrace *v1.DebugInformation - if debugOption != computed.NoDebugging && metadata.DebugInfo != nil { + if debugOption != computed.NoDebugging && metadata.GetDebugInfo() != nil { // Convert the dispatch debug information into API debug information. - converted, cerr := ConvertCheckDispatchDebugInformation(ctx, ps.config.CaveatTypeSet, caveatContext, metadata.DebugInfo, ds) + converted, cerr := ConvertCheckDispatchDebugInformation(ctx, ps.config.CaveatTypeSet, caveatContext, metadata.GetDebugInfo(), ds) if cerr != nil { return nil, ps.rewriteError(ctx, cerr) } @@ -167,13 +167,13 @@ func (ps *permissionServer) CheckPermission(ctx context.Context, req *v1.CheckPe func checkResultToAPITypes(cr *dispatch.ResourceCheckResult) (v1.CheckPermissionResponse_Permissionship, *v1.PartialCaveatInfo) { var partialCaveat *v1.PartialCaveatInfo permissionship := v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION - switch cr.Membership { + switch cr.GetMembership() { case dispatch.ResourceCheckResult_MEMBER: permissionship = v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION case dispatch.ResourceCheckResult_CAVEATED_MEMBER: permissionship = v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION partialCaveat = &v1.PartialCaveatInfo{ - MissingRequiredContext: cr.MissingExprFields, + MissingRequiredContext: cr.GetMissingExprFields(), } } return permissionship, partialCaveat @@ -230,8 +230,8 @@ func requestItemFromResourceAndParameters(params *computed.CheckParameters, reso func (ps *permissionServer) ExpandPermissionTree(ctx context.Context, req *v1.ExpandPermissionTreeRequest) (*v1.ExpandPermissionTreeResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.Resource.ObjectType, - perfinsights.ResourceRelationLabel: req.Permission, + perfinsights.ResourceTypeLabel: req.GetResource().GetObjectType(), + perfinsights.ResourceRelationLabel: req.GetPermission(), } }) @@ -244,7 +244,7 @@ func (ps *permissionServer) ExpandPermissionTree(ctx context.Context, req *v1.Ex ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) - err = namespace.CheckNamespaceAndRelation(ctx, req.Resource.ObjectType, req.Permission, false, ds) + err = namespace.CheckNamespaceAndRelation(ctx, req.GetResource().GetObjectType(), req.GetPermission(), false, ds) if err != nil { return nil, ps.rewriteError(ctx, err) } @@ -261,13 +261,13 @@ func (ps *permissionServer) ExpandPermissionTree(ctx context.Context, req *v1.Ex TraversalBloom: bf, }, ResourceAndRelation: &core.ObjectAndRelation{ - Namespace: req.Resource.ObjectType, - ObjectId: req.Resource.ObjectId, - Relation: req.Permission, + Namespace: req.GetResource().GetObjectType(), + ObjectId: req.GetResource().GetObjectId(), + Relation: req.GetPermission(), }, ExpansionMode: dispatch.DispatchExpandRequest_SHALLOW, }) - usagemetrics.SetInContext(ctx, resp.Metadata) + usagemetrics.SetInContext(ctx, resp.GetMetadata()) if err != nil { return nil, ps.rewriteError(ctx, err) } @@ -275,7 +275,7 @@ func (ps *permissionServer) ExpandPermissionTree(ctx context.Context, req *v1.Ex // TODO(jschorr): Change to either using shared interfaces for nodes, or switch the internal // dispatched expand to return V1 node types. return &v1.ExpandPermissionTreeResponse{ - TreeRoot: TranslateExpansionTree(resp.TreeNode), + TreeRoot: TranslateExpansionTree(resp.GetTreeNode()), ExpandedAt: expandedAt, }, nil } @@ -283,18 +283,18 @@ func (ps *permissionServer) ExpandPermissionTree(ctx context.Context, req *v1.Ex // TranslateRelationshipTree translates a V1 PermissionRelationshipTree into a RelationTupleTreeNode. func TranslateRelationshipTree(tree *v1.PermissionRelationshipTree) *core.RelationTupleTreeNode { var expanded *core.ObjectAndRelation - if tree.ExpandedObject != nil { + if tree.GetExpandedObject() != nil { expanded = &core.ObjectAndRelation{ - Namespace: tree.ExpandedObject.ObjectType, - ObjectId: tree.ExpandedObject.ObjectId, - Relation: tree.ExpandedRelation, + Namespace: tree.GetExpandedObject().GetObjectType(), + ObjectId: tree.GetExpandedObject().GetObjectId(), + Relation: tree.GetExpandedRelation(), } } - switch t := tree.TreeType.(type) { + switch t := tree.GetTreeType().(type) { case *v1.PermissionRelationshipTree_Intermediate: var operation core.SetOperationUserset_Operation - switch t.Intermediate.Operation { + switch t.Intermediate.GetOperation() { case v1.AlgebraicSubjectSet_OPERATION_EXCLUSION: operation = core.SetOperationUserset_EXCLUSION case v1.AlgebraicSubjectSet_OPERATION_INTERSECTION: @@ -306,7 +306,7 @@ func TranslateRelationshipTree(tree *v1.PermissionRelationshipTree) *core.Relati } children := []*core.RelationTupleTreeNode{} - for _, child := range t.Intermediate.Children { + for _, child := range t.Intermediate.GetChildren() { children = append(children, TranslateRelationshipTree(child)) } @@ -322,12 +322,12 @@ func TranslateRelationshipTree(tree *v1.PermissionRelationshipTree) *core.Relati case *v1.PermissionRelationshipTree_Leaf: var subjects []*core.DirectSubject - for _, subj := range t.Leaf.Subjects { + for _, subj := range t.Leaf.GetSubjects() { subjects = append(subjects, &core.DirectSubject{ Subject: &core.ObjectAndRelation{ - Namespace: subj.Object.ObjectType, - ObjectId: subj.Object.ObjectId, - Relation: cmp.Or(subj.OptionalRelation, graph.Ellipsis), + Namespace: subj.GetObject().GetObjectType(), + ObjectId: subj.GetObject().GetObjectId(), + Relation: cmp.Or(subj.GetOptionalRelation(), graph.Ellipsis), }, }) } @@ -345,10 +345,10 @@ func TranslateRelationshipTree(tree *v1.PermissionRelationshipTree) *core.Relati } func TranslateExpansionTree(node *core.RelationTupleTreeNode) *v1.PermissionRelationshipTree { - switch t := node.NodeType.(type) { + switch t := node.GetNodeType().(type) { case *core.RelationTupleTreeNode_IntermediateNode: var operation v1.AlgebraicSubjectSet_Operation - switch t.IntermediateNode.Operation { + switch t.IntermediateNode.GetOperation() { case core.SetOperationUserset_EXCLUSION: operation = v1.AlgebraicSubjectSet_OPERATION_EXCLUSION case core.SetOperationUserset_INTERSECTION: @@ -360,18 +360,18 @@ func TranslateExpansionTree(node *core.RelationTupleTreeNode) *v1.PermissionRela } var children []*v1.PermissionRelationshipTree - for _, child := range node.GetIntermediateNode().ChildNodes { + for _, child := range node.GetIntermediateNode().GetChildNodes() { children = append(children, TranslateExpansionTree(child)) } var objRef *v1.ObjectReference var objRel string - if node.Expanded != nil { + if node.GetExpanded() != nil { objRef = &v1.ObjectReference{ - ObjectType: node.Expanded.Namespace, - ObjectId: node.Expanded.ObjectId, + ObjectType: node.GetExpanded().GetNamespace(), + ObjectId: node.GetExpanded().GetObjectId(), } - objRel = node.Expanded.Relation + objRel = node.GetExpanded().GetRelation() } return &v1.PermissionRelationshipTree{ @@ -387,17 +387,17 @@ func TranslateExpansionTree(node *core.RelationTupleTreeNode) *v1.PermissionRela case *core.RelationTupleTreeNode_LeafNode: var subjects []*v1.SubjectReference - for _, found := range t.LeafNode.Subjects { + for _, found := range t.LeafNode.GetSubjects() { subjects = append(subjects, &v1.SubjectReference{ Object: &v1.ObjectReference{ - ObjectType: found.Subject.Namespace, - ObjectId: found.Subject.ObjectId, + ObjectType: found.GetSubject().GetNamespace(), + ObjectId: found.GetSubject().GetObjectId(), }, - OptionalRelation: denormalizeSubjectRelation(found.Subject.Relation), + OptionalRelation: denormalizeSubjectRelation(found.GetSubject().GetRelation()), }) } - if node.Expanded == nil { + if node.GetExpanded() == nil { return &v1.PermissionRelationshipTree{ TreeType: &v1.PermissionRelationshipTree_Leaf{ Leaf: &v1.DirectSubjectSet{ @@ -414,10 +414,10 @@ func TranslateExpansionTree(node *core.RelationTupleTreeNode) *v1.PermissionRela }, }, ExpandedObject: &v1.ObjectReference{ - ObjectType: node.Expanded.Namespace, - ObjectId: node.Expanded.ObjectId, + ObjectType: node.GetExpanded().GetNamespace(), + ObjectId: node.GetExpanded().GetObjectId(), }, - ExpandedRelation: node.Expanded.Relation, + ExpandedRelation: node.GetExpanded().GetRelation(), } default: @@ -433,15 +433,15 @@ const ( func (ps *permissionServer) LookupResources(req *v1.LookupResourcesRequest, resp v1.PermissionsService_LookupResourcesServer) error { perfinsights.SetInContext(resp.Context(), func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.ResourceObjectType, - perfinsights.ResourceRelationLabel: req.Permission, - perfinsights.SubjectTypeLabel: req.Subject.Object.ObjectType, - perfinsights.SubjectRelationLabel: req.Subject.OptionalRelation, + perfinsights.ResourceTypeLabel: req.GetResourceObjectType(), + perfinsights.ResourceRelationLabel: req.GetPermission(), + perfinsights.SubjectTypeLabel: req.GetSubject().GetObject().GetObjectType(), + perfinsights.SubjectRelationLabel: req.GetSubject().GetOptionalRelation(), } }) - if req.OptionalCursor != nil { - _, isLR3, err := cursor.GetCursorFlag(req.OptionalCursor, lrv3CursorFlag) + if req.GetOptionalCursor() != nil { + _, isLR3, err := cursor.GetCursorFlag(req.GetOptionalCursor(), lrv3CursorFlag) if err != nil { return ps.rewriteError(resp.Context(), err) } @@ -450,7 +450,7 @@ func (ps *permissionServer) LookupResources(req *v1.LookupResourcesRequest, resp return ps.lookupResources3(req, resp) } - _, isLR2, err := cursor.GetCursorFlag(req.OptionalCursor, lrv2CursorFlag) + _, isLR2, err := cursor.GetCursorFlag(req.GetOptionalCursor(), lrv2CursorFlag) if err != nil { return ps.rewriteError(resp.Context(), err) } @@ -468,8 +468,8 @@ func (ps *permissionServer) LookupResources(req *v1.LookupResourcesRequest, resp } func (ps *permissionServer) lookupResources3(req *v1.LookupResourcesRequest, resp v1.PermissionsService_LookupResourcesServer) error { - if req.OptionalLimit > 0 && req.OptionalLimit > ps.config.MaxLookupResourcesLimit { - return ps.rewriteError(resp.Context(), NewExceedsMaximumLimitErr(uint64(req.OptionalLimit), uint64(ps.config.MaxLookupResourcesLimit))) + if req.GetOptionalLimit() > 0 && req.GetOptionalLimit() > ps.config.MaxLookupResourcesLimit { + return ps.rewriteError(resp.Context(), NewExceedsMaximumLimitErr(uint64(req.GetOptionalLimit()), uint64(ps.config.MaxLookupResourcesLimit))) } ctx := resp.Context() @@ -484,13 +484,13 @@ func (ps *permissionServer) lookupResources3(req *v1.LookupResourcesRequest, res if err := namespace.CheckNamespaceAndRelations(ctx, []namespace.TypeAndRelationToCheck{ { - NamespaceName: req.ResourceObjectType, - RelationName: req.Permission, + NamespaceName: req.GetResourceObjectType(), + RelationName: req.GetPermission(), AllowEllipsis: false, }, { - NamespaceName: req.Subject.Object.ObjectType, - RelationName: normalizeSubjectRelation(req.Subject), + NamespaceName: req.GetSubject().GetObject().GetObjectType(), + RelationName: normalizeSubjectRelation(req.GetSubject()), AllowEllipsis: true, }, }, ds); err != nil { @@ -512,12 +512,12 @@ func (ps *permissionServer) lookupResources3(req *v1.LookupResourcesRequest, res return ps.rewriteError(ctx, err) } - if req.OptionalCursor != nil { - decodedCursor, _, err := cursor.DecodeToDispatchCursor(req.OptionalCursor, lrRequestHash) + if req.GetOptionalCursor() != nil { + decodedCursor, _, err := cursor.DecodeToDispatchCursor(req.GetOptionalCursor(), lrRequestHash) if err != nil { return ps.rewriteError(ctx, err) } - currentCursor = decodedCursor.Sections + currentCursor = decodedCursor.GetSections() } alreadyPublishedPermissionedResourceIds := map[string]struct{}{} @@ -527,27 +527,27 @@ func (ps *permissionServer) lookupResources3(req *v1.LookupResourcesRequest, res }() stream := dispatchpkg.NewHandlingDispatchStream(ctx, func(result *dispatch.DispatchLookupResources3Response) error { - for _, item := range result.Items { + for _, item := range result.GetItems() { var partial *v1.PartialCaveatInfo permissionship := v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION - if len(item.MissingContextParams) > 0 { + if len(item.GetMissingContextParams()) > 0 { permissionship = v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION partial = &v1.PartialCaveatInfo{ - MissingRequiredContext: item.MissingContextParams, + MissingRequiredContext: item.GetMissingContextParams(), } - } else if req.OptionalLimit == 0 { - if _, ok := alreadyPublishedPermissionedResourceIds[item.ResourceId]; ok { + } else if req.GetOptionalLimit() == 0 { + if _, ok := alreadyPublishedPermissionedResourceIds[item.GetResourceId()]; ok { // Skip publishing the duplicate. continue } // TODO(jschorr): Investigate something like a Trie here for better memory efficiency. - alreadyPublishedPermissionedResourceIds[item.ResourceId] = struct{}{} + alreadyPublishedPermissionedResourceIds[item.GetResourceId()] = struct{}{} } var encodedCursor *v1.Cursor - if len(item.AfterResponseCursorSections) > 0 { - currentCursor = item.AfterResponseCursorSections + if len(item.GetAfterResponseCursorSections()) > 0 { + currentCursor = item.GetAfterResponseCursorSections() ec, err := cursor.EncodeFromDispatchCursorSections(currentCursor, lrRequestHash, atRevision, map[string]string{ lrv3CursorFlag: "1", @@ -560,7 +560,7 @@ func (ps *permissionServer) lookupResources3(req *v1.LookupResourcesRequest, res err = resp.Send(&v1.LookupResourcesResponse{ LookedUpAt: revisionReadAt, - ResourceObjectId: item.ResourceId, + ResourceObjectId: item.GetResourceId(), Permissionship: permissionship, PartialCaveatInfo: partial, AfterResultCursor: encodedCursor, @@ -588,22 +588,22 @@ func (ps *permissionServer) lookupResources3(req *v1.LookupResourcesRequest, res TraversalBloom: bf, }, ResourceRelation: &core.RelationReference{ - Namespace: req.ResourceObjectType, - Relation: req.Permission, + Namespace: req.GetResourceObjectType(), + Relation: req.GetPermission(), }, SubjectRelation: &core.RelationReference{ - Namespace: req.Subject.Object.ObjectType, - Relation: normalizeSubjectRelation(req.Subject), + Namespace: req.GetSubject().GetObject().GetObjectType(), + Relation: normalizeSubjectRelation(req.GetSubject()), }, - SubjectIds: []string{req.Subject.Object.ObjectId}, + SubjectIds: []string{req.GetSubject().GetObject().GetObjectId()}, TerminalSubject: &core.ObjectAndRelation{ - Namespace: req.Subject.Object.ObjectType, - ObjectId: req.Subject.Object.ObjectId, - Relation: normalizeSubjectRelation(req.Subject), + Namespace: req.GetSubject().GetObject().GetObjectType(), + ObjectId: req.GetSubject().GetObject().GetObjectId(), + Relation: normalizeSubjectRelation(req.GetSubject()), }, - Context: req.Context, + Context: req.GetContext(), OptionalCursor: currentCursor, - OptionalLimit: req.OptionalLimit, + OptionalLimit: req.GetOptionalLimit(), }, stream) if err != nil { @@ -614,8 +614,8 @@ func (ps *permissionServer) lookupResources3(req *v1.LookupResourcesRequest, res } func (ps *permissionServer) lookupResources2(req *v1.LookupResourcesRequest, resp v1.PermissionsService_LookupResourcesServer) error { - if req.OptionalLimit > 0 && req.OptionalLimit > ps.config.MaxLookupResourcesLimit { - return ps.rewriteError(resp.Context(), NewExceedsMaximumLimitErr(uint64(req.OptionalLimit), uint64(ps.config.MaxLookupResourcesLimit))) + if req.GetOptionalLimit() > 0 && req.GetOptionalLimit() > ps.config.MaxLookupResourcesLimit { + return ps.rewriteError(resp.Context(), NewExceedsMaximumLimitErr(uint64(req.GetOptionalLimit()), uint64(ps.config.MaxLookupResourcesLimit))) } ctx := resp.Context() @@ -630,13 +630,13 @@ func (ps *permissionServer) lookupResources2(req *v1.LookupResourcesRequest, res if err := namespace.CheckNamespaceAndRelations(ctx, []namespace.TypeAndRelationToCheck{ { - NamespaceName: req.ResourceObjectType, - RelationName: req.Permission, + NamespaceName: req.GetResourceObjectType(), + RelationName: req.GetPermission(), AllowEllipsis: false, }, { - NamespaceName: req.Subject.Object.ObjectType, - RelationName: normalizeSubjectRelation(req.Subject), + NamespaceName: req.GetSubject().GetObject().GetObjectType(), + RelationName: normalizeSubjectRelation(req.GetSubject()), AllowEllipsis: true, }, }, ds); err != nil { @@ -658,8 +658,8 @@ func (ps *permissionServer) lookupResources2(req *v1.LookupResourcesRequest, res return ps.rewriteError(ctx, err) } - if req.OptionalCursor != nil { - decodedCursor, _, err := cursor.DecodeToDispatchCursor(req.OptionalCursor, lrRequestHash) + if req.GetOptionalCursor() != nil { + decodedCursor, _, err := cursor.DecodeToDispatchCursor(req.GetOptionalCursor(), lrRequestHash) if err != nil { return ps.rewriteError(ctx, err) } @@ -673,29 +673,29 @@ func (ps *permissionServer) lookupResources2(req *v1.LookupResourcesRequest, res }() stream := dispatchpkg.NewHandlingDispatchStream(ctx, func(result *dispatch.DispatchLookupResources2Response) error { - found := result.Resource + found := result.GetResource() - dispatchpkg.AddResponseMetadata(respMetadata, result.Metadata) - currentCursor = result.AfterResponseCursor + dispatchpkg.AddResponseMetadata(respMetadata, result.GetMetadata()) + currentCursor = result.GetAfterResponseCursor() var partial *v1.PartialCaveatInfo permissionship := v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION - if len(found.MissingContextParams) > 0 { + if len(found.GetMissingContextParams()) > 0 { permissionship = v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION partial = &v1.PartialCaveatInfo{ - MissingRequiredContext: found.MissingContextParams, + MissingRequiredContext: found.GetMissingContextParams(), } - } else if req.OptionalLimit == 0 { - if _, ok := alreadyPublishedPermissionedResourceIds[found.ResourceId]; ok { + } else if req.GetOptionalLimit() == 0 { + if _, ok := alreadyPublishedPermissionedResourceIds[found.GetResourceId()]; ok { // Skip publishing the duplicate. return nil } // TODO(jschorr): Investigate something like a Trie here for better memory efficiency. - alreadyPublishedPermissionedResourceIds[found.ResourceId] = struct{}{} + alreadyPublishedPermissionedResourceIds[found.GetResourceId()] = struct{}{} } - encodedCursor, err := cursor.EncodeFromDispatchCursor(result.AfterResponseCursor, lrRequestHash, atRevision, map[string]string{ + encodedCursor, err := cursor.EncodeFromDispatchCursor(result.GetAfterResponseCursor(), lrRequestHash, atRevision, map[string]string{ lrv2CursorFlag: "1", }) if err != nil { @@ -704,7 +704,7 @@ func (ps *permissionServer) lookupResources2(req *v1.LookupResourcesRequest, res err = resp.Send(&v1.LookupResourcesResponse{ LookedUpAt: revisionReadAt, - ResourceObjectId: found.ResourceId, + ResourceObjectId: found.GetResourceId(), Permissionship: permissionship, PartialCaveatInfo: partial, AfterResultCursor: encodedCursor, @@ -730,22 +730,22 @@ func (ps *permissionServer) lookupResources2(req *v1.LookupResourcesRequest, res TraversalBloom: bf, }, ResourceRelation: &core.RelationReference{ - Namespace: req.ResourceObjectType, - Relation: req.Permission, + Namespace: req.GetResourceObjectType(), + Relation: req.GetPermission(), }, SubjectRelation: &core.RelationReference{ - Namespace: req.Subject.Object.ObjectType, - Relation: normalizeSubjectRelation(req.Subject), + Namespace: req.GetSubject().GetObject().GetObjectType(), + Relation: normalizeSubjectRelation(req.GetSubject()), }, - SubjectIds: []string{req.Subject.Object.ObjectId}, + SubjectIds: []string{req.GetSubject().GetObject().GetObjectId()}, TerminalSubject: &core.ObjectAndRelation{ - Namespace: req.Subject.Object.ObjectType, - ObjectId: req.Subject.Object.ObjectId, - Relation: normalizeSubjectRelation(req.Subject), + Namespace: req.GetSubject().GetObject().GetObjectType(), + ObjectId: req.GetSubject().GetObject().GetObjectId(), + Relation: normalizeSubjectRelation(req.GetSubject()), }, - Context: req.Context, + Context: req.GetContext(), OptionalCursor: currentCursor, - OptionalLimit: req.OptionalLimit, + OptionalLimit: req.GetOptionalLimit(), }, stream) if err != nil { @@ -758,16 +758,16 @@ func (ps *permissionServer) lookupResources2(req *v1.LookupResourcesRequest, res func (ps *permissionServer) LookupSubjects(req *v1.LookupSubjectsRequest, resp v1.PermissionsService_LookupSubjectsServer) error { perfinsights.SetInContext(resp.Context(), func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.Resource.ObjectType, - perfinsights.ResourceRelationLabel: req.Permission, - perfinsights.SubjectTypeLabel: req.SubjectObjectType, - perfinsights.SubjectRelationLabel: req.OptionalSubjectRelation, + perfinsights.ResourceTypeLabel: req.GetResource().GetObjectType(), + perfinsights.ResourceRelationLabel: req.GetPermission(), + perfinsights.SubjectTypeLabel: req.GetSubjectObjectType(), + perfinsights.SubjectRelationLabel: req.GetOptionalSubjectRelation(), } }) ctx := resp.Context() - if req.OptionalConcreteLimit != 0 { + if req.GetOptionalConcreteLimit() != 0 { return ps.rewriteError(ctx, status.Errorf(codes.Unimplemented, "concrete limit is not yet supported")) } @@ -778,7 +778,7 @@ func (ps *permissionServer) LookupSubjects(req *v1.LookupSubjectsRequest, resp v ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) - caveatContext, err := GetCaveatContext(ctx, req.Context, ps.config.MaxCaveatContextSize) + caveatContext, err := GetCaveatContext(ctx, req.GetContext(), ps.config.MaxCaveatContextSize) if err != nil { return ps.rewriteError(ctx, err) } @@ -786,13 +786,13 @@ func (ps *permissionServer) LookupSubjects(req *v1.LookupSubjectsRequest, resp v if err := namespace.CheckNamespaceAndRelations(ctx, []namespace.TypeAndRelationToCheck{ { - NamespaceName: req.Resource.ObjectType, - RelationName: req.Permission, + NamespaceName: req.GetResource().GetObjectType(), + RelationName: req.GetPermission(), AllowEllipsis: false, }, { - NamespaceName: req.SubjectObjectType, - RelationName: cmp.Or(req.OptionalSubjectRelation, tuple.Ellipsis), + NamespaceName: req.GetSubjectObjectType(), + RelationName: cmp.Or(req.GetOptionalSubjectRelation(), tuple.Ellipsis), AllowEllipsis: true, }, }, ds); err != nil { @@ -813,19 +813,19 @@ func (ps *permissionServer) LookupSubjects(req *v1.LookupSubjectsRequest, resp v }() stream := dispatchpkg.NewHandlingDispatchStream(ctx, func(result *dispatch.DispatchLookupSubjectsResponse) error { - foundSubjects, ok := result.FoundSubjectsByResourceId[req.Resource.ObjectId] + foundSubjects, ok := result.GetFoundSubjectsByResourceId()[req.GetResource().GetObjectId()] if !ok { return errors.New("missing resource ID in returned LS") } - for _, foundSubject := range foundSubjects.FoundSubjects { - excludedSubjectIDs := make([]string, 0, len(foundSubject.ExcludedSubjects)) - for _, excludedSubject := range foundSubject.ExcludedSubjects { - excludedSubjectIDs = append(excludedSubjectIDs, excludedSubject.SubjectId) + for _, foundSubject := range foundSubjects.GetFoundSubjects() { + excludedSubjectIDs := make([]string, 0, len(foundSubject.GetExcludedSubjects())) + for _, excludedSubject := range foundSubject.GetExcludedSubjects() { + excludedSubjectIDs = append(excludedSubjectIDs, excludedSubject.GetSubjectId()) } - excludedSubjects := make([]*v1.ResolvedSubject, 0, len(foundSubject.ExcludedSubjects)) - for _, excludedSubject := range foundSubject.ExcludedSubjects { + excludedSubjects := make([]*v1.ResolvedSubject, 0, len(foundSubject.GetExcludedSubjects())) + for _, excludedSubject := range foundSubject.GetExcludedSubjects() { resolvedExcludedSubject, err := foundSubjectToResolvedSubject(ctx, excludedSubject, caveatContext, ds, ps.config.CaveatTypeSet) if err != nil { return err @@ -850,10 +850,10 @@ func (ps *permissionServer) LookupSubjects(req *v1.LookupSubjectsRequest, resp v Subject: subject, ExcludedSubjects: excludedSubjects, LookedUpAt: revisionReadAt, - SubjectObjectId: foundSubject.SubjectId, // Deprecated - ExcludedSubjectIds: excludedSubjectIDs, // Deprecated - Permissionship: subject.Permissionship, // Deprecated - PartialCaveatInfo: subject.PartialCaveatInfo, // Deprecated + SubjectObjectId: foundSubject.GetSubjectId(), // Deprecated + ExcludedSubjectIds: excludedSubjectIDs, // Deprecated + Permissionship: subject.GetPermissionship(), // Deprecated + PartialCaveatInfo: subject.GetPartialCaveatInfo(), // Deprecated }) if err != nil { return err @@ -861,7 +861,7 @@ func (ps *permissionServer) LookupSubjects(req *v1.LookupSubjectsRequest, resp v } totalCountPublished++ - dispatchpkg.AddResponseMetadata(respMetadata, result.Metadata) + dispatchpkg.AddResponseMetadata(respMetadata, result.GetMetadata()) return nil }) @@ -878,13 +878,13 @@ func (ps *permissionServer) LookupSubjects(req *v1.LookupSubjectsRequest, resp v TraversalBloom: bf, }, ResourceRelation: &core.RelationReference{ - Namespace: req.Resource.ObjectType, - Relation: req.Permission, + Namespace: req.GetResource().GetObjectType(), + Relation: req.GetPermission(), }, - ResourceIds: []string{req.Resource.ObjectId}, + ResourceIds: []string{req.GetResource().GetObjectId()}, SubjectRelation: &core.RelationReference{ - Namespace: req.SubjectObjectType, - Relation: cmp.Or(req.OptionalSubjectRelation, tuple.Ellipsis), + Namespace: req.GetSubjectObjectType(), + Relation: cmp.Or(req.GetOptionalSubjectRelation(), tuple.Ellipsis), }, }, stream) @@ -921,17 +921,17 @@ func foundSubjectToResolvedSubject(ctx context.Context, foundSubject *dispatch.F } return &v1.ResolvedSubject{ - SubjectObjectId: foundSubject.SubjectId, + SubjectObjectId: foundSubject.GetSubjectId(), Permissionship: permissionship, PartialCaveatInfo: partialCaveat, }, nil } func normalizeSubjectRelation(sub *v1.SubjectReference) string { - if sub.OptionalRelation == "" { + if sub.GetOptionalRelation() == "" { return graph.Ellipsis } - return sub.OptionalRelation + return sub.GetOptionalRelation() } func denormalizeSubjectRelation(relation string) string { @@ -989,7 +989,7 @@ func (a *loadBulkAdapter) Next(_ context.Context) (*tuple.Relationship, error) { return nil, a.err } - a.currentBatch = batch.Relationships + a.currentBatch = batch.GetRelationships() a.numSent = 0 a.awaitingNamespaces, a.awaitingCaveats = extractBatchNewReferencedNamespacesAndCaveats( @@ -1004,23 +1004,23 @@ func (a *loadBulkAdapter) Next(_ context.Context) (*tuple.Relationship, error) { return nil, nil } - a.current.Resource.ObjectType = a.currentBatch[a.numSent].Resource.ObjectType - a.current.Resource.ObjectID = a.currentBatch[a.numSent].Resource.ObjectId - a.current.Resource.Relation = a.currentBatch[a.numSent].Relation - a.current.Subject.ObjectType = a.currentBatch[a.numSent].Subject.Object.ObjectType - a.current.Subject.ObjectID = a.currentBatch[a.numSent].Subject.Object.ObjectId - a.current.Subject.Relation = cmp.Or(a.currentBatch[a.numSent].Subject.OptionalRelation, tuple.Ellipsis) + a.current.Resource.ObjectType = a.currentBatch[a.numSent].GetResource().GetObjectType() + a.current.Resource.ObjectID = a.currentBatch[a.numSent].GetResource().GetObjectId() + a.current.Resource.Relation = a.currentBatch[a.numSent].GetRelation() + a.current.Subject.ObjectType = a.currentBatch[a.numSent].GetSubject().GetObject().GetObjectType() + a.current.Subject.ObjectID = a.currentBatch[a.numSent].GetSubject().GetObject().GetObjectId() + a.current.Subject.Relation = cmp.Or(a.currentBatch[a.numSent].GetSubject().GetOptionalRelation(), tuple.Ellipsis) - if a.currentBatch[a.numSent].OptionalCaveat != nil { - a.caveat.CaveatName = a.currentBatch[a.numSent].OptionalCaveat.CaveatName - a.caveat.Context = a.currentBatch[a.numSent].OptionalCaveat.Context + if a.currentBatch[a.numSent].GetOptionalCaveat() != nil { + a.caveat.CaveatName = a.currentBatch[a.numSent].GetOptionalCaveat().GetCaveatName() + a.caveat.Context = a.currentBatch[a.numSent].GetOptionalCaveat().GetContext() a.current.OptionalCaveat = &a.caveat } else { a.current.OptionalCaveat = nil } - if a.currentBatch[a.numSent].OptionalExpiresAt != nil { - t := a.currentBatch[a.numSent].OptionalExpiresAt.AsTime() + if a.currentBatch[a.numSent].GetOptionalExpiresAt() != nil { + t := a.currentBatch[a.numSent].GetOptionalExpiresAt().AsTime() a.current.OptionalExpiration = &t } else { a.current.OptionalExpiration = nil @@ -1080,7 +1080,7 @@ func (ps *permissionServer) ImportBulkRelationships(stream grpc.ClientStreamingS return err } - loadedNamespaces[nsDef.Definition.Name] = newDef + loadedNamespaces[nsDef.Definition.GetName()] = newDef } adapter.awaitingNamespaces = nil } @@ -1092,7 +1092,7 @@ func (ps *permissionServer) ImportBulkRelationships(stream grpc.ClientStreamingS } for _, caveat := range caveats { - loadedCaveats[caveat.Definition.Name] = caveat.Definition + loadedCaveats[caveat.Definition.GetName()] = caveat.Definition } adapter.awaitingCaveats = nil } @@ -1120,7 +1120,7 @@ func (ps *permissionServer) ExportBulkRelationships( ) error { ctx := resp.Context() perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { - return labelsForFilter(req.OptionalRelationshipFilter) + return labelsForFilter(req.GetOptionalRelationshipFilter()) }) atRevision, _, err := consistency.RevisionFromContext(ctx) @@ -1135,16 +1135,16 @@ func (ps *permissionServer) ExportBulkRelationships( // export stream via the sender all relationships matched by the incoming request. // If no cursor is provided, it will fallback to the provided revision. func ExportBulk(ctx context.Context, ds datastore.Datastore, batchSize uint64, req *v1.ExportBulkRelationshipsRequest, fallbackRevision datastore.Revision, sender func(response *v1.ExportBulkRelationshipsResponse) error) error { - if req.OptionalLimit > 0 && uint64(req.OptionalLimit) > batchSize { - return shared.RewriteErrorWithoutConfig(ctx, NewExceedsMaximumLimitErr(uint64(req.OptionalLimit), batchSize)) + if req.GetOptionalLimit() > 0 && uint64(req.GetOptionalLimit()) > batchSize { + return shared.RewriteErrorWithoutConfig(ctx, NewExceedsMaximumLimitErr(uint64(req.GetOptionalLimit()), batchSize)) } atRevision := fallbackRevision var curNamespace string var cur dsoptions.Cursor - if req.OptionalCursor != nil { + if req.GetOptionalCursor() != nil { var err error - atRevision, curNamespace, cur, err = decodeCursor(ds, req.OptionalCursor) + atRevision, curNamespace, cur, err = decodeCursor(ds, req.GetOptionalCursor()) if err != nil { return shared.RewriteErrorWithoutConfig(ctx, err) } @@ -1162,17 +1162,17 @@ func ExportBulk(ctx context.Context, ds datastore.Datastore, batchSize uint64, r lhs datastore.RevisionedDefinition[*core.NamespaceDefinition], rhs datastore.RevisionedDefinition[*core.NamespaceDefinition], ) int { - return strings.Compare(lhs.Definition.Name, rhs.Definition.Name) + return strings.Compare(lhs.Definition.GetName(), rhs.Definition.GetName()) }) // Skip the namespaces that are already fully returned - for cur != nil && len(namespaces) > 0 && namespaces[0].Definition.Name < curNamespace { + for cur != nil && len(namespaces) > 0 && namespaces[0].Definition.GetName() < curNamespace { namespaces = namespaces[1:] } limit := batchSize - if req.OptionalLimit > 0 { - limit = uint64(req.OptionalLimit) + if req.GetOptionalLimit() > 0 { + limit = uint64(req.GetOptionalLimit()) } // Pre-allocate all of the relationships that we might need in order to @@ -1195,27 +1195,27 @@ func ExportBulk(ctx context.Context, ds datastore.Datastore, batchSize uint64, r rels := emptyRels // Reset the cursor between namespaces. - if ns.Definition.Name != curNamespace { + if ns.Definition.GetName() != curNamespace { cur = nil } // Skip this namespace if a resource type filter was specified. - if req.OptionalRelationshipFilter != nil && req.OptionalRelationshipFilter.ResourceType != "" { - if ns.Definition.Name != req.OptionalRelationshipFilter.ResourceType { + if req.GetOptionalRelationshipFilter() != nil && req.GetOptionalRelationshipFilter().GetResourceType() != "" { + if ns.Definition.GetName() != req.GetOptionalRelationshipFilter().GetResourceType() { continue } } // Setup the filter to use for the relationships. - relationshipFilter := datastore.RelationshipsFilter{OptionalResourceType: ns.Definition.Name} - if req.OptionalRelationshipFilter != nil { - rf, err := datastore.RelationshipsFilterFromPublicFilter(req.OptionalRelationshipFilter) + relationshipFilter := datastore.RelationshipsFilter{OptionalResourceType: ns.Definition.GetName()} + if req.GetOptionalRelationshipFilter() != nil { + rf, err := datastore.RelationshipsFilterFromPublicFilter(req.GetOptionalRelationshipFilter()) if err != nil { return shared.RewriteErrorWithoutConfig(ctx, err) } // Overload the namespace name with the one from the request, because each iteration is for a different namespace. - rf.OptionalResourceType = ns.Definition.Name + rf.OptionalResourceType = ns.Definition.GetName() relationshipFilter = rf } @@ -1239,8 +1239,8 @@ func ExportBulk(ctx context.Context, ds datastore.Datastore, batchSize uint64, r v1Rel.Subject.OptionalRelation = denormalizeSubjectRelation(rel.Subject.Relation) if rel.OptionalCaveat != nil { - caveatArray[offset].CaveatName = rel.OptionalCaveat.CaveatName - caveatArray[offset].Context = rel.OptionalCaveat.Context + caveatArray[offset].CaveatName = rel.OptionalCaveat.GetCaveatName() + caveatArray[offset].Context = rel.OptionalCaveat.GetContext() v1Rel.OptionalCaveat = &caveatArray[offset] } else { caveatArray[offset].CaveatName = "" @@ -1278,7 +1278,7 @@ func ExportBulk(ctx context.Context, ds datastore.Datastore, batchSize uint64, r V1: &implv1.V1Cursor{ Revision: atRevision.String(), Sections: []string{ - ns.Definition.Name, + ns.Definition.GetName(), tuple.MustString(*dsoptions.ToRelationship(cur)), }, }, diff --git a/internal/services/v1/permissions_test.go b/internal/services/v1/permissions_test.go index 1d40a879c..d2d864682 100644 --- a/internal/services/v1/permissions_test.go +++ b/internal/services/v1/permissions_test.go @@ -259,12 +259,12 @@ func TestCheckPermissions(t *testing.T) { tc := tc t.Run(fmt.Sprintf( "%s:%s#%s@%s:%s#%s", - tc.resource.ObjectType, - tc.resource.ObjectId, + tc.resource.GetObjectType(), + tc.resource.GetObjectId(), tc.permission, - tc.subject.Object.ObjectType, - tc.subject.Object.ObjectId, - tc.subject.OptionalRelation, + tc.subject.GetObject().GetObjectType(), + tc.subject.GetObject().GetObjectId(), + tc.subject.GetOptionalRelation(), ), func(t *testing.T) { require := require.New(t) conn, cleanup, _, revision := testserver.NewTestServer(require, delta, memdb.DisableGC, true, tf.StandardDatastoreWithData) @@ -290,7 +290,7 @@ func TestCheckPermissions(t *testing.T) { if tc.expectedStatus == codes.OK { require.NoError(err) - require.Equal(tc.expected, checkResp.Permissionship) + require.Equal(tc.expected, checkResp.GetPermissionship()) dispatchCount, err := responsemeta.GetIntResponseTrailerMetadata(trailer, responsemeta.DispatchedOperationsCount) require.NoError(err) @@ -302,13 +302,13 @@ func TestCheckPermissions(t *testing.T) { if debug { require.Nil(encodedDebugInfo) - debugInfo := checkResp.DebugTrace - require.NotNil(debugInfo.Check) - require.NotNil(debugInfo.Check.Duration) - require.Equal(tuple.V1StringObjectRef(tc.resource), tuple.V1StringObjectRef(debugInfo.Check.Resource)) - require.Equal(tc.permission, debugInfo.Check.Permission) - require.Equal(tuple.V1StringSubjectRef(tc.subject), tuple.V1StringSubjectRef(debugInfo.Check.Subject)) - require.NotEmpty(debugInfo.Check.Source, "source in debug trace is empty") + debugInfo := checkResp.GetDebugTrace() + require.NotNil(debugInfo.GetCheck()) + require.NotNil(debugInfo.GetCheck().GetDuration()) + require.Equal(tuple.V1StringObjectRef(tc.resource), tuple.V1StringObjectRef(debugInfo.GetCheck().GetResource())) + require.Equal(tc.permission, debugInfo.GetCheck().GetPermission()) + require.Equal(tuple.V1StringSubjectRef(tc.subject), tuple.V1StringSubjectRef(debugInfo.GetCheck().GetSubject())) + require.NotEmpty(debugInfo.GetCheck().GetSource(), "source in debug trace is empty") } else { require.Nil(encodedDebugInfo) } @@ -370,7 +370,7 @@ func TestCheckPermissionWithDebugInfo(t *testing.T) { }, grpc.Trailer(&trailer)) require.NoError(err) - require.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, checkResp.Permissionship) + require.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, checkResp.GetPermissionship()) encodedDebugInfo, err := responsemeta.GetResponseTrailerMetadataOrNil(trailer, responsemeta.DebugInformation) require.NoError(err) @@ -378,16 +378,16 @@ func TestCheckPermissionWithDebugInfo(t *testing.T) { // debug info is returned empty to make sure clients are not broken with backward incompatible payloads require.Nil(encodedDebugInfo) - debugInfo := checkResp.DebugTrace - require.GreaterOrEqual(len(debugInfo.Check.GetSubProblems().Traces), 1) - require.NotEmpty(debugInfo.SchemaUsed) + debugInfo := checkResp.GetDebugTrace() + require.GreaterOrEqual(len(debugInfo.GetCheck().GetSubProblems().GetTraces()), 1) + require.NotEmpty(debugInfo.GetSchemaUsed()) // Compile the schema into the namespace definitions. compiled, err := compiler.Compile(compiler.InputSchema{ Source: input.Source("schema"), - SchemaString: debugInfo.SchemaUsed, + SchemaString: debugInfo.GetSchemaUsed(), }, compiler.AllowUnprefixedObjectType()) - require.NoError(err, "Invalid schema: %s", debugInfo.SchemaUsed) + require.NoError(err, "Invalid schema: %s", debugInfo.GetSchemaUsed()) require.Len(compiled.OrderedDefinitions, 4) } @@ -440,16 +440,16 @@ func TestCheckPermissionWithDebugInfoInError(t *testing.T) { foundDebugInfo := false for _, d := range s.Details() { if errInfo, ok := d.(*errdetails.ErrorInfo); ok { - req.NotNil(errInfo.Metadata) - req.NotNil(errInfo.Metadata[string(spiceerrors.DebugTraceErrorDetailsKey)]) - req.NotEmpty(errInfo.Metadata[string(spiceerrors.DebugTraceErrorDetailsKey)]) + req.NotNil(errInfo.GetMetadata()) + req.NotNil(errInfo.GetMetadata()[string(spiceerrors.DebugTraceErrorDetailsKey)]) + req.NotEmpty(errInfo.GetMetadata()[string(spiceerrors.DebugTraceErrorDetailsKey)]) debugInfo := &v1.DebugInformation{} - err = prototext.Unmarshal([]byte(errInfo.Metadata[string(spiceerrors.DebugTraceErrorDetailsKey)]), debugInfo) + err = prototext.Unmarshal([]byte(errInfo.GetMetadata()[string(spiceerrors.DebugTraceErrorDetailsKey)]), debugInfo) req.NoError(err) - req.Len(debugInfo.Check.GetSubProblems().Traces, 1) - req.Len(debugInfo.Check.GetSubProblems().Traces[0].GetSubProblems().Traces, 1) + req.Len(debugInfo.GetCheck().GetSubProblems().GetTraces(), 1) + req.Len(debugInfo.GetCheck().GetSubProblems().GetTraces()[0].GetSubProblems().GetTraces(), 1) foundDebugInfo = true } @@ -627,7 +627,7 @@ func TestLookupResources(t *testing.T) { t.Run(fmt.Sprintf("fuzz%d", delta/time.Millisecond), func(t *testing.T) { for _, tc := range testCases { tc := tc - t.Run(fmt.Sprintf("%s::%s from %s:%s#%s", tc.objectType, tc.permission, tc.subject.Object.ObjectType, tc.subject.Object.ObjectId, tc.subject.OptionalRelation), func(t *testing.T) { + t.Run(fmt.Sprintf("%s::%s from %s:%s#%s", tc.objectType, tc.permission, tc.subject.GetObject().GetObjectType(), tc.subject.GetObject().GetObjectId(), tc.subject.GetOptionalRelation()), func(t *testing.T) { for _, useV2 := range []bool{false, true} { useV2 := useV2 t.Run(fmt.Sprintf("v2:%v", useV2), func(t *testing.T) { @@ -672,7 +672,7 @@ func TestLookupResources(t *testing.T) { require.NoError(err) - resolvedObjectIds = append(resolvedObjectIds, resp.ResourceObjectId) + resolvedObjectIds = append(resolvedObjectIds, resp.GetResourceObjectId()) } slices.Sort(tc.expectedObjectIds) @@ -739,7 +739,7 @@ func TestExpand(t *testing.T) { }, grpc.Trailer(&trailer)) if tc.expectedErrorCode == codes.OK { require.NoError(err) - require.Equal(tc.expandRelatedCount, countLeafs(expanded.TreeRoot)) + require.Equal(tc.expandRelatedCount, countLeafs(expanded.GetTreeRoot())) dispatchCount, err := responsemeta.GetIntResponseTrailerMetadata(trailer, responsemeta.DispatchedOperationsCount) require.NoError(err) @@ -754,13 +754,13 @@ func TestExpand(t *testing.T) { } func countLeafs(node *v1.PermissionRelationshipTree) int { - switch t := node.TreeType.(type) { + switch t := node.GetTreeType().(type) { case *v1.PermissionRelationshipTree_Leaf: - return len(t.Leaf.Subjects) + return len(t.Leaf.GetSubjects()) case *v1.PermissionRelationshipTree_Intermediate: count := 0 - for _, child := range t.Intermediate.Children { + for _, child := range t.Intermediate.GetChildren() { count += countLeafs(child) } return count @@ -988,7 +988,7 @@ func TestLookupSubjects(t *testing.T) { t.Run(fmt.Sprintf("fuzz%d", delta/time.Millisecond), func(t *testing.T) { for _, tc := range testCases { tc := tc - t.Run(fmt.Sprintf("%s:%s#%s for %s#%s", tc.resource.ObjectType, tc.resource.ObjectId, tc.permission, tc.subjectType, tc.subjectRelation), func(t *testing.T) { + t.Run(fmt.Sprintf("%s:%s#%s for %s#%s", tc.resource.GetObjectType(), tc.resource.GetObjectId(), tc.permission, tc.subjectType, tc.subjectRelation), func(t *testing.T) { require := require.New(t) conn, cleanup, _, revision := testserver.NewTestServer(require, delta, memdb.DisableGC, true, tf.StandardDatastoreWithData) client := v1.NewPermissionsServiceClient(conn) @@ -1019,7 +1019,7 @@ func TestLookupSubjects(t *testing.T) { require.NoError(err) - resolvedObjectIds = append(resolvedObjectIds, resp.Subject.SubjectObjectId) + resolvedObjectIds = append(resolvedObjectIds, resp.GetSubject().GetSubjectObjectId()) } slices.Sort(tc.expectedSubjectIds) @@ -1066,7 +1066,7 @@ func TestCheckWithCaveats(t *testing.T) { checkResp, err := client.CheckPermission(ctx, request) req.NoError(err) - req.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION, checkResp.Permissionship) + req.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_NO_PERMISSION, checkResp.GetPermissionship()) // caveat evaluated and returned true request.Context, err = structpb.NewStruct(map[string]any{"secret": "1234"}) @@ -1074,14 +1074,14 @@ func TestCheckWithCaveats(t *testing.T) { checkResp, err = client.CheckPermission(ctx, request) req.NoError(err) - req.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, checkResp.Permissionship) + req.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_HAS_PERMISSION, checkResp.GetPermissionship()) // caveat evaluated but context variable was missing request.Context = nil checkResp, err = client.CheckPermission(ctx, request) req.NoError(err) - req.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION, checkResp.Permissionship) - req.Equal([]string{"secret"}, checkResp.PartialCaveatInfo.MissingRequiredContext) + req.Equal(v1.CheckPermissionResponse_PERMISSIONSHIP_CONDITIONAL_PERMISSION, checkResp.GetPermissionship()) + req.Equal([]string{"secret"}, checkResp.GetPartialCaveatInfo().GetMissingRequiredContext()) // context exceeds length limit request.Context, err = structpb.NewStruct(generateMap(64)) @@ -1246,12 +1246,12 @@ func TestLookupResourcesWithCaveats(t *testing.T) { require.GreaterOrEqual(t, 3, len(responses)) require.LessOrEqual(t, 2, len(responses)) - require.Equal(t, "first", responses[0].ResourceObjectId) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, responses[0].Permissionship) + require.Equal(t, "first", responses[0].GetResourceObjectId()) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, responses[0].GetPermissionship()) - require.Equal(t, "second", responses[1].ResourceObjectId) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, responses[1].Permissionship) - require.Equal(t, []string{"somecondition"}, responses[1].PartialCaveatInfo.MissingRequiredContext) + require.Equal(t, "second", responses[1].GetResourceObjectId()) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, responses[1].GetPermissionship()) + require.Equal(t, []string{"somecondition"}, responses[1].GetPartialCaveatInfo().GetMissingRequiredContext()) // Run with full context. caveatContext, err = structpb.NewStruct(map[string]any{ @@ -1288,17 +1288,17 @@ func TestLookupResourcesWithCaveats(t *testing.T) { require.Len(t, responses, 2) slices.SortFunc(responses, byIDAndPermission) - require.Equal(t, "first", responses[0].ResourceObjectId) // nolint: gosec - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, responses[0].Permissionship) // nolint: gosec + require.Equal(t, "first", responses[0].GetResourceObjectId()) // nolint: gosec + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, responses[0].GetPermissionship()) // nolint: gosec - require.Equal(t, "second", responses[1].ResourceObjectId) // nolint: gosec - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, responses[1].Permissionship) // nolint: gosec + require.Equal(t, "second", responses[1].GetResourceObjectId()) // nolint: gosec + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_HAS_PERMISSION, responses[1].GetPermissionship()) // nolint: gosec } func byIDAndPermission(a, b *v1.LookupResourcesResponse) int { return strings.Compare( - fmt.Sprintf("%s:%v", a.ResourceObjectId, a.Permissionship), - fmt.Sprintf("%s:%v", b.ResourceObjectId, b.Permissionship), + fmt.Sprintf("%s:%v", a.GetResourceObjectId(), a.GetPermissionship()), + fmt.Sprintf("%s:%v", b.GetResourceObjectId(), b.GetPermissionship()), ) } @@ -1356,8 +1356,8 @@ func TestLookupSubjectsWithCaveats(t *testing.T) { require.NoError(t, err) resolvedSubjects = append(resolvedSubjects, expectedSubject{ - resp.Subject.SubjectObjectId, - resp.Subject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, + resp.GetSubject().GetSubjectObjectId(), + resp.GetSubject().GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, }) } @@ -1401,8 +1401,8 @@ func TestLookupSubjectsWithCaveats(t *testing.T) { require.NoError(t, err) resolvedSubjects = append(resolvedSubjects, expectedSubject{ - resp.Subject.SubjectObjectId, - resp.Subject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, + resp.GetSubject().GetSubjectObjectId(), + resp.GetSubject().GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, }) } @@ -1446,8 +1446,8 @@ func TestLookupSubjectsWithCaveats(t *testing.T) { require.NoError(t, err) resolvedSubjects = append(resolvedSubjects, expectedSubject{ - resp.Subject.SubjectObjectId, - resp.Subject.Permissionship == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, + resp.GetSubject().GetSubjectObjectId(), + resp.GetSubject().GetPermissionship() == v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, }) } @@ -1520,12 +1520,12 @@ func TestLookupSubjectsWithCaveatedWildcards(t *testing.T) { found = true require.NoError(t, err) - require.Equal(t, "*", resp.Subject.SubjectObjectId) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resp.Subject.Permissionship) - require.Len(t, resp.ExcludedSubjects, 1) + require.Equal(t, "*", resp.GetSubject().GetSubjectObjectId()) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resp.GetSubject().GetPermissionship()) + require.Len(t, resp.GetExcludedSubjects(), 1) - require.Equal(t, "bannedguy", resp.ExcludedSubjects[0].SubjectObjectId) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resp.ExcludedSubjects[0].Permissionship) + require.Equal(t, "bannedguy", resp.GetExcludedSubjects()[0].GetSubjectObjectId()) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resp.GetExcludedSubjects()[0].GetPermissionship()) } require.True(t, found) @@ -1559,9 +1559,9 @@ func TestLookupSubjectsWithCaveatedWildcards(t *testing.T) { found = true require.NoError(t, err) - require.Equal(t, "*", resp.Subject.SubjectObjectId) - require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resp.Subject.Permissionship) - require.Empty(t, resp.ExcludedSubjects) + require.Equal(t, "*", resp.GetSubject().GetSubjectObjectId()) + require.Equal(t, v1.LookupPermissionship_LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION, resp.GetSubject().GetPermissionship()) + require.Empty(t, resp.GetExcludedSubjects()) } require.True(t, found) } @@ -1662,7 +1662,7 @@ func TestLookupResourcesWithCursors(t *testing.T) { t.Run(fmt.Sprintf("limit%d", limit), func(t *testing.T) { for _, tc := range testCases { tc := tc - t.Run(fmt.Sprintf("%s::%s from %s:%s#%s", tc.objectType, tc.permission, tc.subject.Object.ObjectType, tc.subject.Object.ObjectId, tc.subject.OptionalRelation), func(t *testing.T) { + t.Run(fmt.Sprintf("%s::%s from %s:%s#%s", tc.objectType, tc.permission, tc.subject.GetObject().GetObjectType(), tc.subject.GetObject().GetObjectId(), tc.subject.GetOptionalRelation()), func(t *testing.T) { require := require.New(t) conn, cleanup, _, revision := testserver.NewTestServer(require, delta, memdb.DisableGC, true, tf.StandardDatastoreWithData) client := v1.NewPermissionsServiceClient(conn) @@ -1700,9 +1700,9 @@ func TestLookupResourcesWithCursors(t *testing.T) { require.NoError(err) - locallyResolvedObjectIds = append(locallyResolvedObjectIds, resp.ResourceObjectId) - foundObjectIds.Add(resp.ResourceObjectId) - currentCursor = resp.AfterResultCursor + locallyResolvedObjectIds = append(locallyResolvedObjectIds, resp.GetResourceObjectId()) + foundObjectIds.Add(resp.GetResourceObjectId()) + currentCursor = resp.GetAfterResultCursor() } require.LessOrEqual(len(locallyResolvedObjectIds), limit) @@ -1766,7 +1766,7 @@ func TestLookupResourcesDeduplication(t *testing.T) { } require.NoError(t, err) - require.True(t, foundObjectIds.Add(resp.ResourceObjectId)) + require.True(t, foundObjectIds.Add(resp.GetResourceObjectId())) } require.Equal(t, []string{"first"}, foundObjectIds.AsSlice()) @@ -2008,14 +2008,14 @@ func TestCheckBulkPermissions(t *testing.T) { } pair := &v1.CheckBulkPermissionsPair{ Request: &v1.CheckBulkPermissionsRequestItem{ - Resource: reqRel.Resource, - Permission: reqRel.Relation, - Subject: reqRel.Subject, + Resource: reqRel.GetResource(), + Permission: reqRel.GetRelation(), + Subject: reqRel.GetSubject(), }, Response: resp, } - if reqRel.OptionalCaveat != nil { - pair.Request.Context = reqRel.OptionalCaveat.Context + if reqRel.GetOptionalCaveat() != nil { + pair.Request.Context = reqRel.GetOptionalCaveat().GetContext() } if len(r.partial) > 0 { resp.Item.PartialCaveatInfo = &v1.PartialCaveatInfo{ @@ -2039,18 +2039,18 @@ func TestCheckBulkPermissions(t *testing.T) { require.NoError(t, err) if withTracing { - for index, pair := range actual.Pairs { + for index, pair := range actual.GetPairs() { if pair.GetItem() != nil { parsed := tuple.MustParse(tt.requests[index]) - require.NotNil(t, pair.GetItem().DebugTrace, "missing debug trace in response for item %v", pair.GetItem()) - require.NotEqual(t, pair.GetItem().DebugTrace.Check, nil, "missing check trace in response for item %v", pair.GetItem()) - require.Equal(t, parsed.Resource.ObjectID, pair.GetItem().DebugTrace.Check.Resource.ObjectId, "resource in debug trace does not match") - require.NotEmpty(t, pair.GetItem().DebugTrace.Check.TraceOperationId, "trace operation ID in debug trace is empty") - require.NotEmpty(t, pair.GetItem().DebugTrace.Check.Source, "source in debug trace is empty") + require.NotNil(t, pair.GetItem().GetDebugTrace(), "missing debug trace in response for item %v", pair.GetItem()) + require.NotEqual(t, pair.GetItem().GetDebugTrace().GetCheck(), nil, "missing check trace in response for item %v", pair.GetItem()) + require.Equal(t, parsed.Resource.ObjectID, pair.GetItem().GetDebugTrace().GetCheck().GetResource().GetObjectId(), "resource in debug trace does not match") + require.NotEmpty(t, pair.GetItem().GetDebugTrace().GetCheck().GetTraceOperationId(), "trace operation ID in debug trace is empty") + require.NotEmpty(t, pair.GetItem().GetDebugTrace().GetCheck().GetSource(), "source in debug trace is empty") } } } else { - testutil.RequireProtoSlicesEqual(t, expected, actual.Pairs, nil, "response bulk check pairs did not match") + testutil.RequireProtoSlicesEqual(t, expected, actual.GetPairs(), nil, "response bulk check pairs did not match") } }) } @@ -2065,12 +2065,12 @@ func mustRelToCheckBulkRequestItem(rel string) *v1.CheckBulkPermissionsRequestIt } item := &v1.CheckBulkPermissionsRequestItem{ - Resource: r.Resource, - Permission: r.Relation, - Subject: r.Subject, + Resource: r.GetResource(), + Permission: r.GetRelation(), + Subject: r.GetSubject(), } - if r.OptionalCaveat != nil { - item.Context = r.OptionalCaveat.Context + if r.GetOptionalCaveat() != nil { + item.Context = r.GetOptionalCaveat().GetContext() } return item } @@ -2114,10 +2114,10 @@ func TestImportBulkRelationships(t *testing.T) { switch withTrait { case "caveated_viewer": batch = append(batch, mustRelWithCaveatAndContext( - tf.DocumentNS.Name, + tf.DocumentNS.GetName(), strconv.Itoa(batchNum)+"_"+strconv.FormatUint(i, 10), "caveated_viewer", - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.FormatUint(i, 10), "", "test", @@ -2125,20 +2125,20 @@ func TestImportBulkRelationships(t *testing.T) { )) case "expiring_viewer": batch = append(batch, relWithExpiration( - tf.DocumentNS.Name, + tf.DocumentNS.GetName(), strconv.Itoa(batchNum)+"_"+strconv.FormatUint(i, 10), "expiring_viewer", - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.FormatUint(i, 10), "", time.Date(2300, 1, 1, 0, 0, 0, 0, time.UTC), )) default: batch = append(batch, rel( - tf.DocumentNS.Name, + tf.DocumentNS.GetName(), strconv.Itoa(batchNum)+"_"+strconv.FormatUint(i, 10), "viewer", - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.FormatUint(i, 10), "", )) @@ -2155,12 +2155,12 @@ func TestImportBulkRelationships(t *testing.T) { resp, err := writer.CloseAndRecv() require.NoError(err) - require.Equal(expectedTotal, resp.NumLoaded) + require.Equal(expectedTotal, resp.GetNumLoaded()) readerClient := v1.NewPermissionsServiceClient(conn) stream, err := readerClient.ReadRelationships(ctx, &v1.ReadRelationshipsRequest{ RelationshipFilter: &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), }, Consistency: &v1.Consistency{ Requirement: &v1.Consistency_FullyConsistent{FullyConsistent: true}, @@ -2178,12 +2178,12 @@ func TestImportBulkRelationships(t *testing.T) { switch withTrait { case "caveated_viewer": - require.NotNil(res.Relationship.OptionalCaveat) - require.Equal("test", res.Relationship.OptionalCaveat.CaveatName) + require.NotNil(res.GetRelationship().GetOptionalCaveat()) + require.Equal("test", res.GetRelationship().GetOptionalCaveat().GetCaveatName()) case "expiring_viewer": - require.NotNil(res.Relationship.OptionalExpiresAt) + require.NotNil(res.GetRelationship().GetOptionalExpiresAt()) default: - require.Nil(res.Relationship.OptionalCaveat) + require.Nil(res.GetRelationship().GetOptionalCaveat()) } } require.ErrorIs(err, io.EOF) @@ -2219,14 +2219,14 @@ func TestExportBulkRelationships(t *testing.T) { namespace string relation string }{ - {tf.DocumentNS.Name, "viewer"}, - {tf.FolderNS.Name, "viewer"}, - {tf.DocumentNS.Name, "owner"}, - {tf.FolderNS.Name, "owner"}, - {tf.DocumentNS.Name, "editor"}, - {tf.FolderNS.Name, "editor"}, - {tf.DocumentNS.Name, "caveated_viewer"}, - {tf.DocumentNS.Name, "expiring_viewer"}, + {tf.DocumentNS.GetName(), "viewer"}, + {tf.FolderNS.GetName(), "viewer"}, + {tf.DocumentNS.GetName(), "owner"}, + {tf.FolderNS.GetName(), "owner"}, + {tf.DocumentNS.GetName(), "editor"}, + {tf.FolderNS.GetName(), "editor"}, + {tf.DocumentNS.GetName(), "caveated_viewer"}, + {tf.DocumentNS.GetName(), "expiring_viewer"}, } totalToWrite := 1_000 @@ -2249,7 +2249,7 @@ func TestExportBulkRelationships(t *testing.T) { resp, err := writer.CloseAndRecv() require.NoError(t, err) - numLoaded, err := safecast.ToInt(resp.NumLoaded) + numLoaded, err := safecast.ToInt(resp.GetNumLoaded()) require.NoError(t, err) require.Equal(t, totalToWrite, numLoaded) @@ -2291,14 +2291,14 @@ func TestExportBulkRelationships(t *testing.T) { } require.NoError(err) - require.LessOrEqual(uint64(len(batch.Relationships)), uint64(tc.batchSize)) - require.NotNil(batch.AfterResultCursor) - require.NotEmpty(batch.AfterResultCursor.Token) + require.LessOrEqual(uint64(len(batch.GetRelationships())), uint64(tc.batchSize)) + require.NotNil(batch.GetAfterResultCursor()) + require.NotEmpty(batch.GetAfterResultCursor().GetToken()) - cursor = batch.AfterResultCursor - totalRead += len(batch.Relationships) + cursor = batch.GetAfterResultCursor() + totalRead += len(batch.GetRelationships()) - for _, rel := range batch.Relationships { + for _, rel := range batch.GetRelationships() { remainingRels.Delete(tuple.MustV1RelString(rel)) } } @@ -2321,7 +2321,7 @@ func TestExportBulkRelationshipsWithFilter(t *testing.T) { { "basic filter", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), }, 625, }, @@ -2342,7 +2342,7 @@ func TestExportBulkRelationshipsWithFilter(t *testing.T) { { "filter by resource ID prefix and resource type", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalResourceIdPrefix: "1", }, 69, @@ -2371,14 +2371,14 @@ func TestExportBulkRelationshipsWithFilter(t *testing.T) { namespace string relation string }{ - {tf.DocumentNS.Name, "viewer"}, - {tf.FolderNS.Name, "viewer"}, - {tf.DocumentNS.Name, "owner"}, - {tf.FolderNS.Name, "owner"}, - {tf.DocumentNS.Name, "editor"}, - {tf.FolderNS.Name, "editor"}, - {tf.DocumentNS.Name, "caveated_viewer"}, - {tf.DocumentNS.Name, "expiring_viewer"}, + {tf.DocumentNS.GetName(), "viewer"}, + {tf.FolderNS.GetName(), "viewer"}, + {tf.DocumentNS.GetName(), "owner"}, + {tf.FolderNS.GetName(), "owner"}, + {tf.DocumentNS.GetName(), "editor"}, + {tf.FolderNS.GetName(), "editor"}, + {tf.DocumentNS.GetName(), "caveated_viewer"}, + {tf.DocumentNS.GetName(), "expiring_viewer"}, } expectedRels := mapz.NewSet[string]() @@ -2434,16 +2434,16 @@ func TestExportBulkRelationshipsWithFilter(t *testing.T) { } require.NoError(err) - relLength, err := safecast.ToUint32(len(batch.Relationships)) + relLength, err := safecast.ToUint32(len(batch.GetRelationships())) require.NoError(err) require.LessOrEqual(relLength, batchSize) - require.NotNil(batch.AfterResultCursor) - require.NotEmpty(batch.AfterResultCursor.Token) + require.NotNil(batch.GetAfterResultCursor()) + require.NotEmpty(batch.GetAfterResultCursor().GetToken()) - cursor = batch.AfterResultCursor - totalRead += uint64(len(batch.Relationships)) + cursor = batch.GetAfterResultCursor() + totalRead += uint64(len(batch.GetRelationships())) - for _, rel := range batch.Relationships { + for _, rel := range batch.GetRelationships() { if tc.filter != nil { filter, err := datastore.RelationshipsFilterFromPublicFilter(tc.filter) require.NoError(err) diff --git a/internal/services/v1/preconditions.go b/internal/services/v1/preconditions.go index c34d5d516..101aab5de 100644 --- a/internal/services/v1/preconditions.go +++ b/internal/services/v1/preconditions.go @@ -21,7 +21,7 @@ func checkPreconditions( preconditions []*v1.Precondition, ) error { for _, precond := range preconditions { - dsFilter, err := datastore.RelationshipsFilterFromPublicFilter(precond.Filter) + dsFilter, err := datastore.RelationshipsFilterFromPublicFilter(precond.GetFilter()) if err != nil { return fmt.Errorf("error converting filter: %w", err) } @@ -36,7 +36,7 @@ func checkPreconditions( return fmt.Errorf("error reading relationships from iterator: %w", err) } - switch precond.Operation { + switch precond.GetOperation() { case v1.Precondition_OPERATION_MUST_NOT_MATCH: if ok { return NewPreconditionFailedErr(precond) @@ -46,7 +46,7 @@ func checkPreconditions( return NewPreconditionFailedErr(precond) } default: - return fmt.Errorf("unspecified precondition operation: %s", precond.Operation) + return fmt.Errorf("unspecified precondition operation: %s", precond.GetOperation()) } } diff --git a/internal/services/v1/reflectionapi.go b/internal/services/v1/reflectionapi.go index 4339632bc..e7d842d8e 100644 --- a/internal/services/v1/reflectionapi.go +++ b/internal/services/v1/reflectionapi.go @@ -31,24 +31,24 @@ type schemaFilters struct { func newSchemaFilters(filters []*v1.ReflectionSchemaFilter) (*schemaFilters, error) { for _, filter := range filters { - if filter.OptionalDefinitionNameFilter != "" { - if filter.OptionalCaveatNameFilter != "" { + if filter.GetOptionalDefinitionNameFilter() != "" { + if filter.GetOptionalCaveatNameFilter() != "" { return nil, NewInvalidFilterErr("cannot filter by both definition and caveat name", filter.String()) } } - if filter.OptionalRelationNameFilter != "" { - if filter.OptionalDefinitionNameFilter == "" { + if filter.GetOptionalRelationNameFilter() != "" { + if filter.GetOptionalDefinitionNameFilter() == "" { return nil, NewInvalidFilterErr("relation name match requires definition name match", filter.String()) } - if filter.OptionalPermissionNameFilter != "" { + if filter.GetOptionalPermissionNameFilter() != "" { return nil, NewInvalidFilterErr("cannot filter by both relation and permission name", filter.String()) } } - if filter.OptionalPermissionNameFilter != "" { - if filter.OptionalDefinitionNameFilter == "" { + if filter.GetOptionalPermissionNameFilter() != "" { + if filter.GetOptionalDefinitionNameFilter() == "" { return nil, NewInvalidFilterErr("permission name match requires definition name match", filter.String()) } } @@ -63,7 +63,7 @@ func (sf *schemaFilters) HasNamespaces() bool { } for _, filter := range sf.filters { - if filter.OptionalDefinitionNameFilter != "" { + if filter.GetOptionalDefinitionNameFilter() != "" { return true } } @@ -77,7 +77,7 @@ func (sf *schemaFilters) HasCaveats() bool { } for _, filter := range sf.filters { - if filter.OptionalCaveatNameFilter != "" { + if filter.GetOptionalCaveatNameFilter() != "" { return true } } @@ -92,12 +92,12 @@ func (sf *schemaFilters) HasNamespace(namespaceName string) bool { hasDefinitionFilter := false for _, filter := range sf.filters { - if filter.OptionalDefinitionNameFilter == "" { + if filter.GetOptionalDefinitionNameFilter() == "" { continue } hasDefinitionFilter = true - isMatch := strings.HasPrefix(namespaceName, filter.OptionalDefinitionNameFilter) + isMatch := strings.HasPrefix(namespaceName, filter.GetOptionalDefinitionNameFilter()) if isMatch { return true } @@ -113,12 +113,12 @@ func (sf *schemaFilters) HasCaveat(caveatName string) bool { hasCaveatFilter := false for _, filter := range sf.filters { - if filter.OptionalCaveatNameFilter == "" { + if filter.GetOptionalCaveatNameFilter() == "" { continue } hasCaveatFilter = true - isMatch := strings.HasPrefix(caveatName, filter.OptionalCaveatNameFilter) + isMatch := strings.HasPrefix(caveatName, filter.GetOptionalCaveatNameFilter()) if isMatch { return true } @@ -134,17 +134,17 @@ func (sf *schemaFilters) HasRelation(namespaceName, relationName string) bool { hasRelationFilter := false for _, filter := range sf.filters { - if filter.OptionalRelationNameFilter == "" { + if filter.GetOptionalRelationNameFilter() == "" { continue } hasRelationFilter = true - isMatch := strings.HasPrefix(relationName, filter.OptionalRelationNameFilter) + isMatch := strings.HasPrefix(relationName, filter.GetOptionalRelationNameFilter()) if !isMatch { continue } - isMatch = strings.HasPrefix(namespaceName, filter.OptionalDefinitionNameFilter) + isMatch = strings.HasPrefix(namespaceName, filter.GetOptionalDefinitionNameFilter()) if isMatch { return true } @@ -160,17 +160,17 @@ func (sf *schemaFilters) HasPermission(namespaceName, permissionName string) boo hasPermissionFilter := false for _, filter := range sf.filters { - if filter.OptionalPermissionNameFilter == "" { + if filter.GetOptionalPermissionNameFilter() == "" { continue } hasPermissionFilter = true - isMatch := strings.HasPrefix(permissionName, filter.OptionalPermissionNameFilter) + isMatch := strings.HasPrefix(permissionName, filter.GetOptionalPermissionNameFilter()) if !isMatch { continue } - isMatch = strings.HasPrefix(namespaceName, filter.OptionalDefinitionNameFilter) + isMatch = strings.HasPrefix(namespaceName, filter.GetOptionalDefinitionNameFilter()) if isMatch { return true } @@ -490,7 +490,7 @@ func convertDiff( Diff: &v1.ReflectionSchemaDiff_CaveatParameterTypeChanged{ CaveatParameterTypeChanged: &v1.ReflectionCaveatParameterTypeChange{ Parameter: paramDef, - PreviousType: previousParamDef.Type, + PreviousType: previousParamDef.GetType(), }, }, }) @@ -542,16 +542,16 @@ func namespaceAPIReprForName(namespaceName string, schema *diff.DiffableSchema) } func namespaceAPIRepr(nsDef *core.NamespaceDefinition, schemaFilters *schemaFilters) (*v1.ReflectionDefinition, error) { - if schemaFilters != nil && !schemaFilters.HasNamespace(nsDef.Name) { + if schemaFilters != nil && !schemaFilters.HasNamespace(nsDef.GetName()) { return nil, nil } - relations := make([]*v1.ReflectionRelation, 0, len(nsDef.Relation)) - permissions := make([]*v1.ReflectionPermission, 0, len(nsDef.Relation)) + relations := make([]*v1.ReflectionRelation, 0, len(nsDef.GetRelation())) + permissions := make([]*v1.ReflectionPermission, 0, len(nsDef.GetRelation())) - for _, rel := range nsDef.Relation { + for _, rel := range nsDef.GetRelation() { if namespace.GetRelationKind(rel) == iv1.RelationMetadata_PERMISSION { - permission, err := permissionAPIRepr(rel, nsDef.Name, schemaFilters) + permission, err := permissionAPIRepr(rel, nsDef.GetName(), schemaFilters) if err != nil { return nil, err } @@ -562,7 +562,7 @@ func namespaceAPIRepr(nsDef *core.NamespaceDefinition, schemaFilters *schemaFilt continue } - relation, err := relationAPIRepr(rel, nsDef.Name, schemaFilters) + relation, err := relationAPIRepr(rel, nsDef.GetName(), schemaFilters) if err != nil { return nil, err } @@ -572,9 +572,9 @@ func namespaceAPIRepr(nsDef *core.NamespaceDefinition, schemaFilters *schemaFilt } } - comments := namespace.GetComments(nsDef.Metadata) + comments := namespace.GetComments(nsDef.GetMetadata()) return &v1.ReflectionDefinition{ - Name: nsDef.Name, + Name: nsDef.GetName(), Comment: strings.Join(comments, "\n"), Relations: relations, Permissions: permissions, @@ -583,13 +583,13 @@ func namespaceAPIRepr(nsDef *core.NamespaceDefinition, schemaFilters *schemaFilt // permissionAPIRepr builds an API representation of a permission. func permissionAPIRepr(relation *core.Relation, parentDefName string, schemaFilters *schemaFilters) (*v1.ReflectionPermission, error) { - if schemaFilters != nil && !schemaFilters.HasPermission(parentDefName, relation.Name) { + if schemaFilters != nil && !schemaFilters.HasPermission(parentDefName, relation.GetName()) { return nil, nil } - comments := namespace.GetComments(relation.Metadata) + comments := namespace.GetComments(relation.GetMetadata()) return &v1.ReflectionPermission{ - Name: relation.Name, + Name: relation.GetName(), Comment: strings.Join(comments, "\n"), ParentDefinitionName: parentDefName, }, nil @@ -597,23 +597,23 @@ func permissionAPIRepr(relation *core.Relation, parentDefName string, schemaFilt // relationAPIRepresentation builds an API representation of a relation. func relationAPIRepr(relation *core.Relation, parentDefName string, schemaFilters *schemaFilters) (*v1.ReflectionRelation, error) { - if schemaFilters != nil && !schemaFilters.HasRelation(parentDefName, relation.Name) { + if schemaFilters != nil && !schemaFilters.HasRelation(parentDefName, relation.GetName()) { return nil, nil } - comments := namespace.GetComments(relation.Metadata) + comments := namespace.GetComments(relation.GetMetadata()) var subjectTypes []*v1.ReflectionTypeReference - if relation.TypeInformation != nil { - subjectTypes = make([]*v1.ReflectionTypeReference, 0, len(relation.TypeInformation.AllowedDirectRelations)) - for _, subjectType := range relation.TypeInformation.AllowedDirectRelations { + if relation.GetTypeInformation() != nil { + subjectTypes = make([]*v1.ReflectionTypeReference, 0, len(relation.GetTypeInformation().GetAllowedDirectRelations())) + for _, subjectType := range relation.GetTypeInformation().GetAllowedDirectRelations() { typeref := typeAPIRepr(subjectType) subjectTypes = append(subjectTypes, typeref) } } return &v1.ReflectionRelation{ - Name: relation.Name, + Name: relation.GetName(), Comment: strings.Join(comments, "\n"), ParentDefinitionName: parentDefName, SubjectTypes: subjectTypes, @@ -623,7 +623,7 @@ func relationAPIRepr(relation *core.Relation, parentDefName string, schemaFilter // typeAPIRepr builds an API representation of a type. func typeAPIRepr(subjectType *core.AllowedRelation) *v1.ReflectionTypeReference { typeref := &v1.ReflectionTypeReference{ - SubjectDefinitionName: subjectType.Namespace, + SubjectDefinitionName: subjectType.GetNamespace(), Typeref: &v1.ReflectionTypeReference_IsTerminalSubject{}, } @@ -638,7 +638,7 @@ func typeAPIRepr(subjectType *core.AllowedRelation) *v1.ReflectionTypeReference } if subjectType.GetRequiredCaveat() != nil { - typeref.OptionalCaveatName = subjectType.GetRequiredCaveat().CaveatName + typeref.OptionalCaveatName = subjectType.GetRequiredCaveat().GetCaveatName() } return typeref @@ -656,18 +656,18 @@ func caveatAPIReprForName(caveatName string, schema *diff.DiffableSchema, caveat // caveatAPIRepr builds an API representation of a caveat. func caveatAPIRepr(caveatDef *core.CaveatDefinition, schemaFilters *schemaFilters, caveatTypeSet *caveattypes.TypeSet) (*v1.ReflectionCaveat, error) { - if schemaFilters != nil && !schemaFilters.HasCaveat(caveatDef.Name) { + if schemaFilters != nil && !schemaFilters.HasCaveat(caveatDef.GetName()) { return nil, nil } - parameters := make([]*v1.ReflectionCaveatParameter, 0, len(caveatDef.ParameterTypes)) - paramNames := slices.Collect(maps.Keys(caveatDef.ParameterTypes)) + parameters := make([]*v1.ReflectionCaveatParameter, 0, len(caveatDef.GetParameterTypes())) + paramNames := slices.Collect(maps.Keys(caveatDef.GetParameterTypes())) sort.Strings(paramNames) for _, paramName := range paramNames { - paramType, ok := caveatDef.ParameterTypes[paramName] + paramType, ok := caveatDef.GetParameterTypes()[paramName] if !ok { - return nil, spiceerrors.MustBugf("parameter %q not found in caveat %q", paramName, caveatDef.Name) + return nil, spiceerrors.MustBugf("parameter %q not found in caveat %q", paramName, caveatDef.GetName()) } decoded, err := caveattypes.DecodeParameterType(caveatTypeSet, paramType) @@ -678,16 +678,16 @@ func caveatAPIRepr(caveatDef *core.CaveatDefinition, schemaFilters *schemaFilter parameters = append(parameters, &v1.ReflectionCaveatParameter{ Name: paramName, Type: decoded.String(), - ParentCaveatName: caveatDef.Name, + ParentCaveatName: caveatDef.GetName(), }) } - parameterTypes, err := caveattypes.DecodeParameterTypes(caveatTypeSet, caveatDef.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(caveatTypeSet, caveatDef.GetParameterTypes()) if err != nil { return nil, spiceerrors.MustBugf("invalid caveat parameters: %v", err) } - deserializedReflectionression, err := caveats.DeserializeCaveatWithTypeSet(caveatTypeSet, caveatDef.SerializedExpression, parameterTypes) + deserializedReflectionression, err := caveats.DeserializeCaveatWithTypeSet(caveatTypeSet, caveatDef.GetSerializedExpression(), parameterTypes) if err != nil { return nil, spiceerrors.MustBugf("invalid caveat expression bytes: %v", err) } @@ -697,9 +697,9 @@ func caveatAPIRepr(caveatDef *core.CaveatDefinition, schemaFilters *schemaFilter return nil, spiceerrors.MustBugf("invalid caveat expression: %v", err) } - comments := namespace.GetComments(caveatDef.Metadata) + comments := namespace.GetComments(caveatDef.GetMetadata()) return &v1.ReflectionCaveat{ - Name: caveatDef.Name, + Name: caveatDef.GetName(), Comment: strings.Join(comments, "\n"), Parameters: parameters, Expression: exprString, @@ -713,7 +713,7 @@ func caveatAPIParamRepr(paramName, parentCaveatName string, schema *diff.Diffabl return nil, spiceerrors.MustBugf("caveat %q not found in schema", parentCaveatName) } - paramType, ok := caveatDef.ParameterTypes[paramName] + paramType, ok := caveatDef.GetParameterTypes()[paramName] if !ok { return nil, spiceerrors.MustBugf("parameter %q not found in caveat %q", paramName, parentCaveatName) } diff --git a/internal/services/v1/reflectionapi_test.go b/internal/services/v1/reflectionapi_test.go index 02a67d73d..0b82866e9 100644 --- a/internal/services/v1/reflectionapi_test.go +++ b/internal/services/v1/reflectionapi_test.go @@ -567,12 +567,12 @@ func TestConvertDiff(t *testing.T) { if err != nil { t.Fatalf("unexpected error: %v", err) } - require.NotNil(t, resp.ReadAt) + require.NotNil(t, resp.GetReadAt()) resp.ReadAt = nil testutil.RequireProtoEqual(t, tc.expectedResponse, resp, "got mismatch") - for _, diff := range resp.Diffs { + for _, diff := range resp.GetDiffs() { name := reflect.TypeOf(diff.GetDiff()).String() encounteredDiffTypes.Add(strings.ToLower(strings.Split(name, "_")[1])) } diff --git a/internal/services/v1/relationships.go b/internal/services/v1/relationships.go index 16f431307..87b40ae26 100644 --- a/internal/services/v1/relationships.go +++ b/internal/services/v1/relationships.go @@ -183,11 +183,11 @@ type permissionServer struct { func (ps *permissionServer) ReadRelationships(req *v1.ReadRelationshipsRequest, resp v1.PermissionsService_ReadRelationshipsServer) error { perfinsights.SetInContext(resp.Context(), func() perfinsights.APIShapeLabels { - return labelsForFilter(req.RelationshipFilter) + return labelsForFilter(req.GetRelationshipFilter()) }) - if req.OptionalLimit > 0 && req.OptionalLimit > ps.config.MaxReadRelationshipsLimit { - return ps.rewriteError(resp.Context(), NewExceedsMaximumLimitErr(uint64(req.OptionalLimit), uint64(ps.config.MaxReadRelationshipsLimit))) + if req.GetOptionalLimit() > 0 && req.GetOptionalLimit() > ps.config.MaxReadRelationshipsLimit { + return ps.rewriteError(resp.Context(), NewExceedsMaximumLimitErr(uint64(req.GetOptionalLimit()), uint64(ps.config.MaxReadRelationshipsLimit))) } ctx := resp.Context() @@ -197,12 +197,12 @@ func (ps *permissionServer) ReadRelationships(req *v1.ReadRelationshipsRequest, } ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) - if err := validateRelationshipsFilter(ctx, req.RelationshipFilter, ds); err != nil { + if err := validateRelationshipsFilter(ctx, req.GetRelationshipFilter(), ds); err != nil { return ps.rewriteError(ctx, err) } // Build the internal filter from the API provided filter. - dsFilter, err := datastore.RelationshipsFilterFromPublicFilter(req.RelationshipFilter) + dsFilter, err := datastore.RelationshipsFilterFromPublicFilter(req.GetRelationshipFilter()) if err != nil { return ps.rewriteError(ctx, fmt.Errorf("error filtering: %w", err)) } @@ -227,17 +227,17 @@ func (ps *permissionServer) ReadRelationships(req *v1.ReadRelationshipsRequest, return ps.rewriteError(ctx, err) } - if req.OptionalCursor != nil { - decodedCursor, _, err := cursor.DecodeToDispatchCursor(req.OptionalCursor, rrRequestHash) + if req.GetOptionalCursor() != nil { + decodedCursor, _, err := cursor.DecodeToDispatchCursor(req.GetOptionalCursor(), rrRequestHash) if err != nil { return ps.rewriteError(ctx, err) } - if len(decodedCursor.Sections) != 1 { + if len(decodedCursor.GetSections()) != 1 { return ps.rewriteError(ctx, NewInvalidCursorErr("did not find expected resume relationship")) } - parsed, err := tuple.Parse(decodedCursor.Sections[0]) + parsed, err := tuple.Parse(decodedCursor.GetSections()[0]) if err != nil { return ps.rewriteError(ctx, NewInvalidCursorErr("could not parse resume relationship")) } @@ -246,8 +246,8 @@ func (ps *permissionServer) ReadRelationships(req *v1.ReadRelationshipsRequest, } pageSize := ps.config.MaxDatastoreReadPageSize - if req.OptionalLimit > 0 { - limit = uint64(req.OptionalLimit) + if req.GetOptionalLimit() > 0 { + limit = uint64(req.GetOptionalLimit()) if limit < pageSize { pageSize = limit } @@ -299,7 +299,7 @@ func (ps *permissionServer) ReadRelationships(req *v1.ReadRelationshipsRequest, return ps.rewriteError(ctx, err) } - tuple.CopyToV1Relationship(rel, response.Relationship) + tuple.CopyToV1Relationship(rel, response.GetRelationship()) response.AfterResultCursor = encodedCursor err = resp.Send(response) @@ -314,7 +314,7 @@ func (ps *permissionServer) ReadRelationships(req *v1.ReadRelationshipsRequest, func (ps *permissionServer) WriteRelationships(ctx context.Context, req *v1.WriteRelationshipsRequest) (*v1.WriteRelationshipsResponse, error) { perfinsights.SetInContext(ctx, perfinsights.NoLabels) - if err := ps.validateTransactionMetadata(req.OptionalTransactionMetadata); err != nil { + if err := ps.validateTransactionMetadata(req.GetOptionalTransactionMetadata()); err != nil { return nil, ps.rewriteError(ctx, err) } @@ -322,17 +322,17 @@ func (ps *permissionServer) WriteRelationships(ctx context.Context, req *v1.Writ span := trace.SpanFromContext(ctx) // Ensure that the updates and preconditions are not over the configured limits. - if len(req.Updates) > int(ps.config.MaxUpdatesPerWrite) { + if len(req.GetUpdates()) > int(ps.config.MaxUpdatesPerWrite) { return nil, ps.rewriteError( ctx, - NewExceedsMaximumUpdatesErr(uint64(len(req.Updates)), uint64(ps.config.MaxUpdatesPerWrite)), + NewExceedsMaximumUpdatesErr(uint64(len(req.GetUpdates())), uint64(ps.config.MaxUpdatesPerWrite)), ) } - if len(req.OptionalPreconditions) > int(ps.config.MaxPreconditionsCount) { + if len(req.GetOptionalPreconditions()) > int(ps.config.MaxPreconditionsCount) { return nil, ps.rewriteError( ctx, - NewExceedsMaximumPreconditionsErr(uint64(len(req.OptionalPreconditions)), uint64(ps.config.MaxPreconditionsCount)), + NewExceedsMaximumPreconditionsErr(uint64(len(req.GetOptionalPreconditions())), uint64(ps.config.MaxPreconditionsCount)), ) } @@ -340,44 +340,44 @@ func (ps *permissionServer) WriteRelationships(ctx context.Context, req *v1.Writ // Check for duplicate updates and create the set of caveat names to load. updateRelationshipSet := mapz.NewSet[string]() - for _, update := range req.Updates { + for _, update := range req.GetUpdates() { // TODO(jschorr): Change to struct-based keys. - tupleStr := tuple.V1StringRelationshipWithoutCaveatOrExpiration(update.Relationship) + tupleStr := tuple.V1StringRelationshipWithoutCaveatOrExpiration(update.GetRelationship()) if !updateRelationshipSet.Add(tupleStr) { return nil, ps.rewriteError( ctx, NewDuplicateRelationshipErr(update), ) } - if proto.Size(update.Relationship.OptionalCaveat) > ps.config.MaxRelationshipContextSize { + if proto.Size(update.GetRelationship().GetOptionalCaveat()) > ps.config.MaxRelationshipContextSize { return nil, ps.rewriteError( ctx, NewMaxRelationshipContextError(update, ps.config.MaxRelationshipContextSize), ) } - if !ps.config.ExpiringRelationshipsEnabled && update.Relationship.OptionalExpiresAt != nil { + if !ps.config.ExpiringRelationshipsEnabled && update.GetRelationship().GetOptionalExpiresAt() != nil { return nil, ps.rewriteError( ctx, errors.New("support for expiring relationships is not enabled"), ) } - if update.Relationship.OptionalExpiresAt != nil { + if update.GetRelationship().GetOptionalExpiresAt() != nil { includesExpiresAt = true } } span.AddEvent(otelconv.EventRelationshipsMutationsValidated) // Execute the write operation(s). - relUpdates, err := tuple.UpdatesFromV1RelationshipUpdates(req.Updates) + relUpdates, err := tuple.UpdatesFromV1RelationshipUpdates(req.GetUpdates()) if err != nil { return nil, ps.rewriteError(ctx, err) } revision, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { // Validate the preconditions. - for _, precond := range req.OptionalPreconditions { + for _, precond := range req.GetOptionalPreconditions() { if err := validatePrecondition(ctx, precond, rwt); err != nil { return err } @@ -391,7 +391,7 @@ func (ps *permissionServer) WriteRelationships(ctx context.Context, req *v1.Writ } span.AddEvent(otelconv.EventRelationshipsUpdatesValidated) - dispatchCount, err := genutil.EnsureUInt32(len(req.OptionalPreconditions) + 1) + dispatchCount, err := genutil.EnsureUInt32(len(req.GetOptionalPreconditions()) + 1) if err != nil { return ps.rewriteError(ctx, err) } @@ -402,14 +402,14 @@ func (ps *permissionServer) WriteRelationships(ctx context.Context, req *v1.Writ }) span.AddEvent(otelconv.EventRelationshipsPreconditionsValidated) - if err := checkPreconditions(ctx, rwt, req.OptionalPreconditions); err != nil { + if err := checkPreconditions(ctx, rwt, req.GetOptionalPreconditions()); err != nil { return err } errWrite := rwt.WriteRelationships(ctx, relUpdates) span.AddEvent(otelconv.EventRelationshipsWritten) return errWrite - }, options.WithMetadata(req.OptionalTransactionMetadata), options.WithIncludesExpiredAt(includesExpiresAt)) + }, options.WithMetadata(req.GetOptionalTransactionMetadata()), options.WithIncludesExpiredAt(includesExpiresAt)) span.AddEvent(otelconv.EventRelationshipsReadWriteExecuted) if err != nil { return nil, ps.rewriteError(ctx, err) @@ -417,8 +417,8 @@ func (ps *permissionServer) WriteRelationships(ctx context.Context, req *v1.Writ // Log a metric of the counts of the different kinds of update operations. updateCountByOperation := make(map[v1.RelationshipUpdate_Operation]int, 0) - for _, update := range req.Updates { - updateCountByOperation[update.Operation]++ + for _, update := range req.GetUpdates() { + updateCountByOperation[update.GetOperation()]++ } for kind, count := range updateCountByOperation { @@ -454,22 +454,22 @@ func (ps *permissionServer) validateTransactionMetadata(metadata *structpb.Struc func (ps *permissionServer) DeleteRelationships(ctx context.Context, req *v1.DeleteRelationshipsRequest) (*v1.DeleteRelationshipsResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { - return labelsForFilter(req.RelationshipFilter) + return labelsForFilter(req.GetRelationshipFilter()) }) - if err := ps.validateTransactionMetadata(req.OptionalTransactionMetadata); err != nil { + if err := ps.validateTransactionMetadata(req.GetOptionalTransactionMetadata()); err != nil { return nil, ps.rewriteError(ctx, err) } - if len(req.OptionalPreconditions) > int(ps.config.MaxPreconditionsCount) { + if len(req.GetOptionalPreconditions()) > int(ps.config.MaxPreconditionsCount) { return nil, ps.rewriteError( ctx, - NewExceedsMaximumPreconditionsErr(uint64(len(req.OptionalPreconditions)), uint64(ps.config.MaxPreconditionsCount)), + NewExceedsMaximumPreconditionsErr(uint64(len(req.GetOptionalPreconditions())), uint64(ps.config.MaxPreconditionsCount)), ) } - if req.OptionalLimit > 0 && req.OptionalLimit > ps.config.MaxDeleteRelationshipsLimit { - return nil, ps.rewriteError(ctx, NewExceedsMaximumLimitErr(uint64(req.OptionalLimit), uint64(ps.config.MaxDeleteRelationshipsLimit))) + if req.GetOptionalLimit() > 0 && req.GetOptionalLimit() > ps.config.MaxDeleteRelationshipsLimit { + return nil, ps.rewriteError(ctx, NewExceedsMaximumLimitErr(uint64(req.GetOptionalLimit()), uint64(ps.config.MaxDeleteRelationshipsLimit))) } ds := datastoremw.MustFromContext(ctx) @@ -477,11 +477,11 @@ func (ps *permissionServer) DeleteRelationships(ctx context.Context, req *v1.Del var deletedRelationshipCount uint64 revision, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { - if err := validateRelationshipsFilter(ctx, req.RelationshipFilter, rwt); err != nil { + if err := validateRelationshipsFilter(ctx, req.GetRelationshipFilter(), rwt); err != nil { return err } - dispatchCount, err := genutil.EnsureUInt32(len(req.OptionalPreconditions) + 1) + dispatchCount, err := genutil.EnsureUInt32(len(req.GetOptionalPreconditions()) + 1) if err != nil { return ps.rewriteError(ctx, err) } @@ -491,22 +491,22 @@ func (ps *permissionServer) DeleteRelationships(ctx context.Context, req *v1.Del DispatchCount: dispatchCount, }) - for _, precond := range req.OptionalPreconditions { + for _, precond := range req.GetOptionalPreconditions() { if err := validatePrecondition(ctx, precond, rwt); err != nil { return err } } - if err := checkPreconditions(ctx, rwt, req.OptionalPreconditions); err != nil { + if err := checkPreconditions(ctx, rwt, req.GetOptionalPreconditions()); err != nil { return err } // If a limit was specified but partial deletion is not allowed, we need to check if the // number of relationships to be deleted exceeds the limit. - if req.OptionalLimit > 0 && !req.OptionalAllowPartialDeletions { - limit := uint64(req.OptionalLimit) + if req.GetOptionalLimit() > 0 && !req.GetOptionalAllowPartialDeletions() { + limit := uint64(req.GetOptionalLimit()) limitPlusOne := limit + 1 - filter, err := datastore.RelationshipsFilterFromPublicFilter(req.RelationshipFilter) + filter, err := datastore.RelationshipsFilterFromPublicFilter(req.GetRelationshipFilter()) if err != nil { return ps.rewriteError(ctx, err) } @@ -523,7 +523,7 @@ func (ps *permissionServer) DeleteRelationships(ctx context.Context, req *v1.Del } if counter == limit { - return ps.rewriteError(ctx, NewCouldNotTransactionallyDeleteErr(req.RelationshipFilter, req.OptionalLimit)) + return ps.rewriteError(ctx, NewCouldNotTransactionallyDeleteErr(req.GetRelationshipFilter(), req.GetOptionalLimit())) } counter++ @@ -531,9 +531,9 @@ func (ps *permissionServer) DeleteRelationships(ctx context.Context, req *v1.Del } // Delete with the specified limit. - if req.OptionalLimit > 0 { - deleteLimit := uint64(req.OptionalLimit) - drc, reachedLimit, err := rwt.DeleteRelationships(ctx, req.RelationshipFilter, options.WithDeleteLimit(&deleteLimit)) + if req.GetOptionalLimit() > 0 { + deleteLimit := uint64(req.GetOptionalLimit()) + drc, reachedLimit, err := rwt.DeleteRelationships(ctx, req.GetRelationshipFilter(), options.WithDeleteLimit(&deleteLimit)) if err != nil { return err } @@ -547,9 +547,9 @@ func (ps *permissionServer) DeleteRelationships(ctx context.Context, req *v1.Del } // Otherwise, kick off an unlimited deletion. - deletedRelationshipCount, _, err = rwt.DeleteRelationships(ctx, req.RelationshipFilter) + deletedRelationshipCount, _, err = rwt.DeleteRelationships(ctx, req.GetRelationshipFilter()) return err - }, options.WithMetadata(req.OptionalTransactionMetadata)) + }, options.WithMetadata(req.GetOptionalTransactionMetadata())) if err != nil { return nil, ps.rewriteError(ctx, err) } @@ -569,11 +569,11 @@ func (ps *permissionServer) DeleteRelationships(ctx context.Context, req *v1.Del var emptyPrecondition = &v1.Precondition{} func validatePrecondition(ctx context.Context, precond *v1.Precondition, reader datastore.Reader) error { - if precond.EqualVT(emptyPrecondition) || precond.Filter == nil { + if precond.EqualVT(emptyPrecondition) || precond.GetFilter() == nil { return NewEmptyPreconditionErr() } - return validateRelationshipsFilter(ctx, precond.Filter, reader) + return validateRelationshipsFilter(ctx, precond.GetFilter(), reader) } func checkFilterComponent(ctx context.Context, objectType, optionalRelation string, ds datastore.Reader) error { @@ -588,25 +588,25 @@ func checkFilterComponent(ctx context.Context, objectType, optionalRelation stri func validateRelationshipsFilter(ctx context.Context, filter *v1.RelationshipFilter, ds datastore.Reader) error { // ResourceType is optional, so only check the relation if it is specified. - if filter.ResourceType != "" { - if err := checkFilterComponent(ctx, filter.ResourceType, filter.OptionalRelation, ds); err != nil { + if filter.GetResourceType() != "" { + if err := checkFilterComponent(ctx, filter.GetResourceType(), filter.GetOptionalRelation(), ds); err != nil { return err } } // SubjectFilter is optional, so only check if it is specified. - if subjectFilter := filter.OptionalSubjectFilter; subjectFilter != nil { + if subjectFilter := filter.GetOptionalSubjectFilter(); subjectFilter != nil { subjectRelation := "" - if subjectFilter.OptionalRelation != nil { - subjectRelation = subjectFilter.OptionalRelation.Relation + if subjectFilter.GetOptionalRelation() != nil { + subjectRelation = subjectFilter.GetOptionalRelation().GetRelation() } - if err := checkFilterComponent(ctx, subjectFilter.SubjectType, subjectRelation, ds); err != nil { + if err := checkFilterComponent(ctx, subjectFilter.GetSubjectType(), subjectRelation, ds); err != nil { return err } } // Ensure the resource ID and the resource ID prefix are not set at the same time. - if filter.OptionalResourceId != "" && filter.OptionalResourceIdPrefix != "" { + if filter.GetOptionalResourceId() != "" && filter.GetOptionalResourceIdPrefix() != "" { return NewInvalidFilterErr("resource_id and resource_id_prefix cannot be set at the same time", filter.String()) } @@ -615,11 +615,11 @@ func validateRelationshipsFilter(ctx context.Context, filter *v1.RelationshipFil } func checkIfFilterIsEmpty(filter *v1.RelationshipFilter) error { - if filter.ResourceType == "" && - filter.OptionalResourceId == "" && - filter.OptionalResourceIdPrefix == "" && - filter.OptionalRelation == "" && - filter.OptionalSubjectFilter == nil { + if filter.GetResourceType() == "" && + filter.GetOptionalResourceId() == "" && + filter.GetOptionalResourceIdPrefix() == "" && + filter.GetOptionalRelation() == "" && + filter.GetOptionalSubjectFilter() == nil { return NewInvalidFilterErr("at least one field must be set", filter.String()) } @@ -631,25 +631,25 @@ func labelsForFilter(filter *v1.RelationshipFilter) perfinsights.APIShapeLabels return perfinsights.NoLabels() } - if filter.OptionalSubjectFilter == nil { + if filter.GetOptionalSubjectFilter() == nil { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: filter.ResourceType, - perfinsights.ResourceRelationLabel: filter.OptionalRelation, + perfinsights.ResourceTypeLabel: filter.GetResourceType(), + perfinsights.ResourceRelationLabel: filter.GetOptionalRelation(), } } - if filter.OptionalSubjectFilter.OptionalRelation == nil { + if filter.GetOptionalSubjectFilter().GetOptionalRelation() == nil { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: filter.ResourceType, - perfinsights.ResourceRelationLabel: filter.OptionalRelation, - perfinsights.SubjectTypeLabel: filter.OptionalSubjectFilter.SubjectType, + perfinsights.ResourceTypeLabel: filter.GetResourceType(), + perfinsights.ResourceRelationLabel: filter.GetOptionalRelation(), + perfinsights.SubjectTypeLabel: filter.GetOptionalSubjectFilter().GetSubjectType(), } } return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: filter.ResourceType, - perfinsights.ResourceRelationLabel: filter.OptionalRelation, - perfinsights.SubjectTypeLabel: filter.OptionalSubjectFilter.SubjectType, - perfinsights.SubjectRelationLabel: filter.OptionalSubjectFilter.OptionalRelation.Relation, + perfinsights.ResourceTypeLabel: filter.GetResourceType(), + perfinsights.ResourceRelationLabel: filter.GetOptionalRelation(), + perfinsights.SubjectTypeLabel: filter.GetOptionalSubjectFilter().GetSubjectType(), + perfinsights.SubjectRelationLabel: filter.GetOptionalSubjectFilter().GetOptionalRelation().GetRelation(), } } diff --git a/internal/services/v1/relationships_test.go b/internal/services/v1/relationships_test.go index 32bd7547c..f24507c3e 100644 --- a/internal/services/v1/relationships_test.go +++ b/internal/services/v1/relationships_test.go @@ -42,7 +42,7 @@ func TestReadRelationships(t *testing.T) { }{ { "namespace only", - &v1.RelationshipFilter{ResourceType: tf.DocumentNS.Name}, + &v1.RelationshipFilter{ResourceType: tf.DocumentNS.GetName()}, codes.OK, map[string]struct{}{ "document:ownerplan#viewer@user:owner": {}, @@ -62,7 +62,7 @@ func TestReadRelationships(t *testing.T) { { "namespace and object id", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalResourceId: "healthplan", }, codes.OK, @@ -73,7 +73,7 @@ func TestReadRelationships(t *testing.T) { { "namespace and relation", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalRelation: "parent", }, codes.OK, @@ -149,7 +149,7 @@ func TestReadRelationships(t *testing.T) { { "namespace and userset", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalSubjectFilter: &v1.SubjectFilter{ SubjectType: "folder", OptionalSubjectId: "plans", @@ -164,7 +164,7 @@ func TestReadRelationships(t *testing.T) { { "multiple filters", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalResourceId: "masterplan", OptionalSubjectFilter: &v1.SubjectFilter{ SubjectType: "folder", @@ -179,7 +179,7 @@ func TestReadRelationships(t *testing.T) { { "bad objectId", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalResourceId: "🍣", OptionalSubjectFilter: &v1.SubjectFilter{ SubjectType: "folder", @@ -192,7 +192,7 @@ func TestReadRelationships(t *testing.T) { { "bad object relation", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalRelation: "ad", }, codes.InvalidArgument, @@ -201,7 +201,7 @@ func TestReadRelationships(t *testing.T) { { "bad subject filter", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalResourceId: "ma", OptionalSubjectFilter: &v1.SubjectFilter{ SubjectType: "doesnotexist", @@ -213,7 +213,7 @@ func TestReadRelationships(t *testing.T) { { "empty argument for required filter value", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalSubjectFilter: &v1.SubjectFilter{}, }, codes.InvalidArgument, @@ -222,7 +222,7 @@ func TestReadRelationships(t *testing.T) { { "bad relation filter", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalSubjectFilter: &v1.SubjectFilter{ SubjectType: "folder", OptionalRelation: &v1.SubjectFilter_RelationFilter{ @@ -244,7 +244,7 @@ func TestReadRelationships(t *testing.T) { { "missing relation", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalRelation: "invalidrelation", }, codes.FailedPrecondition, @@ -253,7 +253,7 @@ func TestReadRelationships(t *testing.T) { { "missing subject relation", &v1.RelationshipFilter{ - ResourceType: tf.DocumentNS.Name, + ResourceType: tf.DocumentNS.GetName(), OptionalSubjectFilter: &v1.SubjectFilter{ SubjectType: "folder", OptionalRelation: &v1.SubjectFilter_RelationFilter{ @@ -330,9 +330,9 @@ func TestReadRelationships(t *testing.T) { dsFilter, err := datastore.RelationshipsFilterFromPublicFilter(tc.filter) require.NoError(err) - require.True(dsFilter.Test(tuple.FromV1Relationship(rel.Relationship)), "relationship did not match filter: %v", rel.Relationship) + require.True(dsFilter.Test(tuple.FromV1Relationship(rel.GetRelationship())), "relationship did not match filter: %v", rel.GetRelationship()) - relString := tuple.MustV1RelString(rel.Relationship) + relString := tuple.MustV1RelString(rel.GetRelationship()) _, found := tc.expected[relString] require.True(found, "relationship was not expected: %s", relString) @@ -340,7 +340,7 @@ func TestReadRelationships(t *testing.T) { require.True(notFoundTwice, "relationship was received from service twice: %s", relString) delete(testExpected, relString) - currentCursor = rel.AfterResultCursor + currentCursor = rel.GetAfterResultCursor() foundCount++ } @@ -418,8 +418,8 @@ func TestWriteRelationships(t *testing.T) { }}, }) require.NoError(err) - require.NotNil(resp.WrittenAt) - require.NotEmpty(resp.WrittenAt.Token) + require.NotNil(resp.GetWrittenAt()) + require.NotEmpty(resp.GetWrittenAt().GetToken()) // Ensure the written relationships exist for _, tpl := range toWrite { @@ -435,7 +435,7 @@ func TestWriteRelationships(t *testing.T) { rel, err := stream.Recv() require.NoError(err) - relStr, err := tuple.V1StringRelationship(rel.Relationship) + relStr, err := tuple.V1StringRelationship(rel.GetRelationship()) require.NoError(err) require.Equal(tuple.MustString(tpl), relStr) @@ -454,7 +454,7 @@ func TestWriteRelationships(t *testing.T) { // Ensure the relationship was deleted stream, err = client.ReadRelationships(t.Context(), &v1.ReadRelationshipsRequest{ Consistency: &v1.Consistency{ - Requirement: &v1.Consistency_AtLeastAsFresh{AtLeastAsFresh: deleted.WrittenAt}, + Requirement: &v1.Consistency_AtLeastAsFresh{AtLeastAsFresh: deleted.GetWrittenAt()}, }, RelationshipFilter: findWritten, }) @@ -503,7 +503,7 @@ func TestWriteExpiringRelationships(t *testing.T) { req.NoError(err) // read relationship back - relRead := readFirst(req, client, resp.WrittenAt, relWritten) + relRead := readFirst(req, client, resp.GetWrittenAt(), relWritten) req.True(proto.Equal(relWritten, relRead)) } @@ -547,7 +547,7 @@ func TestWriteCaveatedRelationships(t *testing.T) { req.NoError(err) // read relationship back - relRead := readFirst(req, client, resp.WrittenAt, relWritten) + relRead := readFirst(req, client, resp.GetWrittenAt(), relWritten) req.True(proto.Equal(relWritten, relRead)) // issue the deletion @@ -570,7 +570,7 @@ func TestWriteCaveatedRelationships(t *testing.T) { stream, err := client.ReadRelationships(t.Context(), &v1.ReadRelationshipsRequest{ Consistency: &v1.Consistency{ Requirement: &v1.Consistency_AtExactSnapshot{ - AtExactSnapshot: resp.WrittenAt, + AtExactSnapshot: resp.GetWrittenAt(), }, }, RelationshipFilter: tuple.RelToFilter(relWritten), @@ -596,7 +596,7 @@ func readFirst(require *require.Assertions, client v1.PermissionsServiceClient, result, err := stream.Recv() require.NoError(err) - return result.Relationship + return result.GetRelationship() } func precondFilter(resType, resID, relation, subType, subID string, subRel *string) *v1.RelationshipFilter { @@ -710,7 +710,7 @@ func relationshipForBulkTesting(nsAndRel struct { nsAndRel.namespace, strconv.Itoa(i), nsAndRel.relation, - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.Itoa(i), "", "test", @@ -723,7 +723,7 @@ func relationshipForBulkTesting(nsAndRel struct { nsAndRel.namespace, strconv.Itoa(i), nsAndRel.relation, - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.Itoa(i), "", time.Now().Add(time.Hour), @@ -734,7 +734,7 @@ func relationshipForBulkTesting(nsAndRel struct { nsAndRel.namespace, strconv.Itoa(i), nsAndRel.relation, - tf.UserNS.Name, + tf.UserNS.GetName(), strconv.Itoa(i), "", ) @@ -1267,14 +1267,14 @@ func TestDeleteRelationships(t *testing.T) { return } require.NoError(err) - require.NotNil(resp.DeletedAt) + require.NotNil(resp.GetDeletedAt()) - rev, _, err := zedtoken.DecodeRevision(resp.DeletedAt, ds) + rev, _, err := zedtoken.DecodeRevision(resp.GetDeletedAt(), ds) require.NoError(err) require.True(rev.GreaterThan(revision)) - require.Equal(uint64(len(tc.deleted)), resp.RelationshipsDeletedCount) - require.Equal(standardTuplesWithout(tc.deleted), readAll(require, client, resp.DeletedAt)) + require.Equal(uint64(len(tc.deleted)), resp.GetRelationshipsDeletedCount()) + require.Equal(standardTuplesWithout(tc.deleted), readAll(require, client, resp.GetDeletedAt())) }) } } @@ -1386,20 +1386,20 @@ func TestDeleteRelationshipsBeyondLimitPartial(t *testing.T) { require.LessOrEqual(len(beforeDelete)-len(afterDelete), batchSize) bs, _ := safecast.ToUint64(batchSize) - require.LessOrEqual(resp.RelationshipsDeletedCount, bs) + require.LessOrEqual(resp.GetRelationshipsDeletedCount(), bs) if i == 0 { - require.Equal(v1.DeleteRelationshipsResponse_DELETION_PROGRESS_PARTIAL, resp.DeletionProgress) + require.Equal(v1.DeleteRelationshipsResponse_DELETION_PROGRESS_PARTIAL, resp.GetDeletionProgress()) } - if resp.DeletionProgress == v1.DeleteRelationshipsResponse_DELETION_PROGRESS_COMPLETE { + if resp.GetDeletionProgress() == v1.DeleteRelationshipsResponse_DELETION_PROGRESS_COMPLETE { require.NoError(err) - require.NotNil(resp.DeletedAt) + require.NotNil(resp.GetDeletedAt()) - rev, _, err := zedtoken.DecodeRevision(resp.DeletedAt, ds) + rev, _, err := zedtoken.DecodeRevision(resp.GetDeletedAt(), ds) require.NoError(err) require.True(rev.GreaterThan(revision)) - require.Equal(standardTuplesWithout(expected), readAll(require, client, resp.DeletedAt)) + require.Equal(standardTuplesWithout(expected), readAll(require, client, resp.GetDeletedAt())) break } } @@ -1512,7 +1512,7 @@ func TestWriteRelationshipsWithMetadata(t *testing.T) { resp, err := stream.Recv() require.NoError(err) - require.Equal(metadata, resp.OptionalTransactionMetadata) + require.Equal(metadata, resp.GetOptionalTransactionMetadata()) } func TestWriteRelationshipsMetadataOverLimit(t *testing.T) { @@ -1804,7 +1804,7 @@ func readOfType(require *require.Assertions, resourceType string, client v1.Perm } require.NoError(err) - got[tuple.MustV1RelString(rel.Relationship)] = struct{}{} + got[tuple.MustV1RelString(rel.GetRelationship())] = struct{}{} } return got } @@ -2357,7 +2357,7 @@ func TestReadRelationshipsWithTraitsAndFilters(t *testing.T) { require.NoError(err) - relString := tuple.MustV1RelString(rel.Relationship) + relString := tuple.MustV1RelString(rel.GetRelationship()) actualRelationships = append(actualRelationships, relString) } diff --git a/internal/services/v1/schema.go b/internal/services/v1/schema.go index cc045df42..aa26705cd 100644 --- a/internal/services/v1/schema.go +++ b/internal/services/v1/schema.go @@ -210,7 +210,7 @@ func (ss *schemaServer) ReflectSchema(ctx context.Context, req *v1.ReflectSchema return nil, shared.RewriteErrorWithoutConfig(ctx, err) } - filters, err := newSchemaFilters(req.OptionalFilters) + filters, err := newSchemaFilters(req.GetOptionalFilters()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } @@ -264,7 +264,7 @@ func (ss *schemaServer) DiffSchema(ctx context.Context, req *v1.DiffSchemaReques return nil, err } - diff, existingSchema, comparisonSchema, err := schemaDiff(ctx, req.ComparisonSchema, ss.caveatTypeSet) + diff, existingSchema, comparisonSchema, err := schemaDiff(ctx, req.GetComparisonSchema(), ss.caveatTypeSet) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } @@ -280,9 +280,9 @@ func (ss *schemaServer) DiffSchema(ctx context.Context, req *v1.DiffSchemaReques func (ss *schemaServer) ComputablePermissions(ctx context.Context, req *v1.ComputablePermissionsRequest) (*v1.ComputablePermissionsResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.DefinitionName, - perfinsights.ResourceRelationLabel: req.RelationName, - perfinsights.FilterLabel: req.OptionalDefinitionNameFilter, + perfinsights.ResourceTypeLabel: req.GetDefinitionName(), + perfinsights.ResourceRelationLabel: req.GetRelationName(), + perfinsights.FilterLabel: req.GetOptionalDefinitionNameFilter(), } }) @@ -293,17 +293,17 @@ func (ss *schemaServer) ComputablePermissions(ctx context.Context, req *v1.Compu ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) ts := schema.NewTypeSystem(schema.ResolverForDatastoreReader(ds)) - vdef, err := ts.GetValidatedDefinition(ctx, req.DefinitionName) + vdef, err := ts.GetValidatedDefinition(ctx, req.GetDefinitionName()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } - relationName := req.RelationName + relationName := req.GetRelationName() if relationName == "" { relationName = tuple.Ellipsis } else { if _, ok := vdef.GetRelation(relationName); !ok { - return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.DefinitionName, relationName)) + return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.GetDefinitionName(), relationName)) } } @@ -319,7 +319,7 @@ func (ss *schemaServer) ComputablePermissions(ctx context.Context, req *v1.Compu rg := vdef.Reachability() rr, err := rg.RelationsEncounteredForSubject(ctx, allDefinitions, &core.RelationReference{ - Namespace: req.DefinitionName, + Namespace: req.GetDefinitionName(), Relation: relationName, }) if err != nil { @@ -328,31 +328,31 @@ func (ss *schemaServer) ComputablePermissions(ctx context.Context, req *v1.Compu relations := make([]*v1.ReflectionRelationReference, 0, len(rr)) for _, r := range rr { - if r.Namespace == req.DefinitionName && r.Relation == req.RelationName { + if r.GetNamespace() == req.GetDefinitionName() && r.GetRelation() == req.GetRelationName() { continue } - if req.OptionalDefinitionNameFilter != "" && !strings.HasPrefix(r.Namespace, req.OptionalDefinitionNameFilter) { + if req.GetOptionalDefinitionNameFilter() != "" && !strings.HasPrefix(r.GetNamespace(), req.GetOptionalDefinitionNameFilter()) { continue } - ts, err := ts.GetDefinition(ctx, r.Namespace) + ts, err := ts.GetDefinition(ctx, r.GetNamespace()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } relations = append(relations, &v1.ReflectionRelationReference{ - DefinitionName: r.Namespace, - RelationName: r.Relation, - IsPermission: ts.IsPermission(r.Relation), + DefinitionName: r.GetNamespace(), + RelationName: r.GetRelation(), + IsPermission: ts.IsPermission(r.GetRelation()), }) } sort.Slice(relations, func(i, j int) bool { - if relations[i].DefinitionName == relations[j].DefinitionName { - return relations[i].RelationName < relations[j].RelationName + if relations[i].GetDefinitionName() == relations[j].GetDefinitionName() { + return relations[i].GetRelationName() < relations[j].GetRelationName() } - return relations[i].DefinitionName < relations[j].DefinitionName + return relations[i].GetDefinitionName() < relations[j].GetDefinitionName() }) return &v1.ComputablePermissionsResponse{ @@ -364,8 +364,8 @@ func (ss *schemaServer) ComputablePermissions(ctx context.Context, req *v1.Compu func (ss *schemaServer) DependentRelations(ctx context.Context, req *v1.DependentRelationsRequest) (*v1.DependentRelationsResponse, error) { perfinsights.SetInContext(ctx, func() perfinsights.APIShapeLabels { return perfinsights.APIShapeLabels{ - perfinsights.ResourceTypeLabel: req.DefinitionName, - perfinsights.ResourceRelationLabel: req.PermissionName, + perfinsights.ResourceTypeLabel: req.GetDefinitionName(), + perfinsights.ResourceRelationLabel: req.GetPermissionName(), } }) @@ -376,24 +376,24 @@ func (ss *schemaServer) DependentRelations(ctx context.Context, req *v1.Dependen ds := datastoremw.MustFromContext(ctx).SnapshotReader(atRevision) ts := schema.NewTypeSystem(schema.ResolverForDatastoreReader(ds)) - vdef, err := ts.GetValidatedDefinition(ctx, req.DefinitionName) + vdef, err := ts.GetValidatedDefinition(ctx, req.GetDefinitionName()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } - _, ok := vdef.GetRelation(req.PermissionName) + _, ok := vdef.GetRelation(req.GetPermissionName()) if !ok { - return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.DefinitionName, req.PermissionName)) + return nil, shared.RewriteErrorWithoutConfig(ctx, schema.NewRelationNotFoundErr(req.GetDefinitionName(), req.GetPermissionName())) } - if !vdef.IsPermission(req.PermissionName) { - return nil, shared.RewriteErrorWithoutConfig(ctx, NewNotAPermissionError(req.PermissionName)) + if !vdef.IsPermission(req.GetPermissionName()) { + return nil, shared.RewriteErrorWithoutConfig(ctx, NewNotAPermissionError(req.GetPermissionName())) } rg := vdef.Reachability() rr, err := rg.RelationsEncounteredForResource(ctx, &core.RelationReference{ - Namespace: req.DefinitionName, - Relation: req.PermissionName, + Namespace: req.GetDefinitionName(), + Relation: req.GetPermissionName(), }) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) @@ -401,28 +401,28 @@ func (ss *schemaServer) DependentRelations(ctx context.Context, req *v1.Dependen relations := make([]*v1.ReflectionRelationReference, 0, len(rr)) for _, r := range rr { - if r.Namespace == req.DefinitionName && r.Relation == req.PermissionName { + if r.GetNamespace() == req.GetDefinitionName() && r.GetRelation() == req.GetPermissionName() { continue } - ts, err := ts.GetDefinition(ctx, r.Namespace) + ts, err := ts.GetDefinition(ctx, r.GetNamespace()) if err != nil { return nil, shared.RewriteErrorWithoutConfig(ctx, err) } relations = append(relations, &v1.ReflectionRelationReference{ - DefinitionName: r.Namespace, - RelationName: r.Relation, - IsPermission: ts.IsPermission(r.Relation), + DefinitionName: r.GetNamespace(), + RelationName: r.GetRelation(), + IsPermission: ts.IsPermission(r.GetRelation()), }) } sort.Slice(relations, func(i, j int) bool { - if relations[i].DefinitionName == relations[j].DefinitionName { - return relations[i].RelationName < relations[j].RelationName + if relations[i].GetDefinitionName() == relations[j].GetDefinitionName() { + return relations[i].GetRelationName() < relations[j].GetRelationName() } - return relations[i].DefinitionName < relations[j].DefinitionName + return relations[i].GetDefinitionName() < relations[j].GetDefinitionName() }) return &v1.DependentRelationsResponse{ diff --git a/internal/services/v1/schema_test.go b/internal/services/v1/schema_test.go index 648e2335d..4452f3d7c 100644 --- a/internal/services/v1/schema_test.go +++ b/internal/services/v1/schema_test.go @@ -27,8 +27,8 @@ func TestSchemaWriteNoPrefix(t *testing.T) { Schema: `definition user {}`, }) require.NoError(t, err) - require.NotNil(t, resp.WrittenAt) - require.NotEmpty(t, resp.WrittenAt.Token) + require.NotNil(t, resp.GetWrittenAt()) + require.NotEmpty(t, resp.GetWrittenAt().GetToken()) } func TestSchemaWriteInvalidSchema(t *testing.T) { @@ -75,14 +75,14 @@ func TestSchemaWriteAndReadBack(t *testing.T) { Schema: userSchema, }) require.NoError(t, err) - require.NotNil(t, writeResp.WrittenAt) - require.NotEmpty(t, writeResp.WrittenAt.Token) + require.NotNil(t, writeResp.GetWrittenAt()) + require.NotEmpty(t, writeResp.GetWrittenAt().GetToken()) readback, err := client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) require.NoError(t, err) - require.Equal(t, userSchema, readback.SchemaText) - require.NotNil(t, readback.ReadAt) - require.NotEmpty(t, readback.ReadAt.Token) + require.Equal(t, userSchema, readback.GetSchemaText()) + require.NotNil(t, readback.GetReadAt()) + require.NotEmpty(t, readback.GetReadAt().GetToken()) } func TestSchemaDeleteRelation(t *testing.T) { @@ -101,8 +101,8 @@ func TestSchemaDeleteRelation(t *testing.T) { }`, }) require.NoError(t, err) - require.NotNil(t, writeResp.WrittenAt) - require.NotEmpty(t, writeResp.WrittenAt.Token) + require.NotNil(t, writeResp.GetWrittenAt()) + require.NotEmpty(t, writeResp.GetWrittenAt().GetToken()) // Write a relationship for one of the relations. _, err = v1client.WriteRelationships(t.Context(), &v1.WriteRelationshipsRequest{ @@ -131,8 +131,8 @@ func TestSchemaDeleteRelation(t *testing.T) { }`, }) require.NoError(t, err) - require.NotNil(t, updateResp.WrittenAt) - require.NotEmpty(t, updateResp.WrittenAt.Token) + require.NotNil(t, updateResp.GetWrittenAt()) + require.NotEmpty(t, updateResp.GetWrittenAt().GetToken()) // Delete the relationship. _, err = v1client.WriteRelationships(t.Context(), &v1.WriteRelationshipsRequest{ @@ -149,8 +149,8 @@ func TestSchemaDeleteRelation(t *testing.T) { definition example/document {}`, }) require.NoError(t, err) - require.NotNil(t, deleteRelResp.WrittenAt) - require.NotEmpty(t, deleteRelResp.WrittenAt.Token) + require.NotNil(t, deleteRelResp.GetWrittenAt()) + require.NotEmpty(t, deleteRelResp.GetWrittenAt().GetToken()) } func TestSchemaDeletePermission(t *testing.T) { @@ -298,7 +298,7 @@ func TestSchemaDeleteDefinition(t *testing.T) { // Ensure it was deleted. readback, err := client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) require.NoError(t, err) - require.Equal(t, `definition example/user {}`, readback.SchemaText) + require.Equal(t, `definition example/user {}`, readback.GetSchemaText()) } func TestSchemaRemoveWildcard(t *testing.T) { @@ -359,7 +359,7 @@ definition example/user {}` // Ensure it was deleted. readback, err := client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) require.NoError(t, err) - require.Equal(t, newSchema, readback.SchemaText) + require.Equal(t, newSchema, readback.GetSchemaText()) } func TestSchemaEmpty(t *testing.T) { @@ -406,8 +406,8 @@ func TestSchemaEmpty(t *testing.T) { Schema: ``, }) require.NoError(t, err) - require.NotNil(t, emptyResp.WrittenAt) - require.NotEmpty(t, emptyResp.WrittenAt.Token) + require.NotNil(t, emptyResp.GetWrittenAt()) + require.NotEmpty(t, emptyResp.GetWrittenAt().GetToken()) // Ensure it was deleted. _, err = client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) @@ -519,7 +519,7 @@ definition user {}` // Ensure it was deleted. readback, err := client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) require.NoError(t, err) - require.Equal(t, newSchema, readback.SchemaText) + require.Equal(t, newSchema, readback.GetSchemaText()) } func TestSchemaUnchangedNamespaces(t *testing.T) { @@ -641,7 +641,7 @@ func TestSchemaChangeExpiration(t *testing.T) { // Ensure it was deleted. readback, err := client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) require.NoError(t, err) - require.Equal(t, newSchema, readback.SchemaText) + require.Equal(t, newSchema, readback.GetSchemaText()) // Add the relationship back without expiration. toWriteWithoutExp := tuple.MustParse("document:somedoc#somerelation@user:tom") @@ -700,7 +700,7 @@ func TestSchemaChangeExpirationAllowed(t *testing.T) { // Ensure it was deleted. readback, err := client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) require.NoError(t, err) - require.Equal(t, newSchema, readback.SchemaText) + require.Equal(t, newSchema, readback.GetSchemaText()) } func TestSchemaDiff(t *testing.T) { @@ -787,7 +787,7 @@ func TestSchemaDiff(t *testing.T) { grpcutil.RequireStatus(t, tt.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, tt.expectedResponse, actual, "mismatch in response") @@ -1200,7 +1200,7 @@ definition user {}`, grpcutil.RequireStatus(t, tt.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, tt.expectedResponse, actual, "mismatch in response") @@ -1432,7 +1432,7 @@ func TestDependentRelations(t *testing.T) { grpcutil.RequireStatus(t, tc.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, &v1.DependentRelationsResponse{ @@ -1632,7 +1632,7 @@ func TestComputablePermissions(t *testing.T) { grpcutil.RequireStatus(t, tc.expectedCode, err) } else { require.NoError(t, err) - require.NotNil(t, actual.ReadAt) + require.NotNil(t, actual.GetReadAt()) actual.ReadAt = nil testutil.RequireProtoEqual(t, &v1.ComputablePermissionsResponse{ diff --git a/internal/services/v1/watch.go b/internal/services/v1/watch.go index 38148a864..4f2b82e29 100644 --- a/internal/services/v1/watch.go +++ b/internal/services/v1/watch.go @@ -44,7 +44,7 @@ func (ws *watchServer) Watch(req *v1.WatchRequest, stream v1.WatchService_WatchS if len(req.GetOptionalUpdateKinds()) == 0 || slices.Contains(req.GetOptionalUpdateKinds(), v1.WatchKind_WATCH_KIND_UNSPECIFIED) || slices.Contains(req.GetOptionalUpdateKinds(), v1.WatchKind_WATCH_KIND_INCLUDE_RELATIONSHIP_UPDATES) { - if len(req.GetOptionalObjectTypes()) > 0 && len(req.OptionalRelationshipFilters) > 0 { + if len(req.GetOptionalObjectTypes()) > 0 && len(req.GetOptionalRelationshipFilters()) > 0 { return status.Errorf(codes.InvalidArgument, "cannot specify both object types and relationship filters") } } @@ -55,8 +55,8 @@ func (ws *watchServer) Watch(req *v1.WatchRequest, stream v1.WatchService_WatchS ds := datastoremw.MustFromContext(ctx) var afterRevision datastore.Revision - if req.OptionalStartCursor != nil && req.OptionalStartCursor.Token != "" { - decodedRevision, tokenStatus, err := zedtoken.DecodeRevision(req.OptionalStartCursor, ds) + if req.GetOptionalStartCursor() != nil && req.GetOptionalStartCursor().GetToken() != "" { + decodedRevision, tokenStatus, err := zedtoken.DecodeRevision(req.GetOptionalStartCursor(), ds) if err != nil { return status.Errorf(codes.InvalidArgument, "failed to decode start revision: %s", err) } @@ -91,7 +91,7 @@ func (ws *watchServer) Watch(req *v1.WatchRequest, stream v1.WatchService_WatchS }) updates, errchan := ds.Watch(ctx, afterRevision, datastore.WatchOptions{ - Content: convertWatchKindToContent(req.OptionalUpdateKinds), + Content: convertWatchKindToContent(req.GetOptionalUpdateKinds()), CheckpointInterval: ws.heartbeatDuration, }) for { @@ -152,8 +152,8 @@ func (ws *watchServer) Watch(req *v1.WatchRequest, stream v1.WatchService_WatchS } func buildRelationshipFilters(req *v1.WatchRequest, stream v1.WatchService_WatchServer, reader datastore.Reader, ws *watchServer, ctx context.Context) ([]datastore.RelationshipsFilter, error) { - filters := make([]datastore.RelationshipsFilter, 0, len(req.OptionalRelationshipFilters)) - for _, filter := range req.OptionalRelationshipFilters { + filters := make([]datastore.RelationshipsFilter, 0, len(req.GetOptionalRelationshipFilters())) + for _, filter := range req.GetOptionalRelationshipFilters() { if err := validateRelationshipsFilter(stream.Context(), filter, reader); err != nil { return nil, ws.rewriteError(ctx, err) } diff --git a/internal/services/v1/watch_test.go b/internal/services/v1/watch_test.go index 0ddc1cae2..74b945f74 100644 --- a/internal/services/v1/watch_test.go +++ b/internal/services/v1/watch_test.go @@ -423,9 +423,9 @@ definition document { require.Len(received, len(tc.expectedWatchResponses)) for i, expectedWatchResponse := range tc.expectedWatchResponses { - require.Equal(sortUpdates(expectedWatchResponse.Updates), sortUpdates(received[i].GetUpdates())) - require.Equal(expectedWatchResponse.SchemaUpdated, received[i].GetSchemaUpdated()) - require.Equal(expectedWatchResponse.IsCheckpoint, received[i].GetIsCheckpoint()) + require.Equal(sortUpdates(expectedWatchResponse.GetUpdates()), sortUpdates(received[i].GetUpdates())) + require.Equal(expectedWatchResponse.GetSchemaUpdated(), received[i].GetSchemaUpdated()) + require.Equal(expectedWatchResponse.GetIsCheckpoint(), received[i].GetIsCheckpoint()) } } else { _, err := stream.Recv() @@ -440,7 +440,7 @@ func sortUpdates(in []*v1.RelationshipUpdate) []*v1.RelationshipUpdate { out = append(out, in...) sort.Slice(out, func(i, j int) bool { left, right := out[i], out[j] - compareResult := strings.Compare(tuple.MustV1RelString(left.Relationship), tuple.MustV1RelString(right.Relationship)) + compareResult := strings.Compare(tuple.MustV1RelString(left.GetRelationship()), tuple.MustV1RelString(right.GetRelationship())) if compareResult < 0 { return true } @@ -448,7 +448,7 @@ func sortUpdates(in []*v1.RelationshipUpdate) []*v1.RelationshipUpdate { return false } - return left.Operation < right.Operation + return left.GetOperation() < right.GetOperation() }) return out diff --git a/internal/telemetry/metrics.go b/internal/telemetry/metrics.go index 82a3d2c7f..e8e65a588 100644 --- a/internal/telemetry/metrics.go +++ b/internal/telemetry/metrics.go @@ -183,23 +183,23 @@ func (c *collector) Collect(ch chan<- prometheus.Metric) { return fmt.Errorf("error writing metric: %w", err) } - buckets := make(map[float64]uint64, len(m.Histogram.Bucket)) - for _, bucket := range m.Histogram.Bucket { - buckets[*bucket.UpperBound] = *bucket.CumulativeCount + buckets := make(map[float64]uint64, len(m.GetHistogram().GetBucket())) + for _, bucket := range m.GetHistogram().GetBucket() { + buckets[bucket.GetUpperBound()] = bucket.GetCumulativeCount() } dynamicLabels := make([]string, len(usagemetrics.DispatchedCountLabels)) for i, labelName := range usagemetrics.DispatchedCountLabels { - for _, labelVal := range m.Label { - if *labelVal.Name == labelName { - dynamicLabels[i] = *labelVal.Value + for _, labelVal := range m.GetLabel() { + if labelVal.GetName() == labelName { + dynamicLabels[i] = labelVal.GetValue() } } } ch <- prometheus.MustNewConstHistogram( c.dispatchedDesc, - *m.Histogram.SampleCount, - *m.Histogram.SampleSum, + m.GetHistogram().GetSampleCount(), + m.GetHistogram().GetSampleSum(), buckets, dynamicLabels..., ) diff --git a/internal/telemetry/reporter_test.go b/internal/telemetry/reporter_test.go index b84b58132..ed9e20765 100644 --- a/internal/telemetry/reporter_test.go +++ b/internal/telemetry/reporter_test.go @@ -119,9 +119,9 @@ func TestDiscoverTimeseries(t *testing.T) { require.Len(t, ts, 2) for _, timeSeries := range ts { - require.NotEmpty(t, timeSeries.Labels) - require.Len(t, timeSeries.Samples, 1) - require.NotZero(t, timeSeries.Samples[0].Timestamp) + require.NotEmpty(t, timeSeries.GetLabels()) + require.Len(t, timeSeries.GetSamples(), 1) + require.NotZero(t, timeSeries.GetSamples()[0].GetTimestamp()) } } @@ -357,12 +357,12 @@ func TestConvertLabels(t *testing.T) { // Convert to map for easier comparison since order might vary resultMap := make(map[string]string) for _, label := range result { - resultMap[label.Name] = label.Value + resultMap[label.GetName()] = label.GetValue() } expectedMap := make(map[string]string) for _, label := range tt.expected { - expectedMap[label.Name] = label.Value + expectedMap[label.GetName()] = label.GetValue() } require.Equal(t, expectedMap, resultMap) diff --git a/internal/testserver/datastore/spanner.go b/internal/testserver/datastore/spanner.go index 88d860009..d99ded352 100644 --- a/internal/testserver/datastore/spanner.go +++ b/internal/testserver/datastore/spanner.go @@ -130,14 +130,14 @@ func (b *spannerTest) NewDatabase(t testing.TB) string { dbID := "fake-database-id" op, err := adminClient.CreateDatabase(ctx, &adminpb.CreateDatabaseRequest{ - Parent: spannerInstance.Name, + Parent: spannerInstance.GetName(), CreateStatement: "CREATE DATABASE `" + dbID + "`", }) require.NoError(t, err) db, err := op.Wait(ctx) require.NoError(t, err) - return db.Name + return db.GetName() } func (b *spannerTest) NewDatastore(t testing.TB, initFunc InitFunc) datastore.Datastore { diff --git a/internal/testutil/subjects.go b/internal/testutil/subjects.go index be6b51a00..98209ccaa 100644 --- a/internal/testutil/subjects.go +++ b/internal/testutil/subjects.go @@ -108,16 +108,16 @@ func CheckEquivalentSets(expected []*v1.FoundSubject, found []*v1.FoundSubject) // CheckEquivalentSubjects checks if the given subjects are equivalent and returns an error if they are not. func CheckEquivalentSubjects(expected *v1.FoundSubject, found *v1.FoundSubject) error { - if expected.SubjectId != found.SubjectId { - return fmt.Errorf("expected subject %s, found %s", expected.SubjectId, found.SubjectId) + if expected.GetSubjectId() != found.GetSubjectId() { + return fmt.Errorf("expected subject %s, found %s", expected.GetSubjectId(), found.GetSubjectId()) } - err := CheckEquivalentSets(expected.ExcludedSubjects, found.ExcludedSubjects) + err := CheckEquivalentSets(expected.GetExcludedSubjects(), found.GetExcludedSubjects()) if err != nil { return fmt.Errorf("difference in exclusions: %w", err) } - return checkEquivalentCaveatExprs(expected.CaveatExpression, found.CaveatExpression) + return checkEquivalentCaveatExprs(expected.GetCaveatExpression(), found.GetCaveatExpression()) } // FormatSubjects formats the given slice of subjects in a human-readable string. @@ -167,10 +167,10 @@ func formatCaveatExpr(expr *core.CaveatExpression) string { } if expr.GetCaveat() != nil { - return expr.GetCaveat().CaveatName + return expr.GetCaveat().GetCaveatName() } - switch expr.GetOperation().Op { + switch expr.GetOperation().GetOp() { case core.CaveatOperation_AND: return fmt.Sprintf("(%s) && (%s)", formatCaveatExpr(expr.GetOperation().GetChildren()[0]), @@ -240,21 +240,21 @@ func checkEquivalentCaveatExprs(expected *core.CaveatExpression, found *core.Cav // This method *ignores* caveat context and treats each caveat as just its name. func executeCaveatExprForTesting(expr *core.CaveatExpression, values map[string]bool) (bool, error) { if expr.GetCaveat() != nil { - return values[expr.GetCaveat().CaveatName], nil + return values[expr.GetCaveat().GetCaveatName()], nil } - switch expr.GetOperation().Op { + switch expr.GetOperation().GetOp() { case core.CaveatOperation_AND: - if len(expr.GetOperation().Children) != 2 { + if len(expr.GetOperation().GetChildren()) != 2 { return false, spiceerrors.MustBugf("found invalid child count for AND") } - left, err := executeCaveatExprForTesting(expr.GetOperation().Children[0], values) + left, err := executeCaveatExprForTesting(expr.GetOperation().GetChildren()[0], values) if err != nil { return false, err } - right, err := executeCaveatExprForTesting(expr.GetOperation().Children[1], values) + right, err := executeCaveatExprForTesting(expr.GetOperation().GetChildren()[1], values) if err != nil { return false, err } @@ -262,16 +262,16 @@ func executeCaveatExprForTesting(expr *core.CaveatExpression, values map[string] return left && right, nil case core.CaveatOperation_OR: - if len(expr.GetOperation().Children) != 2 { + if len(expr.GetOperation().GetChildren()) != 2 { return false, spiceerrors.MustBugf("found invalid child count for OR") } - left, err := executeCaveatExprForTesting(expr.GetOperation().Children[0], values) + left, err := executeCaveatExprForTesting(expr.GetOperation().GetChildren()[0], values) if err != nil { return false, err } - right, err := executeCaveatExprForTesting(expr.GetOperation().Children[1], values) + right, err := executeCaveatExprForTesting(expr.GetOperation().GetChildren()[1], values) if err != nil { return false, err } @@ -279,11 +279,11 @@ func executeCaveatExprForTesting(expr *core.CaveatExpression, values map[string] return left || right, nil case core.CaveatOperation_NOT: - if len(expr.GetOperation().Children) != 1 { + if len(expr.GetOperation().GetChildren()) != 1 { return false, spiceerrors.MustBugf("found invalid child count for NOT") } - result, err := executeCaveatExprForTesting(expr.GetOperation().Children[0], values) + result, err := executeCaveatExprForTesting(expr.GetOperation().GetChildren()[0], values) if err != nil { return false, err } @@ -326,7 +326,7 @@ func combinatorialValues(names []string) []map[string]bool { // collectReferencedNames collects all referenced caveat names into the given set. func collectReferencedNames(expr *core.CaveatExpression, nameSet *mapz.Set[string]) { if expr.GetCaveat() != nil { - nameSet.Insert(expr.GetCaveat().CaveatName) + nameSet.Insert(expr.GetCaveat().GetCaveatName()) return } @@ -337,5 +337,5 @@ func collectReferencedNames(expr *core.CaveatExpression, nameSet *mapz.Set[strin // CmpSubjects compares FoundSubjects such that they can be sorted. func CmpSubjects(a, b *v1.FoundSubject) int { - return cmp.Compare(a.SubjectId, b.SubjectId) + return cmp.Compare(a.GetSubjectId(), b.GetSubjectId()) } diff --git a/pkg/caveats/compile.go b/pkg/caveats/compile.go index 904c567bf..c652e6d1b 100644 --- a/pkg/caveats/compile.go +++ b/pkg/caveats/compile.go @@ -103,7 +103,7 @@ func (cc CompiledCaveat) ReferencedParameters(parameters []string) (*mapz.Set[st return nil, err } - referencedParameters(definedParameters, checked.Expr, referencedParams) + referencedParameters(definedParameters, checked.GetExpr(), referencedParams) return referencedParams, nil } @@ -224,5 +224,5 @@ func DeserializeCaveatWithEnviroment(env *Environment, serialized []byte) (*Comp } ast := cel.CheckedExprToAst(caveat.GetCel()) - return &CompiledCaveat{celEnv, ast, caveat.Name}, nil + return &CompiledCaveat{celEnv, ast, caveat.GetName()}, nil } diff --git a/pkg/caveats/context_hash.go b/pkg/caveats/context_hash.go index c70ded5b8..ee5540766 100644 --- a/pkg/caveats/context_hash.go +++ b/pkg/caveats/context_hash.go @@ -63,7 +63,7 @@ func (hsv hashableStructValue) AppendToHash(hasher HasherInterface) { hasher.WriteString(strconv.FormatBool(t.BoolValue)) case *structpb.Value_ListValue: - for _, value := range t.ListValue.Values { + for _, value := range t.ListValue.GetValues() { hashableStructValue{value}.AppendToHash(hasher) hasher.WriteString(",") } diff --git a/pkg/caveats/parameters.go b/pkg/caveats/parameters.go index 36047af4a..cad17558d 100644 --- a/pkg/caveats/parameters.go +++ b/pkg/caveats/parameters.go @@ -67,10 +67,10 @@ func ConvertContextToParameters( // ParameterTypeString returns the string form of the type reference. func ParameterTypeString(typeRef *core.CaveatTypeReference) string { var sb strings.Builder - sb.WriteString(typeRef.TypeName) - if len(typeRef.ChildTypes) > 0 { + sb.WriteString(typeRef.GetTypeName()) + if len(typeRef.GetChildTypes()) > 0 { sb.WriteString("<") - for idx, childType := range typeRef.ChildTypes { + for idx, childType := range typeRef.GetChildTypes() { if idx > 0 { sb.WriteString(", ") } diff --git a/pkg/caveats/structure.go b/pkg/caveats/structure.go index d27602ace..75a636a61 100644 --- a/pkg/caveats/structure.go +++ b/pkg/caveats/structure.go @@ -15,40 +15,40 @@ func referencedParameters(definedParameters *mapz.Set[string], expr *exprpb.Expr return } - switch t := expr.ExprKind.(type) { + switch t := expr.GetExprKind().(type) { case *exprpb.Expr_ConstExpr: // nothing to do case *exprpb.Expr_IdentExpr: - if definedParameters.Has(t.IdentExpr.Name) { - referencedParams.Add(t.IdentExpr.Name) + if definedParameters.Has(t.IdentExpr.GetName()) { + referencedParams.Add(t.IdentExpr.GetName()) } case *exprpb.Expr_SelectExpr: - referencedParameters(definedParameters, t.SelectExpr.Operand, referencedParams) + referencedParameters(definedParameters, t.SelectExpr.GetOperand(), referencedParams) case *exprpb.Expr_CallExpr: - referencedParameters(definedParameters, t.CallExpr.Target, referencedParams) - for _, arg := range t.CallExpr.Args { + referencedParameters(definedParameters, t.CallExpr.GetTarget(), referencedParams) + for _, arg := range t.CallExpr.GetArgs() { referencedParameters(definedParameters, arg, referencedParams) } case *exprpb.Expr_ListExpr: - for _, elem := range t.ListExpr.Elements { + for _, elem := range t.ListExpr.GetElements() { referencedParameters(definedParameters, elem, referencedParams) } case *exprpb.Expr_StructExpr: - for _, entry := range t.StructExpr.Entries { - referencedParameters(definedParameters, entry.Value, referencedParams) + for _, entry := range t.StructExpr.GetEntries() { + referencedParameters(definedParameters, entry.GetValue(), referencedParams) } case *exprpb.Expr_ComprehensionExpr: - referencedParameters(definedParameters, t.ComprehensionExpr.AccuInit, referencedParams) - referencedParameters(definedParameters, t.ComprehensionExpr.IterRange, referencedParams) - referencedParameters(definedParameters, t.ComprehensionExpr.LoopCondition, referencedParams) - referencedParameters(definedParameters, t.ComprehensionExpr.LoopStep, referencedParams) - referencedParameters(definedParameters, t.ComprehensionExpr.Result, referencedParams) + referencedParameters(definedParameters, t.ComprehensionExpr.GetAccuInit(), referencedParams) + referencedParameters(definedParameters, t.ComprehensionExpr.GetIterRange(), referencedParams) + referencedParameters(definedParameters, t.ComprehensionExpr.GetLoopCondition(), referencedParams) + referencedParameters(definedParameters, t.ComprehensionExpr.GetLoopStep(), referencedParams) + referencedParameters(definedParameters, t.ComprehensionExpr.GetResult(), referencedParams) default: panic(fmt.Sprintf("unknown CEL expression kind: %T", t)) diff --git a/pkg/caveats/types/encoding.go b/pkg/caveats/types/encoding.go index 5d088c1e5..d9553e8d6 100644 --- a/pkg/caveats/types/encoding.go +++ b/pkg/caveats/types/encoding.go @@ -31,22 +31,22 @@ func EncodeParameterType(varType VariableType) *core.CaveatTypeReference { // DecodeParameterType decodes the core caveat parameter type into an internal caveat type. func DecodeParameterType(ts *TypeSet, parameterType *core.CaveatTypeReference) (*VariableType, error) { - typeDef, ok := ts.definitions[parameterType.TypeName] + typeDef, ok := ts.definitions[parameterType.GetTypeName()] if !ok { - return nil, fmt.Errorf("unknown caveat parameter type `%s`", parameterType.TypeName) + return nil, fmt.Errorf("unknown caveat parameter type `%s`", parameterType.GetTypeName()) } - if len(parameterType.ChildTypes) != int(typeDef.childTypeCount) { + if len(parameterType.GetChildTypes()) != int(typeDef.childTypeCount) { return nil, fmt.Errorf( "caveat parameter type `%s` requires %d child types; found %d", - parameterType.TypeName, - len(parameterType.ChildTypes), + parameterType.GetTypeName(), + len(parameterType.GetChildTypes()), typeDef.childTypeCount, ) } childTypes := make([]VariableType, 0, typeDef.childTypeCount) - for _, encodedChildType := range parameterType.ChildTypes { + for _, encodedChildType := range parameterType.GetChildTypes() { childType, err := DecodeParameterType(ts, encodedChildType) if err != nil { return nil, err diff --git a/pkg/cmd/datastore/datastore_test.go b/pkg/cmd/datastore/datastore_test.go index 88a912e34..e150f7f01 100644 --- a/pkg/cmd/datastore/datastore_test.go +++ b/pkg/cmd/datastore/datastore_test.go @@ -30,7 +30,7 @@ func TestLoadDatastoreFromFileContents(t *testing.T) { namespaces, err := ds.SnapshotReader(revision).ListAllNamespaces(ctx) require.NoError(t, err) require.Len(t, namespaces, 1) - require.Equal(t, "user", namespaces[0].Definition.Name) + require.Equal(t, "user", namespaces[0].Definition.GetName()) } func TestLoadDatastoreFromFile(t *testing.T) { @@ -51,7 +51,7 @@ func TestLoadDatastoreFromFile(t *testing.T) { namespaces, err := ds.SnapshotReader(revision).ListAllNamespaces(ctx) require.NoError(t, err) require.Len(t, namespaces, 1) - require.Equal(t, "user", namespaces[0].Definition.Name) + require.Equal(t, "user", namespaces[0].Definition.GetName()) } func TestLoadDatastoreFromFileAndContents(t *testing.T) { @@ -73,7 +73,7 @@ func TestLoadDatastoreFromFileAndContents(t *testing.T) { namespaces, err := ds.SnapshotReader(revision).ListAllNamespaces(ctx) require.NoError(t, err) require.Len(t, namespaces, 2) - namespaceNames := []string{namespaces[0].Definition.Name, namespaces[1].Definition.Name} + namespaceNames := []string{namespaces[0].Definition.GetName(), namespaces[1].Definition.GetName()} require.Contains(t, namespaceNames, "user") require.Contains(t, namespaceNames, "repository") } diff --git a/pkg/composableschemadsl/compiler/compiler_test.go b/pkg/composableschemadsl/compiler/compiler_test.go index 1d87d0705..ccaa75d65 100644 --- a/pkg/composableschemadsl/compiler/compiler_test.go +++ b/pkg/composableschemadsl/compiler/compiler_test.go @@ -1317,22 +1317,22 @@ func TestCompile(t *testing.T) { if caveatDef, ok := def.(*core.CaveatDefinition); ok { expectedCaveatDef, ok := expectedDef.(*core.CaveatDefinition) require.True(ok, "definition is not a caveat def") - require.Equal(expectedCaveatDef.Name, caveatDef.Name) - require.Len(caveatDef.ParameterTypes, len(expectedCaveatDef.ParameterTypes)) + require.Equal(expectedCaveatDef.GetName(), caveatDef.GetName()) + require.Len(caveatDef.GetParameterTypes(), len(expectedCaveatDef.GetParameterTypes())) - for expectedParamName, expectedParam := range expectedCaveatDef.ParameterTypes { - foundParam, ok := caveatDef.ParameterTypes[expectedParamName] + for expectedParamName, expectedParam := range expectedCaveatDef.GetParameterTypes() { + foundParam, ok := caveatDef.GetParameterTypes()[expectedParamName] require.True(ok, "missing parameter %s", expectedParamName) testutil.RequireProtoEqual(t, expectedParam, foundParam, "mismatch type for parameter %s", expectedParamName) } - parameterTypes, err := caveattypes.DecodeParameterTypes(caveattypes.Default.TypeSet, caveatDef.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(caveattypes.Default.TypeSet, caveatDef.GetParameterTypes()) require.NoError(err) - expectedDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(expectedCaveatDef.SerializedExpression, parameterTypes) + expectedDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(expectedCaveatDef.GetSerializedExpression(), parameterTypes) require.NoError(err) - foundDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(caveatDef.SerializedExpression, parameterTypes) + foundDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(caveatDef.GetSerializedExpression(), parameterTypes) require.NoError(err) expectedExprString, err := expectedDecoded.ExprString() diff --git a/pkg/composableschemadsl/compiler/translator.go b/pkg/composableschemadsl/compiler/translator.go index a03a2959e..745339aef 100644 --- a/pkg/composableschemadsl/compiler/translator.go +++ b/pkg/composableschemadsl/compiler/translator.go @@ -213,7 +213,7 @@ func translateCaveatDefinition(tctx *translationContext, defNode *dslNode) (*cor return nil, err } - def.Metadata = addComments(def.Metadata, defNode) + def.Metadata = addComments(def.GetMetadata(), defNode) def.SourcePosition = getSourcePosition(defNode, tctx.mapper) return def, nil } @@ -261,7 +261,7 @@ func translateObjectDefinition(tctx *translationContext, defNode *dslNode) (*cor if len(relationsAndPermissions) == 0 { ns := namespace.Namespace(nspath) - ns.Metadata = addComments(ns.Metadata, defNode) + ns.Metadata = addComments(ns.GetMetadata(), defNode) ns.SourcePosition = getSourcePosition(defNode, tctx.mapper) if !tctx.skipValidate { @@ -274,7 +274,7 @@ func translateObjectDefinition(tctx *translationContext, defNode *dslNode) (*cor } ns := namespace.Namespace(nspath, relationsAndPermissions...) - ns.Metadata = addComments(ns.Metadata, defNode) + ns.Metadata = addComments(ns.GetMetadata(), defNode) ns.SourcePosition = getSourcePosition(defNode, tctx.mapper) if !tctx.skipValidate { @@ -373,7 +373,7 @@ func translateRelationOrPermission(tctx *translationContext, relOrPermNode *dslN if err != nil { return nil, err } - rel.Metadata = addComments(rel.Metadata, relOrPermNode) + rel.Metadata = addComments(rel.GetMetadata(), relOrPermNode) rel.SourcePosition = getSourcePosition(relOrPermNode, tctx.mapper) return rel, err @@ -382,7 +382,7 @@ func translateRelationOrPermission(tctx *translationContext, relOrPermNode *dslN if err != nil { return nil, err } - rel.Metadata = addComments(rel.Metadata, relOrPermNode) + rel.Metadata = addComments(rel.GetMetadata(), relOrPermNode) rel.SourcePosition = getSourcePosition(relOrPermNode, tctx.mapper) return rel, err @@ -496,8 +496,8 @@ func collapseOps(op *core.SetOperation_Child, handler func(rewrite *core.Userset return []*core.SetOperation_Child{op} } - collapsed := make([]*core.SetOperation_Child, 0, len(operation.Child)) - for _, child := range operation.Child { + collapsed := make([]*core.SetOperation_Child, 0, len(operation.GetChild())) + for _, child := range operation.GetChild() { collapsed = append(collapsed, collapseOps(child, handler)...) } return collapsed diff --git a/pkg/composableschemadsl/generator/generator.go b/pkg/composableschemadsl/generator/generator.go index 09b1e3f3f..93ac8feb4 100644 --- a/pkg/composableschemadsl/generator/generator.go +++ b/pkg/composableschemadsl/generator/generator.go @@ -133,12 +133,12 @@ func GenerateRelationSource(relation *core.Relation, caveatTypeSet *caveattypes. } func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { - sg.emitComments(caveat.Metadata) + sg.emitComments(caveat.GetMetadata()) sg.append("caveat ") - sg.append(caveat.Name) + sg.append(caveat.GetName()) sg.append("(") - parameterNames := slices.Collect(maps.Keys(caveat.ParameterTypes)) + parameterNames := slices.Collect(maps.Keys(caveat.GetParameterTypes())) sort.Strings(parameterNames) for index, paramName := range parameterNames { @@ -146,7 +146,7 @@ func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { sg.append(", ") } - decoded, err := caveattypes.DecodeParameterType(sg.caveatTypeSet, caveat.ParameterTypes[paramName]) + decoded, err := caveattypes.DecodeParameterType(sg.caveatTypeSet, caveat.GetParameterTypes()[paramName]) if err != nil { return fmt.Errorf("invalid parameter type on caveat: %w", err) } @@ -163,12 +163,12 @@ func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { sg.indent() sg.markNewScope() - parameterTypes, err := caveattypes.DecodeParameterTypes(sg.caveatTypeSet, caveat.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(sg.caveatTypeSet, caveat.GetParameterTypes()) if err != nil { return fmt.Errorf("invalid caveat parameters: %w", err) } - deserializedExpression, err := caveats.DeserializeCaveatWithTypeSet(sg.caveatTypeSet, caveat.SerializedExpression, parameterTypes) + deserializedExpression, err := caveats.DeserializeCaveatWithTypeSet(sg.caveatTypeSet, caveat.GetSerializedExpression(), parameterTypes) if err != nil { return fmt.Errorf("invalid caveat expression bytes: %w", err) } @@ -187,11 +187,11 @@ func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { } func (sg *sourceGenerator) emitNamespace(namespace *core.NamespaceDefinition) error { - sg.emitComments(namespace.Metadata) + sg.emitComments(namespace.GetMetadata()) sg.append("definition ") - sg.append(namespace.Name) + sg.append(namespace.GetName()) - if len(namespace.Relation) == 0 { + if len(namespace.GetRelation()) == 0 { sg.append(" {}") return nil } @@ -201,7 +201,7 @@ func (sg *sourceGenerator) emitNamespace(namespace *core.NamespaceDefinition) er sg.indent() sg.markNewScope() - for _, relation := range namespace.Relation { + for _, relation := range namespace.GetRelation() { err := sg.emitRelation(relation) if err != nil { return err @@ -214,28 +214,28 @@ func (sg *sourceGenerator) emitNamespace(namespace *core.NamespaceDefinition) er } func (sg *sourceGenerator) emitRelation(relation *core.Relation) error { - hasThis, err := graph.HasThis(relation.UsersetRewrite) + hasThis, err := graph.HasThis(relation.GetUsersetRewrite()) if err != nil { return err } - isPermission := relation.UsersetRewrite != nil && !hasThis + isPermission := relation.GetUsersetRewrite() != nil && !hasThis - sg.emitComments(relation.Metadata) + sg.emitComments(relation.GetMetadata()) if isPermission { sg.append("permission ") } else { sg.append("relation ") } - sg.append(relation.Name) + sg.append(relation.GetName()) if !isPermission { sg.append(": ") - if relation.TypeInformation == nil || relation.TypeInformation.AllowedDirectRelations == nil || len(relation.TypeInformation.AllowedDirectRelations) == 0 { + if relation.GetTypeInformation() == nil || relation.TypeInformation.AllowedDirectRelations == nil || len(relation.GetTypeInformation().GetAllowedDirectRelations()) == 0 { sg.appendIssue("missing allowed types") } else { - for index, allowedRelation := range relation.TypeInformation.AllowedDirectRelations { + for index, allowedRelation := range relation.GetTypeInformation().GetAllowedDirectRelations() { if index > 0 { sg.append(" | ") } @@ -245,9 +245,9 @@ func (sg *sourceGenerator) emitRelation(relation *core.Relation) error { } } - if relation.UsersetRewrite != nil { + if relation.GetUsersetRewrite() != nil { sg.append(" = ") - sg.mustEmitRewrite(relation.UsersetRewrite) + sg.mustEmitRewrite(relation.GetUsersetRewrite()) } sg.appendLine() @@ -255,7 +255,7 @@ func (sg *sourceGenerator) emitRelation(relation *core.Relation) error { } func (sg *sourceGenerator) emitAllowedRelation(allowedRelation *core.AllowedRelation) { - sg.append(allowedRelation.Namespace) + sg.append(allowedRelation.GetNamespace()) if allowedRelation.GetRelation() != "" && allowedRelation.GetRelation() != Ellipsis { sg.append("#") sg.append(allowedRelation.GetRelation()) @@ -270,7 +270,7 @@ func (sg *sourceGenerator) emitAllowedRelation(allowedRelation *core.AllowedRela if hasExpirationTrait || hasCaveat { sg.append(" with ") if hasCaveat { - sg.append(allowedRelation.RequiredCaveat.CaveatName) + sg.append(allowedRelation.GetRequiredCaveat().GetCaveatName()) } if hasExpirationTrait { @@ -286,7 +286,7 @@ func (sg *sourceGenerator) emitAllowedRelation(allowedRelation *core.AllowedRela } func (sg *sourceGenerator) mustEmitRewrite(rewrite *core.UsersetRewrite) { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: sg.emitRewriteOps(rw.Union, "+") case *core.UsersetRewrite_Intersection: @@ -299,7 +299,7 @@ func (sg *sourceGenerator) mustEmitRewrite(rewrite *core.UsersetRewrite) { } func (sg *sourceGenerator) emitRewriteOps(setOp *core.SetOperation, op string) { - for index, child := range setOp.Child { + for index, child := range setOp.GetChild() { if index > 0 { sg.append(" " + op + " ") } @@ -309,10 +309,10 @@ func (sg *sourceGenerator) emitRewriteOps(setOp *core.SetOperation, op string) { } func (sg *sourceGenerator) isAllUnion(rewrite *core.UsersetRewrite) bool { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: - for _, setOpChild := range rw.Union.Child { - switch child := setOpChild.ChildType.(type) { + for _, setOpChild := range rw.Union.GetChild() { + switch child := setOpChild.GetChildType().(type) { case *core.SetOperation_Child_UsersetRewrite: if !sg.isAllUnion(child.UsersetRewrite) { return false @@ -328,7 +328,7 @@ func (sg *sourceGenerator) isAllUnion(rewrite *core.UsersetRewrite) bool { } func (sg *sourceGenerator) mustEmitSetOpChild(setOpChild *core.SetOperation_Child) { - switch child := setOpChild.ChildType.(type) { + switch child := setOpChild.GetChildType().(type) { case *core.SetOperation_Child_UsersetRewrite: if sg.isAllUnion(child.UsersetRewrite) { sg.mustEmitRewrite(child.UsersetRewrite) @@ -346,18 +346,18 @@ func (sg *sourceGenerator) mustEmitSetOpChild(setOpChild *core.SetOperation_Chil sg.append("nil") case *core.SetOperation_Child_ComputedUserset: - sg.append(child.ComputedUserset.Relation) + sg.append(child.ComputedUserset.GetRelation()) case *core.SetOperation_Child_TupleToUserset: - sg.append(child.TupleToUserset.Tupleset.Relation) + sg.append(child.TupleToUserset.GetTupleset().GetRelation()) sg.append("->") - sg.append(child.TupleToUserset.ComputedUserset.Relation) + sg.append(child.TupleToUserset.GetComputedUserset().GetRelation()) case *core.SetOperation_Child_FunctionedTupleToUserset: - sg.append(child.FunctionedTupleToUserset.Tupleset.Relation) + sg.append(child.FunctionedTupleToUserset.GetTupleset().GetRelation()) sg.append(".") - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ALL: sg.append("all") @@ -365,11 +365,11 @@ func (sg *sourceGenerator) mustEmitSetOpChild(setOpChild *core.SetOperation_Chil sg.append("any") default: - panic(spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.Function)) + panic(spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.GetFunction())) } sg.append("(") - sg.append(child.FunctionedTupleToUserset.ComputedUserset.Relation) + sg.append(child.FunctionedTupleToUserset.GetComputedUserset().GetRelation()) sg.append(")") default: diff --git a/pkg/cursor/cursor.go b/pkg/cursor/cursor.go index 9ab4f7086..5329e9648 100644 --- a/pkg/cursor/cursor.go +++ b/pkg/cursor/cursor.go @@ -33,7 +33,7 @@ func Decode(encoded *v1.Cursor) (*impl.DecodedCursor, error) { return nil, NewInvalidCursorErr(errors.New("cursor pointer was nil")) } - decodedBytes, err := base64.StdEncoding.DecodeString(encoded.Token) + decodedBytes, err := base64.StdEncoding.DecodeString(encoded.GetToken()) if err != nil { return nil, NewInvalidCursorErr(fmt.Errorf(errDecodeError, err)) } @@ -59,8 +59,8 @@ func EncodeFromDispatchCursor(dispatchCursor *dispatch.Cursor, callAndParameterH VersionOneof: &impl.DecodedCursor_V1{ V1: &impl.V1Cursor{ Revision: revision.String(), - DispatchVersion: dispatchCursor.DispatchVersion, - Sections: dispatchCursor.Sections, + DispatchVersion: dispatchCursor.GetDispatchVersion(), + Sections: dispatchCursor.GetSections(), CallAndParametersHash: callAndParameterHash, Flags: flags, }, @@ -94,7 +94,7 @@ func GetCursorFlag(encoded *v1.Cursor, flagName string) (string, bool, error) { return "", false, NewInvalidCursorErr(ErrNilCursor) } - value, ok := v1decoded.Flags[flagName] + value, ok := v1decoded.GetFlags()[flagName] return value, ok, nil } @@ -113,14 +113,14 @@ func DecodeToDispatchCursor(encoded *v1.Cursor, callAndParameterHash string) (*d return nil, nil, NewInvalidCursorErr(ErrNilCursor) } - if v1decoded.CallAndParametersHash != callAndParameterHash { + if v1decoded.GetCallAndParametersHash() != callAndParameterHash { return nil, nil, NewInvalidCursorErr(ErrHashMismatch) } return &dispatch.Cursor{ - DispatchVersion: v1decoded.DispatchVersion, - Sections: v1decoded.Sections, - }, v1decoded.Flags, nil + DispatchVersion: v1decoded.GetDispatchVersion(), + Sections: v1decoded.GetSections(), + }, v1decoded.GetFlags(), nil } // DecodeToDispatchRevision decodes an encoded API cursor into an internal dispatch revision. @@ -141,16 +141,16 @@ func DecodeToDispatchRevision(ctx context.Context, encoded *v1.Cursor, ds revisi return nil, zedtoken.StatusUnknown, fmt.Errorf(errEncodeError, err) } - parsed, err := ds.RevisionFromString(v1decoded.Revision) + parsed, err := ds.RevisionFromString(v1decoded.GetRevision()) if err != nil { return datastore.NoRevision, zedtoken.StatusUnknown, fmt.Errorf(errDecodeError, err) } - if v1decoded.DatastoreUniqueId == "" { + if v1decoded.GetDatastoreUniqueId() == "" { return parsed, zedtoken.StatusLegacyEmptyDatastoreID, nil } - if v1decoded.DatastoreUniqueId != datastoreUniqueID { + if v1decoded.GetDatastoreUniqueId() != datastoreUniqueID { return parsed, zedtoken.StatusMismatchedDatastoreID, nil } diff --git a/pkg/cursor/cursor_test.go b/pkg/cursor/cursor_test.go index c68ed3dc7..0128d84fe 100644 --- a/pkg/cursor/cursor_test.go +++ b/pkg/cursor/cursor_test.go @@ -59,7 +59,7 @@ func TestEncodeDecode(t *testing.T) { require.NotNil(decoded) require.Equal(map[string]string{"some": "flag"}, flags) - require.Equal(tc.sections, decoded.Sections) + require.Equal(tc.sections, decoded.GetSections()) decodedRev, _, err := DecodeToDispatchRevision(context.Background(), encoded, revisions.CommonDecoder{ Kind: revisions.TransactionID, @@ -137,7 +137,7 @@ func TestDecode(t *testing.T) { require.NoError(err) require.NotNil(decoded) - require.Equal(testCase.expectedSections, decoded.Sections) + require.Equal(testCase.expectedSections, decoded.GetSections()) decodedRev, _, err := DecodeToDispatchRevision(context.Background(), &v1.Cursor{ Token: testCase.token, diff --git a/pkg/datastore/datastore.go b/pkg/datastore/datastore.go index 5f5a1baf9..2347ed0d7 100644 --- a/pkg/datastore/datastore.go +++ b/pkg/datastore/datastore.go @@ -203,12 +203,12 @@ func (rf RelationshipsFilter) Test(relationship tuple.Relationship) bool { // No caveat filter, so no need to check. case CaveatFilterOptionHasMatchingCaveat: - if relationship.OptionalCaveat == nil || relationship.OptionalCaveat.CaveatName != rf.OptionalCaveatNameFilter.CaveatName { + if relationship.OptionalCaveat == nil || relationship.OptionalCaveat.GetCaveatName() != rf.OptionalCaveatNameFilter.CaveatName { return false } case CaveatFilterOptionNoCaveat: - if relationship.OptionalCaveat != nil && relationship.OptionalCaveat.CaveatName != "" { + if relationship.OptionalCaveat != nil && relationship.OptionalCaveat.GetCaveatName() != "" { return false } } @@ -250,11 +250,11 @@ func WithNoCaveat() CaveatNameFilter { // CoreFilterFromRelationshipFilter constructs a core RelationshipFilter from a V1 RelationshipsFilter. func CoreFilterFromRelationshipFilter(filter *v1.RelationshipFilter) *core.RelationshipFilter { return &core.RelationshipFilter{ - ResourceType: filter.ResourceType, - OptionalResourceId: filter.OptionalResourceId, - OptionalResourceIdPrefix: filter.OptionalResourceIdPrefix, - OptionalRelation: filter.OptionalRelation, - OptionalSubjectFilter: coreFilterFromSubjectsFilter(filter.OptionalSubjectFilter), + ResourceType: filter.GetResourceType(), + OptionalResourceId: filter.GetOptionalResourceId(), + OptionalResourceIdPrefix: filter.GetOptionalResourceIdPrefix(), + OptionalRelation: filter.GetOptionalRelation(), + OptionalSubjectFilter: coreFilterFromSubjectsFilter(filter.GetOptionalSubjectFilter()), } } @@ -264,9 +264,9 @@ func coreFilterFromSubjectsFilter(filter *v1.SubjectFilter) *core.SubjectFilter } return &core.SubjectFilter{ - SubjectType: filter.SubjectType, - OptionalSubjectId: filter.OptionalSubjectId, - OptionalRelation: coreFilterFromSubjectRelationFilter(filter.OptionalRelation), + SubjectType: filter.GetSubjectType(), + OptionalSubjectId: filter.GetOptionalSubjectId(), + OptionalRelation: coreFilterFromSubjectRelationFilter(filter.GetOptionalRelation()), } } @@ -276,28 +276,28 @@ func coreFilterFromSubjectRelationFilter(filter *v1.SubjectFilter_RelationFilter } return &core.SubjectFilter_RelationFilter{ - Relation: filter.Relation, + Relation: filter.GetRelation(), } } // RelationshipsFilterFromCoreFilter constructs a datastore RelationshipsFilter from a core RelationshipFilter. func RelationshipsFilterFromCoreFilter(filter *core.RelationshipFilter) (RelationshipsFilter, error) { var resourceIds []string - if filter.OptionalResourceId != "" { - resourceIds = []string{filter.OptionalResourceId} + if filter.GetOptionalResourceId() != "" { + resourceIds = []string{filter.GetOptionalResourceId()} } var subjectsSelectors []SubjectsSelector - if filter.OptionalSubjectFilter != nil { + if filter.GetOptionalSubjectFilter() != nil { var subjectIds []string - if filter.OptionalSubjectFilter.OptionalSubjectId != "" { - subjectIds = []string{filter.OptionalSubjectFilter.OptionalSubjectId} + if filter.GetOptionalSubjectFilter().GetOptionalSubjectId() != "" { + subjectIds = []string{filter.GetOptionalSubjectFilter().GetOptionalSubjectId()} } relationFilter := SubjectRelationFilter{} - if filter.OptionalSubjectFilter.OptionalRelation != nil { - relation := filter.OptionalSubjectFilter.OptionalRelation.GetRelation() + if filter.GetOptionalSubjectFilter().GetOptionalRelation() != nil { + relation := filter.GetOptionalSubjectFilter().GetOptionalRelation().GetRelation() if relation != "" { relationFilter = relationFilter.WithNonEllipsisRelation(relation) } else { @@ -306,25 +306,25 @@ func RelationshipsFilterFromCoreFilter(filter *core.RelationshipFilter) (Relatio } subjectsSelectors = append(subjectsSelectors, SubjectsSelector{ - OptionalSubjectType: filter.OptionalSubjectFilter.SubjectType, + OptionalSubjectType: filter.GetOptionalSubjectFilter().GetSubjectType(), OptionalSubjectIds: subjectIds, RelationFilter: relationFilter, }) } - if filter.OptionalResourceId != "" && filter.OptionalResourceIdPrefix != "" { + if filter.GetOptionalResourceId() != "" && filter.GetOptionalResourceIdPrefix() != "" { return RelationshipsFilter{}, errors.New("cannot specify both OptionalResourceId and OptionalResourceIDPrefix") } - if filter.ResourceType == "" && filter.OptionalRelation == "" && len(resourceIds) == 0 && filter.OptionalResourceIdPrefix == "" && len(subjectsSelectors) == 0 { + if filter.GetResourceType() == "" && filter.GetOptionalRelation() == "" && len(resourceIds) == 0 && filter.GetOptionalResourceIdPrefix() == "" && len(subjectsSelectors) == 0 { return RelationshipsFilter{}, errors.New("at least one filter field must be set") } return RelationshipsFilter{ - OptionalResourceType: filter.ResourceType, + OptionalResourceType: filter.GetResourceType(), OptionalResourceIds: resourceIds, - OptionalResourceIDPrefix: filter.OptionalResourceIdPrefix, - OptionalResourceRelation: filter.OptionalRelation, + OptionalResourceIDPrefix: filter.GetOptionalResourceIdPrefix(), + OptionalResourceRelation: filter.GetOptionalRelation(), OptionalSubjectsSelectors: subjectsSelectors, }, nil } @@ -332,21 +332,21 @@ func RelationshipsFilterFromCoreFilter(filter *core.RelationshipFilter) (Relatio // RelationshipsFilterFromPublicFilter constructs a datastore RelationshipsFilter from an API-defined RelationshipFilter. func RelationshipsFilterFromPublicFilter(filter *v1.RelationshipFilter) (RelationshipsFilter, error) { var resourceIds []string - if filter.OptionalResourceId != "" { - resourceIds = []string{filter.OptionalResourceId} + if filter.GetOptionalResourceId() != "" { + resourceIds = []string{filter.GetOptionalResourceId()} } var subjectsSelectors []SubjectsSelector - if filter.OptionalSubjectFilter != nil { + if filter.GetOptionalSubjectFilter() != nil { var subjectIds []string - if filter.OptionalSubjectFilter.OptionalSubjectId != "" { - subjectIds = []string{filter.OptionalSubjectFilter.OptionalSubjectId} + if filter.GetOptionalSubjectFilter().GetOptionalSubjectId() != "" { + subjectIds = []string{filter.GetOptionalSubjectFilter().GetOptionalSubjectId()} } relationFilter := SubjectRelationFilter{} - if filter.OptionalSubjectFilter.OptionalRelation != nil { - relation := filter.OptionalSubjectFilter.OptionalRelation.GetRelation() + if filter.GetOptionalSubjectFilter().GetOptionalRelation() != nil { + relation := filter.GetOptionalSubjectFilter().GetOptionalRelation().GetRelation() if relation != "" { relationFilter = relationFilter.WithNonEllipsisRelation(relation) } else { @@ -355,25 +355,25 @@ func RelationshipsFilterFromPublicFilter(filter *v1.RelationshipFilter) (Relatio } subjectsSelectors = append(subjectsSelectors, SubjectsSelector{ - OptionalSubjectType: filter.OptionalSubjectFilter.SubjectType, + OptionalSubjectType: filter.GetOptionalSubjectFilter().GetSubjectType(), OptionalSubjectIds: subjectIds, RelationFilter: relationFilter, }) } - if filter.OptionalResourceId != "" && filter.OptionalResourceIdPrefix != "" { + if filter.GetOptionalResourceId() != "" && filter.GetOptionalResourceIdPrefix() != "" { return RelationshipsFilter{}, errors.New("cannot specify both OptionalResourceId and OptionalResourceIDPrefix") } - if filter.ResourceType == "" && filter.OptionalRelation == "" && len(resourceIds) == 0 && filter.OptionalResourceIdPrefix == "" && len(subjectsSelectors) == 0 { + if filter.GetResourceType() == "" && filter.GetOptionalRelation() == "" && len(resourceIds) == 0 && filter.GetOptionalResourceIdPrefix() == "" && len(subjectsSelectors) == 0 { return RelationshipsFilter{}, errors.New("at least one filter field must be set") } return RelationshipsFilter{ - OptionalResourceType: filter.ResourceType, + OptionalResourceType: filter.GetResourceType(), OptionalResourceIds: resourceIds, - OptionalResourceIDPrefix: filter.OptionalResourceIdPrefix, - OptionalResourceRelation: filter.OptionalRelation, + OptionalResourceIDPrefix: filter.GetOptionalResourceIdPrefix(), + OptionalResourceRelation: filter.GetOptionalRelation(), OptionalSubjectsSelectors: subjectsSelectors, }, nil } diff --git a/pkg/datastore/errors.go b/pkg/datastore/errors.go index f65aec488..40aa06ab8 100644 --- a/pkg/datastore/errors.go +++ b/pkg/datastore/errors.go @@ -242,21 +242,21 @@ func (err CounterAlreadyRegisteredError) DetailsMetadata() map[string]string { subjectType := "" subjectID := "" subjectRelation := "" - if err.filter.OptionalSubjectFilter != nil { - subjectType = err.filter.OptionalSubjectFilter.SubjectType - subjectID = err.filter.OptionalSubjectFilter.OptionalSubjectId + if err.filter.GetOptionalSubjectFilter() != nil { + subjectType = err.filter.GetOptionalSubjectFilter().GetSubjectType() + subjectID = err.filter.GetOptionalSubjectFilter().GetOptionalSubjectId() - if err.filter.OptionalSubjectFilter.GetOptionalRelation() != nil { - subjectRelation = err.filter.OptionalSubjectFilter.GetOptionalRelation().Relation + if err.filter.GetOptionalSubjectFilter().GetOptionalRelation() != nil { + subjectRelation = err.filter.GetOptionalSubjectFilter().GetOptionalRelation().GetRelation() } } return map[string]string{ "counter_name": err.counterName, - "new_filter_resource_type": err.filter.ResourceType, - "new_filter_resource_id": err.filter.OptionalResourceId, - "new_filter_resource_id_prefix": err.filter.OptionalResourceIdPrefix, - "new_filter_relation": err.filter.OptionalRelation, + "new_filter_resource_type": err.filter.GetResourceType(), + "new_filter_resource_id": err.filter.GetOptionalResourceId(), + "new_filter_resource_id_prefix": err.filter.GetOptionalResourceIdPrefix(), + "new_filter_relation": err.filter.GetOptionalRelation(), "new_filter_subject_type": subjectType, "new_filter_subject_id": subjectID, "new_filter_subject_relation": subjectRelation, diff --git a/pkg/datastore/stats.go b/pkg/datastore/stats.go index f98c4057a..ad83be800 100644 --- a/pkg/datastore/stats.go +++ b/pkg/datastore/stats.go @@ -13,7 +13,7 @@ func ComputeObjectTypeStats(objTypes []RevisionedNamespace) []ObjectTypeStat { for _, objType := range objTypes { var relations, permissions uint32 - for _, rel := range objType.Definition.Relation { + for _, rel := range objType.Definition.GetRelation() { if namespace.GetRelationKind(rel) == iv1.RelationMetadata_PERMISSION { permissions++ } else { diff --git a/pkg/datastore/test/basic.go b/pkg/datastore/test/basic.go index 604786763..5d1a35999 100644 --- a/pkg/datastore/test/basic.go +++ b/pkg/datastore/test/basic.go @@ -44,7 +44,7 @@ func DeleteAllDataTest(t *testing.T, tester DatastoreTester) { for _, nsDef := range nsDefs { iter, err := reader.QueryRelationships( ctx, - datastore.RelationshipsFilter{OptionalResourceType: nsDef.Definition.Name}, + datastore.RelationshipsFilter{OptionalResourceType: nsDef.Definition.GetName()}, options.WithQueryShape(queryshape.FindResourceOfType), ) require.NoError(t, err) @@ -72,7 +72,7 @@ func DeleteAllDataTest(t *testing.T, tester DatastoreTester) { for _, nsDef := range nsDefs { iter, err := reader.QueryRelationships( ctx, - datastore.RelationshipsFilter{OptionalResourceType: nsDef.Definition.Name}, + datastore.RelationshipsFilter{OptionalResourceType: nsDef.Definition.GetName()}, options.WithQueryShape(queryshape.FindResourceOfType), ) require.NoError(t, err) diff --git a/pkg/datastore/test/bulk.go b/pkg/datastore/test/bulk.go index 75999ce49..41fcf2deb 100644 --- a/pkg/datastore/test/bulk.go +++ b/pkg/datastore/test/bulk.go @@ -33,9 +33,9 @@ func BulkUploadTest(t *testing.T, tester DatastoreTester) { ds, _ := testfixtures.StandardDatastoreWithSchema(rawDS, require) bulkSource := testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), tc, t, ) @@ -56,7 +56,7 @@ func BulkUploadTest(t *testing.T, tester DatastoreTester) { require.NoError(err) iter, err := ds.SnapshotReader(head).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(err) @@ -96,9 +96,9 @@ func BulkUploadAlreadyExistsSameCallErrorTest(t *testing.T, tester DatastoreTest _, err = ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { inserted, err := rwt.BulkLoad(ctx, testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), 1, t, )) @@ -106,9 +106,9 @@ func BulkUploadAlreadyExistsSameCallErrorTest(t *testing.T, tester DatastoreTest require.Equal(uint64(1), inserted) _, serr := rwt.BulkLoad(ctx, testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), 1, t, )) @@ -133,9 +133,9 @@ func BulkUploadWithCaveats(t *testing.T, tester DatastoreTester) { ds, _ := testfixtures.StandardDatastoreWithSchema(rawDS, require) bulkSource := testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "caveated_viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), tc, t, ) @@ -152,7 +152,7 @@ func BulkUploadWithCaveats(t *testing.T, tester DatastoreTester) { require.NoError(err) iter, err := ds.SnapshotReader(lastRevision).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(err) @@ -160,9 +160,9 @@ func BulkUploadWithCaveats(t *testing.T, tester DatastoreTester) { require.NoError(err) require.Nil(found.OptionalExpiration) require.NotNil(found.OptionalCaveat) - require.NotEmpty(found.OptionalCaveat.CaveatName) - require.NotNil(found.OptionalCaveat.Context) - require.Equal(map[string]any{"secret": "1235"}, found.OptionalCaveat.Context.AsMap()) + require.NotEmpty(found.OptionalCaveat.GetCaveatName()) + require.NotNil(found.OptionalCaveat.GetContext()) + require.Equal(map[string]any{"secret": "1235"}, found.OptionalCaveat.GetContext().AsMap()) } } @@ -176,9 +176,9 @@ func BulkUploadWithExpiration(t *testing.T, tester DatastoreTester) { ds, _ := testfixtures.StandardDatastoreWithSchema(rawDS, require) bulkSource := testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "expired_viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), tc, t, ) @@ -195,7 +195,7 @@ func BulkUploadWithExpiration(t *testing.T, tester DatastoreTester) { require.NoError(err) iter, err := ds.SnapshotReader(lastRevision).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(err) @@ -215,9 +215,9 @@ func BulkUploadEditCaveat(t *testing.T, tester DatastoreTester) { ds, _ := testfixtures.StandardDatastoreWithSchema(rawDS, require) bulkSource := testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "caveated_viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), tc, t, ) @@ -233,7 +233,7 @@ func BulkUploadEditCaveat(t *testing.T, tester DatastoreTester) { require.NoError(err) iter, err := ds.SnapshotReader(lastRevision).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(err) @@ -243,7 +243,7 @@ func BulkUploadEditCaveat(t *testing.T, tester DatastoreTester) { require.NoError(err) updates = append(updates, tuple.Touch(found.WithCaveat(&core.ContextualizedCaveat{ - CaveatName: testfixtures.CaveatDef.Name, + CaveatName: testfixtures.CaveatDef.GetName(), Context: nil, }))) } @@ -258,7 +258,7 @@ func BulkUploadEditCaveat(t *testing.T, tester DatastoreTester) { require.NoError(err) iter, err = ds.SnapshotReader(lastRevision).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(err) @@ -266,7 +266,7 @@ func BulkUploadEditCaveat(t *testing.T, tester DatastoreTester) { for found, err := range iter { require.NoError(err) require.NotNil(found.OptionalCaveat) - require.NotEmpty(found.OptionalCaveat.CaveatName) + require.NotEmpty(found.OptionalCaveat.GetCaveatName()) foundChanged++ } @@ -285,9 +285,9 @@ func BulkUploadAlreadyExistsErrorTest(t *testing.T, tester DatastoreTester) { // Bulk write a single relationship. _, err = ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { inserted, err := rwt.BulkLoad(ctx, testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), 1, t, )) @@ -300,9 +300,9 @@ func BulkUploadAlreadyExistsErrorTest(t *testing.T, tester DatastoreTester) { // Bulk write it again and ensure we get the expected error. _, err = ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { _, serr := rwt.BulkLoad(ctx, testfixtures.NewBulkRelationshipGenerator( - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), "viewer", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), 1, t, )) diff --git a/pkg/datastore/test/caveat.go b/pkg/datastore/test/caveat.go index 766efe8c0..dcb2dac3a 100644 --- a/pkg/datastore/test/caveat.go +++ b/pkg/datastore/test/caveat.go @@ -66,7 +66,7 @@ func WriteReadDeleteCaveatTest(t *testing.T, tester DatastoreTester) { // The caveat can be looked up by name cr := ds.SnapshotReader(rev) - cv, _, err := cr.ReadCaveatByName(ctx, coreCaveat.Name) + cv, _, err := cr.ReadCaveatByName(ctx, coreCaveat.GetName()) req.NoError(err) foundDiff := cmp.Diff(coreCaveat, cv, protocmp.Transform()) @@ -74,11 +74,11 @@ func WriteReadDeleteCaveatTest(t *testing.T, tester DatastoreTester) { // All caveats can be listed when no arg is provided // Manually check the caveat's contents. - req.Equal(coreCaveat.Name, cv.Name) - req.Len(cv.ParameterTypes, 2) - req.Equal("int", cv.ParameterTypes["foo"].TypeName) - req.Equal("map", cv.ParameterTypes["bar"].TypeName) - req.Equal("bytes", cv.ParameterTypes["bar"].ChildTypes[0].TypeName) + req.Equal(coreCaveat.GetName(), cv.GetName()) + req.Len(cv.GetParameterTypes(), 2) + req.Equal("int", cv.GetParameterTypes()["foo"].GetTypeName()) + req.Equal("map", cv.GetParameterTypes()["bar"].GetTypeName()) + req.Equal("bytes", cv.GetParameterTypes()["bar"].GetChildTypes()[0].GetTypeName()) // All caveats can be listed cvs, err := cr.ListAllCaveats(ctx) @@ -91,7 +91,7 @@ func WriteReadDeleteCaveatTest(t *testing.T, tester DatastoreTester) { req.Empty(foundDiff) // Caveats can be found by names - cvs, err = cr.LookupCaveatsWithNames(ctx, []string{coreCaveat.Name}) + cvs, err = cr.LookupCaveatsWithNames(ctx, []string{coreCaveat.GetName()}) req.NoError(err) req.Len(cvs, 1) @@ -115,11 +115,11 @@ func WriteReadDeleteCaveatTest(t *testing.T, tester DatastoreTester) { // Delete Caveat rev, err = ds.ReadWriteTx(ctx, func(ctx context.Context, tx datastore.ReadWriteTransaction) error { - return tx.DeleteCaveats(ctx, []string{coreCaveat.Name}) + return tx.DeleteCaveats(ctx, []string{coreCaveat.GetName()}) }) req.NoError(err) cr = ds.SnapshotReader(rev) - _, _, err = cr.ReadCaveatByName(ctx, coreCaveat.Name) + _, _, err = cr.ReadCaveatByName(ctx, coreCaveat.GetName()) req.ErrorAs(err, &datastore.CaveatNameNotFoundError{}) // Returns an error if caveat name or ID does not exist @@ -144,7 +144,7 @@ func WriteCaveatedRelationshipTest(t *testing.T, tester DatastoreTester) { _, err = writeCaveats(ctx, ds, coreCaveat, anotherCoreCaveat) req.NoError(err) - rel := createTestCaveatedRel(t, "document:companyplan#somerelation@folder:company#...", coreCaveat.Name) + rel := createTestCaveatedRel(t, "document:companyplan#somerelation@folder:company#...", coreCaveat.GetName()) rev, err := common.WriteRelationships(ctx, sds, tuple.UpdateOperationCreate, rel) req.NoError(err) assertRelCorrectlyStored(req, ds, rev, rel) @@ -154,7 +154,7 @@ func WriteCaveatedRelationshipTest(t *testing.T, tester DatastoreTester) { req.ErrorAs(err, &common.CreateRelationshipExistsError{}) // RelationTupleUpdate_TOUCH does update the caveat context for a caveated relationship that already exists - currentMap := rel.OptionalCaveat.Context.AsMap() + currentMap := rel.OptionalCaveat.GetContext().AsMap() delete(currentMap, "b") st, err := structpb.NewStruct(currentMap) require.NoError(t, err) @@ -165,7 +165,7 @@ func WriteCaveatedRelationshipTest(t *testing.T, tester DatastoreTester) { assertRelCorrectlyStored(req, ds, rev, rel) // RelationTupleUpdate_TOUCH does update the caveat name for a caveated relationship that already exists - rel.OptionalCaveat.CaveatName = anotherCoreCaveat.Name + rel.OptionalCaveat.CaveatName = anotherCoreCaveat.GetName() rev, err = common.WriteRelationships(ctx, sds, tuple.UpdateOperationTouch, rel) req.NoError(err) assertRelCorrectlyStored(req, ds, rev, rel) @@ -220,8 +220,8 @@ func CaveatedRelationshipFilterTest(t *testing.T, tester DatastoreTester) { _, err = writeCaveats(ctx, ds, coreCaveat, anotherCoreCaveat) req.NoError(err) - rel := createTestCaveatedRel(t, "document:companyplan#parent@folder:company#...", coreCaveat.Name) - anotherTpl := createTestCaveatedRel(t, "document:anothercompanyplan#parent@folder:company#...", anotherCoreCaveat.Name) + rel := createTestCaveatedRel(t, "document:companyplan#parent@folder:company#...", coreCaveat.GetName()) + anotherTpl := createTestCaveatedRel(t, "document:anothercompanyplan#parent@folder:company#...", anotherCoreCaveat.GetName()) nonCaveatedTpl := tuple.MustParse("document:yetanothercompanyplan#parent@folder:company#...") rev, err := common.WriteRelationships(ctx, sds, tuple.UpdateOperationCreate, rel, anotherTpl, nonCaveatedTpl) req.NoError(err) @@ -229,7 +229,7 @@ func CaveatedRelationshipFilterTest(t *testing.T, tester DatastoreTester) { // filter by first caveat iter, err := ds.SnapshotReader(rev).QueryRelationships(ctx, datastore.RelationshipsFilter{ OptionalResourceType: rel.Resource.ObjectType, - OptionalCaveatNameFilter: datastore.WithCaveatName(coreCaveat.Name), + OptionalCaveatNameFilter: datastore.WithCaveatName(coreCaveat.GetName()), }, options.WithQueryShape(queryshape.Varying)) req.NoError(err) expectRel(req, iter, rel) @@ -237,7 +237,7 @@ func CaveatedRelationshipFilterTest(t *testing.T, tester DatastoreTester) { // filter by second caveat iter, err = ds.SnapshotReader(rev).QueryRelationships(ctx, datastore.RelationshipsFilter{ OptionalResourceType: anotherTpl.Resource.ObjectType, - OptionalCaveatNameFilter: datastore.WithCaveatName(anotherCoreCaveat.Name), + OptionalCaveatNameFilter: datastore.WithCaveatName(anotherCoreCaveat.GetName()), }, options.WithQueryShape(queryshape.Varying)) req.NoError(err) expectRel(req, iter, anotherTpl) @@ -266,7 +266,7 @@ func CaveatSnapshotReadsTest(t *testing.T, tester DatastoreTester) { req.NoError(err) // Modify caveat and update - oldExpression := coreCaveat.SerializedExpression + oldExpression := coreCaveat.GetSerializedExpression() newExpression := []byte{0x0a} coreCaveat.SerializedExpression = newExpression newRev, err := writeCaveat(ctx, ds, coreCaveat) @@ -274,15 +274,15 @@ func CaveatSnapshotReadsTest(t *testing.T, tester DatastoreTester) { // check most recent revision cr := ds.SnapshotReader(newRev) - cv, _, err := cr.ReadCaveatByName(ctx, coreCaveat.Name) + cv, _, err := cr.ReadCaveatByName(ctx, coreCaveat.GetName()) req.NoError(err) - req.Equal(newExpression, cv.SerializedExpression) + req.Equal(newExpression, cv.GetSerializedExpression()) // check previous revision cr = ds.SnapshotReader(oldRev) - cv, _, err = cr.ReadCaveatByName(ctx, coreCaveat.Name) + cv, _, err = cr.ReadCaveatByName(ctx, coreCaveat.GetName()) req.NoError(err) - req.Equal(oldExpression, cv.SerializedExpression) + req.Equal(oldExpression, cv.GetSerializedExpression()) } func CaveatedRelationshipWatchTest(t *testing.T, tester DatastoreTester) { @@ -301,7 +301,7 @@ func CaveatedRelationshipWatchTest(t *testing.T, tester DatastoreTester) { req.NoError(err) // test relationship with caveat and context - relWithContext := createTestCaveatedRel(t, "document:a#parent@folder:company#...", coreCaveat.Name) + relWithContext := createTestCaveatedRel(t, "document:a#parent@folder:company#...", coreCaveat.GetName()) revBeforeWrite, err := ds.HeadRevision(ctx) require.NoError(t, err) @@ -313,7 +313,7 @@ func CaveatedRelationshipWatchTest(t *testing.T, tester DatastoreTester) { expectRelChange(t, ds, revBeforeWrite, relWithContext) // test relationship with caveat and empty context - tupleWithEmptyContext := createTestCaveatedRel(t, "document:b#parent@folder:company#...", coreCaveat.Name) + tupleWithEmptyContext := createTestCaveatedRel(t, "document:b#parent@folder:company#...", coreCaveat.GetName()) strct, err := structpb.NewStruct(nil) req.NoError(err) @@ -329,7 +329,7 @@ func CaveatedRelationshipWatchTest(t *testing.T, tester DatastoreTester) { expectRelChange(t, ds, secondRevBeforeWrite, tupleWithEmptyContext) // test relationship with caveat and empty context - tupleWithNilContext := createTestCaveatedRel(t, "document:c#parent@folder:company#...", coreCaveat.Name) + tupleWithNilContext := createTestCaveatedRel(t, "document:c#parent@folder:company#...", coreCaveat.GetName()) tupleWithNilContext.OptionalCaveat.Context = nil thirdRevBeforeWrite, err := ds.HeadRevision(ctx) diff --git a/pkg/datastore/test/counters.go b/pkg/datastore/test/counters.go index 9bd451e16..7f512ca40 100644 --- a/pkg/datastore/test/counters.go +++ b/pkg/datastore/test/counters.go @@ -26,7 +26,7 @@ func RelationshipCounterOverExpiredTest(t *testing.T, tester DatastoreTester) { // Register the filter. _, err = ds.ReadWriteTx(t.Context(), func(ctx context.Context, tx datastore.ReadWriteTransaction) error { err := tx.RegisterCounter(ctx, "document", &core.RelationshipFilter{ - ResourceType: testfixtures.DocumentNS.Name, + ResourceType: testfixtures.DocumentNS.GetName(), }) require.NoError(t, err) return nil @@ -47,7 +47,7 @@ func RelationshipCounterOverExpiredTest(t *testing.T, tester DatastoreTester) { expectedCount := 0 iter, err := reader.QueryRelationships(t.Context(), datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(t, err) @@ -85,7 +85,7 @@ func RegisterRelationshipCountersInParallelTest(t *testing.T, tester DatastoreTe defer wg.Done() _, err := ds.ReadWriteTx(t.Context(), func(ctx context.Context, tx datastore.ReadWriteTransaction) error { return tx.RegisterCounter(ctx, "document", &core.RelationshipFilter{ - ResourceType: testfixtures.DocumentNS.Name, + ResourceType: testfixtures.DocumentNS.GetName(), }) }) if err != nil { @@ -123,13 +123,13 @@ func RelationshipCountersTest(t *testing.T, tester DatastoreTester) { // Register the filter. updatedRev, err := ds.ReadWriteTx(t.Context(), func(ctx context.Context, tx datastore.ReadWriteTransaction) error { err := tx.RegisterCounter(ctx, "document", &core.RelationshipFilter{ - ResourceType: testfixtures.DocumentNS.Name, + ResourceType: testfixtures.DocumentNS.GetName(), }) require.NoError(t, err) // Register another filter. err = tx.RegisterCounter(ctx, "another", &core.RelationshipFilter{ - ResourceType: testfixtures.FolderNS.Name, + ResourceType: testfixtures.FolderNS.GetName(), }) require.NoError(t, err) @@ -140,7 +140,7 @@ func RelationshipCountersTest(t *testing.T, tester DatastoreTester) { // Try to register again. _, err = ds.ReadWriteTx(t.Context(), func(ctx context.Context, tx datastore.ReadWriteTransaction) error { err := tx.RegisterCounter(ctx, "document", &core.RelationshipFilter{ - ResourceType: testfixtures.DocumentNS.Name, + ResourceType: testfixtures.DocumentNS.GetName(), }) require.Error(t, err) require.ErrorContains(t, err, "counter with name `document` already registered") @@ -153,7 +153,7 @@ func RelationshipCountersTest(t *testing.T, tester DatastoreTester) { expectedCount := 0 iter, err := reader.QueryRelationships(t.Context(), datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(t, err) @@ -169,7 +169,7 @@ func RelationshipCountersTest(t *testing.T, tester DatastoreTester) { // Call another filter. expectedCount = 0 iter, err = reader.QueryRelationships(t.Context(), datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.FolderNS.Name, + OptionalResourceType: testfixtures.FolderNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(t, err) @@ -218,9 +218,9 @@ func RelationshipCountersWithOddFilterTest(t *testing.T, tester DatastoreTester) // Register the filter. updatedRev, err := ds.ReadWriteTx(t.Context(), func(ctx context.Context, tx datastore.ReadWriteTransaction) error { err := tx.RegisterCounter(ctx, "somefilter", &core.RelationshipFilter{ - ResourceType: testfixtures.DocumentNS.Name, + ResourceType: testfixtures.DocumentNS.GetName(), OptionalSubjectFilter: &core.SubjectFilter{ - SubjectType: testfixtures.UserNS.Name, + SubjectType: testfixtures.UserNS.GetName(), }, }) require.NoError(t, err) @@ -233,10 +233,10 @@ func RelationshipCountersWithOddFilterTest(t *testing.T, tester DatastoreTester) expectedCount := 0 iter, err := reader.QueryRelationships(t.Context(), datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), OptionalSubjectsSelectors: []datastore.SubjectsSelector{ { - OptionalSubjectType: testfixtures.UserNS.Name, + OptionalSubjectType: testfixtures.UserNS.GetName(), }, }, }, options.WithQueryShape(queryshape.Varying)) @@ -275,7 +275,7 @@ func UpdateRelationshipCounterTest(t *testing.T, tester DatastoreTester) { // Register filter. updatedRev, err := ds.ReadWriteTx(t.Context(), func(ctx context.Context, tx datastore.ReadWriteTransaction) error { err := tx.RegisterCounter(ctx, "somedocfilter", &core.RelationshipFilter{ - ResourceType: testfixtures.DocumentNS.Name, + ResourceType: testfixtures.DocumentNS.GetName(), }) require.NoError(t, err) return nil @@ -316,7 +316,7 @@ func UpdateRelationshipCounterTest(t *testing.T, tester DatastoreTester) { // Register a new filter. newFilterRev, err := ds.ReadWriteTx(t.Context(), func(ctx context.Context, tx datastore.ReadWriteTransaction) error { err := tx.RegisterCounter(ctx, "another", &core.RelationshipFilter{ - ResourceType: testfixtures.FolderNS.Name, + ResourceType: testfixtures.FolderNS.GetName(), }) require.NoError(t, err) return nil diff --git a/pkg/datastore/test/namespace.go b/pkg/datastore/test/namespace.go index 4e2df40bc..de1add7e3 100644 --- a/pkg/datastore/test/namespace.go +++ b/pkg/datastore/test/namespace.go @@ -22,12 +22,12 @@ import ( var ( testNamespace = ns.Namespace("foo/bar", - ns.MustRelation("editor", nil, ns.AllowedRelation(testUserNS.Name, "...")), + ns.MustRelation("editor", nil, ns.AllowedRelation(testUserNS.GetName(), "...")), ) - updatedNamespace = ns.Namespace(testNamespace.Name, - ns.MustRelation("reader", nil, ns.AllowedRelation(testUserNS.Name, "...")), - ns.MustRelation("editor", nil, ns.AllowedRelation(testUserNS.Name, "...")), + updatedNamespace = ns.Namespace(testNamespace.GetName(), + ns.MustRelation("reader", nil, ns.AllowedRelation(testUserNS.GetName(), "...")), + ns.MustRelation("editor", nil, ns.AllowedRelation(testUserNS.GetName(), "...")), ) ) @@ -74,7 +74,7 @@ func NamespaceWriteTest(t *testing.T, tester DatastoreTester) { nsDefs, err = ds.SnapshotReader(writtenRev).ListAllNamespaces(ctx) require.NoError(err) require.Len(nsDefs, 1) - require.Equal(testUserNS.Name, nsDefs[0].Definition.Name) + require.Equal(testUserNS.GetName(), nsDefs[0].Definition.GetName()) secondWritten, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { return rwt.WriteNamespaces(ctx, testNamespace) @@ -86,14 +86,14 @@ func NamespaceWriteTest(t *testing.T, tester DatastoreTester) { require.NoError(err) require.Len(nsDefs, 2) - _, _, err = ds.SnapshotReader(writtenRev).ReadNamespaceByName(ctx, testNamespace.Name) + _, _, err = ds.SnapshotReader(writtenRev).ReadNamespaceByName(ctx, testNamespace.GetName()) require.Error(err) nsDefs, err = ds.SnapshotReader(writtenRev).ListAllNamespaces(ctx) require.NoError(err) require.Len(nsDefs, 1) - found, createdRev, err := ds.SnapshotReader(secondWritten).ReadNamespaceByName(ctx, testNamespace.Name) + found, createdRev, err := ds.SnapshotReader(secondWritten).ReadNamespaceByName(ctx, testNamespace.GetName()) require.NoError(err) require.False(createdRev.GreaterThan(secondWritten)) require.True(createdRev.GreaterThan(startRevision)) @@ -105,7 +105,7 @@ func NamespaceWriteTest(t *testing.T, tester DatastoreTester) { }) require.NoError(err) - checkUpdated, createdRev, err := ds.SnapshotReader(updatedRevision).ReadNamespaceByName(ctx, testNamespace.Name) + checkUpdated, createdRev, err := ds.SnapshotReader(updatedRevision).ReadNamespaceByName(ctx, testNamespace.GetName()) require.NoError(err) require.False(createdRev.GreaterThan(updatedRevision)) require.True(createdRev.GreaterThan(startRevision)) @@ -121,16 +121,16 @@ func NamespaceWriteTest(t *testing.T, tester DatastoreTester) { checkOldList, err := ds.SnapshotReader(writtenRev).ListAllNamespaces(ctx) require.NoError(err) require.Len(checkOldList, 1) - require.Equal(testUserNS.Name, checkOldList[0].Definition.Name) + require.Equal(testUserNS.GetName(), checkOldList[0].Definition.GetName()) require.Empty(cmp.Diff(testUserNS, checkOldList[0].Definition, protocmp.Transform())) - checkLookup, err := ds.SnapshotReader(secondWritten).LookupNamespacesWithNames(ctx, []string{testNamespace.Name}) + checkLookup, err := ds.SnapshotReader(secondWritten).LookupNamespacesWithNames(ctx, []string{testNamespace.GetName()}) require.NoError(err) require.Len(checkLookup, 1) - require.Equal(testNamespace.Name, checkLookup[0].Definition.Name) + require.Equal(testNamespace.GetName(), checkLookup[0].Definition.GetName()) require.Empty(cmp.Diff(testNamespace, checkLookup[0].Definition, protocmp.Transform())) - checkLookupMultiple, err := ds.SnapshotReader(secondWritten).LookupNamespacesWithNames(ctx, []string{testNamespace.Name, testUserNS.Name}) + checkLookupMultiple, err := ds.SnapshotReader(secondWritten).LookupNamespacesWithNames(ctx, []string{testNamespace.GetName(), testUserNS.GetName()}) require.NoError(err) require.Len(checkLookupMultiple, 2) @@ -162,15 +162,15 @@ func NamespaceDeleteTest(t *testing.T, tester DatastoreTester) { tRequire.RelationshipExists(ctx, folderTpl, revision) deletedRev, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { - return rwt.DeleteNamespaces(ctx, testfixtures.DocumentNS.Name) + return rwt.DeleteNamespaces(ctx, testfixtures.DocumentNS.GetName()) }) require.NoError(err) require.True(deletedRev.GreaterThan(revision)) - _, _, err = ds.SnapshotReader(deletedRev).ReadNamespaceByName(ctx, testfixtures.DocumentNS.Name) + _, _, err = ds.SnapshotReader(deletedRev).ReadNamespaceByName(ctx, testfixtures.DocumentNS.GetName()) require.ErrorAs(err, &datastore.NamespaceNotFoundError{}) - found, nsCreatedRev, err := ds.SnapshotReader(deletedRev).ReadNamespaceByName(ctx, testfixtures.FolderNS.Name) + found, nsCreatedRev, err := ds.SnapshotReader(deletedRev).ReadNamespaceByName(ctx, testfixtures.FolderNS.GetName()) require.NoError(err) require.NotNil(found) require.True(nsCreatedRev.LessThan(deletedRev)) @@ -178,14 +178,14 @@ func NamespaceDeleteTest(t *testing.T, tester DatastoreTester) { allNamespaces, err := ds.SnapshotReader(deletedRev).ListAllNamespaces(ctx) require.NoError(err) for _, ns := range allNamespaces { - require.NotEqual(testfixtures.DocumentNS.Name, ns.Definition.Name, "deleted namespace '%s' should not be in namespace list", ns.Definition.Name) + require.NotEqual(testfixtures.DocumentNS.GetName(), ns.Definition.GetName(), "deleted namespace '%s' should not be in namespace list", ns.Definition.GetName()) } deletedRevision, err := ds.HeadRevision(ctx) require.NoError(err) iter, err := ds.SnapshotReader(deletedRevision).QueryRelationships(ctx, datastore.RelationshipsFilter{ - OptionalResourceType: testfixtures.DocumentNS.Name, + OptionalResourceType: testfixtures.DocumentNS.GetName(), }, options.WithQueryShape(queryshape.FindResourceOfType)) require.NoError(err) tRequire.VerifyIteratorResults(iter) @@ -205,7 +205,7 @@ func NamespaceMultiDeleteTest(t *testing.T, tester DatastoreTester) { nsNames := make([]string, 0, len(namespaces)) for _, ns := range namespaces { - nsNames = append(nsNames, ns.Definition.Name) + nsNames = append(nsNames, ns.Definition.GetName()) } deletedRev, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { @@ -229,12 +229,12 @@ func EmptyNamespaceDeleteTest(t *testing.T, tester DatastoreTester) { ctx := t.Context() deletedRev, err := ds.ReadWriteTx(ctx, func(ctx context.Context, rwt datastore.ReadWriteTransaction) error { - return rwt.DeleteNamespaces(ctx, testfixtures.UserNS.Name) + return rwt.DeleteNamespaces(ctx, testfixtures.UserNS.GetName()) }) require.NoError(err) require.True(deletedRev.GreaterThan(revision)) - _, _, err = ds.SnapshotReader(deletedRev).ReadNamespaceByName(ctx, testfixtures.UserNS.Name) + _, _, err = ds.SnapshotReader(deletedRev).ReadNamespaceByName(ctx, testfixtures.UserNS.GetName()) require.ErrorAs(err, &datastore.NamespaceNotFoundError{}) } @@ -324,13 +324,13 @@ definition document { // Read the namespace definition back from the datastore and compare. nsConfig := compiled.ObjectDefinitions[0] - readNsDef, _, err := ds.SnapshotReader(updatedRevision).ReadNamespaceByName(ctx, nsConfig.Name) + readNsDef, _, err := ds.SnapshotReader(updatedRevision).ReadNamespaceByName(ctx, nsConfig.GetName()) require.NoError(err) testutil.RequireProtoEqual(t, nsConfig, readNsDef, "found changed namespace definition") // Read the caveat back from the datastore and compare. caveatDef := compiled.CaveatDefinitions[0] - readCaveatDef, _, err := ds.SnapshotReader(updatedRevision).ReadCaveatByName(ctx, caveatDef.Name) + readCaveatDef, _, err := ds.SnapshotReader(updatedRevision).ReadCaveatByName(ctx, caveatDef.GetName()) require.NoError(err) testutil.RequireProtoEqual(t, caveatDef, readCaveatDef, "found changed caveat definition") diff --git a/pkg/datastore/test/pagination.go b/pkg/datastore/test/pagination.go index 54120f432..8e2822c76 100644 --- a/pkg/datastore/test/pagination.go +++ b/pkg/datastore/test/pagination.go @@ -23,13 +23,13 @@ func OrderingTest(t *testing.T, tester DatastoreTester) { resourceType string ordering options.SortOrder }{ - {testfixtures.DocumentNS.Name, options.ByResource}, - {testfixtures.FolderNS.Name, options.ByResource}, - {testfixtures.UserNS.Name, options.ByResource}, + {testfixtures.DocumentNS.GetName(), options.ByResource}, + {testfixtures.FolderNS.GetName(), options.ByResource}, + {testfixtures.UserNS.GetName(), options.ByResource}, - {testfixtures.DocumentNS.Name, options.BySubject}, - {testfixtures.FolderNS.Name, options.BySubject}, - {testfixtures.UserNS.Name, options.BySubject}, + {testfixtures.DocumentNS.GetName(), options.BySubject}, + {testfixtures.FolderNS.GetName(), options.BySubject}, + {testfixtures.UserNS.GetName(), options.BySubject}, } rawDS, err := tester.New(0, veryLargeGCInterval, veryLargeGCWindow, 1) @@ -71,9 +71,9 @@ func OrderingTest(t *testing.T, tester DatastoreTester) { func LimitTest(t *testing.T, tester DatastoreTester) { testCases := []string{ - testfixtures.DocumentNS.Name, - testfixtures.UserNS.Name, - testfixtures.FolderNS.Name, + testfixtures.DocumentNS.GetName(), + testfixtures.UserNS.GetName(), + testfixtures.FolderNS.GetName(), } rawDS, err := tester.New(0, veryLargeGCInterval, veryLargeGCWindow, 1) @@ -151,25 +151,25 @@ var orderedTestCases = []struct { }{ { "document resources by resource", - testfixtures.DocumentNS.Name, + testfixtures.DocumentNS.GetName(), options.ByResource, true, }, { "folder resources by resource", - testfixtures.FolderNS.Name, + testfixtures.FolderNS.GetName(), options.ByResource, true, }, { "user resources by resource", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), options.ByResource, true, }, { "resources with user subject", - testfixtures.UserNS.Name, + testfixtures.UserNS.GetName(), options.ByResource, false, }, @@ -295,7 +295,7 @@ func ReverseQueryFilteredOverMultipleValuesCursorTest(t *testing.T, tester Datas iter, err := reader.ReverseQueryRelationships( t.Context(), datastore.SubjectsFilter{ - SubjectType: testfixtures.UserNS.Name, + SubjectType: testfixtures.UserNS.GetName(), OptionalSubjectIds: []string{"alice", "tom", "fred", "*"}, }, options.WithResRelation(&options.ResourceRelation{ @@ -362,7 +362,7 @@ func ReverseQueryCursorTest(t *testing.T, tester DatastoreTester) { iter, err := reader.ReverseQueryRelationships( t.Context(), datastore.SubjectsFilter{ - SubjectType: testfixtures.UserNS.Name, + SubjectType: testfixtures.UserNS.GetName(), }, options.WithSortForReverse(sortBy), options.WithLimitForReverse(&limit), diff --git a/pkg/datastore/test/revisions.go b/pkg/datastore/test/revisions.go index 4ece3eaa6..3d5e49db7 100644 --- a/pkg/datastore/test/revisions.go +++ b/pkg/datastore/test/revisions.go @@ -199,7 +199,7 @@ func RevisionGCTest(t *testing.T, tester DatastoreTester) { require.NoError(err) // check that we can read a caveat whose revision has been garbage collectged - _, _, err = ds.SnapshotReader(head).ReadCaveatByName(ctx, testCaveat.Name) + _, _, err = ds.SnapshotReader(head).ReadCaveatByName(ctx, testCaveat.GetName()) require.NoError(err, "expected previously written caveat should exist at head") // check that we can read the namespace which had its revision garbage collected diff --git a/pkg/datastore/util.go b/pkg/datastore/util.go index 55bb8f2e3..d24434a2b 100644 --- a/pkg/datastore/util.go +++ b/pkg/datastore/util.go @@ -29,12 +29,12 @@ func DeleteAllData(ctx context.Context, ds Datastore) error { namespaceNames := make([]string, 0, len(nsDefs)) for _, nsDef := range nsDefs { _, _, err = rwt.DeleteRelationships(ctx, &v1.RelationshipFilter{ - ResourceType: nsDef.Definition.Name, + ResourceType: nsDef.Definition.GetName(), }) if err != nil { return err } - namespaceNames = append(namespaceNames, nsDef.Definition.Name) + namespaceNames = append(namespaceNames, nsDef.Definition.GetName()) } // Delete all caveats. @@ -45,7 +45,7 @@ func DeleteAllData(ctx context.Context, ds Datastore) error { caveatNames := make([]string, 0, len(caveatDefs)) for _, caveatDef := range caveatDefs { - caveatNames = append(caveatNames, caveatDef.Definition.Name) + caveatNames = append(caveatNames, caveatDef.Definition.GetName()) } if err := rwt.DeleteCaveats(ctx, caveatNames); err != nil { diff --git a/pkg/development/assertions_test.go b/pkg/development/assertions_test.go index d54bd974e..df628cf2a 100644 --- a/pkg/development/assertions_test.go +++ b/pkg/development/assertions_test.go @@ -106,8 +106,8 @@ definition document { adErrs, err := RunAllAssertions(devCtx, assertions) require.NoError(t, err) require.Len(t, adErrs, 1) - require.Equal(t, devinterface.DeveloperError_UNKNOWN_RELATION, adErrs[0].Kind) - require.Contains(t, adErrs[0].Message, "cannot specify a caveat on an assertion") + require.Equal(t, devinterface.DeveloperError_UNKNOWN_RELATION, adErrs[0].GetKind()) + require.Contains(t, adErrs[0].GetMessage(), "cannot specify a caveat on an assertion") } func TestRunAllAssertionsFailure(t *testing.T) { @@ -136,6 +136,6 @@ definition document { adErrs, err := RunAllAssertions(devCtx, assertions) require.NoError(t, err) require.Len(t, adErrs, 1) - require.Equal(t, devinterface.DeveloperError_ASSERTION_FAILED, adErrs[0].Kind) - require.Contains(t, adErrs[0].Message, "Expected relation or permission") + require.Equal(t, devinterface.DeveloperError_ASSERTION_FAILED, adErrs[0].GetKind()) + require.Contains(t, adErrs[0].GetMessage(), "Expected relation or permission") } diff --git a/pkg/development/check.go b/pkg/development/check.go index 292a1ea2d..d4d09263c 100644 --- a/pkg/development/check.go +++ b/pkg/development/check.go @@ -44,10 +44,10 @@ func RunCheck(devContext *DevContext, resource tuple.ObjectAndRelation, subject } reader := devContext.Datastore.SnapshotReader(devContext.Revision) - converted, err := v1.ConvertCheckDispatchDebugInformation(ctx, caveattypes.Default.TypeSet, caveatContext, meta.DebugInfo, reader) + converted, err := v1.ConvertCheckDispatchDebugInformation(ctx, caveattypes.Default.TypeSet, caveatContext, meta.GetDebugInfo(), reader) if err != nil { return CheckResult{v1dispatch.ResourceCheckResult_NOT_MEMBER, nil, nil, nil}, err } - return CheckResult{cr.Membership, cr.MissingExprFields, meta.DebugInfo, converted}, nil + return CheckResult{cr.GetMembership(), cr.GetMissingExprFields(), meta.GetDebugInfo(), converted}, nil } diff --git a/pkg/development/devcontext.go b/pkg/development/devcontext.go index 5b5da14ed..1c438ae6a 100644 --- a/pkg/development/devcontext.go +++ b/pkg/development/devcontext.go @@ -75,7 +75,7 @@ func NewDevContext(ctx context.Context, requestContext *devinterface.RequestCont func newDevContextWithDatastore(ctx context.Context, requestContext *devinterface.RequestContext, ds datastore.Datastore) (*DevContext, *devinterface.DeveloperErrors, error) { // Compile the schema and load its caveats and namespaces into the datastore. - compiled, devError, err := CompileSchema(requestContext.Schema) + compiled, devError, err := CompileSchema(requestContext.GetSchema()) if err != nil { return nil, nil, err } @@ -92,8 +92,8 @@ func newDevContextWithDatastore(ctx context.Context, requestContext *devinterfac } // Load the test relationships into the datastore. - relationships := make([]tuple.Relationship, 0, len(requestContext.Relationships)) - for _, rel := range requestContext.Relationships { + relationships := make([]tuple.Relationship, 0, len(requestContext.GetRelationships())) + for _, rel := range requestContext.GetRelationships() { if err := rel.Validate(); err != nil { inputErrors = append(inputErrors, &devinterface.DeveloperError{ Message: err.Error(), @@ -300,7 +300,7 @@ func loadCompiled( Message: cverr.Error(), Kind: devinterface.DeveloperError_SCHEMA_ISSUE, Source: devinterface.DeveloperError_SCHEMA, - Context: caveatDef.Name, + Context: caveatDef.GetName(), }) } } @@ -334,7 +334,7 @@ func loadCompiled( Message: terr.Error(), Kind: devinterface.DeveloperError_SCHEMA_ISSUE, Source: devinterface.DeveloperError_SCHEMA, - Context: nsDef.Name, + Context: nsDef.GetName(), }) continue } @@ -371,7 +371,7 @@ func loadCompiled( Message: tverr.Error(), Kind: devinterface.DeveloperError_SCHEMA_ISSUE, Source: devinterface.DeveloperError_SCHEMA, - Context: nsDef.Name, + Context: nsDef.GetName(), }) } } @@ -403,7 +403,7 @@ func distinguishGraphError(ctx context.Context, dispatchError error, source devi } details, ok := spiceerrors.GetDetails[*errdetails.ErrorInfo](dispatchError) - if ok && details.Reason == "ERROR_REASON_MAXIMUM_DEPTH_EXCEEDED" { + if ok && details.GetReason() == "ERROR_REASON_MAXIMUM_DEPTH_EXCEEDED" { status, _ := status.FromError(dispatchError) return &devinterface.DeveloperError{ Message: status.Message(), diff --git a/pkg/development/devcontext_test.go b/pkg/development/devcontext_test.go index d17d9029a..5992d26c3 100644 --- a/pkg/development/devcontext_test.go +++ b/pkg/development/devcontext_test.go @@ -23,8 +23,8 @@ func TestNewDevContextWithInvalidSchema(t *testing.T) { require.NoError(t, err) require.NotNil(t, devErrs) - require.Len(t, devErrs.InputErrors, 1) - require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErrs.InputErrors[0].Kind) + require.Len(t, devErrs.GetInputErrors(), 1) + require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErrs.GetInputErrors()[0].GetKind()) } func TestNewDevContextWithInvalidRelationship(t *testing.T) { @@ -51,8 +51,8 @@ definition document { require.NoError(t, err) require.NotNil(t, devErrs) - require.Len(t, devErrs.InputErrors, 1) - require.Equal(t, devinterface.DeveloperError_UNKNOWN_OBJECT_TYPE, devErrs.InputErrors[0].Kind) + require.Len(t, devErrs.GetInputErrors(), 1) + require.Equal(t, devinterface.DeveloperError_UNKNOWN_OBJECT_TYPE, devErrs.GetInputErrors()[0].GetKind()) } func TestDevContextDispose(t *testing.T) { @@ -90,30 +90,30 @@ func TestDistinguishGraphError(t *testing.T) { devErr, wireErr := DistinguishGraphError(devCtx, nsErr, devinterface.DeveloperError_ASSERTION, 1, 2, "context") require.NoError(t, wireErr) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_UNKNOWN_OBJECT_TYPE, devErr.Kind) - require.Equal(t, uint32(1), devErr.Line) - require.Equal(t, uint32(2), devErr.Column) - require.Equal(t, "context", devErr.Context) + require.Equal(t, devinterface.DeveloperError_UNKNOWN_OBJECT_TYPE, devErr.GetKind()) + require.Equal(t, uint32(1), devErr.GetLine()) + require.Equal(t, uint32(2), devErr.GetColumn()) + require.Equal(t, "context", devErr.GetContext()) // Test with relation not found error relErr := namespace.NewRelationNotFoundErr("namespace", "unknown") devErr, wireErr = DistinguishGraphError(devCtx, relErr, devinterface.DeveloperError_ASSERTION, 3, 4, "context2") require.NoError(t, wireErr) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_UNKNOWN_RELATION, devErr.Kind) - require.Equal(t, uint32(3), devErr.Line) - require.Equal(t, uint32(4), devErr.Column) - require.Equal(t, "context2", devErr.Context) + require.Equal(t, devinterface.DeveloperError_UNKNOWN_RELATION, devErr.GetKind()) + require.Equal(t, uint32(3), devErr.GetLine()) + require.Equal(t, uint32(4), devErr.GetColumn()) + require.Equal(t, "context2", devErr.GetContext()) // Test with max depth exceeded error maxDepthErr := dispatch.NewMaxDepthExceededError(nil) devErr, wireErr = DistinguishGraphError(devCtx, maxDepthErr, devinterface.DeveloperError_ASSERTION, 5, 6, "context3") require.NoError(t, wireErr) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_MAXIMUM_RECURSION, devErr.Kind) - require.Equal(t, uint32(5), devErr.Line) - require.Equal(t, uint32(6), devErr.Column) - require.Equal(t, "context3", devErr.Context) + require.Equal(t, devinterface.DeveloperError_MAXIMUM_RECURSION, devErr.GetKind()) + require.Equal(t, uint32(5), devErr.GetLine()) + require.Equal(t, uint32(6), devErr.GetColumn()) + require.Equal(t, "context3", devErr.GetContext()) // Test with generic error (should return wire error) genericErr := errors.New("some generic error") @@ -173,8 +173,8 @@ definition document { require.NoError(t, err) require.NotNil(t, devErrs) - require.Len(t, devErrs.InputErrors, 1) - require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErrs.InputErrors[0].Kind) + require.Len(t, devErrs.GetInputErrors(), 1) + require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErrs.GetInputErrors()[0].GetKind()) } func TestNewDevContextWithRelationshipValidationError(t *testing.T) { @@ -202,6 +202,6 @@ definition document { require.NoError(t, err) require.NotNil(t, devErrs) - require.Len(t, devErrs.InputErrors, 1) - require.Equal(t, devinterface.DeveloperError_UNKNOWN_OBJECT_TYPE, devErrs.InputErrors[0].Kind) + require.Len(t, devErrs.GetInputErrors(), 1) + require.Equal(t, devinterface.DeveloperError_UNKNOWN_OBJECT_TYPE, devErrs.GetInputErrors()[0].GetKind()) } diff --git a/pkg/development/development_test.go b/pkg/development/development_test.go index 78bdf2deb..d64836e38 100644 --- a/pkg/development/development_test.go +++ b/pkg/development/development_test.go @@ -137,7 +137,7 @@ definition document { client := v1.NewSchemaServiceClient(conn) resp, err := client.ReadSchema(t.Context(), &v1.ReadSchemaRequest{}) require.NoError(t, err) - require.Contains(t, resp.SchemaText, "definition document") + require.Contains(t, resp.GetSchemaText(), "definition document") shutdown() } diff --git a/pkg/development/parsing_test.go b/pkg/development/parsing_test.go index 156ae3b0a..968c0a9e1 100644 --- a/pkg/development/parsing_test.go +++ b/pkg/development/parsing_test.go @@ -30,8 +30,8 @@ func TestParseAssertionsYAMLInvalid(t *testing.T) { assertions, devErr := ParseAssertionsYAML(invalidYAML) require.Nil(t, assertions) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_ASSERTION, devErr.Source) - require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.Kind) + require.Equal(t, devinterface.DeveloperError_ASSERTION, devErr.GetSource()) + require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.GetKind()) } func TestParseAssertionsYAMLWithInvalidRelationship(t *testing.T) { @@ -42,8 +42,8 @@ func TestParseAssertionsYAMLWithInvalidRelationship(t *testing.T) { assertions, devErr := ParseAssertionsYAML(invalidRelYAML) require.Nil(t, assertions) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_ASSERTION, devErr.Source) - require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.Kind) + require.Equal(t, devinterface.DeveloperError_ASSERTION, devErr.GetSource()) + require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.GetKind()) } func TestParseExpectedRelationsYAMLValid(t *testing.T) { @@ -64,8 +64,8 @@ func TestParseExpectedRelationsYAMLInvalid(t *testing.T) { expectedRels, devErr := ParseExpectedRelationsYAML(invalidYAML) require.Nil(t, expectedRels) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_VALIDATION_YAML, devErr.Source) - require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.Kind) + require.Equal(t, devinterface.DeveloperError_VALIDATION_YAML, devErr.GetSource()) + require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.GetKind()) } func TestConvertError(t *testing.T) { @@ -77,10 +77,10 @@ func TestConvertError(t *testing.T) { err := &testError{message: "test error"} devErr = convertError(devinterface.DeveloperError_ASSERTION, err) require.NotNil(t, devErr) - require.Equal(t, "test error", devErr.Message) - require.Equal(t, devinterface.DeveloperError_ASSERTION, devErr.Source) - require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.Kind) - require.Equal(t, uint32(0), devErr.Line) + require.Equal(t, "test error", devErr.GetMessage()) + require.Equal(t, devinterface.DeveloperError_ASSERTION, devErr.GetSource()) + require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.GetKind()) + require.Equal(t, uint32(0), devErr.GetLine()) } func TestConvertSourceError(t *testing.T) { @@ -93,12 +93,12 @@ func TestConvertSourceError(t *testing.T) { devErr := convertSourceError(devinterface.DeveloperError_VALIDATION_YAML, sourceErr) require.NotNil(t, devErr) - require.Equal(t, "source error", devErr.Message) - require.Equal(t, devinterface.DeveloperError_VALIDATION_YAML, devErr.Source) - require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.Kind) - require.Equal(t, uint32(5), devErr.Line) - require.Equal(t, uint32(10), devErr.Column) - require.Equal(t, "some source code", devErr.Context) + require.Equal(t, "source error", devErr.GetMessage()) + require.Equal(t, devinterface.DeveloperError_VALIDATION_YAML, devErr.GetSource()) + require.Equal(t, devinterface.DeveloperError_PARSE_ERROR, devErr.GetKind()) + require.Equal(t, uint32(5), devErr.GetLine()) + require.Equal(t, uint32(10), devErr.GetColumn()) + require.Equal(t, "some source code", devErr.GetContext()) } // Helper type for testing diff --git a/pkg/development/resolver.go b/pkg/development/resolver.go index bb85355d4..cd849a0a7 100644 --- a/pkg/development/resolver.go +++ b/pkg/development/resolver.go @@ -88,11 +88,11 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit relationReference := func(relation *core.Relation, def *schema.Definition) (*SchemaReference, error) { // NOTE: zeroes are fine here to mean "unknown" - lineNumber, err := safecast.ToInt(relation.SourcePosition.ZeroIndexedLineNumber) + lineNumber, err := safecast.ToInt(relation.GetSourcePosition().GetZeroIndexedLineNumber()) if err != nil { log.Err(err).Msg("could not cast lineNumber to uint32") } - columnPosition, err := safecast.ToInt(relation.SourcePosition.ZeroIndexedColumnPosition) + columnPosition, err := safecast.ToInt(relation.GetSourcePosition().GetZeroIndexedColumnPosition()) if err != nil { log.Err(err).Msg("could not cast columnPosition to uint32") } @@ -106,14 +106,14 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit return nil, err } - if def.IsPermission(relation.Name) { + if def.IsPermission(relation.GetName()) { return &SchemaReference{ Source: source, Position: position, - Text: relation.Name, + Text: relation.GetName(), ReferenceType: ReferenceTypePermission, - ReferenceMarkdown: "permission " + relation.Name, + ReferenceMarkdown: "permission " + relation.GetName(), TargetSource: &source, TargetPosition: &relationPosition, @@ -125,10 +125,10 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit return &SchemaReference{ Source: source, Position: position, - Text: relation.Name, + Text: relation.GetName(), ReferenceType: ReferenceTypeRelation, - ReferenceMarkdown: "relation " + relation.Name, + ReferenceMarkdown: "relation " + relation.GetName(), TargetSource: &source, TargetPosition: &relationPosition, @@ -146,11 +146,11 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit def := ts.Namespace() // NOTE: zeroes are fine here to mean "unknown" - lineNumber, err := safecast.ToInt(def.SourcePosition.ZeroIndexedLineNumber) + lineNumber, err := safecast.ToInt(def.GetSourcePosition().GetZeroIndexedLineNumber()) if err != nil { log.Err(err).Msg("could not cast lineNumber to uint32") } - columnPosition, err := safecast.ToInt(def.SourcePosition.ZeroIndexedColumnPosition) + columnPosition, err := safecast.ToInt(def.GetSourcePosition().GetZeroIndexedColumnPosition()) if err != nil { log.Err(err).Msg("could not cast columnPosition to uint32") } @@ -161,23 +161,23 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit } docComment := "" - comments := namespace.GetComments(def.Metadata) + comments := namespace.GetComments(def.GetMetadata()) if len(comments) > 0 { docComment = strings.Join(comments, "\n") + "\n" } - targetSourceCode := fmt.Sprintf("%sdefinition %s {\n\t// ...\n}", docComment, def.Name) - if len(def.Relation) == 0 { - targetSourceCode = fmt.Sprintf("%sdefinition %s {}", docComment, def.Name) + targetSourceCode := fmt.Sprintf("%sdefinition %s {\n\t// ...\n}", docComment, def.GetName()) + if len(def.GetRelation()) == 0 { + targetSourceCode = fmt.Sprintf("%sdefinition %s {}", docComment, def.GetName()) } return &SchemaReference{ Source: source, Position: position, - Text: def.Name, + Text: def.GetName(), ReferenceType: ReferenceTypeDefinition, - ReferenceMarkdown: "definition " + def.Name, + ReferenceMarkdown: "definition " + def.GetName(), TargetSource: &source, TargetPosition: &defPosition, @@ -189,11 +189,11 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit // Caveat Type reference. if caveatDef, ok := r.caveatTypeReferenceChain(nodeChain); ok { // NOTE: zeroes are fine here to mean "unknown" - lineNumber, err := safecast.ToInt(caveatDef.SourcePosition.ZeroIndexedLineNumber) + lineNumber, err := safecast.ToInt(caveatDef.GetSourcePosition().GetZeroIndexedLineNumber()) if err != nil { log.Err(err).Msg("could not cast lineNumber to uint32") } - columnPosition, err := safecast.ToInt(caveatDef.SourcePosition.ZeroIndexedColumnPosition) + columnPosition, err := safecast.ToInt(caveatDef.GetSourcePosition().GetZeroIndexedColumnPosition()) if err != nil { log.Err(err).Msg("could not cast columnPosition to uint32") } @@ -204,9 +204,9 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit } var caveatSourceCode strings.Builder - caveatSourceCode.WriteString(fmt.Sprintf("caveat %s(", caveatDef.Name)) + caveatSourceCode.WriteString(fmt.Sprintf("caveat %s(", caveatDef.GetName())) index := 0 - for paramName, paramType := range caveatDef.ParameterTypes { + for paramName, paramType := range caveatDef.GetParameterTypes() { if index > 0 { caveatSourceCode.WriteString(", ") } @@ -219,10 +219,10 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit return &SchemaReference{ Source: source, Position: position, - Text: caveatDef.Name, + Text: caveatDef.GetName(), ReferenceType: ReferenceTypeCaveat, - ReferenceMarkdown: "caveat " + caveatDef.Name, + ReferenceMarkdown: "caveat " + caveatDef.GetName(), TargetSource: &source, TargetPosition: &defPosition, @@ -238,7 +238,7 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit // Caveat parameter used in expression. if caveatParamName, caveatDef, ok := r.caveatParamChain(nodeChain, source, position); ok { - targetSourceCode := fmt.Sprintf("%s %s", caveatParamName, caveats.ParameterTypeString(caveatDef.ParameterTypes[caveatParamName])) + targetSourceCode := fmt.Sprintf("%s %s", caveatParamName, caveats.ParameterTypeString(caveatDef.GetParameterTypes()[caveatParamName])) return &SchemaReference{ Source: source, @@ -258,7 +258,7 @@ func (r *Resolver) ReferenceAtPosition(source input.Source, position input.Posit func (r *Resolver) lookupCaveat(caveatName string) (*core.CaveatDefinition, bool) { for _, caveatDef := range r.schema.CaveatDefinitions { - if caveatDef.Name == caveatName { + if caveatDef.GetName() == caveatName { return caveatDef, true } } @@ -326,7 +326,7 @@ func (r *Resolver) caveatParamChain(nodeChain *compiler.NodeChain, source input. currentIndex := 0 for _, token := range tokens { if currentIndex <= relationRunePosition && currentIndex+len(token) >= relationRunePosition { - if _, ok := caveatDef.ParameterTypes[token]; ok { + if _, ok := caveatDef.GetParameterTypes()[token]; ok { return token, caveatDef, true } } diff --git a/pkg/development/schema_test.go b/pkg/development/schema_test.go index ac84707bf..c14e96256 100644 --- a/pkg/development/schema_test.go +++ b/pkg/development/schema_test.go @@ -32,10 +32,10 @@ func TestCompileSchemaInvalidSyntax(t *testing.T) { require.NoError(t, err) require.Nil(t, compiled) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_SCHEMA, devErr.Source) - require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErr.Kind) - require.Positive(t, devErr.Line) - require.Positive(t, devErr.Column) + require.Equal(t, devinterface.DeveloperError_SCHEMA, devErr.GetSource()) + require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErr.GetKind()) + require.Positive(t, devErr.GetLine()) + require.Positive(t, devErr.GetColumn()) } func TestCompileSchemaUndefinedRelation(t *testing.T) { @@ -107,7 +107,7 @@ definition document { require.NoError(t, err) require.Nil(t, compiled) require.NotNil(t, devErr) - require.Equal(t, devinterface.DeveloperError_SCHEMA, devErr.Source) - require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErr.Kind) - require.Contains(t, devErr.Message, "unknown_type") + require.Equal(t, devinterface.DeveloperError_SCHEMA, devErr.GetSource()) + require.Equal(t, devinterface.DeveloperError_SCHEMA_ISSUE, devErr.GetKind()) + require.Contains(t, devErr.GetMessage(), "unknown_type") } diff --git a/pkg/development/validation.go b/pkg/development/validation.go index b3da6cf2d..bc5970826 100644 --- a/pkg/development/validation.go +++ b/pkg/development/validation.go @@ -45,7 +45,7 @@ func RunValidation(devContext *DevContext, validation *blocks.ParsedExpectedRela } // Add the ONR and its expansion to the membership set. - foundSubjects, _, aerr := membershipSet.AddExpansion(onrKey.ObjectAndRelation, er.TreeNode) + foundSubjects, _, aerr := membershipSet.AddExpansion(onrKey.ObjectAndRelation, er.GetTreeNode()) if aerr != nil { devErr, wireErr := DistinguishGraphError(devContext, aerr, devinterface.DeveloperError_VALIDATION_YAML, 0, 0, onrKey.ObjectRelationString) if wireErr != nil { diff --git a/pkg/development/validation_test.go b/pkg/development/validation_test.go index 8bece103b..34f7caccc 100644 --- a/pkg/development/validation_test.go +++ b/pkg/development/validation_test.go @@ -63,8 +63,8 @@ definition document { ms, devErrors, err := RunValidation(devCtx, validation) require.NoError(t, err) require.Len(t, devErrors, 1) - require.Equal(t, devinterface.DeveloperError_MISSING_EXPECTED_RELATIONSHIP, devErrors[0].Kind) - require.Contains(t, devErrors[0].Message, "missing expected subject") + require.Equal(t, devinterface.DeveloperError_MISSING_EXPECTED_RELATIONSHIP, devErrors[0].GetKind()) + require.Contains(t, devErrors[0].GetMessage(), "missing expected subject") require.NotNil(t, ms) } diff --git a/pkg/development/warningdefs.go b/pkg/development/warningdefs.go index b995933db..406637a36 100644 --- a/pkg/development/warningdefs.go +++ b/pkg/development/warningdefs.go @@ -19,20 +19,20 @@ var lintRelationReferencesParentType = relationCheck{ def *schema.Definition, ) (*devinterface.DeveloperWarning, error) { parentDef := def.Namespace() - if strings.HasSuffix(relation.Name, parentDef.Name) { - if def.IsPermission(relation.Name) { + if strings.HasSuffix(relation.GetName(), parentDef.GetName()) { + if def.IsPermission(relation.GetName()) { return warningForMetadata( "relation-name-references-parent", - fmt.Sprintf("Permission %q references parent type %q in its name; it is recommended to drop the suffix", relation.Name, parentDef.Name), - relation.Name, + fmt.Sprintf("Permission %q references parent type %q in its name; it is recommended to drop the suffix", relation.GetName(), parentDef.GetName()), + relation.GetName(), relation, ), nil } return warningForMetadata( "relation-name-references-parent", - fmt.Sprintf("Relation %q references parent type %q in its name; it is recommended to drop the suffix", relation.Name, parentDef.Name), - relation.Name, + fmt.Sprintf("Relation %q references parent type %q in its name; it is recommended to drop the suffix", relation.GetName(), parentDef.GetName()), + relation.GetName(), relation, ), nil } @@ -50,7 +50,7 @@ var lintPermissionReferencingItself = computedUsersetCheck{ def *schema.Definition, ) (*devinterface.DeveloperWarning, error) { parentRelation := ctx.Value(relationKey).(*corev1.Relation) - permName := parentRelation.Name + permName := parentRelation.GetName() if computedUserset.GetRelation() == permName { return warningForPosition( "permission-references-itself", @@ -79,14 +79,14 @@ var lintArrowReferencingUnreachable = ttuCheck{ return nil, nil } - allowedSubjectTypes, err := def.AllowedSubjectRelations(referencedRelation.Name) + allowedSubjectTypes, err := def.AllowedSubjectRelations(referencedRelation.GetName()) if err != nil { return nil, err } wasFound := false for _, subjectType := range allowedSubjectTypes { - nts, err := def.TypeSystem().GetDefinition(ctx, subjectType.Namespace) + nts, err := def.TypeSystem().GetDefinition(ctx, subjectType.GetNamespace()) if err != nil { return nil, err } @@ -108,7 +108,7 @@ var lintArrowReferencingUnreachable = ttuCheck{ fmt.Sprintf( "Arrow `%s` under permission %q references relation/permission %q that does not exist on any subject types of relation %q", arrowString, - parentRelation.Name, + parentRelation.GetName(), ttu.GetComputedUserset().GetRelation(), ttu.GetTupleset().GetRelation(), ), @@ -136,7 +136,7 @@ var lintArrowOverSubRelation = ttuCheck{ return nil, nil } - allowedSubjectTypes, err := def.AllowedSubjectRelations(referencedRelation.Name) + allowedSubjectTypes, err := def.AllowedSubjectRelations(referencedRelation.GetName()) if err != nil { return nil, err } @@ -153,10 +153,10 @@ var lintArrowOverSubRelation = ttuCheck{ fmt.Sprintf( "Arrow `%s` under permission %q references relation %q that has relation %q on subject %q: *the subject relation will be ignored for the arrow*", arrowString, - parentRelation.Name, + parentRelation.GetName(), ttu.GetTupleset().GetRelation(), subjectType.GetRelation(), - subjectType.Namespace, + subjectType.GetNamespace(), ), arrowString, sourcePosition, @@ -185,7 +185,7 @@ var lintArrowReferencingRelation = ttuCheck{ // For each subject type of the referenced relation, check if the referenced permission // is, in fact, a relation. - allowedSubjectTypes, err := def.AllowedSubjectRelations(referencedRelation.Name) + allowedSubjectTypes, err := def.AllowedSubjectRelations(referencedRelation.GetName()) if err != nil { return nil, err } @@ -197,11 +197,11 @@ var lintArrowReferencingRelation = ttuCheck{ for _, subjectType := range allowedSubjectTypes { // Skip for arrow referencing relations in the same namespace. - if subjectType.Namespace == def.Namespace().Name { + if subjectType.GetNamespace() == def.Namespace().GetName() { continue } - nts, err := def.TypeSystem().GetDefinition(ctx, subjectType.Namespace) + nts, err := def.TypeSystem().GetDefinition(ctx, subjectType.GetNamespace()) if err != nil { return nil, err } @@ -211,15 +211,15 @@ var lintArrowReferencingRelation = ttuCheck{ continue } - if !nts.IsPermission(targetRelation.Name) { + if !nts.IsPermission(targetRelation.GetName()) { return warningForPosition( "arrow-references-relation", fmt.Sprintf( "Arrow `%s` under permission %q references relation %q on definition %q; it is recommended to point to a permission", arrowString, - parentRelation.Name, - targetRelation.Name, - subjectType.Namespace, + parentRelation.GetName(), + targetRelation.GetName(), + subjectType.GetNamespace(), ), arrowString, sourcePosition, diff --git a/pkg/development/warnings.go b/pkg/development/warnings.go index 6be9a1c52..df3ed7b71 100644 --- a/pkg/development/warnings.go +++ b/pkg/development/warnings.go @@ -41,11 +41,11 @@ func warningForPosition(warningName string, message string, sourceCode string, s } // NOTE: zeroes on failure are fine here. - lineNumber, err := safecast.ToUint32(sourcePosition.ZeroIndexedLineNumber) + lineNumber, err := safecast.ToUint32(sourcePosition.GetZeroIndexedLineNumber()) if err != nil { log.Err(err).Msg("could not cast lineNumber to uint32") } - columnNumber, err := safecast.ToUint32(sourcePosition.ZeroIndexedColumnPosition) + columnNumber, err := safecast.ToUint32(sourcePosition.GetZeroIndexedColumnPosition()) if err != nil { log.Err(err).Msg("could not cast columnPosition to uint32") } @@ -86,11 +86,11 @@ func addDefinitionWarnings(ctx context.Context, nsDef *corev1.NamespaceDefinitio } warnings := []*devinterface.DeveloperWarning{} - for _, rel := range nsDef.Relation { + for _, rel := range nsDef.GetRelation() { ctx = context.WithValue(ctx, relationKey, rel) for _, check := range allChecks.relationChecks { - if shouldSkipCheck(rel.Metadata, check.name) { + if shouldSkipCheck(rel.GetMetadata(), check.name) { continue } @@ -104,8 +104,8 @@ func addDefinitionWarnings(ctx context.Context, nsDef *corev1.NamespaceDefinitio } } - if def.IsPermission(rel.Name) { - found, err := walkUsersetRewrite(ctx, rel.UsersetRewrite, rel, allChecks, def) + if def.IsPermission(rel.GetName()) { + found, err := walkUsersetRewrite(ctx, rel.GetUsersetRewrite(), rel, allChecks, def) if err != nil { return nil, err } @@ -174,15 +174,15 @@ func walkUsersetRewrite(ctx context.Context, rewrite *corev1.UsersetRewrite, rel return nil, nil } - switch t := (rewrite.RewriteOperation).(type) { + switch t := (rewrite.GetRewriteOperation()).(type) { case *corev1.UsersetRewrite_Union: - return walkUsersetOperations(ctx, t.Union.Child, relation, checks, def) + return walkUsersetOperations(ctx, t.Union.GetChild(), relation, checks, def) case *corev1.UsersetRewrite_Intersection: - return walkUsersetOperations(ctx, t.Intersection.Child, relation, checks, def) + return walkUsersetOperations(ctx, t.Intersection.GetChild(), relation, checks, def) case *corev1.UsersetRewrite_Exclusion: - return walkUsersetOperations(ctx, t.Exclusion.Child, relation, checks, def) + return walkUsersetOperations(ctx, t.Exclusion.GetChild(), relation, checks, def) default: return nil, spiceerrors.MustBugf("unexpected rewrite operation type %T", t) @@ -192,17 +192,17 @@ func walkUsersetRewrite(ctx context.Context, rewrite *corev1.UsersetRewrite, rel func walkUsersetOperations(ctx context.Context, ops []*corev1.SetOperation_Child, relation *corev1.Relation, checks checks, def *schema.Definition) ([]*devinterface.DeveloperWarning, error) { warnings := []*devinterface.DeveloperWarning{} for _, op := range ops { - switch t := op.ChildType.(type) { + switch t := op.GetChildType().(type) { case *corev1.SetOperation_Child_XThis: continue case *corev1.SetOperation_Child_ComputedUserset: for _, check := range checks.computedUsersetChecks { - if shouldSkipCheck(relation.Metadata, check.name) { + if shouldSkipCheck(relation.GetMetadata(), check.name) { continue } - checkerWarning, err := check.fn(ctx, t.ComputedUserset, op.SourcePosition, def) + checkerWarning, err := check.fn(ctx, t.ComputedUserset, op.GetSourcePosition(), def) if err != nil { return nil, err } @@ -222,11 +222,11 @@ func walkUsersetOperations(ctx context.Context, ops []*corev1.SetOperation_Child case *corev1.SetOperation_Child_FunctionedTupleToUserset: for _, check := range checks.ttuChecks { - if shouldSkipCheck(relation.Metadata, check.name) { + if shouldSkipCheck(relation.GetMetadata(), check.name) { continue } - checkerWarning, err := check.fn(ctx, wrappedFunctionedTTU{t.FunctionedTupleToUserset}, op.SourcePosition, def) + checkerWarning, err := check.fn(ctx, wrappedFunctionedTTU{t.FunctionedTupleToUserset}, op.GetSourcePosition(), def) if err != nil { return nil, err } @@ -238,11 +238,11 @@ func walkUsersetOperations(ctx context.Context, ops []*corev1.SetOperation_Child case *corev1.SetOperation_Child_TupleToUserset: for _, check := range checks.ttuChecks { - if shouldSkipCheck(relation.Metadata, check.name) { + if shouldSkipCheck(relation.GetMetadata(), check.name) { continue } - checkerWarning, err := check.fn(ctx, wrappedTTU{t.TupleToUserset}, op.SourcePosition, def) + checkerWarning, err := check.fn(ctx, wrappedTTU{t.TupleToUserset}, op.GetSourcePosition(), def) if err != nil { return nil, err } diff --git a/pkg/development/warnings_misc_test.go b/pkg/development/warnings_misc_test.go index a5191d5d7..867ded8a7 100644 --- a/pkg/development/warnings_misc_test.go +++ b/pkg/development/warnings_misc_test.go @@ -13,10 +13,10 @@ import ( func TestWarningForPositionNilSourcePosition(t *testing.T) { warning := warningForPosition("test-warning", "test message", "source code", nil) require.NotNil(t, warning) - require.Equal(t, "test message", warning.Message) // No warning name appended when nil source position - require.Equal(t, "source code", warning.SourceCode) - require.Equal(t, uint32(0), warning.Line) - require.Equal(t, uint32(0), warning.Column) + require.Equal(t, "test message", warning.GetMessage()) // No warning name appended when nil source position + require.Equal(t, "source code", warning.GetSourceCode()) + require.Equal(t, uint32(0), warning.GetLine()) + require.Equal(t, uint32(0), warning.GetColumn()) } func TestWarningForPositionWithSourcePosition(t *testing.T) { @@ -27,10 +27,10 @@ func TestWarningForPositionWithSourcePosition(t *testing.T) { warning := warningForPosition("test-warning", "test message", "source code", sourcePos) require.NotNil(t, warning) - require.Equal(t, "test message (test-warning)", warning.Message) // Warning name appended - require.Equal(t, "source code", warning.SourceCode) - require.Equal(t, uint32(5), warning.Line) // 1-indexed - require.Equal(t, uint32(10), warning.Column) // 1-indexed + require.Equal(t, "test message (test-warning)", warning.GetMessage()) // Warning name appended + require.Equal(t, "source code", warning.GetSourceCode()) + require.Equal(t, uint32(5), warning.GetLine()) // 1-indexed + require.Equal(t, uint32(10), warning.GetColumn()) // 1-indexed } func TestWarningForMetadata(t *testing.T) { @@ -49,10 +49,10 @@ func TestWarningForMetadata(t *testing.T) { warning := warningForMetadata("metadata-warning", "metadata message", "source", relation) require.NotNil(t, warning) - require.Equal(t, "metadata message (metadata-warning)", warning.Message) - require.Equal(t, "source", warning.SourceCode) - require.Equal(t, uint32(3), warning.Line) // 1-indexed - require.Equal(t, uint32(8), warning.Column) // 1-indexed + require.Equal(t, "metadata message (metadata-warning)", warning.GetMessage()) + require.Equal(t, "source", warning.GetSourceCode()) + require.Equal(t, uint32(3), warning.GetLine()) // 1-indexed + require.Equal(t, uint32(8), warning.GetColumn()) // 1-indexed } func TestShouldSkipCheckWithoutMetadata(t *testing.T) { @@ -185,10 +185,10 @@ func TestWarningForPositionWithCastingErrors(t *testing.T) { warning := warningForPosition("cast-error", "test message", "source code", sourcePos) require.NotNil(t, warning) - require.Equal(t, "test message (cast-error)", warning.Message) - require.Equal(t, "source code", warning.SourceCode) - require.Equal(t, uint32(1), warning.Line) // Should be 1 due to zero fallback + 1 - require.Equal(t, uint32(1), warning.Column) // Should be 1 due to zero fallback + 1 + require.Equal(t, "test message (cast-error)", warning.GetMessage()) + require.Equal(t, "source code", warning.GetSourceCode()) + require.Equal(t, uint32(1), warning.GetLine()) // Should be 1 due to zero fallback + 1 + require.Equal(t, uint32(1), warning.GetColumn()) // Should be 1 due to zero fallback + 1 } func TestWrappedFunctionedTTUUnknownFunction(t *testing.T) { diff --git a/pkg/diff/caveats/diff.go b/pkg/diff/caveats/diff.go index 50beb7163..2446b794b 100644 --- a/pkg/diff/caveats/diff.go +++ b/pkg/diff/caveats/diff.go @@ -96,19 +96,19 @@ func DiffCaveats(existing *core.CaveatDefinition, updated *core.CaveatDefinition }, nil } - deltas := make([]Delta, 0, len(existing.ParameterTypes)+len(updated.ParameterTypes)) + deltas := make([]Delta, 0, len(existing.GetParameterTypes())+len(updated.GetParameterTypes())) // Check the caveats's comments. - existingComments := nspkg.GetComments(existing.Metadata) - updatedComments := nspkg.GetComments(updated.Metadata) + existingComments := nspkg.GetComments(existing.GetMetadata()) + updatedComments := nspkg.GetComments(updated.GetMetadata()) if !slices.Equal(existingComments, updatedComments) { deltas = append(deltas, Delta{ Type: CaveatCommentsChanged, }) } - existingParameterNames := mapz.NewSet(slices.Collect(maps.Keys(existing.ParameterTypes))...) - updatedParameterNames := mapz.NewSet(slices.Collect(maps.Keys(updated.ParameterTypes))...) + existingParameterNames := mapz.NewSet(slices.Collect(maps.Keys(existing.GetParameterTypes()))...) + updatedParameterNames := mapz.NewSet(slices.Collect(maps.Keys(updated.GetParameterTypes()))...) for _, removed := range existingParameterNames.Subtract(updatedParameterNames).AsSlice() { deltas = append(deltas, Delta{ @@ -125,8 +125,8 @@ func DiffCaveats(existing *core.CaveatDefinition, updated *core.CaveatDefinition } for _, shared := range existingParameterNames.Intersect(updatedParameterNames).AsSlice() { - existingParamType := existing.ParameterTypes[shared] - updatedParamType := updated.ParameterTypes[shared] + existingParamType := existing.GetParameterTypes()[shared] + updatedParamType := updated.GetParameterTypes()[shared] existingType, err := caveattypes.DecodeParameterType(caveatTypeSet, existingParamType) if err != nil { @@ -149,7 +149,7 @@ func DiffCaveats(existing *core.CaveatDefinition, updated *core.CaveatDefinition } } - if !bytes.Equal(existing.SerializedExpression, updated.SerializedExpression) { + if !bytes.Equal(existing.GetSerializedExpression(), updated.GetSerializedExpression()) { deltas = append(deltas, Delta{ Type: CaveatExpressionChanged, }) diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go index 34aa92735..50a2b7cff 100644 --- a/pkg/diff/diff.go +++ b/pkg/diff/diff.go @@ -20,7 +20,7 @@ type DiffableSchema struct { func (ds *DiffableSchema) GetNamespace(namespaceName string) (*core.NamespaceDefinition, bool) { for _, ns := range ds.ObjectDefinitions { - if ns.Name == namespaceName { + if ns.GetName() == namespaceName { return ns, true } } @@ -34,8 +34,8 @@ func (ds *DiffableSchema) GetRelation(nsName string, relationName string) (*core return nil, false } - for _, relation := range ns.Relation { - if relation.Name == relationName { + for _, relation := range ns.GetRelation() { + if relation.GetName() == relationName { return relation, true } } @@ -45,7 +45,7 @@ func (ds *DiffableSchema) GetRelation(nsName string, relationName string) (*core func (ds *DiffableSchema) GetCaveat(caveatName string) (*core.CaveatDefinition, bool) { for _, caveat := range ds.CaveatDefinitions { - if caveat.Name == caveatName { + if caveat.GetName() == caveatName { return caveat, true } } @@ -87,29 +87,29 @@ func DiffSchemas(existing DiffableSchema, comparison DiffableSchema, caveatTypeS existingNamespacesByName := make(map[string]*core.NamespaceDefinition, len(existing.ObjectDefinitions)) existingNamespaceNames := mapz.NewSet[string]() for _, nsDef := range existing.ObjectDefinitions { - existingNamespacesByName[nsDef.Name] = nsDef - existingNamespaceNames.Add(nsDef.Name) + existingNamespacesByName[nsDef.GetName()] = nsDef + existingNamespaceNames.Add(nsDef.GetName()) } existingCaveatsByName := make(map[string]*core.CaveatDefinition, len(existing.CaveatDefinitions)) existingCaveatsByNames := mapz.NewSet[string]() for _, caveatDef := range existing.CaveatDefinitions { - existingCaveatsByName[caveatDef.Name] = caveatDef - existingCaveatsByNames.Add(caveatDef.Name) + existingCaveatsByName[caveatDef.GetName()] = caveatDef + existingCaveatsByNames.Add(caveatDef.GetName()) } comparisonNamespacesByName := make(map[string]*core.NamespaceDefinition, len(comparison.ObjectDefinitions)) comparisonNamespaceNames := mapz.NewSet[string]() for _, nsDef := range comparison.ObjectDefinitions { - comparisonNamespacesByName[nsDef.Name] = nsDef - comparisonNamespaceNames.Add(nsDef.Name) + comparisonNamespacesByName[nsDef.GetName()] = nsDef + comparisonNamespaceNames.Add(nsDef.GetName()) } comparisonCaveatsByName := make(map[string]*core.CaveatDefinition, len(comparison.CaveatDefinitions)) comparisonCaveatsByNames := mapz.NewSet[string]() for _, caveatDef := range comparison.CaveatDefinitions { - comparisonCaveatsByName[caveatDef.Name] = caveatDef - comparisonCaveatsByNames.Add(caveatDef.Name) + comparisonCaveatsByName[caveatDef.GetName()] = caveatDef + comparisonCaveatsByNames.Add(caveatDef.GetName()) } changedNamespaces := make(map[string]namespace.Diff, 0) diff --git a/pkg/diff/diff_test.go b/pkg/diff/diff_test.go index 126bd8c5f..0c369975a 100644 --- a/pkg/diff/diff_test.go +++ b/pkg/diff/diff_test.go @@ -202,17 +202,17 @@ func TestDiffableSchema(t *testing.T) { func(t *testing.T, ds *DiffableSchema) { ns, ok := ds.GetNamespace("user") require.True(t, ok) - require.Equal(t, "user", ns.Name) + require.Equal(t, "user", ns.GetName()) }, func(t *testing.T, ds *DiffableSchema) { ns, ok := ds.GetNamespace("resource") require.True(t, ok) - require.Equal(t, "resource", ns.Name) + require.Equal(t, "resource", ns.GetName()) }, func(t *testing.T, ds *DiffableSchema) { caveat, ok := ds.GetCaveat("someCaveat") require.True(t, ok) - require.Equal(t, "someCaveat", caveat.Name) + require.Equal(t, "someCaveat", caveat.GetName()) }, func(t *testing.T, ds *DiffableSchema) { _, ok := ds.GetRelation("user", "owner") diff --git a/pkg/diff/namespace/diff.go b/pkg/diff/namespace/diff.go index af50f0fb5..c08568a45 100644 --- a/pkg/diff/namespace/diff.go +++ b/pkg/diff/namespace/diff.go @@ -121,8 +121,8 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD deltas := []Delta{} // Check the namespace's comments. - existingComments := nspkg.GetComments(existing.Metadata) - updatedComments := nspkg.GetComments(updated.Metadata) + existingComments := nspkg.GetComments(existing.GetMetadata()) + updatedComments := nspkg.GetComments(updated.GetMetadata()) if !slices.Equal(existingComments, updatedComments) { deltas = append(deltas, Delta{ Type: NamespaceCommentsChanged, @@ -142,33 +142,33 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD updatedPerms := map[string]*core.Relation{} updatedPermNames := mapz.NewSet[string]() - for _, relation := range existing.Relation { - _, ok := existingRels[relation.Name] + for _, relation := range existing.GetRelation() { + _, ok := existingRels[relation.GetName()] if ok { - return nil, nsinternal.NewDuplicateRelationError(existing.Name, relation.Name) + return nil, nsinternal.NewDuplicateRelationError(existing.GetName(), relation.GetName()) } if isPermission(relation) { - existingPerms[relation.Name] = relation - existingPermNames.Add(relation.Name) + existingPerms[relation.GetName()] = relation + existingPermNames.Add(relation.GetName()) } else { - existingRels[relation.Name] = relation - existingRelNames.Add(relation.Name) + existingRels[relation.GetName()] = relation + existingRelNames.Add(relation.GetName()) } } - for _, relation := range updated.Relation { - _, ok := updatedRels[relation.Name] + for _, relation := range updated.GetRelation() { + _, ok := updatedRels[relation.GetName()] if ok { - return nil, nsinternal.NewDuplicateRelationError(updated.Name, relation.Name) + return nil, nsinternal.NewDuplicateRelationError(updated.GetName(), relation.GetName()) } if isPermission(relation) { - updatedPerms[relation.Name] = relation - updatedPermNames.Add(relation.Name) + updatedPerms[relation.GetName()] = relation + updatedPermNames.Add(relation.GetName()) } else { - updatedRels[relation.Name] = relation - updatedRelNames.Add(relation.Name) + updatedRels[relation.GetName()] = relation + updatedRelNames.Add(relation.GetName()) } } @@ -209,7 +209,7 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD updatedPerm := updatedPerms[shared] // Compare implementations. - if areDifferentExpressions(existingPerm.UsersetRewrite, updatedPerm.UsersetRewrite) { + if areDifferentExpressions(existingPerm.GetUsersetRewrite(), updatedPerm.GetUsersetRewrite()) { deltas = append(deltas, Delta{ Type: ChangedPermissionImpl, RelationName: shared, @@ -217,8 +217,8 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD } // Compare comments. - existingComments := nspkg.GetComments(existingPerm.Metadata) - updatedComments := nspkg.GetComments(updatedPerm.Metadata) + existingComments := nspkg.GetComments(existingPerm.GetMetadata()) + updatedComments := nspkg.GetComments(updatedPerm.GetMetadata()) if !slices.Equal(existingComments, updatedComments) { deltas = append(deltas, Delta{ Type: ChangedPermissionComment, @@ -233,7 +233,7 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD updatedRel := updatedRels[shared] // Compare implementations (legacy). - if areDifferentExpressions(existingRel.UsersetRewrite, updatedRel.UsersetRewrite) { + if areDifferentExpressions(existingRel.GetUsersetRewrite(), updatedRel.GetUsersetRewrite()) { deltas = append(deltas, Delta{ Type: LegacyChangedRelationImpl, RelationName: shared, @@ -241,8 +241,8 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD } // Compare comments. - existingComments := nspkg.GetComments(existingRel.Metadata) - updatedComments := nspkg.GetComments(updatedRel.Metadata) + existingComments := nspkg.GetComments(existingRel.GetMetadata()) + updatedComments := nspkg.GetComments(updatedRel.GetMetadata()) if !slices.Equal(existingComments, updatedComments) { deltas = append(deltas, Delta{ Type: ChangedRelationComment, @@ -251,12 +251,12 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD } // Compare type information. - existingTypeInfo := existingRel.TypeInformation + existingTypeInfo := existingRel.GetTypeInformation() if existingTypeInfo == nil { existingTypeInfo = &core.TypeInformation{} } - updatedTypeInfo := updatedRel.TypeInformation + updatedTypeInfo := updatedRel.GetTypeInformation() if updatedTypeInfo == nil { updatedTypeInfo = &core.TypeInformation{} } @@ -265,13 +265,13 @@ func DiffNamespaces(existing *core.NamespaceDefinition, updated *core.NamespaceD updatedAllowedRels := mapz.NewSet[string]() allowedRelsBySource := map[string]*core.AllowedRelation{} - for _, existingAllowed := range existingTypeInfo.AllowedDirectRelations { + for _, existingAllowed := range existingTypeInfo.GetAllowedDirectRelations() { source := schema.SourceForAllowedRelation(existingAllowed) allowedRelsBySource[source] = existingAllowed existingAllowedRels.Add(source) } - for _, updatedAllowed := range updatedTypeInfo.AllowedDirectRelations { + for _, updatedAllowed := range updatedTypeInfo.GetAllowedDirectRelations() { source := schema.SourceForAllowedRelation(updatedAllowed) allowedRelsBySource[source] = updatedAllowed updatedAllowedRels.Add(source) diff --git a/pkg/diff/namespace/diffexpr.go b/pkg/diff/namespace/diffexpr.go index 359728ce7..c26b5de1a 100644 --- a/pkg/diff/namespace/diffexpr.go +++ b/pkg/diff/namespace/diffexpr.go @@ -115,7 +115,7 @@ func DiffExpressions(existing *core.UsersetRewrite, updated *core.UsersetRewrite var updatedType string var updatedOperation *core.SetOperation - switch t := existing.RewriteOperation.(type) { + switch t := existing.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: existingType = "union" existingOperation = t.Union @@ -129,10 +129,10 @@ func DiffExpressions(existing *core.UsersetRewrite, updated *core.UsersetRewrite existingOperation = t.Exclusion default: - return nil, spiceerrors.MustBugf("unknown operation type %T", existing.RewriteOperation) + return nil, spiceerrors.MustBugf("unknown operation type %T", existing.GetRewriteOperation()) } - switch t := updated.RewriteOperation.(type) { + switch t := updated.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: updatedType = "union" updatedOperation = t.Union @@ -146,7 +146,7 @@ func DiffExpressions(existing *core.UsersetRewrite, updated *core.UsersetRewrite updatedOperation = t.Exclusion default: - return nil, spiceerrors.MustBugf("unknown operation type %T", updated.RewriteOperation) + return nil, spiceerrors.MustBugf("unknown operation type %T", updated.GetRewriteOperation()) } childChangeKind := ExpressionChildrenChanged @@ -154,7 +154,7 @@ func DiffExpressions(existing *core.UsersetRewrite, updated *core.UsersetRewrite // If the expression has changed from a union with a single child, then // treat this as a special case, since there wasn't really an operation // before. - if existingType != "union" || len(existingOperation.Child) != 1 { + if existingType != "union" || len(existingOperation.GetChild()) != 1 { return &ExpressionDiff{ existing: existing, updated: updated, @@ -165,9 +165,9 @@ func DiffExpressions(existing *core.UsersetRewrite, updated *core.UsersetRewrite childChangeKind = ExpressionOperationExpanded } - childDiffs := make([]*OperationDiff, 0, abs(len(updatedOperation.Child)-len(existingOperation.Child))) - if len(existingOperation.Child) < len(updatedOperation.Child) { - for _, updatedChild := range updatedOperation.Child[len(existingOperation.Child):] { + childDiffs := make([]*OperationDiff, 0, abs(len(updatedOperation.GetChild())-len(existingOperation.GetChild()))) + if len(existingOperation.GetChild()) < len(updatedOperation.GetChild()) { + for _, updatedChild := range updatedOperation.GetChild()[len(existingOperation.GetChild()):] { childDiffs = append(childDiffs, &OperationDiff{ change: OperationAdded, updated: updatedChild, @@ -175,8 +175,8 @@ func DiffExpressions(existing *core.UsersetRewrite, updated *core.UsersetRewrite } } - if len(existingOperation.Child) > len(updatedOperation.Child) { - for _, existingChild := range existingOperation.Child[len(updatedOperation.Child):] { + if len(existingOperation.GetChild()) > len(updatedOperation.GetChild()) { + for _, existingChild := range existingOperation.GetChild()[len(updatedOperation.GetChild()):] { childDiffs = append(childDiffs, &OperationDiff{ change: OperationRemoved, existing: existingChild, @@ -184,8 +184,8 @@ func DiffExpressions(existing *core.UsersetRewrite, updated *core.UsersetRewrite } } - for i := 0; i < len(existingOperation.Child) && i < len(updatedOperation.Child); i++ { - childDiff, err := compareChildren(existingOperation.Child[i], updatedOperation.Child[i]) + for i := 0; i < len(existingOperation.GetChild()) && i < len(updatedOperation.GetChild()); i++ { + childDiff, err := compareChildren(existingOperation.GetChild()[i], updatedOperation.GetChild()[i]) if err != nil { return nil, err } @@ -260,7 +260,7 @@ func compareChildren(existing *core.SetOperation_Child, updated *core.SetOperati }, nil case "computed": - if existing.GetComputedUserset().Relation != updated.GetComputedUserset().Relation { + if existing.GetComputedUserset().GetRelation() != updated.GetComputedUserset().GetRelation() { return &OperationDiff{ existing: existing, updated: updated, @@ -292,7 +292,7 @@ func compareChildren(existing *core.SetOperation_Child, updated *core.SetOperati existingTTU := existing.GetTupleToUserset() updatedTTU := updated.GetTupleToUserset() - if existingTTU.GetComputedUserset().Relation != updatedTTU.GetComputedUserset().Relation { + if existingTTU.GetComputedUserset().GetRelation() != updatedTTU.GetComputedUserset().GetRelation() { return &OperationDiff{ existing: existing, updated: updated, @@ -300,7 +300,7 @@ func compareChildren(existing *core.SetOperation_Child, updated *core.SetOperati }, nil } - if existingTTU.Tupleset.Relation != updatedTTU.Tupleset.Relation { + if existingTTU.GetTupleset().GetRelation() != updatedTTU.GetTupleset().GetRelation() { return &OperationDiff{ existing: existing, updated: updated, @@ -321,7 +321,7 @@ func compareChildren(existing *core.SetOperation_Child, updated *core.SetOperati existingTTU := existing.GetFunctionedTupleToUserset() updatedTTU := updated.GetFunctionedTupleToUserset() - if existingTTU.GetComputedUserset().Relation != updatedTTU.GetComputedUserset().Relation { + if existingTTU.GetComputedUserset().GetRelation() != updatedTTU.GetComputedUserset().GetRelation() { return &OperationDiff{ existing: existing, updated: updated, @@ -329,7 +329,7 @@ func compareChildren(existing *core.SetOperation_Child, updated *core.SetOperati }, nil } - if existingTTU.Tupleset.Relation != updatedTTU.Tupleset.Relation { + if existingTTU.GetTupleset().GetRelation() != updatedTTU.GetTupleset().GetRelation() { return &OperationDiff{ existing: existing, updated: updated, @@ -349,7 +349,7 @@ func compareChildren(existing *core.SetOperation_Child, updated *core.SetOperati } func typeOfSetOperationChild(child *core.SetOperation_Child) (string, error) { - switch t := child.ChildType.(type) { + switch t := child.GetChildType().(type) { case *core.SetOperation_Child_XThis: return "_this", nil @@ -363,7 +363,7 @@ func typeOfSetOperationChild(child *core.SetOperation_Child) (string, error) { return "ttu", nil case *core.SetOperation_Child_FunctionedTupleToUserset: - switch t.FunctionedTupleToUserset.Function { + switch t.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_UNSPECIFIED: return "", spiceerrors.MustBugf("function type unspecified") @@ -374,7 +374,7 @@ func typeOfSetOperationChild(child *core.SetOperation_Child) (string, error) { return "intersectionttu", nil default: - return "", spiceerrors.MustBugf("unknown function type %v", t.FunctionedTupleToUserset.Function) + return "", spiceerrors.MustBugf("unknown function type %v", t.FunctionedTupleToUserset.GetFunction()) } case *core.SetOperation_Child_XNil: diff --git a/pkg/diff/namespace/diffexpr_test.go b/pkg/diff/namespace/diffexpr_test.go index 1622d599a..505f76330 100644 --- a/pkg/diff/namespace/diffexpr_test.go +++ b/pkg/diff/namespace/diffexpr_test.go @@ -173,5 +173,5 @@ func parseUsersetRewrite(s string) (*core.UsersetRewrite, error) { return nil, err } - return compiled.ObjectDefinitions[0].Relation[0].UsersetRewrite, nil + return compiled.ObjectDefinitions[0].GetRelation()[0].GetUsersetRewrite(), nil } diff --git a/pkg/graph/walker.go b/pkg/graph/walker.go index 71b9457b1..36307d089 100644 --- a/pkg/graph/walker.go +++ b/pkg/graph/walker.go @@ -17,7 +17,7 @@ func WalkRewrite(rewrite *core.UsersetRewrite, handler WalkHandler) (any, error) return nil, nil } - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: return walkRewriteChildren(rw.Union, handler) case *core.UsersetRewrite_Intersection: @@ -33,7 +33,7 @@ func WalkRewrite(rewrite *core.UsersetRewrite, handler WalkHandler) (any, error) // the rewrite is nil, returns false. func HasThis(rewrite *core.UsersetRewrite) (bool, error) { result, err := WalkRewrite(rewrite, func(childOneof *core.SetOperation_Child) (any, error) { - switch childOneof.ChildType.(type) { + switch childOneof.GetChildType().(type) { case *core.SetOperation_Child_XThis: return true, nil default: @@ -44,7 +44,7 @@ func HasThis(rewrite *core.UsersetRewrite) (bool, error) { } func walkRewriteChildren(so *core.SetOperation, handler WalkHandler) (any, error) { - for _, childOneof := range so.Child { + for _, childOneof := range so.GetChild() { vle, err := handler(childOneof) if err != nil { return nil, err @@ -54,7 +54,7 @@ func walkRewriteChildren(so *core.SetOperation, handler WalkHandler) (any, error return vle, nil } - switch child := childOneof.ChildType.(type) { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_UsersetRewrite: rvle, err := WalkRewrite(child.UsersetRewrite, handler) if err != nil { diff --git a/pkg/middleware/consistency/consistency.go b/pkg/middleware/consistency/consistency.go index 6a87c8d99..c01ff4291 100644 --- a/pkg/middleware/consistency/consistency.go +++ b/pkg/middleware/consistency/consistency.go @@ -290,7 +290,7 @@ func pickBestRevision(ctx context.Context, requested *v1.ZedToken, ds datastore. if status == zedtoken.StatusMismatchedDatastoreID { switch option { case TreatMismatchingTokensAsFullConsistency: - log.Warn().Str("zedtoken", requested.Token).Msg("ZedToken specified references a different datastore instance and SpiceDB is configured to treat this as a full consistency request") + log.Warn().Str("zedtoken", requested.GetToken()).Msg("ZedToken specified references a different datastore instance and SpiceDB is configured to treat this as a full consistency request") headRev, err := ds.HeadRevision(ctx) if err != nil { return datastore.NoRevision, false, err @@ -299,11 +299,11 @@ func pickBestRevision(ctx context.Context, requested *v1.ZedToken, ds datastore. return headRev, false, nil case TreatMismatchingTokensAsMinLatency: - log.Warn().Str("zedtoken", requested.Token).Msg("ZedToken specified references a different datastore instance and SpiceDB is configured to treat this as a min latency request") + log.Warn().Str("zedtoken", requested.GetToken()).Msg("ZedToken specified references a different datastore instance and SpiceDB is configured to treat this as a min latency request") return databaseRev, false, nil case TreatMismatchingTokensAsError: - log.Warn().Str("zedtoken", requested.Token).Msg("ZedToken specified references a different datastore instance and SpiceDB is configured to raise an error in this scenario") + log.Warn().Str("zedtoken", requested.GetToken()).Msg("ZedToken specified references a different datastore instance and SpiceDB is configured to raise an error in this scenario") return datastore.NoRevision, false, errors.New("ZedToken specified references a different datastore instance and SpiceDB is configured to raise an error in this scenario") default: diff --git a/pkg/middleware/nodeid/nodeid_test.go b/pkg/middleware/nodeid/nodeid_test.go index 2e94f5282..11e6b59db 100644 --- a/pkg/middleware/nodeid/nodeid_test.go +++ b/pkg/middleware/nodeid/nodeid_test.go @@ -80,7 +80,7 @@ func (s *nodeIDMiddlewareTestSuite) TestStreamInterceptor_SetsNodeID() { resp, err := stream.Recv() s.Require().NoError(err) - s.Require().Equal(s.testNodeID, resp.Value) + s.Require().Equal(s.testNodeID, resp.GetValue()) } // Test suite for default node ID behavior @@ -122,8 +122,8 @@ func (s *nodeIDDefaultMiddlewareTestSuite) TestStreamInterceptor_UsesDefaultNode resp, err := stream.Recv() s.Require().NoError(err) - s.Require().NotEmpty(resp.Value) - s.Require().Contains(resp.Value, spiceDBPrefix) + s.Require().NotEmpty(resp.GetValue()) + s.Require().Contains(resp.GetValue(), spiceDBPrefix) } // Test ContextWithHandle and FromContext functions directly diff --git a/pkg/middleware/requestid/requestid_test.go b/pkg/middleware/requestid/requestid_test.go index d3955af40..62cbad33b 100644 --- a/pkg/middleware/requestid/requestid_test.go +++ b/pkg/middleware/requestid/requestid_test.go @@ -56,7 +56,7 @@ func (t *testServer) PingStream(server testpb.TestService_PingStreamServer) erro return err } - if err := server.Send(&testpb.PingStreamResponse{Value: req.Value}); err != nil { + if err := server.Send(&testpb.PingStreamResponse{Value: req.GetValue()}); err != nil { return err } } @@ -182,7 +182,7 @@ func (s *requestIDMiddlewareTestSuite) TestBidirectionalStreamingInterceptor_Ret // Receive the echoed message resp, err := stream.Recv() require.NoError(s.T(), err) - require.Equal(s.T(), "test", resp.Value) + require.Equal(s.T(), "test", resp.GetValue()) // Close the stream err = stream.CloseSend() diff --git a/pkg/namespace/builder.go b/pkg/namespace/builder.go index cf4c745b4..9ffee8801 100644 --- a/pkg/namespace/builder.go +++ b/pkg/namespace/builder.go @@ -18,7 +18,7 @@ func Namespace(name string, relations ...*core.Relation) *core.NamespaceDefiniti // WithComment creates a namespace definition with one or more defined relations. func WithComment(name string, comment string, relations ...*core.Relation) *core.NamespaceDefinition { nd := Namespace(name, relations...) - nd.Metadata, _ = AddComment(nd.Metadata, comment) + nd.Metadata, _ = AddComment(nd.GetMetadata(), comment) return nd } @@ -69,7 +69,7 @@ func Relation(name string, rewrite *core.UsersetRewrite, allowedDirectRelations // MustRelationWithComment creates a relation definition with an optional rewrite definition. func MustRelationWithComment(name string, comment string, rewrite *core.UsersetRewrite, allowedDirectRelations ...*core.AllowedRelation) *core.Relation { rel := MustRelation(name, rewrite, allowedDirectRelations...) - rel.Metadata, _ = AddComment(rel.Metadata, comment) + rel.Metadata, _ = AddComment(rel.GetMetadata(), comment) return rel } @@ -97,9 +97,9 @@ func AllowedRelationWithCaveat(namespaceName string, relationName string, withCa // WithExpiration adds the expiration trait to the allowed relation. func WithExpiration(allowedRelation *core.AllowedRelation) *core.AllowedRelation { return &core.AllowedRelation{ - Namespace: allowedRelation.Namespace, - RelationOrWildcard: allowedRelation.RelationOrWildcard, - RequiredCaveat: allowedRelation.RequiredCaveat, + Namespace: allowedRelation.GetNamespace(), + RelationOrWildcard: allowedRelation.GetRelationOrWildcard(), + RequiredCaveat: allowedRelation.GetRequiredCaveat(), RequiredExpiration: &core.ExpirationTrait{}, } } @@ -185,7 +185,7 @@ func MustCaveatDefinitionWithComment(env *caveats.Environment, name string, comm if err != nil { panic(err) } - cd.Metadata, _ = AddComment(cd.Metadata, comment) + cd.Metadata, _ = AddComment(cd.GetMetadata(), comment) return cd } diff --git a/pkg/namespace/metadata.go b/pkg/namespace/metadata.go index 27cfa5255..a4356d165 100644 --- a/pkg/namespace/metadata.go +++ b/pkg/namespace/metadata.go @@ -23,11 +23,11 @@ var userDefinedMetadataTypeUrls = map[string]struct{}{ // *in place*. func FilterUserDefinedMetadataInPlace(nsconfig *core.NamespaceDefinition) { nsconfig.Metadata = nil - for _, relation := range nsconfig.Relation { - if relation.Metadata != nil { + for _, relation := range nsconfig.GetRelation() { + if relation.GetMetadata() != nil { var filteredMessages []*anypb.Any - for _, msg := range relation.Metadata.MetadataMessage { - if _, ok := userDefinedMetadataTypeUrls[msg.TypeUrl]; !ok { + for _, msg := range relation.GetMetadata().GetMetadataMessage() { + if _, ok := userDefinedMetadataTypeUrls[msg.GetTypeUrl()]; !ok { filteredMessages = append(filteredMessages, msg) } } @@ -43,10 +43,10 @@ func GetComments(metadata *core.Metadata) []string { } comments := []string{} - for _, msg := range metadata.MetadataMessage { + for _, msg := range metadata.GetMetadataMessage() { var dc iv1.DocComment if err := msg.UnmarshalTo(&dc); err == nil { - comments = append(comments, dc.Comment) + comments = append(comments, dc.GetComment()) } } @@ -73,15 +73,15 @@ func AddComment(metadata *core.Metadata, comment string) (*core.Metadata, error) // GetRelationKind returns the kind of the relation. func GetRelationKind(relation *core.Relation) iv1.RelationMetadata_RelationKind { - metadata := relation.Metadata + metadata := relation.GetMetadata() if metadata == nil { return iv1.RelationMetadata_UNKNOWN_KIND } - for _, msg := range metadata.MetadataMessage { + for _, msg := range metadata.GetMetadataMessage() { var rm iv1.RelationMetadata if err := msg.UnmarshalTo(&rm); err == nil { - return rm.Kind + return rm.GetKind() } } @@ -90,7 +90,7 @@ func GetRelationKind(relation *core.Relation) iv1.RelationMetadata_RelationKind // SetRelationKind sets the kind of relation. func SetRelationKind(relation *core.Relation, kind iv1.RelationMetadata_RelationKind) error { - metadata := relation.Metadata + metadata := relation.GetMetadata() if metadata == nil { metadata = &core.Metadata{} relation.Metadata = metadata @@ -110,20 +110,20 @@ func SetRelationKind(relation *core.Relation, kind iv1.RelationMetadata_Relation // GetTypeAnnotations returns the type annotations for a permission relation. func GetTypeAnnotations(relation *core.Relation) []string { - if relation.Metadata == nil { + if relation.GetMetadata() == nil { return nil } - for _, metadataAny := range relation.Metadata.MetadataMessage { + for _, metadataAny := range relation.GetMetadata().GetMetadataMessage() { var relationMetadata iv1.RelationMetadata if err := metadataAny.UnmarshalTo(&relationMetadata); err != nil { // Skip if this metadata message is not RelationMetadata continue } - if relationMetadata.Kind == iv1.RelationMetadata_PERMISSION { - if relationMetadata.TypeAnnotations != nil { - return relationMetadata.TypeAnnotations.Types + if relationMetadata.GetKind() == iv1.RelationMetadata_PERMISSION { + if relationMetadata.GetTypeAnnotations() != nil { + return relationMetadata.GetTypeAnnotations().GetTypes() } return nil } @@ -135,7 +135,7 @@ func GetTypeAnnotations(relation *core.Relation) []string { // SetTypeAnnotations sets the type annotations for a permission relation. // If typeAnnotations is nil, removes any existing type annotations. func SetTypeAnnotations(relation *core.Relation, typeAnnotations []string) error { - if relation.Metadata == nil { + if relation.GetMetadata() == nil { if typeAnnotations == nil { return nil // Nothing to remove } @@ -143,14 +143,14 @@ func SetTypeAnnotations(relation *core.Relation, typeAnnotations []string) error } // Find existing PERMISSION RelationMetadata and update it, or create new one - for i, metadataAny := range relation.Metadata.MetadataMessage { + for i, metadataAny := range relation.GetMetadata().GetMetadataMessage() { var relationMetadata iv1.RelationMetadata if err := metadataAny.UnmarshalTo(&relationMetadata); err != nil { continue // Skip if this is not RelationMetadata } // Only update if this is the PERMISSION metadata - if relationMetadata.Kind == iv1.RelationMetadata_PERMISSION { + if relationMetadata.GetKind() == iv1.RelationMetadata_PERMISSION { if typeAnnotations == nil { // Remove type annotations by setting to nil relationMetadata.TypeAnnotations = nil diff --git a/pkg/namespace/metadata_test.go b/pkg/namespace/metadata_test.go index 73def5f3a..6466ed6e4 100644 --- a/pkg/namespace/metadata_test.go +++ b/pkg/namespace/metadata_test.go @@ -48,17 +48,17 @@ func TestMetadata(t *testing.T) { verr := ns.Validate() require.NoError(verr) - require.Equal([]string{"Hi there"}, GetComments(ns.Metadata)) - require.Equal([]string{"Hi there"}, GetComments(ns.Relation[0].Metadata)) - require.Equal(iv1.RelationMetadata_PERMISSION, GetRelationKind(ns.Relation[0])) + require.Equal([]string{"Hi there"}, GetComments(ns.GetMetadata())) + require.Equal([]string{"Hi there"}, GetComments(ns.GetRelation()[0].GetMetadata())) + require.Equal(iv1.RelationMetadata_PERMISSION, GetRelationKind(ns.GetRelation()[0])) - require.Equal([]string{}, GetComments(ns.Relation[1].Metadata)) + require.Equal([]string{}, GetComments(ns.GetRelation()[1].GetMetadata())) FilterUserDefinedMetadataInPlace(ns) - require.Equal([]string{}, GetComments(ns.Metadata)) - require.Equal([]string{}, GetComments(ns.Relation[0].Metadata)) + require.Equal([]string{}, GetComments(ns.GetMetadata())) + require.Equal([]string{}, GetComments(ns.GetRelation()[0].GetMetadata())) - require.Equal(iv1.RelationMetadata_PERMISSION, GetRelationKind(ns.Relation[0])) + require.Equal(iv1.RelationMetadata_PERMISSION, GetRelationKind(ns.GetRelation()[0])) } func TestTypeAnnotations(t *testing.T) { diff --git a/pkg/promutil/promutil.go b/pkg/promutil/promutil.go index 261cdf345..0d3b1053e 100644 --- a/pkg/promutil/promutil.go +++ b/pkg/promutil/promutil.go @@ -24,5 +24,9 @@ func MustCounterValue(m prometheus.Metric) float64 { if err := m.Write(&written); err != nil { panic("failed to read Prometheus counter: " + err.Error()) } - return *written.Counter.Value + counter := written.GetCounter() + if counter == nil { + panic("counter was nil") + } + return counter.GetValue() } diff --git a/pkg/promutil/promutil_test.go b/pkg/promutil/promutil_test.go index 5c70f5ee0..6d8be3a50 100644 --- a/pkg/promutil/promutil_test.go +++ b/pkg/promutil/promutil_test.go @@ -4,6 +4,7 @@ import ( "testing" "github.com/prometheus/client_golang/prometheus" + "github.com/stretchr/testify/require" ) func TestMustCounterValue(t *testing.T) { @@ -13,29 +14,23 @@ func TestMustCounterValue(t *testing.T) { }) result := MustCounterValue(counter) - if result != 0.0 { - t.Errorf("Initial counter value should be 0.0, got %v", result) - } + require.Equal(t, 0.0, result, "Initial counter value should be 0.0") counter.Add(15) result = MustCounterValue(counter) - if result != 15 { - t.Errorf("Counter value should be 15.5 after Add(15.5), got %v", result) - } + require.Equal(t, 15.0, result, "Counter value should be 15 after Add(15)") counter.Inc() result = MustCounterValue(counter) - if result != 16 { - t.Errorf("Counter value should be 16.5 after Inc(), got %v", result) - } + require.Equal(t, 16.0, result, "Counter value should be 16 after Inc()") } func TestMustCounterValue_Panics(t *testing.T) { - defer func() { _ = recover() }() histogram := prometheus.NewHistogram(prometheus.HistogramOpts{ Name: "test", Help: "A test histogram for unit testing", }) - MustCounterValue(histogram) - t.Fatal("did not panic when provided a non-counter") + require.Panics(t, func() { + MustCounterValue(histogram) + }) } diff --git a/pkg/proto/dispatch/v1/00_zerolog.go b/pkg/proto/dispatch/v1/00_zerolog.go index ecac2edb5..7ab167249 100644 --- a/pkg/proto/dispatch/v1/00_zerolog.go +++ b/pkg/proto/dispatch/v1/00_zerolog.go @@ -8,59 +8,59 @@ import ( // MarshalZerologObject implements zerolog object marshalling. func (cr *DispatchCheckRequest) MarshalZerologObject(e *zerolog.Event) { - e.Object("metadata", cr.Metadata) - e.Str("resource-type", tuple.StringCoreRR(cr.ResourceRelation)) - e.Str("subject", tuple.StringCoreONR(cr.Subject)) - e.Array("resource-ids", strArray(cr.ResourceIds)) + e.Object("metadata", cr.GetMetadata()) + e.Str("resource-type", tuple.StringCoreRR(cr.GetResourceRelation())) + e.Str("subject", tuple.StringCoreONR(cr.GetSubject())) + e.Array("resource-ids", strArray(cr.GetResourceIds())) } // MarshalZerologObject implements zerolog object marshalling. func (cr *DispatchCheckResponse) MarshalZerologObject(e *zerolog.Event) { - e.Object("metadata", cr.Metadata) + e.Object("metadata", cr.GetMetadata()) results := zerolog.Dict() - for resourceID, result := range cr.ResultsByResourceId { - results.Str(resourceID, ResourceCheckResult_Membership_name[int32(result.Membership)]) + for resourceID, result := range cr.GetResultsByResourceId() { + results.Str(resourceID, ResourceCheckResult_Membership_name[int32(result.GetMembership())]) } e.Dict("results", results) } // MarshalZerologObject implements zerolog object marshalling. func (er *DispatchExpandRequest) MarshalZerologObject(e *zerolog.Event) { - e.Object("metadata", er.Metadata) - e.Str("expand", tuple.StringCoreONR(er.ResourceAndRelation)) - e.Stringer("mode", er.ExpansionMode) + e.Object("metadata", er.GetMetadata()) + e.Str("expand", tuple.StringCoreONR(er.GetResourceAndRelation())) + e.Stringer("mode", er.GetExpansionMode()) } // MarshalZerologObject implements zerolog object marshalling. func (cr *DispatchExpandResponse) MarshalZerologObject(e *zerolog.Event) { - e.Object("metadata", cr.Metadata) + e.Object("metadata", cr.GetMetadata()) } // MarshalZerologObject implements zerolog object marshalling. func (lr *DispatchLookupResources2Request) MarshalZerologObject(e *zerolog.Event) { - e.Object("metadata", lr.Metadata) - e.Str("resource", tuple.StringCoreRR(lr.ResourceRelation)) - e.Str("subject", tuple.StringCoreRR(lr.SubjectRelation)) - e.Array("subject-ids", strArray(lr.SubjectIds)) - e.Interface("context", lr.Context) + e.Object("metadata", lr.GetMetadata()) + e.Str("resource", tuple.StringCoreRR(lr.GetResourceRelation())) + e.Str("subject", tuple.StringCoreRR(lr.GetSubjectRelation())) + e.Array("subject-ids", strArray(lr.GetSubjectIds())) + e.Interface("context", lr.GetContext()) } // MarshalZerologObject implements zerolog object marshalling. func (lr *DispatchLookupResources3Request) MarshalZerologObject(e *zerolog.Event) { - e.Object("metadata", lr.Metadata) - e.Str("resource", tuple.StringCoreRR(lr.ResourceRelation)) - e.Str("subject", tuple.StringCoreRR(lr.SubjectRelation)) - e.Array("subject-ids", strArray(lr.SubjectIds)) - e.Interface("context", lr.Context) + e.Object("metadata", lr.GetMetadata()) + e.Str("resource", tuple.StringCoreRR(lr.GetResourceRelation())) + e.Str("subject", tuple.StringCoreRR(lr.GetSubjectRelation())) + e.Array("subject-ids", strArray(lr.GetSubjectIds())) + e.Interface("context", lr.GetContext()) } // MarshalZerologObject implements zerolog object marshalling. func (ls *DispatchLookupSubjectsRequest) MarshalZerologObject(e *zerolog.Event) { - e.Object("metadata", ls.Metadata) - e.Str("resource-type", tuple.StringCoreRR(ls.ResourceRelation)) - e.Str("subject-type", tuple.StringCoreRR(ls.SubjectRelation)) - e.Array("resource-ids", strArray(ls.ResourceIds)) + e.Object("metadata", ls.GetMetadata()) + e.Str("resource-type", tuple.StringCoreRR(ls.GetResourceRelation())) + e.Str("subject-type", tuple.StringCoreRR(ls.GetSubjectRelation())) + e.Array("resource-ids", strArray(ls.GetResourceIds())) } type strArray []string @@ -77,17 +77,17 @@ func (cs *DispatchLookupSubjectsResponse) MarshalZerologObject(e *zerolog.Event) if cs == nil { e.Interface("response", nil) } else { - e.Object("metadata", cs.Metadata) + e.Object("metadata", cs.GetMetadata()) } } // MarshalZerologObject implements zerolog object marshalling. func (x *ResolverMeta) MarshalZerologObject(e *zerolog.Event) { - e.Str("revision", x.AtRevision) - e.Uint32("depth", x.DepthRemaining) + e.Str("revision", x.GetAtRevision()) + e.Uint32("depth", x.GetDepthRemaining()) } // MarshalZerologObject implements zerolog object marshalling. func (cr *ResponseMeta) MarshalZerologObject(e *zerolog.Event) { - e.Uint32("count", cr.DispatchCount) + e.Uint32("count", cr.GetDispatchCount()) } diff --git a/pkg/proto/dispatch/v1/02_resolvermeta.go b/pkg/proto/dispatch/v1/02_resolvermeta.go index fb69b749e..9d69c7685 100644 --- a/pkg/proto/dispatch/v1/02_resolvermeta.go +++ b/pkg/proto/dispatch/v1/02_resolvermeta.go @@ -16,12 +16,12 @@ func (x *ResolverMeta) RecordTraversal(key string) (possiblyLoop bool, err error return false, spiceerrors.MustBugf("missing key to be recorded in traversal") } - if x == nil || len(x.TraversalBloom) == 0 { + if x == nil || len(x.GetTraversalBloom()) == 0 { return false, status.Error(codes.Internal, errors.New("required traversal bloom filter is missing").Error()) } bf := &bloom.BloomFilter{} - if err := bf.UnmarshalBinary(x.TraversalBloom); err != nil { + if err := bf.UnmarshalBinary(x.GetTraversalBloom()); err != nil { return false, status.Error(codes.Internal, fmt.Errorf("unable to unmarshall traversal bloom filter: %w", err).Error()) } diff --git a/pkg/proto/dispatch/v1/02_resolvermeta_test.go b/pkg/proto/dispatch/v1/02_resolvermeta_test.go index d689703f1..12e953475 100644 --- a/pkg/proto/dispatch/v1/02_resolvermeta_test.go +++ b/pkg/proto/dispatch/v1/02_resolvermeta_test.go @@ -32,7 +32,7 @@ func TestRecordTraversal(t *testing.T) { require.NoError(t, err) bfs := bloom.BloomFilter{} - err = bfs.UnmarshalBinary(rm.TraversalBloom) + err = bfs.UnmarshalBinary(rm.GetTraversalBloom()) require.NoError(t, err) require.True(t, bfs.TestString("test")) diff --git a/pkg/query/arrow_test.go b/pkg/query/arrow_test.go index 6d7a8c6da..608ca14d0 100644 --- a/pkg/query/arrow_test.go +++ b/pkg/query/arrow_test.go @@ -277,7 +277,7 @@ func TestArrowIteratorCaveatCombination(t *testing.T) { relCaveat := rels[0].Caveat require.NotNil(relCaveat, "Result should have combined caveat") require.NotNil(relCaveat.GetOperation(), "Caveat should be an operation") - require.Equal(relCaveat.GetOperation().Op, core.CaveatOperation_AND, "Caveat should be an AND") + require.Equal(relCaveat.GetOperation().GetOp(), core.CaveatOperation_AND, "Caveat should be an AND") require.Len(relCaveat.GetOperation().GetChildren(), 2, "Caveat should be an AND of two children") }) diff --git a/pkg/query/caveat.go b/pkg/query/caveat.go index be356673a..5d0fa59b8 100644 --- a/pkg/query/caveat.go +++ b/pkg/query/caveat.go @@ -57,7 +57,7 @@ func (c *CaveatIterator) runCaveats(ctx *Context, subSeq PathSeq) (PathSeq, erro } return func(yield func(Path, error) bool) { - ctx.TraceStep(c, "applying caveat '%s' to sub-iterator results", c.caveat.CaveatName) + ctx.TraceStep(c, "applying caveat '%s' to sub-iterator results", c.caveat.GetCaveatName()) processedCount := 0 passedCount := 0 @@ -151,7 +151,7 @@ func (c *CaveatIterator) containsExpectedCaveat(expr *core.CaveatExpression) boo return true // No expected caveat, so any expression passes } - return c.containsCaveatName(expr, c.caveat.CaveatName) + return c.containsCaveatName(expr, c.caveat.GetCaveatName()) } // containsCaveatName recursively checks if a caveat expression contains a specific caveat name @@ -162,12 +162,12 @@ func (c *CaveatIterator) containsCaveatName(expr *core.CaveatExpression, expecte // Check if this is a leaf caveat if expr.GetCaveat() != nil { - return expr.GetCaveat().CaveatName == expectedName + return expr.GetCaveat().GetCaveatName() == expectedName } // Check if this is an operation with children if expr.GetOperation() != nil { - for _, child := range expr.GetOperation().Children { + for _, child := range expr.GetOperation().GetChildren() { if c.containsCaveatName(child, expectedName) { return true } @@ -209,12 +209,12 @@ func (c *CaveatIterator) buildExplainInfo() string { } // Build basic caveat information - info := "Caveat(" + c.caveat.CaveatName + info := "Caveat(" + c.caveat.GetCaveatName() // Add context information if available - if c.caveat.Context != nil && len(c.caveat.Context.GetFields()) > 0 { - contextInfo := make([]string, 0, len(c.caveat.Context.GetFields())) - for key := range c.caveat.Context.GetFields() { + if c.caveat.GetContext() != nil && len(c.caveat.GetContext().GetFields()) > 0 { + contextInfo := make([]string, 0, len(c.caveat.GetContext().GetFields())) + for key := range c.caveat.GetContext().GetFields() { contextInfo = append(contextInfo, key) } info += fmt.Sprintf(", context: [%v]", contextInfo) diff --git a/pkg/query/context.go b/pkg/query/context.go index 8bcb85f82..1baecfd18 100644 --- a/pkg/query/context.go +++ b/pkg/query/context.go @@ -68,7 +68,7 @@ func (t *TraceLogger) ExitIterator(it Iterator, paths []Path) { if p.Caveat != nil { // Extract caveat name from CaveatExpression if p.Caveat.GetCaveat() != nil { - caveatInfo = fmt.Sprintf("[%s]", p.Caveat.GetCaveat().CaveatName) + caveatInfo = fmt.Sprintf("[%s]", p.Caveat.GetCaveat().GetCaveatName()) } else { caveatInfo = "[complex_caveat]" } diff --git a/pkg/query/exclusion_test.go b/pkg/query/exclusion_test.go index 00ec608b6..c34491c56 100644 --- a/pkg/query/exclusion_test.go +++ b/pkg/query/exclusion_test.go @@ -552,7 +552,7 @@ func TestCombineExclusionCaveats(t *testing.T) { resultCaveat := result.Caveat require.NotNil(resultCaveat, "Result should have a combined caveat") require.NotNil(resultCaveat.GetOperation(), "Caveat should be an operation") - require.Equal(resultCaveat.GetOperation().Op, core.CaveatOperation_AND, "Caveat should be an AND") + require.Equal(resultCaveat.GetOperation().GetOp(), core.CaveatOperation_AND, "Caveat should be an AND") require.Len(resultCaveat.GetOperation().GetChildren(), 2, "Caveat should be an AND of two children (main_caveat AND NOT excluded_caveat)") // Verify the result has the same endpoints as main @@ -638,7 +638,7 @@ func TestExclusion_CombinedCaveatLogic(t *testing.T) { doc1Caveat := doc1Result.Caveat require.NotNil(doc1Caveat, "doc1 result should have combined caveat") require.NotNil(doc1Caveat.GetOperation(), "Caveat should be an operation") - require.Equal(doc1Caveat.GetOperation().Op, core.CaveatOperation_AND, "Caveat should be an AND") + require.Equal(doc1Caveat.GetOperation().GetOp(), core.CaveatOperation_AND, "Caveat should be an AND") require.Len(doc1Caveat.GetOperation().GetChildren(), 2, "Caveat should be an AND of two children (caveat1 AND NOT caveat2)") // doc2 should have no caveat (original state preserved) diff --git a/pkg/query/intersection_arrow_test.go b/pkg/query/intersection_arrow_test.go index e57a8d185..f2d030515 100644 --- a/pkg/query/intersection_arrow_test.go +++ b/pkg/query/intersection_arrow_test.go @@ -365,7 +365,7 @@ func TestIntersectionArrowIteratorCaveatCombination(t *testing.T) { pathCaveat := paths[0].Caveat require.NotNil(pathCaveat, "Result should have combined caveat") require.NotNil(pathCaveat.GetOperation(), "Caveat should be an operation") - require.Equal(pathCaveat.GetOperation().Op, core.CaveatOperation_AND, "Caveat should be an AND") + require.Equal(pathCaveat.GetOperation().GetOp(), core.CaveatOperation_AND, "Caveat should be an AND") require.Len(pathCaveat.GetOperation().GetChildren(), 2, "Caveat should be an AND of two children") }) @@ -411,7 +411,7 @@ func TestIntersectionArrowIteratorCaveatCombination(t *testing.T) { // Verify caveat preservation require.NotNil(paths[0].Caveat, "Left caveat should be preserved") - require.Equal("left_caveat", paths[0].Caveat.GetCaveat().CaveatName) + require.Equal("left_caveat", paths[0].Caveat.GetCaveat().GetCaveatName()) }) t.Run("MultiplePaths_CombineCaveats_AND_Logic", func(t *testing.T) { @@ -503,8 +503,8 @@ func TestIntersectionArrowIteratorCaveatCombination(t *testing.T) { // Verify it's an AND operation caveatOp := paths[0].Caveat.GetOperation() require.NotNil(caveatOp, "Result caveat should be an operation") - require.Equal(core.CaveatOperation_AND, caveatOp.Op, "Combined caveat should use AND operation") - require.NotEmpty(caveatOp.Children, "Combined caveat should have children") + require.Equal(core.CaveatOperation_AND, caveatOp.GetOp(), "Combined caveat should use AND operation") + require.NotEmpty(caveatOp.GetChildren(), "Combined caveat should have children") }) } diff --git a/pkg/query/intersection_test.go b/pkg/query/intersection_test.go index acd2a3128..9981a4b2e 100644 --- a/pkg/query/intersection_test.go +++ b/pkg/query/intersection_test.go @@ -351,7 +351,7 @@ func TestIntersectionIteratorCaveatCombination(t *testing.T) { relCaveat := rels[0].Caveat require.NotNil(relCaveat, "Result should have combined caveat") require.NotNil(relCaveat.GetOperation(), "Caveat should be an operation") - require.Equal(relCaveat.GetOperation().Op, core.CaveatOperation_AND, "Caveat should be an AND") + require.Equal(relCaveat.GetOperation().GetOp(), core.CaveatOperation_AND, "Caveat should be an AND") require.Len(relCaveat.GetOperation().GetChildren(), 2, "Caveat should be an AND of two children") }) @@ -518,7 +518,7 @@ func TestIntersectionIteratorCaveatCombination(t *testing.T) { relCaveat := rels[0].Caveat require.NotNil(relCaveat, "Final result should have combined caveat") require.NotNil(relCaveat.GetOperation(), "Caveat should be an operation") - require.Equal(relCaveat.GetOperation().Op, core.CaveatOperation_AND, "Caveat should be an AND") + require.Equal(relCaveat.GetOperation().GetOp(), core.CaveatOperation_AND, "Caveat should be an AND") require.Len(relCaveat.GetOperation().GetChildren(), 2, "Caveat should be an AND of two children (caveat1 and caveat2)") }) } diff --git a/pkg/query/simplify_caveat.go b/pkg/query/simplify_caveat.go index 91b91dd72..db1e05827 100644 --- a/pkg/query/simplify_caveat.go +++ b/pkg/query/simplify_caveat.go @@ -16,8 +16,8 @@ func mergeContexts(expr *core.CaveatExpression, queryContext map[string]any) map fullContext := make(map[string]any) // Start with the relationship context from the caveat expression - if expr.GetCaveat() != nil && expr.GetCaveat().Context != nil { - maps.Copy(fullContext, expr.GetCaveat().Context.AsMap()) + if expr.GetCaveat() != nil && expr.GetCaveat().GetContext() != nil { + maps.Copy(fullContext, expr.GetCaveat().GetContext().AsMap()) } // Overlay with query-time context (takes precedence) @@ -47,8 +47,8 @@ func collectRelationshipContexts(expr *core.CaveatExpression, contextMap map[str } // If this is a leaf caveat, collect its context - if expr.GetCaveat() != nil && expr.GetCaveat().Context != nil { - for k, v := range expr.GetCaveat().Context.AsMap() { + if expr.GetCaveat() != nil && expr.GetCaveat().GetContext() != nil { + for k, v := range expr.GetCaveat().GetContext().AsMap() { if _, exists := contextMap[k]; !exists { contextMap[k] = v } @@ -57,7 +57,7 @@ func collectRelationshipContexts(expr *core.CaveatExpression, contextMap map[str // If this is an operation, recursively collect from children if expr.GetOperation() != nil { - for _, child := range expr.GetOperation().Children { + for _, child := range expr.GetOperation().GetChildren() { collectRelationshipContexts(child, contextMap) } } @@ -150,7 +150,7 @@ func simplifyOperation( context map[string]any, reader datastore.CaveatReader, ) (*core.CaveatExpression, bool, error) { - switch cop.Op { + switch cop.GetOp() { case core.CaveatOperation_AND: return simplifyAndOperation(ctx, runner, cop, context, reader) case core.CaveatOperation_OR: @@ -172,7 +172,7 @@ func simplifyAndOperation( ) (*core.CaveatExpression, bool, error) { var simplifiedChildren []*core.CaveatExpression - for _, child := range cop.Children { + for _, child := range cop.GetChildren() { simplified, passes, err := simplifyCaveatExpressionInternal(ctx, runner, child, context, reader) if err != nil { return nil, false, err @@ -221,7 +221,7 @@ func simplifyOrOperation( ) (*core.CaveatExpression, bool, error) { var simplifiedChildren []*core.CaveatExpression - for _, child := range cop.Children { + for _, child := range cop.GetChildren() { simplified, passes, err := simplifyCaveatExpressionInternal(ctx, runner, child, context, reader) if err != nil { return nil, false, err @@ -268,12 +268,12 @@ func simplifyNotOperation( context map[string]any, reader datastore.CaveatReader, ) (*core.CaveatExpression, bool, error) { - if len(cop.Children) != 1 { + if len(cop.GetChildren()) != 1 { // NOT should have exactly one child return expr, true, spiceerrors.MustBugf("simplifyNotOperation: returned a Caveat NOT operation with more than one child") } - child := cop.Children[0] + child := cop.GetChildren()[0] simplified, passes, err := simplifyCaveatExpressionInternal(ctx, runner, child, context, reader) if err != nil { return nil, false, err diff --git a/pkg/query/simplify_caveat_test.go b/pkg/query/simplify_caveat_test.go index e39346456..9f2fba623 100644 --- a/pkg/query/simplify_caveat_test.go +++ b/pkg/query/simplify_caveat_test.go @@ -178,7 +178,7 @@ func TestSimplifyAndOperation(t *testing.T) { // Should only have caveat2 left require.NotNil(simplified.GetCaveat()) - require.Equal("caveat2", simplified.GetCaveat().CaveatName) + require.Equal("caveat2", simplified.GetCaveat().GetCaveatName()) }) t.Run("OneFalse_ReturnsFalse", func(t *testing.T) { @@ -192,7 +192,7 @@ func TestSimplifyAndOperation(t *testing.T) { // Should return the false caveat require.NotNil(simplified.GetCaveat()) - require.Equal("caveat1", simplified.GetCaveat().CaveatName) + require.Equal("caveat1", simplified.GetCaveat().GetCaveatName()) }) } @@ -282,7 +282,7 @@ func TestSimplifyOrOperation(t *testing.T) { // Should only have caveat2 left require.NotNil(simplified.GetCaveat()) - require.Equal("caveat2", simplified.GetCaveat().CaveatName) + require.Equal("caveat2", simplified.GetCaveat().GetCaveatName()) }) t.Run("BothFalse_ReturnsExpression", func(t *testing.T) { @@ -296,7 +296,7 @@ func TestSimplifyOrOperation(t *testing.T) { // Should return original expression since all are false require.NotNil(simplified.GetOperation()) - require.Equal(core.CaveatOperation_OR, simplified.GetOperation().Op) + require.Equal(core.CaveatOperation_OR, simplified.GetOperation().GetOp()) }) } @@ -402,7 +402,7 @@ func TestSimplifyNestedOperations(t *testing.T) { // Should simplify to just caveat3 require.NotNil(simplified.GetCaveat()) - require.Equal("caveat3", simplified.GetCaveat().CaveatName) + require.Equal("caveat3", simplified.GetCaveat().GetCaveatName()) }) } @@ -568,8 +568,8 @@ func TestSimplifyAndWithSameCaveatDifferentContexts(t *testing.T) { // Should return the failed caveat (limit=2) require.NotNil(simplified.GetCaveat()) - require.Equal("write_limit", simplified.GetCaveat().CaveatName) - require.Equal(float64(2), simplified.GetCaveat().Context.AsMap()["limit"]) + require.Equal("write_limit", simplified.GetCaveat().GetCaveatName()) + require.Equal(float64(2), simplified.GetCaveat().GetContext().AsMap()["limit"]) }) t.Run("Count5_ShouldFailBothBranches", func(t *testing.T) { @@ -583,8 +583,8 @@ func TestSimplifyAndWithSameCaveatDifferentContexts(t *testing.T) { // Should return the first failed caveat (limit=2) require.NotNil(simplified.GetCaveat()) - require.Equal("write_limit", simplified.GetCaveat().CaveatName) - require.Equal(float64(2), simplified.GetCaveat().Context.AsMap()["limit"]) + require.Equal("write_limit", simplified.GetCaveat().GetCaveatName()) + require.Equal(float64(2), simplified.GetCaveat().GetContext().AsMap()["limit"]) }) } @@ -1276,10 +1276,10 @@ func TestSimplifyNotConditional(t *testing.T) { // Verify the structure: should still be a NOT operation with the child caveat require.NotNil(simplified.GetOperation(), "Result should be an operation") - require.Equal(core.CaveatOperation_NOT, simplified.GetOperation().Op, "Should be a NOT operation") - require.Len(simplified.GetOperation().Children, 1, "NOT should have one child") - require.NotNil(simplified.GetOperation().Children[0].GetCaveat(), "Child should be the original caveat") - require.Equal("limit_check", simplified.GetOperation().Children[0].GetCaveat().CaveatName) + require.Equal(core.CaveatOperation_NOT, simplified.GetOperation().GetOp(), "Should be a NOT operation") + require.Len(simplified.GetOperation().GetChildren(), 1, "NOT should have one child") + require.NotNil(simplified.GetOperation().GetChildren()[0].GetCaveat(), "Child should be the original caveat") + require.Equal("limit_check", simplified.GetOperation().GetChildren()[0].GetCaveat().GetCaveatName()) } func TestSimplifyDeeplyNestedCaveats(t *testing.T) { diff --git a/pkg/query/union_test.go b/pkg/query/union_test.go index 13c42a584..a7ce06909 100644 --- a/pkg/query/union_test.go +++ b/pkg/query/union_test.go @@ -509,7 +509,7 @@ func TestUnionIteratorCaveatCombination(t *testing.T) { relCaveat := rels[0].Caveat require.NotNil(relCaveat, "Result should have combined caveat") require.NotNil(relCaveat.GetOperation(), "Caveat should be an operation") - require.Equal(relCaveat.GetOperation().Op, core.CaveatOperation_OR, "Caveat should be an OR") + require.Equal(relCaveat.GetOperation().GetOp(), core.CaveatOperation_OR, "Caveat should be an OR") require.Len(relCaveat.GetOperation().GetChildren(), 2, "Caveat should be an OR of two children") }) @@ -588,7 +588,7 @@ func TestUnionIteratorCaveatCombination(t *testing.T) { require.NotNil(path.Caveat, "Each path should keep its caveat") // Extract caveat name - simplified check for test if caveatExpr := path.Caveat.GetCaveat(); caveatExpr != nil { - caveatNames[i] = caveatExpr.CaveatName + caveatNames[i] = caveatExpr.GetCaveatName() } } require.ElementsMatch([]string{"caveat1", "caveat2"}, caveatNames) diff --git a/pkg/schema/arrows.go b/pkg/schema/arrows.go index 0e57b39e0..58a575e75 100644 --- a/pkg/schema/arrows.go +++ b/pkg/schema/arrows.go @@ -68,8 +68,8 @@ func (as *ArrowSet) compute(ctx context.Context) error { if err != nil { return err } - for _, relation := range def.nsDef.Relation { - if err := as.collectArrowInformationForRelation(ctx, def, relation.Name); err != nil { + for _, relation := range def.nsDef.GetRelation() { + if err := as.collectArrowInformationForRelation(ctx, def, relation.GetName()); err != nil { return err } } @@ -78,7 +78,7 @@ func (as *ArrowSet) compute(ctx context.Context) error { } func (as *ArrowSet) add(ttu *core.TupleToUserset, path string, namespaceName string, relationName string) { - tsKey := namespaceName + "#" + ttu.Tupleset.Relation + tsKey := namespaceName + "#" + ttu.GetTupleset().GetRelation() as.arrowsByFullTuplesetRelation.Add(tsKey, ArrowInformation{Path: path, Arrow: ttu, ParentRelationName: relationName}) } @@ -91,11 +91,11 @@ func (as *ArrowSet) collectArrowInformationForRelation(ctx context.Context, def if !ok { return asTypeError(NewRelationNotFoundErr(def.Namespace().GetName(), relationName)) } - return as.collectArrowInformationForRewrite(ctx, relation.UsersetRewrite, def, relation, relationName) + return as.collectArrowInformationForRewrite(ctx, relation.GetUsersetRewrite(), def, relation, relationName) } func (as *ArrowSet) collectArrowInformationForRewrite(ctx context.Context, rewrite *core.UsersetRewrite, def *ValidatedDefinition, relation *core.Relation, path string) error { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: return as.collectArrowInformationForSetOperation(ctx, rw.Union, def, relation, path) case *core.UsersetRewrite_Intersection: @@ -108,23 +108,23 @@ func (as *ArrowSet) collectArrowInformationForRewrite(ctx context.Context, rewri } func (as *ArrowSet) registerTupleToUsersetArrows(ctx context.Context, ttu *core.TupleToUserset, def *ValidatedDefinition, relation *core.Relation, updatedPath string, tuplesetRelation string, computedUsersetRelation string) error { - as.add(ttu, updatedPath, def.Namespace().Name, relation.Name) + as.add(ttu, updatedPath, def.Namespace().GetName(), relation.GetName()) allowedSubjectTypes, err := def.AllowedSubjectRelations(tuplesetRelation) if err != nil { return err } for _, ast := range allowedSubjectTypes { - def, err := as.ts.GetValidatedDefinition(ctx, ast.Namespace) + def, err := as.ts.GetValidatedDefinition(ctx, ast.GetNamespace()) if err != nil { return err } // NOTE: this is explicitly added to the arrowsByComputedUsersetNamespaceAndRelation without // checking if the relation/permission exists, because it's needed for schema diff tracking. - as.arrowsByComputedUsersetNamespaceAndRelation.Add(ast.Namespace+"#"+computedUsersetRelation, ArrowInformation{Path: updatedPath, Arrow: ttu, ParentRelationName: relation.Name}) + as.arrowsByComputedUsersetNamespaceAndRelation.Add(ast.GetNamespace()+"#"+computedUsersetRelation, ArrowInformation{Path: updatedPath, Arrow: ttu, ParentRelationName: relation.GetName()}) if def.HasRelation(computedUsersetRelation) { - as.reachableComputedUsersetRelationsByTuplesetRelation.Add(ast.Namespace+"#"+tuplesetRelation, ast.Namespace+"#"+computedUsersetRelation) + as.reachableComputedUsersetRelationsByTuplesetRelation.Add(ast.GetNamespace()+"#"+tuplesetRelation, ast.GetNamespace()+"#"+computedUsersetRelation) } } @@ -132,9 +132,9 @@ func (as *ArrowSet) registerTupleToUsersetArrows(ctx context.Context, ttu *core. } func (as *ArrowSet) collectArrowInformationForSetOperation(ctx context.Context, so *core.SetOperation, def *ValidatedDefinition, relation *core.Relation, path string) error { - for index, childOneof := range so.Child { + for index, childOneof := range so.GetChild() { updatedPath := path + "." + strconv.Itoa(index) - switch child := childOneof.ChildType.(type) { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_ComputedUserset: // Nothing to do @@ -145,7 +145,7 @@ func (as *ArrowSet) collectArrowInformationForSetOperation(ctx context.Context, } case *core.SetOperation_Child_TupleToUserset: - err := as.registerTupleToUsersetArrows(ctx, child.TupleToUserset, def, relation, updatedPath, child.TupleToUserset.Tupleset.Relation, child.TupleToUserset.ComputedUserset.Relation) + err := as.registerTupleToUsersetArrows(ctx, child.TupleToUserset, def, relation, updatedPath, child.TupleToUserset.GetTupleset().GetRelation(), child.TupleToUserset.GetComputedUserset().GetRelation()) if err != nil { return err } @@ -155,12 +155,12 @@ func (as *ArrowSet) collectArrowInformationForSetOperation(ctx context.Context, // since the arrow relationship structure is the same regardless of function type ttu := &core.TupleToUserset{ Tupleset: &core.TupleToUserset_Tupleset{ - Relation: child.FunctionedTupleToUserset.Tupleset.Relation, + Relation: child.FunctionedTupleToUserset.GetTupleset().GetRelation(), }, - ComputedUserset: child.FunctionedTupleToUserset.ComputedUserset, + ComputedUserset: child.FunctionedTupleToUserset.GetComputedUserset(), } - err := as.registerTupleToUsersetArrows(ctx, ttu, def, relation, updatedPath, child.FunctionedTupleToUserset.Tupleset.Relation, child.FunctionedTupleToUserset.ComputedUserset.Relation) + err := as.registerTupleToUsersetArrows(ctx, ttu, def, relation, updatedPath, child.FunctionedTupleToUserset.GetTupleset().GetRelation(), child.FunctionedTupleToUserset.GetComputedUserset().GetRelation()) if err != nil { return err } diff --git a/pkg/schema/arrows_test.go b/pkg/schema/arrows_test.go index f56d2acf5..af8342163 100644 --- a/pkg/schema/arrows_test.go +++ b/pkg/schema/arrows_test.go @@ -132,17 +132,17 @@ func TestLookupTuplesetArrows(t *testing.T) { require.NoError(t, err) for _, resource := range schema.ObjectDefinitions { - for _, relation := range resource.Relation { - arrows := arrowSet.LookupTuplesetArrows(resource.Name, relation.Name) + for _, relation := range resource.GetRelation() { + arrows := arrowSet.LookupTuplesetArrows(resource.GetName(), relation.GetName()) require.NotNil(t, arrows) - rel := resource.Name + "#" + relation.Name + rel := resource.GetName() + "#" + relation.GetName() expected, ok := tc.expected[rel] require.True(t, ok, "expected %v to be in %v", rel, tc.expected) require.Len(t, arrows, len(expected), rel) for _, arrow := range arrows { - key := arrow.Arrow.Tupleset.Relation + "->" + arrow.Arrow.ComputedUserset.Relation + key := arrow.Arrow.GetTupleset().GetRelation() + "->" + arrow.Arrow.GetComputedUserset().GetRelation() require.Contains(t, expected, key, "expected %v to be in %v", key, expected) } } diff --git a/pkg/schema/definition.go b/pkg/schema/definition.go index a443a11dd..0b06b8d99 100644 --- a/pkg/schema/definition.go +++ b/pkg/schema/definition.go @@ -79,16 +79,16 @@ const ( func NewDefinition(ts *TypeSystem, nsDef *core.NamespaceDefinition) (*Definition, error) { relationMap := make(map[string]*core.Relation, len(nsDef.GetRelation())) for _, relation := range nsDef.GetRelation() { - _, existing := relationMap[relation.Name] + _, existing := relationMap[relation.GetName()] if existing { return nil, NewTypeWithSourceError( - NewDuplicateRelationError(nsDef.Name, relation.Name), + NewDuplicateRelationError(nsDef.GetName(), relation.GetName()), relation, - relation.Name, + relation.GetName(), ) } - relationMap[relation.Name] = relation + relationMap[relation.GetName()] = relation } return &Definition{ @@ -151,7 +151,7 @@ func (def *Definition) IsPermission(relationName string) bool { func (def *Definition) GetAllowedDirectNamespaceSubjectRelations(sourceRelationName string, targetNamespaceName string) (*mapz.Set[string], error) { found, ok := def.relationMap[sourceRelationName] if !ok { - return nil, asTypeError(NewRelationNotFoundErr(def.nsDef.Name, sourceRelationName)) + return nil, asTypeError(NewRelationNotFoundErr(def.nsDef.GetName(), sourceRelationName)) } typeInfo := found.GetTypeInformation() @@ -175,7 +175,7 @@ func (def *Definition) GetAllowedDirectNamespaceSubjectRelations(sourceRelationN func (def *Definition) IsAllowedDirectNamespace(sourceRelationName string, targetNamespaceName string) (AllowedDefinitionOption, error) { found, ok := def.relationMap[sourceRelationName] if !ok { - return UnknownIfAllowedDefinition, asTypeError(NewRelationNotFoundErr(def.nsDef.Name, sourceRelationName)) + return UnknownIfAllowedDefinition, asTypeError(NewRelationNotFoundErr(def.nsDef.GetName(), sourceRelationName)) } typeInfo := found.GetTypeInformation() @@ -197,7 +197,7 @@ func (def *Definition) IsAllowedDirectNamespace(sourceRelationName string, targe func (def *Definition) IsAllowedPublicNamespace(sourceRelationName string, targetNamespaceName string) (AllowedPublicSubject, error) { found, ok := def.relationMap[sourceRelationName] if !ok { - return UnknownIfPublicAllowed, asTypeError(NewRelationNotFoundErr(def.nsDef.Name, sourceRelationName)) + return UnknownIfPublicAllowed, asTypeError(NewRelationNotFoundErr(def.nsDef.GetName(), sourceRelationName)) } typeInfo := found.GetTypeInformation() @@ -220,7 +220,7 @@ func (def *Definition) IsAllowedPublicNamespace(sourceRelationName string, targe func (def *Definition) IsAllowedDirectRelation(sourceRelationName string, targetNamespaceName string, targetRelationName string) (AllowedDirectRelation, error) { found, ok := def.relationMap[sourceRelationName] if !ok { - return UnknownIfRelationAllowed, asTypeError(NewRelationNotFoundErr(def.nsDef.Name, sourceRelationName)) + return UnknownIfRelationAllowed, asTypeError(NewRelationNotFoundErr(def.nsDef.GetName(), sourceRelationName)) } typeInfo := found.GetTypeInformation() @@ -242,7 +242,7 @@ func (def *Definition) IsAllowedDirectRelation(sourceRelationName string, target func (def *Definition) HasAllowedRelation(sourceRelationName string, toCheck *core.AllowedRelation) (AllowedRelationOption, error) { found, ok := def.relationMap[sourceRelationName] if !ok { - return UnknownIfAllowed, asTypeError(NewRelationNotFoundErr(def.nsDef.Name, sourceRelationName)) + return UnknownIfAllowed, asTypeError(NewRelationNotFoundErr(def.nsDef.GetName(), sourceRelationName)) } typeInfo := found.GetTypeInformation() @@ -265,7 +265,7 @@ func (def *Definition) HasAllowedRelation(sourceRelationName string, toCheck *co func (def *Definition) AllowedDirectRelationsAndWildcards(sourceRelationName string) ([]*core.AllowedRelation, error) { found, ok := def.relationMap[sourceRelationName] if !ok { - return []*core.AllowedRelation{}, asTypeError(NewRelationNotFoundErr(def.nsDef.Name, sourceRelationName)) + return []*core.AllowedRelation{}, asTypeError(NewRelationNotFoundErr(def.nsDef.GetName(), sourceRelationName)) } typeInfo := found.GetTypeInformation() @@ -322,7 +322,7 @@ func SourceForAllowedRelation(allowedRelation *core.AllowedRelation) string { if hasTraits { caveatAndTraitsStr = " with " if hasCaveat { - caveatAndTraitsStr += allowedRelation.RequiredCaveat.CaveatName + caveatAndTraitsStr += allowedRelation.GetRequiredCaveat().GetCaveatName() } if hasCaveat && hasExpirationTrait { @@ -335,14 +335,14 @@ func SourceForAllowedRelation(allowedRelation *core.AllowedRelation) string { } if allowedRelation.GetPublicWildcard() != nil { - return tuple.JoinObjectRef(allowedRelation.Namespace, "*") + caveatAndTraitsStr + return tuple.JoinObjectRef(allowedRelation.GetNamespace(), "*") + caveatAndTraitsStr } if rel := allowedRelation.GetRelation(); rel != tuple.Ellipsis { - return tuple.JoinRelRef(allowedRelation.Namespace, rel) + caveatAndTraitsStr + return tuple.JoinRelRef(allowedRelation.GetNamespace(), rel) + caveatAndTraitsStr } - return allowedRelation.Namespace + caveatAndTraitsStr + return allowedRelation.GetNamespace() + caveatAndTraitsStr } // RelationDoesNotAllowCaveatsOrTraitsForSubject returns true if and only if it can be conclusively determined that @@ -377,7 +377,7 @@ func (t Traits) union(other Traits) Traits { func (def *Definition) PossibleTraitsForSubject(relationName string, subjectTypeName string) (Traits, error) { relation, ok := def.relationMap[relationName] if !ok { - return Traits{}, NewRelationNotFoundErr(def.nsDef.Name, relationName) + return Traits{}, NewRelationNotFoundErr(def.nsDef.GetName(), relationName) } typeInfo := relation.GetTypeInformation() @@ -393,7 +393,7 @@ func (def *Definition) PossibleTraitsForSubject(relationName string, subjectType for _, allowedRelation := range typeInfo.GetAllowedDirectRelations() { if allowedRelation.GetNamespace() == subjectTypeName { foundSubjectType = true - if allowedRelation.GetRequiredCaveat() != nil && allowedRelation.GetRequiredCaveat().CaveatName != "" { + if allowedRelation.GetRequiredCaveat() != nil && allowedRelation.GetRequiredCaveat().GetCaveatName() != "" { foundTraits.AllowsCaveats = true } if allowedRelation.GetRequiredExpiration() != nil { @@ -417,7 +417,7 @@ func (def *Definition) PossibleTraitsForSubject(relationName string, subjectType func (def *Definition) PossibleTraitsForAnySubject(relationName string) (Traits, error) { relation, ok := def.relationMap[relationName] if !ok { - return Traits{}, NewRelationNotFoundErr(def.nsDef.Name, relationName) + return Traits{}, NewRelationNotFoundErr(def.nsDef.GetName(), relationName) } typeInfo := relation.GetTypeInformation() @@ -430,7 +430,7 @@ func (def *Definition) PossibleTraitsForAnySubject(relationName string) (Traits, foundTraits := Traits{} for _, allowedRelation := range typeInfo.GetAllowedDirectRelations() { - if allowedRelation.GetRequiredCaveat() != nil && allowedRelation.GetRequiredCaveat().CaveatName != "" { + if allowedRelation.GetRequiredCaveat() != nil && allowedRelation.GetRequiredCaveat().GetCaveatName() != "" { foundTraits.AllowsCaveats = true } if allowedRelation.GetRequiredExpiration() != nil { diff --git a/pkg/schema/definition_test.go b/pkg/schema/definition_test.go index 4f3c05660..f99fe5cf0 100644 --- a/pkg/schema/definition_test.go +++ b/pkg/schema/definition_test.go @@ -1530,13 +1530,13 @@ func TestTypeSystemAccessors(t *testing.T) { require.Equal(vts.Namespace(), nsDef) - tester, ok := tc.namespaces[nsDef.Name] + tester, ok := tc.namespaces[nsDef.GetName()] if ok { tester := tester vts := vts - t.Run(nsDef.Name, func(t *testing.T) { - for _, relation := range nsDef.Relation { - require.True(vts.IsPermission(relation.Name) || vts.HasTypeInformation(relation.Name)) + t.Run(nsDef.GetName(), func(t *testing.T) { + for _, relation := range nsDef.GetRelation() { + require.True(vts.IsPermission(relation.GetName()) || vts.HasTypeInformation(relation.GetName())) } tester(t, vts) diff --git a/pkg/schema/errors.go b/pkg/schema/errors.go index 1a7416a0e..373c2f6c0 100644 --- a/pkg/schema/errors.go +++ b/pkg/schema/errors.go @@ -423,8 +423,8 @@ func NewTypeWithSourceError(wrapped error, withSource nspkg.WithSourcePosition, return asTypeError(spiceerrors.NewWithSourceError( wrapped, sourceCodeString, - sourcePosition.ZeroIndexedLineNumber+1, // +1 to make 1-indexed - sourcePosition.ZeroIndexedColumnPosition+1, // +1 to make 1-indexed + sourcePosition.GetZeroIndexedLineNumber()+1, // +1 to make 1-indexed + sourcePosition.GetZeroIndexedColumnPosition()+1, // +1 to make 1-indexed )) } diff --git a/pkg/schema/full_reachability.go b/pkg/schema/full_reachability.go index 0372e2ed1..c22e97cc7 100644 --- a/pkg/schema/full_reachability.go +++ b/pkg/schema/full_reachability.go @@ -76,9 +76,9 @@ func relationsReferencing(ctx context.Context, arrowSet *ArrowSet, res FullSchem if err != nil { return nil, err } - for _, relation := range def.Namespace().Relation { + for _, relation := range def.Namespace().GetRelation() { // Check for the use of the relation directly as part of any permissions in the same namespace. - if def.IsPermission(relation.Name) && name == namespaceName { + if def.IsPermission(relation.GetName()) && name == namespaceName { hasReference, err := expressionReferencesRelation(ctx, relation.GetUsersetRewrite(), relationName) if err != nil { return nil, err @@ -88,7 +88,7 @@ func relationsReferencing(ctx context.Context, arrowSet *ArrowSet, res FullSchem foundReferences = append(foundReferences, RelationReferenceInfo{ Relation: &core.RelationReference{ Namespace: name, - Relation: relation.Name, + Relation: relation.GetName(), }, Type: RelationInExpression, }) @@ -97,7 +97,7 @@ func relationsReferencing(ctx context.Context, arrowSet *ArrowSet, res FullSchem } // Check for the use of the relation as a subject type on any relation in the entire schema. - isAllowed, err := def.IsAllowedDirectRelation(relation.Name, namespaceName, relationName) + isAllowed, err := def.IsAllowedDirectRelation(relation.GetName(), namespaceName, relationName) if err != nil { return nil, err } @@ -106,7 +106,7 @@ func relationsReferencing(ctx context.Context, arrowSet *ArrowSet, res FullSchem foundReferences = append(foundReferences, RelationReferenceInfo{ Relation: &core.RelationReference{ Namespace: name, - Relation: relation.Name, + Relation: relation.GetName(), }, Type: RelationIsSubjectType, }) @@ -163,15 +163,15 @@ func preComputeRelationReferenceInfo(ctx context.Context, arrowSet *ArrowSet, re if err != nil { return nil, err } - for _, outerRelation := range outerTS.Namespace().Relation { - referenceInfos, err := relationsReferencing(ctx, arrowSet, res, ts, namespaceName, outerRelation.Name) + for _, outerRelation := range outerTS.Namespace().GetRelation() { + referenceInfos, err := relationsReferencing(ctx, arrowSet, res, ts, namespaceName, outerRelation.GetName()) if err != nil { return nil, err } nsAndRel := nsAndRel{ Namespace: namespaceName, - Relation: outerRelation.Name, + Relation: outerRelation.GetName(), } nsAndRelToInfo[nsAndRel] = referenceInfos } @@ -182,7 +182,7 @@ func preComputeRelationReferenceInfo(ctx context.Context, arrowSet *ArrowSet, re func expressionReferencesRelation(ctx context.Context, rewrite *core.UsersetRewrite, relationName string) (bool, error) { // TODO(jschorr): Precompute this and maybe create a visitor pattern to stop repeating this everywhere - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: return setOperationReferencesRelation(ctx, rw.Union, relationName) case *core.UsersetRewrite_Intersection: @@ -195,10 +195,10 @@ func expressionReferencesRelation(ctx context.Context, rewrite *core.UsersetRewr } func setOperationReferencesRelation(ctx context.Context, so *core.SetOperation, relationName string) (bool, error) { - for _, childOneof := range so.Child { - switch child := childOneof.ChildType.(type) { + for _, childOneof := range so.GetChild() { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_ComputedUserset: - if child.ComputedUserset.Relation == relationName { + if child.ComputedUserset.GetRelation() == relationName { return true, nil } diff --git a/pkg/schema/full_reachability_test.go b/pkg/schema/full_reachability_test.go index eab8506bf..c2493646e 100644 --- a/pkg/schema/full_reachability_test.go +++ b/pkg/schema/full_reachability_test.go @@ -364,9 +364,9 @@ func TestRelationsReferencing(t *testing.T) { require.NoError(t, err) for _, resource := range schema.ObjectDefinitions { - for _, relation := range resource.Relation { - references := graph.RelationsReferencing(resource.Name, relation.Name) - rel := resource.Name + "#" + relation.Name + for _, relation := range resource.GetRelation() { + references := graph.RelationsReferencing(resource.GetName(), relation.GetName()) + rel := resource.GetName() + "#" + relation.GetName() expectedRelations, ok := tc.expected[rel] require.True(t, ok, "expected %v to be in %v", rel, tc.expected) require.Len(t, references, len(expectedRelations), "found rel: %s => expected: %v | found %v", rel, expectedRelations, references) @@ -381,8 +381,8 @@ func TestRelationsReferencing(t *testing.T) { func containsRelation(references []RelationReferenceInfo, relation expectedRelation) bool { for _, reference := range references { - if reference.Relation.Namespace == relation.Namespace && - reference.Relation.Relation == relation.Relation && + if reference.Relation.GetNamespace() == relation.Namespace && + reference.Relation.GetRelation() == relation.Relation && reference.Type == relation.Type { return true } diff --git a/pkg/schema/reachabilitygraph.go b/pkg/schema/reachabilitygraph.go index 85a4751fa..5d55508cc 100644 --- a/pkg/schema/reachabilitygraph.go +++ b/pkg/schema/reachabilitygraph.go @@ -59,7 +59,7 @@ func (rg *DefinitionReachability) RelationsEncounteredForSubject( allDefinitions []*core.NamespaceDefinition, startingSubjectType *core.RelationReference, ) ([]*core.RelationReference, error) { - if startingSubjectType.Namespace != rg.def.nsDef.Name { + if startingSubjectType.GetNamespace() != rg.def.nsDef.GetName() { return nil, spiceerrors.MustBugf("gave mismatching namespace name for subject type to reachability graph") } @@ -72,23 +72,23 @@ func (rg *DefinitionReachability) RelationsEncounteredForSubject( for len(subjectTypesToCheck) != 0 { collected := &[]ReachabilityEntrypoint{} for _, nsDef := range allDefinitions { - nts, err := rg.def.ts.GetDefinition(ctx, nsDef.Name) + nts, err := rg.def.ts.GetDefinition(ctx, nsDef.GetName()) if err != nil { return nil, err } nrg := nts.Reachability() - for _, relation := range nsDef.Relation { + for _, relation := range nsDef.GetRelation() { for _, subjectType := range subjectTypesToCheck { - if subjectType.Namespace == nsDef.Name && subjectType.Relation == relation.Name { + if subjectType.GetNamespace() == nsDef.GetName() && subjectType.GetRelation() == relation.GetName() { continue } encounteredRelations := map[string]struct{}{} err := nrg.collectEntrypoints(ctx, &core.RelationReference{ - Namespace: nsDef.Name, - Relation: relation.Name, + Namespace: nsDef.GetName(), + Relation: relation.GetName(), }, subjectType, collected, encounteredRelations, reachabilityFull, entrypointLookupFindAll) if err != nil { return nil, err @@ -100,13 +100,13 @@ func (rg *DefinitionReachability) RelationsEncounteredForSubject( subjectTypesToCheck = make([]*core.RelationReference, 0, len(*collected)) for _, entrypoint := range *collected { - st := tuple.JoinRelRef(entrypoint.re.TargetRelation.Namespace, entrypoint.re.TargetRelation.Relation) + st := tuple.JoinRelRef(entrypoint.re.GetTargetRelation().GetNamespace(), entrypoint.re.GetTargetRelation().GetRelation()) if !added.Add(st) { continue } allRelationNames.Add(st) - subjectTypesToCheck = append(subjectTypesToCheck, entrypoint.re.TargetRelation) + subjectTypesToCheck = append(subjectTypesToCheck, entrypoint.re.GetTargetRelation()) } } @@ -188,7 +188,7 @@ func (rg *DefinitionReachability) computeEntrypoints( reachabilityOption reachabilityOption, entrypointLookupOption entrypointLookupOption, ) ([]ReachabilityEntrypoint, []string, error) { - if resourceType.Namespace != rg.def.nsDef.Name { + if resourceType.GetNamespace() != rg.def.nsDef.GetName() { return nil, nil, errors.New("gave mismatching namespace name for resource type to reachability graph") } @@ -234,12 +234,12 @@ func (rg *DefinitionReachability) getOrBuildGraph(ctx context.Context, resourceT } // Load the type system for the target resource relation. - tdef, err := rg.def.ts.GetDefinition(ctx, resourceType.Namespace) + tdef, err := rg.def.ts.GetDefinition(ctx, resourceType.GetNamespace()) if err != nil { return nil, err } - rrg, err := computeReachability(ctx, tdef, resourceType.Relation, reachabilityOption) + rrg, err := computeReachability(ctx, tdef, resourceType.GetRelation(), reachabilityOption) if err != nil { return nil, err } @@ -258,7 +258,7 @@ func (rg *DefinitionReachability) collectEntrypoints( entrypointLookupOption entrypointLookupOption, ) error { // Ensure that we only process each relation once. - key := tuple.JoinRelRef(resourceType.Namespace, resourceType.Relation) + key := tuple.JoinRelRef(resourceType.GetNamespace(), resourceType.GetRelation()) if _, ok := encounteredRelations[key]; ok { return nil } @@ -272,7 +272,7 @@ func (rg *DefinitionReachability) collectEntrypoints( if optionalSubjectType != nil { // Add subject type entrypoints. - subjectTypeEntrypoints, ok := rrg.EntrypointsBySubjectType[optionalSubjectType.Namespace] + subjectTypeEntrypoints, ok := rrg.GetEntrypointsBySubjectType()[optionalSubjectType.GetNamespace()] if ok { addEntrypoints(subjectTypeEntrypoints, resourceType, collected, encounteredRelations) } @@ -282,7 +282,7 @@ func (rg *DefinitionReachability) collectEntrypoints( } // Add subject relation entrypoints. - subjectRelationEntrypoints, ok := rrg.EntrypointsBySubjectRelation[tuple.JoinRelRef(optionalSubjectType.Namespace, optionalSubjectType.Relation)] + subjectRelationEntrypoints, ok := rrg.GetEntrypointsBySubjectRelation()[tuple.JoinRelRef(optionalSubjectType.GetNamespace(), optionalSubjectType.GetRelation())] if ok { addEntrypoints(subjectRelationEntrypoints, resourceType, collected, encounteredRelations) } @@ -292,24 +292,24 @@ func (rg *DefinitionReachability) collectEntrypoints( } } else { // Add all entrypoints. - for _, entrypoints := range rrg.EntrypointsBySubjectType { + for _, entrypoints := range rrg.GetEntrypointsBySubjectType() { addEntrypoints(entrypoints, resourceType, collected, encounteredRelations) } - for _, entrypoints := range rrg.EntrypointsBySubjectRelation { + for _, entrypoints := range rrg.GetEntrypointsBySubjectRelation() { addEntrypoints(entrypoints, resourceType, collected, encounteredRelations) } } // Sort the keys to ensure a stable graph is produced. - keys := slices.Collect(maps.Keys(rrg.EntrypointsBySubjectRelation)) + keys := slices.Collect(maps.Keys(rrg.GetEntrypointsBySubjectRelation())) sort.Strings(keys) // Recursively collect over any reachability graphs for subjects with non-ellipsis relations. for _, entrypointSetKey := range keys { - entrypointSet := rrg.EntrypointsBySubjectRelation[entrypointSetKey] - if entrypointSet.SubjectRelation != nil && entrypointSet.SubjectRelation.Relation != tuple.Ellipsis { - err := rg.collectEntrypoints(ctx, entrypointSet.SubjectRelation, optionalSubjectType, collected, encounteredRelations, reachabilityOption, entrypointLookupOption) + entrypointSet := rrg.GetEntrypointsBySubjectRelation()[entrypointSetKey] + if entrypointSet.GetSubjectRelation() != nil && entrypointSet.GetSubjectRelation().GetRelation() != tuple.Ellipsis { + err := rg.collectEntrypoints(ctx, entrypointSet.GetSubjectRelation(), optionalSubjectType, collected, encounteredRelations, reachabilityOption, entrypointLookupOption) if err != nil { return err } @@ -324,9 +324,9 @@ func (rg *DefinitionReachability) collectEntrypoints( } func addEntrypoints(entrypoints *core.ReachabilityEntrypoints, parentRelation *core.RelationReference, collected *[]ReachabilityEntrypoint, encounteredRelations map[string]struct{}) { - for _, entrypoint := range entrypoints.Entrypoints { - if entrypoint.TuplesetRelation != "" { - key := tuple.JoinRelRef(entrypoint.TargetRelation.Namespace, entrypoint.TuplesetRelation) + for _, entrypoint := range entrypoints.GetEntrypoints() { + if entrypoint.GetTuplesetRelation() != "" { + key := tuple.JoinRelRef(entrypoint.GetTargetRelation().GetNamespace(), entrypoint.GetTuplesetRelation()) encounteredRelations[key] = struct{}{} } @@ -383,7 +383,7 @@ func (re ReachabilityEntrypoint) Hash() (uint64, error) { // EntrypointKind is the kind of the entrypoint. func (re ReachabilityEntrypoint) EntrypointKind() core.ReachabilityEntrypoint_ReachabilityEntrypointKind { - return re.re.Kind + return re.re.GetKind() } // ComputedUsersetRelation returns the tupleset relation of the computed userset, if any. @@ -391,7 +391,7 @@ func (re ReachabilityEntrypoint) ComputedUsersetRelation() (string, error) { if re.EntrypointKind() == core.ReachabilityEntrypoint_RELATION_ENTRYPOINT { return "", fmt.Errorf("cannot call ComputedUsersetRelation for kind %v", re.EntrypointKind()) } - return re.re.ComputedUsersetRelation, nil + return re.re.GetComputedUsersetRelation(), nil } // TuplesetRelation returns the tupleset relation of the TTU, if a TUPLESET_TO_USERSET_ENTRYPOINT. @@ -400,7 +400,7 @@ func (re ReachabilityEntrypoint) TuplesetRelation() (string, error) { return "", fmt.Errorf("cannot call TupleToUserset for kind %v", re.EntrypointKind()) } - return re.re.TuplesetRelation, nil + return re.re.GetTuplesetRelation(), nil } // DirectRelation is the relation that this entrypoint represents, if a RELATION_ENTRYPOINT. @@ -409,12 +409,12 @@ func (re ReachabilityEntrypoint) DirectRelation() (*core.RelationReference, erro return nil, fmt.Errorf("cannot call DirectRelation for kind %v", re.EntrypointKind()) } - return re.re.TargetRelation, nil + return re.re.GetTargetRelation(), nil } // TargetNamespace returns the namespace for the entrypoint's target relation. func (re ReachabilityEntrypoint) TargetNamespace() string { - return re.re.TargetRelation.Namespace + return re.re.GetTargetRelation().GetNamespace() } // ContainingRelationOrPermission is the relation or permission containing this entrypoint. @@ -427,7 +427,7 @@ func (re ReachabilityEntrypoint) ContainingRelationOrPermission() *core.Relation // under an intersection or exclusion, which makes the entrypoint's object merely conditionally // reachable. func (re ReachabilityEntrypoint) IsDirectResult() bool { - return re.re.ResultStatus == core.ReachabilityEntrypoint_DIRECT_OPERATION_RESULT + return re.re.GetResultStatus() == core.ReachabilityEntrypoint_DIRECT_OPERATION_RESULT } func (re ReachabilityEntrypoint) String() string { @@ -454,13 +454,13 @@ func (re ReachabilityEntrypoint) DebugStringOrEmpty() string { func (re ReachabilityEntrypoint) DebugString() (string, error) { switch re.EntrypointKind() { case core.ReachabilityEntrypoint_RELATION_ENTRYPOINT: - return "relation-entrypoint: " + re.re.TargetRelation.Namespace + "#" + re.re.TargetRelation.Relation, nil + return "relation-entrypoint: " + re.re.GetTargetRelation().GetNamespace() + "#" + re.re.GetTargetRelation().GetRelation(), nil case core.ReachabilityEntrypoint_TUPLESET_TO_USERSET_ENTRYPOINT: - return "ttu-entrypoint: " + re.re.TuplesetRelation + " -> " + re.re.TargetRelation.Namespace + "#" + re.re.TargetRelation.Relation, nil + return "ttu-entrypoint: " + re.re.GetTuplesetRelation() + " -> " + re.re.GetTargetRelation().GetNamespace() + "#" + re.re.GetTargetRelation().GetRelation(), nil case core.ReachabilityEntrypoint_COMPUTED_USERSET_ENTRYPOINT: - return "computed-userset-entrypoint: " + re.re.TargetRelation.Namespace + "#" + re.re.TargetRelation.Relation, nil + return "computed-userset-entrypoint: " + re.re.GetTargetRelation().GetNamespace() + "#" + re.re.GetTargetRelation().GetRelation(), nil default: return "", fmt.Errorf("unknown entrypoint kind %v", re.EntrypointKind()) diff --git a/pkg/schema/reachabilitygraph_test.go b/pkg/schema/reachabilitygraph_test.go index 5733964f2..fb2316df3 100644 --- a/pkg/schema/reachabilitygraph_test.go +++ b/pkg/schema/reachabilitygraph_test.go @@ -1211,10 +1211,10 @@ func TestReachabilityGraph(t *testing.T) { }) ts := NewTypeSystem(resolver) - vdef, terr := ts.GetValidatedDefinition(ctx, nsDef.Name) + vdef, terr := ts.GetValidatedDefinition(ctx, nsDef.GetName()) require.NoError(terr) - if nsDef.Name == tc.resourceType.Namespace { + if nsDef.GetName() == tc.resourceType.GetNamespace() { rdef = vdef } } @@ -1243,7 +1243,7 @@ func verifyEntrypoints(require *require.Assertions, foundEntrypoints []Reachabil for _, entrypoint := range foundEntrypoints { foundRelations = append(foundRelations, tuple.StringCoreRR(entrypoint.ContainingRelationOrPermission())) if isDirect, ok := isDirectMap[tuple.StringCoreRR(entrypoint.ContainingRelationOrPermission())]; ok { - require.Equal(isDirect, entrypoint.IsDirectResult(), "found mismatch for whether a direct result for entrypoint for %s", entrypoint.parentRelation.Relation) + require.Equal(isDirect, entrypoint.IsDirectResult(), "found mismatch for whether a direct result for entrypoint for %s", entrypoint.parentRelation.GetRelation()) } } diff --git a/pkg/schema/reachabilitygraphbuilder.go b/pkg/schema/reachabilitygraphbuilder.go index 63e2a9298..5cac787f9 100644 --- a/pkg/schema/reachabilitygraphbuilder.go +++ b/pkg/schema/reachabilitygraphbuilder.go @@ -20,11 +20,11 @@ const ( func computeReachability(ctx context.Context, def *Definition, relationName string, option reachabilityOption) (*core.ReachabilityGraph, error) { targetRelation, ok := def.relationMap[relationName] if !ok { - return nil, fmt.Errorf("relation `%s` not found under type `%s` missing when computing reachability", relationName, def.nsDef.Name) + return nil, fmt.Errorf("relation `%s` not found under type `%s` missing when computing reachability", relationName, def.nsDef.GetName()) } if !def.HasTypeInformation(relationName) && targetRelation.GetUsersetRewrite() == nil { - return nil, fmt.Errorf("relation `%s` missing type information when computing reachability for namespace `%s`", relationName, def.nsDef.Name) + return nil, fmt.Errorf("relation `%s` missing type information when computing reachability for namespace `%s`", relationName, def.nsDef.GetName()) } graph := &core.ReachabilityGraph{ @@ -43,25 +43,25 @@ func computeReachability(ctx context.Context, def *Definition, relationName stri } func computeRewriteReachability(ctx context.Context, graph *core.ReachabilityGraph, rewrite *core.UsersetRewrite, operationResultState core.ReachabilityEntrypoint_EntrypointResultStatus, targetRelation *core.Relation, def *Definition, option reachabilityOption) error { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: - return computeRewriteOpReachability(ctx, rw.Union.Child, operationResultState, graph, targetRelation, def, option) + return computeRewriteOpReachability(ctx, rw.Union.GetChild(), operationResultState, graph, targetRelation, def, option) case *core.UsersetRewrite_Intersection: // If optimized mode is set, only return the first child of the intersection. if option == reachabilityFirst { - return computeRewriteOpReachability(ctx, rw.Intersection.Child[0:1], core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) + return computeRewriteOpReachability(ctx, rw.Intersection.GetChild()[0:1], core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) } - return computeRewriteOpReachability(ctx, rw.Intersection.Child, core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) + return computeRewriteOpReachability(ctx, rw.Intersection.GetChild(), core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) case *core.UsersetRewrite_Exclusion: // If optimized mode is set, only return the first child of the exclusion. if option == reachabilityFirst { - return computeRewriteOpReachability(ctx, rw.Exclusion.Child[0:1], core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) + return computeRewriteOpReachability(ctx, rw.Exclusion.GetChild()[0:1], core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) } - return computeRewriteOpReachability(ctx, rw.Exclusion.Child, core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) + return computeRewriteOpReachability(ctx, rw.Exclusion.GetChild(), core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT, graph, targetRelation, def, option) default: return fmt.Errorf("unknown kind of userset rewrite in reachability computation: %T", rw) @@ -70,21 +70,21 @@ func computeRewriteReachability(ctx context.Context, graph *core.ReachabilityGra func computeRewriteOpReachability(ctx context.Context, children []*core.SetOperation_Child, operationResultState core.ReachabilityEntrypoint_EntrypointResultStatus, graph *core.ReachabilityGraph, targetRelation *core.Relation, def *Definition, option reachabilityOption) error { rr := &core.RelationReference{ - Namespace: def.nsDef.Name, - Relation: targetRelation.Name, + Namespace: def.nsDef.GetName(), + Relation: targetRelation.GetName(), } for _, childOneof := range children { - switch child := childOneof.ChildType.(type) { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_XThis: return errors.New("use of _this is unsupported; please rewrite your schema") case *core.SetOperation_Child_ComputedUserset: // A computed userset adds an entrypoint indicating that the relation is rewritten. - err := addSubjectEntrypoint(graph, def.nsDef.Name, child.ComputedUserset.Relation, &core.ReachabilityEntrypoint{ + err := addSubjectEntrypoint(graph, def.nsDef.GetName(), child.ComputedUserset.GetRelation(), &core.ReachabilityEntrypoint{ Kind: core.ReachabilityEntrypoint_COMPUTED_USERSET_ENTRYPOINT, TargetRelation: rr, - ComputedUsersetRelation: child.ComputedUserset.Relation, + ComputedUsersetRelation: child.ComputedUserset.GetRelation(), ResultStatus: operationResultState, }) if err != nil { @@ -98,17 +98,17 @@ func computeRewriteOpReachability(ctx context.Context, children []*core.SetOpera } case *core.SetOperation_Child_TupleToUserset: - tuplesetRelation := child.TupleToUserset.Tupleset.Relation - computedUsersetRelation := child.TupleToUserset.ComputedUserset.Relation + tuplesetRelation := child.TupleToUserset.GetTupleset().GetRelation() + computedUsersetRelation := child.TupleToUserset.GetComputedUserset().GetRelation() if err := computeTTUReachability(ctx, graph, tuplesetRelation, computedUsersetRelation, operationResultState, rr, def); err != nil { return err } case *core.SetOperation_Child_FunctionedTupleToUserset: - tuplesetRelation := child.FunctionedTupleToUserset.Tupleset.Relation - computedUsersetRelation := child.FunctionedTupleToUserset.ComputedUserset.Relation + tuplesetRelation := child.FunctionedTupleToUserset.GetTupleset().GetRelation() + computedUsersetRelation := child.FunctionedTupleToUserset.GetComputedUserset().GetRelation() - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ANY: // Nothing to change. @@ -117,7 +117,7 @@ func computeRewriteOpReachability(ctx context.Context, children []*core.SetOpera operationResultState = core.ReachabilityEntrypoint_REACHABLE_CONDITIONAL_RESULT default: - return spiceerrors.MustBugf("unknown function type `%T` in reachability graph building", child.FunctionedTupleToUserset.Function) + return spiceerrors.MustBugf("unknown function type `%T` in reachability graph building", child.FunctionedTupleToUserset.GetFunction()) } if err := computeTTUReachability(ctx, graph, tuplesetRelation, computedUsersetRelation, operationResultState, rr, def); err != nil { @@ -181,13 +181,13 @@ func computeTTUReachability( // right side of the arrow. // Check if the relation does exist on the allowed type, and only add the entrypoint if present. - relDef, err := def.ts.GetDefinition(ctx, allowedRelationType.Namespace) + relDef, err := def.ts.GetDefinition(ctx, allowedRelationType.GetNamespace()) if err != nil { return err } if relDef.HasRelation(computedUsersetRelation) { - err := addSubjectEntrypoint(graph, allowedRelationType.Namespace, computedUsersetRelation, &core.ReachabilityEntrypoint{ + err := addSubjectEntrypoint(graph, allowedRelationType.GetNamespace(), computedUsersetRelation, &core.ReachabilityEntrypoint{ Kind: core.ReachabilityEntrypoint_TUPLESET_TO_USERSET_ENTRYPOINT, TargetRelation: rr, ResultStatus: operationResultState, @@ -209,7 +209,7 @@ func addSubjectEntrypoint(graph *core.ReachabilityGraph, namespaceName string, r return spiceerrors.MustBugf("found empty relation name for subject entrypoint") } - if graph.EntrypointsBySubjectRelation[key] == nil { + if graph.GetEntrypointsBySubjectRelation()[key] == nil { graph.EntrypointsBySubjectRelation[key] = &core.ReachabilityEntrypoints{ Entrypoints: []*core.ReachabilityEntrypoint{}, SubjectRelation: &core.RelationReference{ @@ -230,12 +230,12 @@ func addSubjectEntrypoint(graph *core.ReachabilityGraph, namespaceName string, r func addSubjectLinks(graph *core.ReachabilityGraph, operationResultState core.ReachabilityEntrypoint_EntrypointResultStatus, relation *core.Relation, def *Definition) error { typeInfo := relation.GetTypeInformation() if typeInfo == nil { - return fmt.Errorf("missing type information for relation %s#%s", def.nsDef.Name, relation.Name) + return fmt.Errorf("missing type information for relation %s#%s", def.nsDef.GetName(), relation.GetName()) } rr := &core.RelationReference{ - Namespace: def.nsDef.Name, - Relation: relation.Name, + Namespace: def.nsDef.GetName(), + Relation: relation.GetName(), } allowedDirectRelations := typeInfo.GetAllowedDirectRelations() @@ -243,15 +243,15 @@ func addSubjectLinks(graph *core.ReachabilityGraph, operationResultState core.Re // If the allowed relation is a wildcard, add it as a subject *type* entrypoint, rather than // a subject relation. if directRelation.GetPublicWildcard() != nil { - if graph.EntrypointsBySubjectType[directRelation.Namespace] == nil { - graph.EntrypointsBySubjectType[directRelation.Namespace] = &core.ReachabilityEntrypoints{ + if graph.GetEntrypointsBySubjectType()[directRelation.GetNamespace()] == nil { + graph.EntrypointsBySubjectType[directRelation.GetNamespace()] = &core.ReachabilityEntrypoints{ Entrypoints: []*core.ReachabilityEntrypoint{}, - SubjectType: directRelation.Namespace, + SubjectType: directRelation.GetNamespace(), } } - graph.EntrypointsBySubjectType[directRelation.Namespace].Entrypoints = append( - graph.EntrypointsBySubjectType[directRelation.Namespace].Entrypoints, + graph.EntrypointsBySubjectType[directRelation.GetNamespace()].Entrypoints = append( + graph.EntrypointsBySubjectType[directRelation.GetNamespace()].Entrypoints, &core.ReachabilityEntrypoint{ Kind: core.ReachabilityEntrypoint_RELATION_ENTRYPOINT, TargetRelation: rr, @@ -261,7 +261,7 @@ func addSubjectLinks(graph *core.ReachabilityGraph, operationResultState core.Re continue } - err := addSubjectEntrypoint(graph, directRelation.Namespace, directRelation.GetRelation(), &core.ReachabilityEntrypoint{ + err := addSubjectEntrypoint(graph, directRelation.GetNamespace(), directRelation.GetRelation(), &core.ReachabilityEntrypoint{ Kind: core.ReachabilityEntrypoint_RELATION_ENTRYPOINT, TargetRelation: rr, ResultStatus: operationResultState, diff --git a/pkg/schema/resolver.go b/pkg/schema/resolver.go index 5f6b3caf6..4f7260149 100644 --- a/pkg/schema/resolver.go +++ b/pkg/schema/resolver.go @@ -67,7 +67,7 @@ type DatastoreResolver struct { func (r *DatastoreResolver) LookupDefinition(ctx context.Context, name string) (*core.NamespaceDefinition, bool, error) { if len(r.predefined.Definitions) > 0 { for _, def := range r.predefined.Definitions { - if def.Name == name { + if def.GetName() == name { return def, false, nil } } diff --git a/pkg/schema/type_check.go b/pkg/schema/type_check.go index e6590bcea..2e60e8319 100644 --- a/pkg/schema/type_check.go +++ b/pkg/schema/type_check.go @@ -52,10 +52,10 @@ func (ts *TypeSystem) getTypesForRelationInternal(ctx context.Context, defName s // Supress the error that it couldn't find the relation, as if a relation is missing in a definition, it's already a noop in dispatch. return nil, nil } - if rel.TypeInformation != nil { - return ts.getTypesForInfo(ctx, rel.TypeInformation, seen, nonTerminals) - } else if rel.UsersetRewrite != nil { - return ts.getTypesForRewrite(ctx, defName, rel.UsersetRewrite, seen, nonTerminals) + if rel.GetTypeInformation() != nil { + return ts.getTypesForInfo(ctx, rel.GetTypeInformation(), seen, nonTerminals) + } else if rel.GetUsersetRewrite() != nil { + return ts.getTypesForRewrite(ctx, defName, rel.GetUsersetRewrite(), seen, nonTerminals) } return nil, asTypeError(NewMissingAllowedRelationsErr(defName, relationName)) } @@ -95,7 +95,7 @@ func (ts *TypeSystem) getIntermediateRelationTypes(ctx context.Context, defName return nil, asTypeError(NewRelationNotFoundErr(defName, relName)) } out := mapz.NewSet[string]() - for _, dr := range rel.TypeInformation.GetAllowedDirectRelations() { + for _, dr := range rel.GetTypeInformation().GetAllowedDirectRelations() { out.Add(dr.GetNamespace()) } return out, nil diff --git a/pkg/schema/type_check_test.go b/pkg/schema/type_check_test.go index eedf1272e..03112bd57 100644 --- a/pkg/schema/type_check_test.go +++ b/pkg/schema/type_check_test.go @@ -215,11 +215,11 @@ func TestTypecheckingJustTypes(t *testing.T) { res := ResolverForCompiledSchema(*schema) ts := NewTypeSystem(res) for _, resource := range schema.ObjectDefinitions { - for _, relation := range resource.Relation { - types, err := ts.GetRecursiveTerminalTypesForRelation(t.Context(), resource.Name, relation.Name) + for _, relation := range resource.GetRelation() { + types, err := ts.GetRecursiveTerminalTypesForRelation(t.Context(), resource.GetName(), relation.GetName()) require.NoError(t, err) - rel := resource.Name + "#" + relation.Name + rel := resource.GetName() + "#" + relation.GetName() expected, ok := tc.expected[rel] require.True(t, ok, "expected %v to be in %v", rel, tc.expected) require.Len(t, types, len(expected), rel) @@ -398,11 +398,11 @@ func TestTypecheckingWithSubrelations(t *testing.T) { res := ResolverForCompiledSchema(*schema) ts := NewTypeSystem(res) for _, resource := range schema.ObjectDefinitions { - for _, relation := range resource.Relation { - types, err := ts.GetFullRecursiveSubjectTypesForRelation(t.Context(), resource.Name, relation.Name) + for _, relation := range resource.GetRelation() { + types, err := ts.GetFullRecursiveSubjectTypesForRelation(t.Context(), resource.GetName(), relation.GetName()) require.NoError(t, err) - rel := resource.Name + "#" + relation.Name + rel := resource.GetName() + "#" + relation.GetName() expected, ok := tc.expected[rel] require.True(t, ok, "expected %v to be in %v", rel, tc.expected) require.Len(t, types, len(expected), rel) @@ -508,7 +508,7 @@ func TestTypeAnnotationsValidation(t *testing.T) { var foundError error for _, resource := range schema.ObjectDefinitions { - def, err := ts.GetDefinition(t.Context(), resource.Name) + def, err := ts.GetDefinition(t.Context(), resource.GetName()) if err != nil { foundError = err break diff --git a/pkg/schema/typesystem_validation.go b/pkg/schema/typesystem_validation.go index 908e62f93..6f0b1616f 100644 --- a/pkg/schema/typesystem_validation.go +++ b/pkg/schema/typesystem_validation.go @@ -57,13 +57,13 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro // Validate the usersets. usersetRewrite := relation.GetUsersetRewrite() rerr, err := graph.WalkRewrite(usersetRewrite, func(childOneof *core.SetOperation_Child) (any, error) { - switch child := childOneof.ChildType.(type) { + switch child := childOneof.GetChildType().(type) { case *core.SetOperation_Child_ComputedUserset: relationName := child.ComputedUserset.GetRelation() _, ok := def.relationMap[relationName] if !ok { return NewTypeWithSourceError( - NewRelationNotFoundErr(def.nsDef.Name, relationName), + NewRelationNotFoundErr(def.nsDef.GetName(), relationName), childOneof, relationName, ), nil @@ -84,7 +84,7 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro found, ok := def.relationMap[relationName] if !ok { return NewTypeWithSourceError( - NewRelationNotFoundErr(def.nsDef.Name, relationName), + NewRelationNotFoundErr(def.nsDef.GetName(), relationName), childOneof, relationName, ), nil @@ -92,7 +92,7 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro if nspkg.GetRelationKind(found) == iv1.RelationMetadata_PERMISSION { return NewTypeWithSourceError( - NewPermissionUsedOnLeftOfArrowErr(def.nsDef.Name, relation.Name, relationName), + NewPermissionUsedOnLeftOfArrowErr(def.nsDef.GetName(), relation.GetName(), relationName), childOneof, relationName), nil } @@ -105,8 +105,8 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro if referencedWildcard != nil { return NewTypeWithSourceError( NewWildcardUsedInArrowErr( - def.nsDef.Name, - relation.Name, + def.nsDef.GetName(), + relation.GetName(), relationName, referencedWildcard.WildcardType.GetNamespace(), tuple.StringCoreRR(referencedWildcard.ReferencingRelation), @@ -130,7 +130,7 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro found, ok := def.relationMap[relationName] if !ok { return NewTypeWithSourceError( - NewRelationNotFoundErr(def.nsDef.Name, relationName), + NewRelationNotFoundErr(def.nsDef.GetName(), relationName), childOneof, relationName, ), nil @@ -138,7 +138,7 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro if nspkg.GetRelationKind(found) == iv1.RelationMetadata_PERMISSION { return NewTypeWithSourceError( - NewPermissionUsedOnLeftOfArrowErr(def.nsDef.Name, relation.Name, relationName), + NewPermissionUsedOnLeftOfArrowErr(def.nsDef.GetName(), relation.GetName(), relationName), childOneof, relationName), nil } @@ -151,8 +151,8 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro if referencedWildcard != nil { return NewTypeWithSourceError( NewWildcardUsedInArrowErr( - def.nsDef.Name, - relation.Name, + def.nsDef.GetName(), + relation.GetName(), relationName, referencedWildcard.WildcardType.GetNamespace(), tuple.StringCoreRR(referencedWildcard.ReferencingRelation), @@ -171,7 +171,7 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro } // Validate type information. - typeInfo := relation.TypeInformation + typeInfo := relation.GetTypeInformation() if typeInfo == nil { continue } @@ -188,16 +188,16 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro if usersetRewrite == nil || hasThis { if len(allowedDirectRelations) == 0 { return nil, NewTypeWithSourceError( - NewMissingAllowedRelationsErr(def.nsDef.Name, relation.Name), - relation, relation.Name, + NewMissingAllowedRelationsErr(def.nsDef.GetName(), relation.GetName()), + relation, relation.GetName(), ) } } else { if len(allowedDirectRelations) != 0 { // NOTE: This is a legacy error and should never really occur with schema. return nil, NewTypeWithSourceError( - fmt.Errorf("direct relations are not allowed under relation `%s`", relation.Name), - relation, relation.Name) + fmt.Errorf("direct relations are not allowed under relation `%s`", relation.GetName()), + relation, relation.GetName()) } } @@ -212,14 +212,14 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro source := SourceForAllowedRelation(allowedRelation) if !encountered.Add(source) { return nil, NewTypeWithSourceError( - NewDuplicateAllowedRelationErr(def.nsDef.Name, relation.Name, source), + NewDuplicateAllowedRelationErr(def.nsDef.GetName(), relation.GetName(), source), allowedRelation, source, ) } // Check the namespace. - if allowedRelation.GetNamespace() == def.nsDef.Name { + if allowedRelation.GetNamespace() == def.nsDef.GetName() { if allowedRelation.GetPublicWildcard() == nil && allowedRelation.GetRelation() != tuple.Ellipsis { _, ok := def.relationMap[allowedRelation.GetRelation()] if !ok { @@ -234,7 +234,7 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro subjectTS, err := def.TypeSystem().GetDefinition(ctx, allowedRelation.GetNamespace()) if err != nil { return nil, NewTypeWithSourceError( - fmt.Errorf("could not lookup definition `%s` for relation `%s`: %w", allowedRelation.GetNamespace(), relation.Name, err), + fmt.Errorf("could not lookup definition `%s` for relation `%s`: %w", allowedRelation.GetNamespace(), relation.GetName(), err), allowedRelation, allowedRelation.GetNamespace(), ) @@ -261,9 +261,9 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro if referencedWildcard != nil { return nil, NewTypeWithSourceError( NewTransitiveWildcardErr( - def.nsDef.Name, + def.nsDef.GetName(), relation.GetName(), - allowedRelation.Namespace, + allowedRelation.GetNamespace(), allowedRelation.GetRelation(), referencedWildcard.WildcardType.GetNamespace(), tuple.StringCoreRR(referencedWildcard.ReferencingRelation), @@ -277,10 +277,10 @@ func (def *Definition) Validate(ctx context.Context) (*ValidatedDefinition, erro // Check the caveat, if any. if allowedRelation.GetRequiredCaveat() != nil { - _, err := def.TypeSystem().resolver.LookupCaveat(ctx, allowedRelation.GetRequiredCaveat().CaveatName) + _, err := def.TypeSystem().resolver.LookupCaveat(ctx, allowedRelation.GetRequiredCaveat().GetCaveatName()) if err != nil { return nil, NewTypeWithSourceError( - fmt.Errorf("could not lookup caveat `%s` for relation `%s`: %w", allowedRelation.GetRequiredCaveat().CaveatName, relation.Name, err), + fmt.Errorf("could not lookup caveat `%s` for relation `%s`: %w", allowedRelation.GetRequiredCaveat().GetCaveatName(), relation.GetName(), err), allowedRelation, source, ) @@ -318,7 +318,7 @@ func (ts *TypeSystem) referencesWildcardTypeWithEncountered(ctx context.Context, } func (ts *TypeSystem) computeReferencesWildcardType(ctx context.Context, def *Definition, relationName string, encountered map[string]bool) (*WildcardTypeReference, error) { - relString := tuple.JoinRelRef(def.nsDef.Name, relationName) + relString := tuple.JoinRelRef(def.nsDef.GetName(), relationName) if _, ok := encountered[relString]; ok { return nil, nil } @@ -333,7 +333,7 @@ func (ts *TypeSystem) computeReferencesWildcardType(ctx context.Context, def *De if allowedRelation.GetPublicWildcard() != nil { return &WildcardTypeReference{ ReferencingRelation: &core.RelationReference{ - Namespace: def.nsDef.Name, + Namespace: def.nsDef.GetName(), Relation: relationName, }, WildcardType: allowedRelation, @@ -341,7 +341,7 @@ func (ts *TypeSystem) computeReferencesWildcardType(ctx context.Context, def *De } if allowedRelation.GetRelation() != tuple.Ellipsis { - if allowedRelation.GetNamespace() == def.nsDef.Name { + if allowedRelation.GetNamespace() == def.nsDef.GetName() { found, err := ts.referencesWildcardTypeWithEncountered(ctx, def, allowedRelation.GetRelation(), encountered) if err != nil { return nil, asTypeError(err) diff --git a/pkg/schema/v2/flatten_test.go b/pkg/schema/v2/flatten_test.go index a278354af..a418480cb 100644 --- a/pkg/schema/v2/flatten_test.go +++ b/pkg/schema/v2/flatten_test.go @@ -294,13 +294,13 @@ definition folder { // Step 6: Generate schema string // Sort definitions by name for deterministic output sort.Slice(defs, func(i, j int) bool { - return defs[i].Name < defs[j].Name + return defs[i].GetName() < defs[j].GetName() }) // Sort relations within each definition for deterministic output for _, def := range defs { - sort.Slice(def.Relation, func(i, j int) bool { - return def.Relation[i].Name < def.Relation[j].Name + sort.Slice(def.GetRelation(), func(i, j int) bool { + return def.GetRelation()[i].GetName() < def.GetRelation()[j].GetName() }) } @@ -333,12 +333,12 @@ definition folder { // Sort expected definitions and relations the same way sort.Slice(expectedCompiled.ObjectDefinitions, func(i, j int) bool { - return expectedCompiled.ObjectDefinitions[i].Name < expectedCompiled.ObjectDefinitions[j].Name + return expectedCompiled.ObjectDefinitions[i].GetName() < expectedCompiled.ObjectDefinitions[j].GetName() }) for _, def := range expectedCompiled.ObjectDefinitions { - sort.Slice(def.Relation, func(i, j int) bool { - return def.Relation[i].Name < def.Relation[j].Name + sort.Slice(def.GetRelation(), func(i, j int) bool { + return def.GetRelation()[i].GetName() < def.GetRelation()[j].GetName() }) } diff --git a/pkg/schema/v2/schema_conversion_test.go b/pkg/schema/v2/schema_conversion_test.go index 6ad133d53..72ce0ce13 100644 --- a/pkg/schema/v2/schema_conversion_test.go +++ b/pkg/schema/v2/schema_conversion_test.go @@ -311,14 +311,14 @@ func TestSchemaConversionFromCompiler(t *testing.T) { // Check that each compiled definition maps to a v2 definition for _, compiledDef := range compiled.ObjectDefinitions { - v2Def, exists := v2Schema.Definitions()[compiledDef.Name] - require.True(t, exists, "Compiled definition %s should exist in v2 schema", compiledDef.Name) - require.Equal(t, compiledDef.Name, v2Def.Name()) + v2Def, exists := v2Schema.Definitions()[compiledDef.GetName()] + require.True(t, exists, "Compiled definition %s should exist in v2 schema", compiledDef.GetName()) + require.Equal(t, compiledDef.GetName(), v2Def.Name()) // Count relations and permissions from compiled schema compiledRelations := 0 compiledPermissions := 0 - for _, relation := range compiledDef.Relation { + for _, relation := range compiledDef.GetRelation() { if relation.GetTypeInformation() != nil { compiledRelations++ } @@ -333,10 +333,10 @@ func TestSchemaConversionFromCompiler(t *testing.T) { // Check that each compiled caveat maps to a v2 caveat for _, compiledCaveat := range compiled.CaveatDefinitions { - v2Caveat, exists := v2Schema.Caveats()[compiledCaveat.Name] - require.True(t, exists, "Compiled caveat %s should exist in v2 schema", compiledCaveat.Name) - require.Equal(t, compiledCaveat.Name, v2Caveat.Name()) - require.Equal(t, string(compiledCaveat.SerializedExpression), v2Caveat.Expression()) + v2Caveat, exists := v2Schema.Caveats()[compiledCaveat.GetName()] + require.True(t, exists, "Compiled caveat %s should exist in v2 schema", compiledCaveat.GetName()) + require.Equal(t, compiledCaveat.GetName(), v2Caveat.Name()) + require.Equal(t, string(compiledCaveat.GetSerializedExpression()), v2Caveat.Expression()) } }) } diff --git a/pkg/schemadsl/compiler/compiler_test.go b/pkg/schemadsl/compiler/compiler_test.go index da912d365..28f1e6d0a 100644 --- a/pkg/schemadsl/compiler/compiler_test.go +++ b/pkg/schemadsl/compiler/compiler_test.go @@ -1081,22 +1081,22 @@ func TestCompile(t *testing.T) { if caveatDef, ok := def.(*core.CaveatDefinition); ok { expectedCaveatDef, ok := expectedDef.(*core.CaveatDefinition) require.True(ok, "definition is not a caveat def") - require.Equal(expectedCaveatDef.Name, caveatDef.Name) - require.Len(caveatDef.ParameterTypes, len(expectedCaveatDef.ParameterTypes)) + require.Equal(expectedCaveatDef.GetName(), caveatDef.GetName()) + require.Len(caveatDef.GetParameterTypes(), len(expectedCaveatDef.GetParameterTypes())) - for expectedParamName, expectedParam := range expectedCaveatDef.ParameterTypes { - foundParam, ok := caveatDef.ParameterTypes[expectedParamName] + for expectedParamName, expectedParam := range expectedCaveatDef.GetParameterTypes() { + foundParam, ok := caveatDef.GetParameterTypes()[expectedParamName] require.True(ok, "missing parameter %s", expectedParamName) testutil.RequireProtoEqual(t, expectedParam, foundParam, "mismatch type for parameter %s", expectedParamName) } - parameterTypes, err := caveattypes.DecodeParameterTypes(caveattypes.Default.TypeSet, caveatDef.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(caveattypes.Default.TypeSet, caveatDef.GetParameterTypes()) require.NoError(err) - expectedDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(expectedCaveatDef.SerializedExpression, parameterTypes) + expectedDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(expectedCaveatDef.GetSerializedExpression(), parameterTypes) require.NoError(err) - foundDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(caveatDef.SerializedExpression, parameterTypes) + foundDecoded, err := caveats.DeserializeCaveatWithDefaultTypeSet(caveatDef.GetSerializedExpression(), parameterTypes) require.NoError(err) expectedExprString, err := expectedDecoded.ExprString() diff --git a/pkg/schemadsl/compiler/translator.go b/pkg/schemadsl/compiler/translator.go index a8804fb11..7fd80567f 100644 --- a/pkg/schemadsl/compiler/translator.go +++ b/pkg/schemadsl/compiler/translator.go @@ -191,7 +191,7 @@ func translateCaveatDefinition(tctx *translationContext, defNode *dslNode) (*cor return nil, err } - def.Metadata = addComments(def.Metadata, defNode) + def.Metadata = addComments(def.GetMetadata(), defNode) def.SourcePosition = getSourcePosition(defNode, tctx.mapper) return def, nil } @@ -247,7 +247,7 @@ func translateObjectDefinition(tctx *translationContext, defNode *dslNode) (*cor if len(relationsAndPermissions) == 0 { ns := namespace.Namespace(nspath) - ns.Metadata = addComments(ns.Metadata, defNode) + ns.Metadata = addComments(ns.GetMetadata(), defNode) ns.SourcePosition = getSourcePosition(defNode, tctx.mapper) if !tctx.skipValidate { @@ -260,7 +260,7 @@ func translateObjectDefinition(tctx *translationContext, defNode *dslNode) (*cor } ns := namespace.Namespace(nspath, relationsAndPermissions...) - ns.Metadata = addComments(ns.Metadata, defNode) + ns.Metadata = addComments(ns.GetMetadata(), defNode) ns.SourcePosition = getSourcePosition(defNode, tctx.mapper) if !tctx.skipValidate { @@ -326,7 +326,7 @@ func translateRelationOrPermission(tctx *translationContext, relOrPermNode *dslN if err != nil { return nil, err } - rel.Metadata = addComments(rel.Metadata, relOrPermNode) + rel.Metadata = addComments(rel.GetMetadata(), relOrPermNode) rel.SourcePosition = getSourcePosition(relOrPermNode, tctx.mapper) return rel, err @@ -335,7 +335,7 @@ func translateRelationOrPermission(tctx *translationContext, relOrPermNode *dslN if err != nil { return nil, err } - rel.Metadata = addComments(rel.Metadata, relOrPermNode) + rel.Metadata = addComments(rel.GetMetadata(), relOrPermNode) rel.SourcePosition = getSourcePosition(relOrPermNode, tctx.mapper) return rel, err @@ -485,8 +485,8 @@ func collapseOps(op *core.SetOperation_Child, handler func(rewrite *core.Userset return []*core.SetOperation_Child{op} } - collapsed := make([]*core.SetOperation_Child, 0, len(operation.Child)) - for _, child := range operation.Child { + collapsed := make([]*core.SetOperation_Child, 0, len(operation.GetChild())) + for _, child := range operation.GetChild() { collapsed = append(collapsed, collapseOps(child, handler)...) } return collapsed diff --git a/pkg/schemadsl/compiler/type_annotations_integration_test.go b/pkg/schemadsl/compiler/type_annotations_integration_test.go index 8f9834cf1..99f86d724 100644 --- a/pkg/schemadsl/compiler/type_annotations_integration_test.go +++ b/pkg/schemadsl/compiler/type_annotations_integration_test.go @@ -81,9 +81,9 @@ definition document { // Find the document definition and the expected permission var foundPermission *core.Relation for _, ns := range compiled.ObjectDefinitions { - if ns.Name == "document" { - for _, rel := range ns.Relation { - if rel.Name == tt.expectedPermission { + if ns.GetName() == "document" { + for _, rel := range ns.GetRelation() { + if rel.GetName() == tt.expectedPermission { foundPermission = rel break } @@ -97,14 +97,14 @@ definition document { if !tt.shouldContainMetadata { // For permissions without type annotations, PERMISSION metadata should still exist (created by namespace.Relation) // but type annotations should be empty - require.NotNil(t, foundPermission.Metadata, "All permissions should have metadata") + require.NotNil(t, foundPermission.GetMetadata(), "All permissions should have metadata") // Find the PERMISSION RelationMetadata var foundMetadata *implv1.RelationMetadata - for _, metadataAny := range foundPermission.Metadata.MetadataMessage { + for _, metadataAny := range foundPermission.GetMetadata().GetMetadataMessage() { var relationMetadata implv1.RelationMetadata if err := metadataAny.UnmarshalTo(&relationMetadata); err == nil { - if relationMetadata.Kind == implv1.RelationMetadata_PERMISSION { + if relationMetadata.GetKind() == implv1.RelationMetadata_PERMISSION { foundMetadata = &relationMetadata break } @@ -112,8 +112,8 @@ definition document { } require.NotNil(t, foundMetadata, "Should have PERMISSION RelationMetadata") - if foundMetadata.TypeAnnotations != nil { - require.Empty(t, foundMetadata.TypeAnnotations.Types, "Type annotations should be empty for permission without type annotations") + if foundMetadata.GetTypeAnnotations() != nil { + require.Empty(t, foundMetadata.GetTypeAnnotations().GetTypes(), "Type annotations should be empty for permission without type annotations") } // Test the helper function for retrieving type annotations @@ -123,15 +123,15 @@ definition document { } // For permissions with type annotations, verify metadata exists - require.NotNil(t, foundPermission.Metadata, "Metadata should not be nil for permission with type annotations") - require.NotEmpty(t, foundPermission.Metadata.MetadataMessage, "MetadataMessage should not be empty") + require.NotNil(t, foundPermission.GetMetadata(), "Metadata should not be nil for permission with type annotations") + require.NotEmpty(t, foundPermission.GetMetadata().GetMetadataMessage(), "MetadataMessage should not be empty") // Find the RelationMetadata with PERMISSION kind var foundMetadata *implv1.RelationMetadata - for _, metadataAny := range foundPermission.Metadata.MetadataMessage { + for _, metadataAny := range foundPermission.GetMetadata().GetMetadataMessage() { var relationMetadata implv1.RelationMetadata if err := metadataAny.UnmarshalTo(&relationMetadata); err == nil { - if relationMetadata.Kind == implv1.RelationMetadata_PERMISSION { + if relationMetadata.GetKind() == implv1.RelationMetadata_PERMISSION { foundMetadata = &relationMetadata break } @@ -139,9 +139,9 @@ definition document { } require.NotNil(t, foundMetadata, "Should have PERMISSION RelationMetadata") - require.Equal(t, implv1.RelationMetadata_PERMISSION, foundMetadata.Kind) - require.NotNil(t, foundMetadata.TypeAnnotations, "TypeAnnotations should not be nil") - require.Equal(t, tt.expectedAnnotations, foundMetadata.TypeAnnotations.Types) + require.Equal(t, implv1.RelationMetadata_PERMISSION, foundMetadata.GetKind()) + require.NotNil(t, foundMetadata.GetTypeAnnotations(), "TypeAnnotations should not be nil") + require.Equal(t, tt.expectedAnnotations, foundMetadata.GetTypeAnnotations().GetTypes()) // Test the helper function for retrieving type annotations retrievedAnnotations := namespace.GetTypeAnnotations(foundPermission) diff --git a/pkg/schemadsl/generator/generator.go b/pkg/schemadsl/generator/generator.go index 995b3ecda..2a4d7f486 100644 --- a/pkg/schemadsl/generator/generator.go +++ b/pkg/schemadsl/generator/generator.go @@ -133,12 +133,12 @@ func GenerateRelationSource(relation *core.Relation, caveatTypeSet *caveattypes. } func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { - sg.emitComments(caveat.Metadata) + sg.emitComments(caveat.GetMetadata()) sg.append("caveat ") - sg.append(caveat.Name) + sg.append(caveat.GetName()) sg.append("(") - parameterNames := slices.Collect(maps.Keys(caveat.ParameterTypes)) + parameterNames := slices.Collect(maps.Keys(caveat.GetParameterTypes())) sort.Strings(parameterNames) for index, paramName := range parameterNames { @@ -146,7 +146,7 @@ func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { sg.append(", ") } - decoded, err := caveattypes.DecodeParameterType(sg.caveatTypeSet, caveat.ParameterTypes[paramName]) + decoded, err := caveattypes.DecodeParameterType(sg.caveatTypeSet, caveat.GetParameterTypes()[paramName]) if err != nil { return fmt.Errorf("invalid parameter type on caveat: %w", err) } @@ -163,12 +163,12 @@ func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { sg.indent() sg.markNewScope() - parameterTypes, err := caveattypes.DecodeParameterTypes(sg.caveatTypeSet, caveat.ParameterTypes) + parameterTypes, err := caveattypes.DecodeParameterTypes(sg.caveatTypeSet, caveat.GetParameterTypes()) if err != nil { return fmt.Errorf("invalid caveat parameters: %w", err) } - deserializedExpression, err := caveats.DeserializeCaveatWithTypeSet(sg.caveatTypeSet, caveat.SerializedExpression, parameterTypes) + deserializedExpression, err := caveats.DeserializeCaveatWithTypeSet(sg.caveatTypeSet, caveat.GetSerializedExpression(), parameterTypes) if err != nil { return fmt.Errorf("invalid caveat expression bytes: %w", err) } @@ -187,11 +187,11 @@ func (sg *sourceGenerator) emitCaveat(caveat *core.CaveatDefinition) error { } func (sg *sourceGenerator) emitNamespace(namespace *core.NamespaceDefinition) error { - sg.emitComments(namespace.Metadata) + sg.emitComments(namespace.GetMetadata()) sg.append("definition ") - sg.append(namespace.Name) + sg.append(namespace.GetName()) - if len(namespace.Relation) == 0 { + if len(namespace.GetRelation()) == 0 { sg.append(" {}") return nil } @@ -201,7 +201,7 @@ func (sg *sourceGenerator) emitNamespace(namespace *core.NamespaceDefinition) er sg.indent() sg.markNewScope() - for _, relation := range namespace.Relation { + for _, relation := range namespace.GetRelation() { err := sg.emitRelation(relation) if err != nil { return err @@ -214,28 +214,28 @@ func (sg *sourceGenerator) emitNamespace(namespace *core.NamespaceDefinition) er } func (sg *sourceGenerator) emitRelation(relation *core.Relation) error { - hasThis, err := graph.HasThis(relation.UsersetRewrite) + hasThis, err := graph.HasThis(relation.GetUsersetRewrite()) if err != nil { return err } - isPermission := relation.UsersetRewrite != nil && !hasThis + isPermission := relation.GetUsersetRewrite() != nil && !hasThis - sg.emitComments(relation.Metadata) + sg.emitComments(relation.GetMetadata()) if isPermission { sg.append("permission ") } else { sg.append("relation ") } - sg.append(relation.Name) + sg.append(relation.GetName()) if !isPermission { sg.append(": ") - if relation.TypeInformation == nil || relation.TypeInformation.AllowedDirectRelations == nil || len(relation.TypeInformation.AllowedDirectRelations) == 0 { + if relation.GetTypeInformation() == nil || relation.TypeInformation.AllowedDirectRelations == nil || len(relation.GetTypeInformation().GetAllowedDirectRelations()) == 0 { sg.appendIssue("missing allowed types") } else { - for index, allowedRelation := range relation.TypeInformation.AllowedDirectRelations { + for index, allowedRelation := range relation.GetTypeInformation().GetAllowedDirectRelations() { if index > 0 { sg.append(" | ") } @@ -245,9 +245,9 @@ func (sg *sourceGenerator) emitRelation(relation *core.Relation) error { } } - if relation.UsersetRewrite != nil { + if relation.GetUsersetRewrite() != nil { sg.append(" = ") - sg.mustEmitRewrite(relation.UsersetRewrite) + sg.mustEmitRewrite(relation.GetUsersetRewrite()) } sg.appendLine() @@ -255,7 +255,7 @@ func (sg *sourceGenerator) emitRelation(relation *core.Relation) error { } func (sg *sourceGenerator) emitAllowedRelation(allowedRelation *core.AllowedRelation) { - sg.append(allowedRelation.Namespace) + sg.append(allowedRelation.GetNamespace()) if allowedRelation.GetRelation() != "" && allowedRelation.GetRelation() != Ellipsis { sg.append("#") sg.append(allowedRelation.GetRelation()) @@ -270,7 +270,7 @@ func (sg *sourceGenerator) emitAllowedRelation(allowedRelation *core.AllowedRela if hasExpirationTrait || hasCaveat { sg.append(" with ") if hasCaveat { - sg.append(allowedRelation.RequiredCaveat.CaveatName) + sg.append(allowedRelation.GetRequiredCaveat().GetCaveatName()) } if hasExpirationTrait { @@ -286,7 +286,7 @@ func (sg *sourceGenerator) emitAllowedRelation(allowedRelation *core.AllowedRela } func (sg *sourceGenerator) mustEmitRewrite(rewrite *core.UsersetRewrite) { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: sg.emitRewriteOps(rw.Union, "+") case *core.UsersetRewrite_Intersection: @@ -299,7 +299,7 @@ func (sg *sourceGenerator) mustEmitRewrite(rewrite *core.UsersetRewrite) { } func (sg *sourceGenerator) emitRewriteOps(setOp *core.SetOperation, op string) { - for index, child := range setOp.Child { + for index, child := range setOp.GetChild() { if index > 0 { sg.append(" " + op + " ") } @@ -309,10 +309,10 @@ func (sg *sourceGenerator) emitRewriteOps(setOp *core.SetOperation, op string) { } func (sg *sourceGenerator) isAllUnion(rewrite *core.UsersetRewrite) bool { - switch rw := rewrite.RewriteOperation.(type) { + switch rw := rewrite.GetRewriteOperation().(type) { case *core.UsersetRewrite_Union: - for _, setOpChild := range rw.Union.Child { - switch child := setOpChild.ChildType.(type) { + for _, setOpChild := range rw.Union.GetChild() { + switch child := setOpChild.GetChildType().(type) { case *core.SetOperation_Child_UsersetRewrite: if !sg.isAllUnion(child.UsersetRewrite) { return false @@ -328,7 +328,7 @@ func (sg *sourceGenerator) isAllUnion(rewrite *core.UsersetRewrite) bool { } func (sg *sourceGenerator) mustEmitSetOpChild(setOpChild *core.SetOperation_Child) { - switch child := setOpChild.ChildType.(type) { + switch child := setOpChild.GetChildType().(type) { case *core.SetOperation_Child_UsersetRewrite: if sg.isAllUnion(child.UsersetRewrite) { sg.mustEmitRewrite(child.UsersetRewrite) @@ -346,18 +346,18 @@ func (sg *sourceGenerator) mustEmitSetOpChild(setOpChild *core.SetOperation_Chil sg.append("nil") case *core.SetOperation_Child_ComputedUserset: - sg.append(child.ComputedUserset.Relation) + sg.append(child.ComputedUserset.GetRelation()) case *core.SetOperation_Child_TupleToUserset: - sg.append(child.TupleToUserset.Tupleset.Relation) + sg.append(child.TupleToUserset.GetTupleset().GetRelation()) sg.append("->") - sg.append(child.TupleToUserset.ComputedUserset.Relation) + sg.append(child.TupleToUserset.GetComputedUserset().GetRelation()) case *core.SetOperation_Child_FunctionedTupleToUserset: - sg.append(child.FunctionedTupleToUserset.Tupleset.Relation) + sg.append(child.FunctionedTupleToUserset.GetTupleset().GetRelation()) sg.append(".") - switch child.FunctionedTupleToUserset.Function { + switch child.FunctionedTupleToUserset.GetFunction() { case core.FunctionedTupleToUserset_FUNCTION_ALL: sg.append("all") @@ -365,11 +365,11 @@ func (sg *sourceGenerator) mustEmitSetOpChild(setOpChild *core.SetOperation_Chil sg.append("any") default: - panic(spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.Function)) + panic(spiceerrors.MustBugf("unknown function %v", child.FunctionedTupleToUserset.GetFunction())) } sg.append("(") - sg.append(child.FunctionedTupleToUserset.ComputedUserset.Relation) + sg.append(child.FunctionedTupleToUserset.GetComputedUserset().GetRelation()) sg.append(")") default: diff --git a/pkg/spiceerrors/testutil.go b/pkg/spiceerrors/testutil.go index 382ef442d..7d845076e 100644 --- a/pkg/spiceerrors/testutil.go +++ b/pkg/spiceerrors/testutil.go @@ -23,6 +23,6 @@ func RequireReason(t testing.TB, reason v1.ErrorReason, err error, expectedMetad require.Equal(t, v1.ErrorReason_name[int32(reason)], info.GetReason()) for _, expectedKey := range expectedMetadataKeys { - require.Contains(t, info.Metadata, expectedKey) + require.Contains(t, info.GetMetadata(), expectedKey) } } diff --git a/pkg/testutil/proto_test.go b/pkg/testutil/proto_test.go index 14797425d..82f8bcea3 100644 --- a/pkg/testutil/proto_test.go +++ b/pkg/testutil/proto_test.go @@ -222,7 +222,7 @@ func TestAreProtoSlicesEqual(t *testing.T) { tc := tc t.Run(tc.name, func(t *testing.T) { err := AreProtoSlicesEqual(tc.first, tc.second, func(first, second *core.ObjectAndRelation) int { - return strings.Compare(first.ObjectId, second.ObjectId) + return strings.Compare(first.GetObjectId(), second.GetObjectId()) }, "something went wrong") require.Equal(t, (err == nil), (tc.expectedEqual)) }) @@ -268,7 +268,7 @@ func TestRequireProtoSlicesEqual(t *testing.T) { tc := tc t.Run(tc.name, func(t *testing.T) { RequireProtoSlicesEqual(t, tc.first, tc.second, func(first *core.ObjectAndRelation, second *core.ObjectAndRelation) int { - return strings.Compare(first.ObjectId, second.ObjectId) + return strings.Compare(first.GetObjectId(), second.GetObjectId()) }, "something went wrong") }) } diff --git a/pkg/tuple/comparison.go b/pkg/tuple/comparison.go index 159edd9c9..466621e44 100644 --- a/pkg/tuple/comparison.go +++ b/pkg/tuple/comparison.go @@ -44,5 +44,5 @@ func caveatEqual(lhs, rhs *core.ContextualizedCaveat) bool { return false } - return lhs.CaveatName == rhs.CaveatName && proto.Equal(lhs.Context, rhs.Context) + return lhs.GetCaveatName() == rhs.GetCaveatName() && proto.Equal(lhs.GetContext(), rhs.GetContext()) } diff --git a/pkg/tuple/core.go b/pkg/tuple/core.go index 7c5945f31..01dd3a795 100644 --- a/pkg/tuple/core.go +++ b/pkg/tuple/core.go @@ -22,11 +22,11 @@ func ONRStringToCore(ns, oid, rel string) *core.ObjectAndRelation { // CoreRelationToStringWithoutCaveatOrExpiration creates a string from a core.RelationTuple without stringifying the caveat. func CoreRelationToStringWithoutCaveatOrExpiration(rel *core.RelationTuple) string { - if rel.Subject.Relation == Ellipsis { - return rel.ResourceAndRelation.Namespace + ":" + rel.ResourceAndRelation.ObjectId + "@" + rel.Subject.Namespace + ":" + rel.Subject.ObjectId + if rel.GetSubject().GetRelation() == Ellipsis { + return rel.GetResourceAndRelation().GetNamespace() + ":" + rel.GetResourceAndRelation().GetObjectId() + "@" + rel.GetSubject().GetNamespace() + ":" + rel.GetSubject().GetObjectId() } - return rel.ResourceAndRelation.Namespace + ":" + rel.ResourceAndRelation.ObjectId + "@" + rel.Subject.Namespace + ":" + rel.Subject.ObjectId + "#" + rel.ResourceAndRelation.Relation + return rel.GetResourceAndRelation().GetNamespace() + ":" + rel.GetResourceAndRelation().GetObjectId() + "@" + rel.GetSubject().GetNamespace() + ":" + rel.GetSubject().GetObjectId() + "#" + rel.GetResourceAndRelation().GetRelation() } // CoreRelationToString creates a string from a core.RelationTuple. @@ -58,25 +58,25 @@ func FromCoreRelationTuple(rt *core.RelationTuple) Relationship { }, "relation tuple must be valid") var expiration *time.Time - if rt.OptionalExpirationTime != nil { - t := rt.OptionalExpirationTime.AsTime() + if rt.GetOptionalExpirationTime() != nil { + t := rt.GetOptionalExpirationTime().AsTime() expiration = &t } return Relationship{ RelationshipReference: RelationshipReference{ Resource: ObjectAndRelation{ - ObjectType: rt.ResourceAndRelation.Namespace, - ObjectID: rt.ResourceAndRelation.ObjectId, - Relation: rt.ResourceAndRelation.Relation, + ObjectType: rt.GetResourceAndRelation().GetNamespace(), + ObjectID: rt.GetResourceAndRelation().GetObjectId(), + Relation: rt.GetResourceAndRelation().GetRelation(), }, Subject: ObjectAndRelation{ - ObjectType: rt.Subject.Namespace, - ObjectID: rt.Subject.ObjectId, - Relation: rt.Subject.Relation, + ObjectType: rt.GetSubject().GetNamespace(), + ObjectID: rt.GetSubject().GetObjectId(), + Relation: rt.GetSubject().GetRelation(), }, }, - OptionalCaveat: rt.Caveat, + OptionalCaveat: rt.GetCaveat(), OptionalExpiration: expiration, } } @@ -88,9 +88,9 @@ func FromCoreObjectAndRelation(oar *core.ObjectAndRelation) ObjectAndRelation { }, "object and relation must be valid") return ObjectAndRelation{ - ObjectType: oar.Namespace, - ObjectID: oar.ObjectId, - Relation: oar.Relation, + ObjectType: oar.GetNamespace(), + ObjectID: oar.GetObjectId(), + Relation: oar.GetRelation(), } } @@ -126,7 +126,7 @@ func FromCoreRelationReference(rr *core.RelationReference) RelationReference { }, "relation reference must be valid") return RelationReference{ - ObjectType: rr.Namespace, - Relation: rr.Relation, + ObjectType: rr.GetNamespace(), + Relation: rr.GetRelation(), } } diff --git a/pkg/tuple/hashing.go b/pkg/tuple/hashing.go index 7774d0089..ff07f00de 100644 --- a/pkg/tuple/hashing.go +++ b/pkg/tuple/hashing.go @@ -29,13 +29,13 @@ func CanonicalBytes(rel Relationship) ([]byte, error) { sb.WriteString("#") sb.WriteString(rel.Subject.Relation) - if rel.OptionalCaveat != nil && rel.OptionalCaveat.CaveatName != "" { + if rel.OptionalCaveat != nil && rel.OptionalCaveat.GetCaveatName() != "" { sb.WriteString(" with ") - sb.WriteString(rel.OptionalCaveat.CaveatName) + sb.WriteString(rel.OptionalCaveat.GetCaveatName()) - if rel.OptionalCaveat.Context != nil && len(rel.OptionalCaveat.Context.Fields) > 0 { + if rel.OptionalCaveat.GetContext() != nil && len(rel.OptionalCaveat.GetContext().GetFields()) > 0 { sb.WriteString(":") - if err := writeCanonicalContext(&sb, rel.OptionalCaveat.Context); err != nil { + if err := writeCanonicalContext(&sb, rel.OptionalCaveat.GetContext()); err != nil { return nil, err } } @@ -52,13 +52,13 @@ func CanonicalBytes(rel Relationship) ([]byte, error) { func writeCanonicalContext(sb *bytes.Buffer, context *structpb.Struct) error { sb.WriteString("{") - for i, key := range sortedContextKeys(context.Fields) { + for i, key := range sortedContextKeys(context.GetFields()) { if i > 0 { sb.WriteString(",") } sb.WriteString(key) sb.WriteString(":") - if err := writeCanonicalContextValue(sb, context.Fields[key]); err != nil { + if err := writeCanonicalContextValue(sb, context.GetFields()[key]); err != nil { return err } } @@ -67,7 +67,7 @@ func writeCanonicalContext(sb *bytes.Buffer, context *structpb.Struct) error { } func writeCanonicalContextValue(sb *bytes.Buffer, value *structpb.Value) error { - switch value.Kind.(type) { + switch value.GetKind().(type) { case *structpb.Value_NullValue: sb.WriteString("null") case *structpb.Value_NumberValue: @@ -82,7 +82,7 @@ func writeCanonicalContextValue(sb *bytes.Buffer, value *structpb.Value) error { } case *structpb.Value_ListValue: sb.WriteString("[") - for i, elem := range value.GetListValue().Values { + for i, elem := range value.GetListValue().GetValues() { if i > 0 { sb.WriteString(",") } @@ -92,7 +92,7 @@ func writeCanonicalContextValue(sb *bytes.Buffer, value *structpb.Value) error { } sb.WriteString("]") default: - return spiceerrors.MustBugf("unknown structpb.Value type: %T", value.Kind) + return spiceerrors.MustBugf("unknown structpb.Value type: %T", value.GetKind()) } return nil diff --git a/pkg/tuple/parsing_test.go b/pkg/tuple/parsing_test.go index 7ef1782be..f49f0d637 100644 --- a/pkg/tuple/parsing_test.go +++ b/pkg/tuple/parsing_test.go @@ -64,7 +64,7 @@ func cv1rel(resType, resID, relation, subType, subID, subRel, caveatName string, panic(err) } - if len(context.Fields) == 0 { + if len(context.GetFields()) == 0 { context = nil } @@ -94,7 +94,7 @@ func ecv1rel(resType, resID, relation, subType, subID, subRel string, expiration panic(err) } - if len(context.Fields) == 0 { + if len(context.GetFields()) == 0 { context = nil } @@ -678,8 +678,8 @@ func TestValidate(t *testing.T) { t.Run("validate/"+tc.input, func(t *testing.T) { parsed, err := ParseV1Rel(tc.input) if err == nil { - require.NoError(t, ValidateResourceID(parsed.Resource.ObjectId)) - require.NoError(t, ValidateSubjectID(parsed.Subject.Object.ObjectId)) + require.NoError(t, ValidateResourceID(parsed.GetResource().GetObjectId())) + require.NoError(t, ValidateSubjectID(parsed.GetSubject().GetObject().GetObjectId())) } }) } diff --git a/pkg/tuple/strings.go b/pkg/tuple/strings.go index 352dc819c..3e3cd7171 100644 --- a/pkg/tuple/strings.go +++ b/pkg/tuple/strings.go @@ -44,7 +44,7 @@ func StringCoreRR(rr *core.RelationReference) string { return "" } - return JoinRelRef(rr.Namespace, rr.Relation) + return JoinRelRef(rr.GetNamespace(), rr.GetRelation()) } // StringCoreONR converts a core ONR object to a string. @@ -53,7 +53,7 @@ func StringCoreONR(onr *core.ObjectAndRelation) string { return "" } - return StringONRStrings(onr.Namespace, onr.ObjectId, onr.Relation) + return StringONRStrings(onr.GetNamespace(), onr.GetObjectId(), onr.GetRelation()) } // StringONRStrings converts ONR strings to a string. @@ -126,11 +126,11 @@ func MustStringCaveat(caveat *core.ContextualizedCaveat) string { // StringCaveat converts a contextualized caveat to a string. If the caveat is nil or empty, returns empty string. func StringCaveat(caveat *core.ContextualizedCaveat) (string, error) { - if caveat == nil || caveat.CaveatName == "" { + if caveat == nil || caveat.GetCaveatName() == "" { return "", nil } - contextString, err := StringCaveatContext(caveat.Context) + contextString, err := StringCaveatContext(caveat.GetContext()) if err != nil { return "", err } @@ -139,12 +139,12 @@ func StringCaveat(caveat *core.ContextualizedCaveat) (string, error) { contextString = ":" + contextString } - return "[" + caveat.CaveatName + contextString + "]", nil + return "[" + caveat.GetCaveatName() + contextString + "]", nil } // StringCaveatContext converts the context of a caveat to a string. If the context is nil or empty, returns an empty string. func StringCaveatContext(context *structpb.Struct) (string, error) { - if context == nil || len(context.Fields) == 0 { + if context == nil || len(context.GetFields()) == 0 { return "", nil } diff --git a/pkg/tuple/v1.go b/pkg/tuple/v1.go index 11df150bf..1712a3f4a 100644 --- a/pkg/tuple/v1.go +++ b/pkg/tuple/v1.go @@ -46,17 +46,17 @@ func MustV1RelString(rel *v1.Relationship) string { // // This function assumes that the provided values have already been validated. func V1StringObjectRef(ref *v1.ObjectReference) string { - return JoinObjectRef(ref.ObjectType, ref.ObjectId) + return JoinObjectRef(ref.GetObjectType(), ref.GetObjectId()) } // StringSubjectRef marshals a *v1.SubjectReference into a string. // // This function assumes that the provided values have already been validated. func V1StringSubjectRef(ref *v1.SubjectReference) string { - if ref.OptionalRelation == "" { - return V1StringObjectRef(ref.Object) + if ref.GetOptionalRelation() == "" { + return V1StringObjectRef(ref.GetObject()) } - return JoinRelRef(V1StringObjectRef(ref.Object), ref.OptionalRelation) + return JoinRelRef(V1StringObjectRef(ref.GetObject()), ref.GetOptionalRelation()) } // MustV1StringRelationship converts a v1.Relationship to a string. @@ -70,16 +70,16 @@ func MustV1StringRelationship(rel *v1.Relationship) string { // V1StringRelationship converts a v1.Relationship to a string. func V1StringRelationship(rel *v1.Relationship) (string, error) { - if rel == nil || rel.Resource == nil || rel.Subject == nil { + if rel == nil || rel.GetResource() == nil || rel.GetSubject() == nil { return "", nil } - caveatString, err := V1StringCaveatRef(rel.OptionalCaveat) + caveatString, err := V1StringCaveatRef(rel.GetOptionalCaveat()) if err != nil { return "", err } - expirationString, err := V1StringExpiration(rel.OptionalExpiresAt) + expirationString, err := V1StringExpiration(rel.GetOptionalExpiresAt()) if err != nil { return "", err } @@ -97,20 +97,20 @@ func V1StringExpiration(expiration *timestamppb.Timestamp) (string, error) { // V1StringRelationshipWithoutCaveatOrExpiration converts a v1.Relationship to a string, excluding any caveat. func V1StringRelationshipWithoutCaveatOrExpiration(rel *v1.Relationship) string { - if rel == nil || rel.Resource == nil || rel.Subject == nil { + if rel == nil || rel.GetResource() == nil || rel.GetSubject() == nil { return "" } - return V1StringObjectRef(rel.Resource) + "#" + rel.Relation + "@" + V1StringSubjectRef(rel.Subject) + return V1StringObjectRef(rel.GetResource()) + "#" + rel.GetRelation() + "@" + V1StringSubjectRef(rel.GetSubject()) } // V1StringCaveatRef converts a v1.ContextualizedCaveat to a string. func V1StringCaveatRef(caveat *v1.ContextualizedCaveat) (string, error) { - if caveat == nil || caveat.CaveatName == "" { + if caveat == nil || caveat.GetCaveatName() == "" { return "", nil } - contextString, err := StringCaveatContext(caveat.Context) + contextString, err := StringCaveatContext(caveat.GetContext()) if err != nil { return "", err } @@ -119,7 +119,7 @@ func V1StringCaveatRef(caveat *v1.ContextualizedCaveat) (string, error) { contextString = ":" + contextString } - return "[" + caveat.CaveatName + contextString + "]", nil + return "[" + caveat.GetCaveatName() + contextString + "]", nil } // UpdateToV1RelationshipUpdate converts a RelationshipUpdate into a @@ -158,7 +158,7 @@ func MustUpdateToV1RelationshipUpdate(update RelationshipUpdate) *v1.Relationshi // RelationTupleUpdate. func UpdateFromV1RelationshipUpdate(update *v1.RelationshipUpdate) (RelationshipUpdate, error) { var op UpdateOperation - switch update.Operation { + switch update.GetOperation() { case v1.RelationshipUpdate_OPERATION_CREATE: op = UpdateOperationCreate case v1.RelationshipUpdate_OPERATION_DELETE: @@ -166,42 +166,42 @@ func UpdateFromV1RelationshipUpdate(update *v1.RelationshipUpdate) (Relationship case v1.RelationshipUpdate_OPERATION_TOUCH: op = UpdateOperationTouch default: - return RelationshipUpdate{}, spiceerrors.MustBugf("unknown update operation: %v", update.Operation) + return RelationshipUpdate{}, spiceerrors.MustBugf("unknown update operation: %v", update.GetOperation()) } return RelationshipUpdate{ Operation: op, - Relationship: FromV1Relationship(update.Relationship), + Relationship: FromV1Relationship(update.GetRelationship()), }, nil } // FromV1Relationship converts a v1.Relationship into a Relationship. func FromV1Relationship(rel *v1.Relationship) Relationship { var caveat *core.ContextualizedCaveat - if rel.OptionalCaveat != nil { + if rel.GetOptionalCaveat() != nil { caveat = &core.ContextualizedCaveat{ - CaveatName: rel.OptionalCaveat.CaveatName, - Context: rel.OptionalCaveat.Context, + CaveatName: rel.GetOptionalCaveat().GetCaveatName(), + Context: rel.GetOptionalCaveat().GetContext(), } } var expiration *time.Time - if rel.OptionalExpiresAt != nil { - t := rel.OptionalExpiresAt.AsTime() + if rel.GetOptionalExpiresAt() != nil { + t := rel.GetOptionalExpiresAt().AsTime() expiration = &t } return Relationship{ RelationshipReference: RelationshipReference{ Resource: ObjectAndRelation{ - ObjectID: rel.Resource.ObjectId, - ObjectType: rel.Resource.ObjectType, - Relation: rel.Relation, + ObjectID: rel.GetResource().GetObjectId(), + ObjectType: rel.GetResource().GetObjectType(), + Relation: rel.GetRelation(), }, Subject: ObjectAndRelation{ - ObjectID: rel.Subject.Object.ObjectId, - ObjectType: rel.Subject.Object.ObjectType, - Relation: stringz.Default(rel.Subject.OptionalRelation, Ellipsis, ""), + ObjectID: rel.GetSubject().GetObject().GetObjectId(), + ObjectType: rel.GetSubject().GetObject().GetObjectType(), + Relation: stringz.Default(rel.GetSubject().GetOptionalRelation(), Ellipsis, ""), }, }, OptionalCaveat: caveat, @@ -214,8 +214,8 @@ func ToV1Relationship(rel Relationship) *v1.Relationship { var caveat *v1.ContextualizedCaveat if rel.OptionalCaveat != nil { caveat = &v1.ContextualizedCaveat{ - CaveatName: rel.OptionalCaveat.CaveatName, - Context: rel.OptionalCaveat.Context, + CaveatName: rel.OptionalCaveat.GetCaveatName(), + Context: rel.OptionalCaveat.GetContext(), } } @@ -252,12 +252,12 @@ func CopyToV1Relationship(rel Relationship, v1rel *v1.Relationship) { v1rel.Subject.OptionalRelation = stringz.Default(rel.Subject.Relation, "", Ellipsis) if rel.OptionalCaveat != nil { - if v1rel.OptionalCaveat == nil { + if v1rel.GetOptionalCaveat() == nil { v1rel.OptionalCaveat = &v1.ContextualizedCaveat{} } - v1rel.OptionalCaveat.CaveatName = rel.OptionalCaveat.CaveatName - v1rel.OptionalCaveat.Context = rel.OptionalCaveat.Context + v1rel.OptionalCaveat.CaveatName = rel.OptionalCaveat.GetCaveatName() + v1rel.OptionalCaveat.Context = rel.OptionalCaveat.GetContext() } else { v1rel.OptionalCaveat = nil } @@ -327,14 +327,14 @@ func SubjectONRToSubjectFilter(subject ObjectAndRelation) *v1.SubjectFilter { // RelToFilter converts a Relationship into a RelationshipFilter. func RelToFilter(rel *v1.Relationship) *v1.RelationshipFilter { return &v1.RelationshipFilter{ - ResourceType: rel.Resource.ObjectType, - OptionalResourceId: rel.Resource.ObjectId, - OptionalRelation: rel.Relation, + ResourceType: rel.GetResource().GetObjectType(), + OptionalResourceId: rel.GetResource().GetObjectId(), + OptionalRelation: rel.GetRelation(), OptionalSubjectFilter: &v1.SubjectFilter{ - SubjectType: rel.Subject.Object.ObjectType, - OptionalSubjectId: rel.Subject.Object.ObjectId, + SubjectType: rel.GetSubject().GetObject().GetObjectType(), + OptionalSubjectId: rel.GetSubject().GetObject().GetObjectId(), OptionalRelation: &v1.SubjectFilter_RelationFilter{ - Relation: rel.Subject.OptionalRelation, + Relation: rel.GetSubject().GetOptionalRelation(), }, }, } diff --git a/pkg/tuple/v1_test.go b/pkg/tuple/v1_test.go index 0761a60a7..a9815ee0d 100644 --- a/pkg/tuple/v1_test.go +++ b/pkg/tuple/v1_test.go @@ -30,7 +30,7 @@ func TestStringObjectRef(t *testing.T) { } for _, tt := range table { require.Equal(t, tt.expected, V1StringObjectRef(tt.ref)) - require.Equal(t, tt.expected, V1StringSubjectRef(subRef(tt.ref.ObjectType, tt.ref.ObjectId, ""))) + require.Equal(t, tt.expected, V1StringSubjectRef(subRef(tt.ref.GetObjectType(), tt.ref.GetObjectId(), ""))) } } diff --git a/pkg/validationfile/loader.go b/pkg/validationfile/loader.go index b85ec98eb..bd1fdb575 100644 --- a/pkg/validationfile/loader.go +++ b/pkg/validationfile/loader.go @@ -190,7 +190,7 @@ func PopulateFromFilesContents(ctx context.Context, ds datastore.Datastore, cave } if err := rwt.WriteNamespaces(ctx, objectDef); err != nil { - return fmt.Errorf("error when loading object definition %s: %w", objectDef.Name, err) + return fmt.Errorf("error when loading object definition %s: %w", objectDef.GetName(), err) } } diff --git a/pkg/zedtoken/zedtoken.go b/pkg/zedtoken/zedtoken.go index 43984e409..f7001b6fc 100644 --- a/pkg/zedtoken/zedtoken.go +++ b/pkg/zedtoken/zedtoken.go @@ -121,7 +121,7 @@ func Decode(encoded *v1.ZedToken) (*zedtoken.DecodedZedToken, error) { return nil, fmt.Errorf(errDecodeError, ErrNilZedToken) } - decodedBytes, err := base64.StdEncoding.DecodeString(encoded.Token) + decodedBytes, err := base64.StdEncoding.DecodeString(encoded.GetToken()) if err != nil { return nil, fmt.Errorf(errDecodeError, err) } @@ -139,9 +139,9 @@ func DecodeRevision(encoded *v1.ZedToken, ds RevisionHolder) (datastore.Revision return datastore.NoRevision, StatusUnknown, err } - switch ver := decoded.VersionOneof.(type) { + switch ver := decoded.GetVersionOneof().(type) { case *zedtoken.DecodedZedToken_DeprecatedV1Zookie: - revString := strconv.FormatUint(ver.DeprecatedV1Zookie.Revision, 10) + revString := strconv.FormatUint(ver.DeprecatedV1Zookie.GetRevision(), 10) parsed, err := ds.RevisionFromString(revString) if err != nil { return datastore.NoRevision, StatusUnknown, fmt.Errorf(errDecodeError, err) @@ -149,12 +149,12 @@ func DecodeRevision(encoded *v1.ZedToken, ds RevisionHolder) (datastore.Revision return parsed, StatusLegacyEmptyDatastoreID, nil case *zedtoken.DecodedZedToken_V1: - parsed, err := ds.RevisionFromString(ver.V1.Revision) + parsed, err := ds.RevisionFromString(ver.V1.GetRevision()) if err != nil { return datastore.NoRevision, StatusUnknown, fmt.Errorf(errDecodeError, err) } - if ver.V1.DatastoreUniqueIdPrefix == legacyEmptyDatastoreID { + if ver.V1.GetDatastoreUniqueIdPrefix() == legacyEmptyDatastoreID { return parsed, StatusLegacyEmptyDatastoreID, nil } @@ -168,12 +168,12 @@ func DecodeRevision(encoded *v1.ZedToken, ds RevisionHolder) (datastore.Revision datastoreUniqueIDPrefix = datastoreUniqueIDPrefix[0:uniqueIDPrefixLength] } - if ver.V1.DatastoreUniqueIdPrefix != datastoreUniqueIDPrefix { + if ver.V1.GetDatastoreUniqueIdPrefix() != datastoreUniqueIDPrefix { return parsed, StatusMismatchedDatastoreID, nil } return parsed, StatusValid, nil default: - return datastore.NoRevision, StatusUnknown, fmt.Errorf(errDecodeError, fmt.Errorf("unknown zookie version: %T", decoded.VersionOneof)) + return datastore.NoRevision, StatusUnknown, fmt.Errorf(errDecodeError, fmt.Errorf("unknown zookie version: %T", decoded.GetVersionOneof())) } }