Skip to content

feat: add dry-run support to WriteSchema API #2491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add dry-run support to WriteSchema API #2491

wants to merge 1 commit into from

Conversation

@arbhalerao
Copy link

@arbhalerao arbhalerao commented Jul 7, 2025
edited
Loading

fixes: #2418

Manual Testing Results

  1. Initial Schema Write
$ grpcurl -plaintext -H "authorization: Bearer development-key" -d '{"schema": "definition user {}\n\ndefinition document {\n  relation viewer: user\n}"}' localhost:50051 authzed.api.v1.SchemaService/WriteSchema
{
  "writtenAt": {
    "token": "GgYKBENPTUc="
  }
}
  1. Read Current Schema
$ grpcurl -plaintext -H "authorization: Bearer development-key" localhost:50051 authzed.api.v1.SchemaService/ReadSchema
{
  "schemaText": "definition user {}\n\ndefinition document {\n\trelation viewer: user\n}",
  "readAt": {
    "token": "GgYKBENPUUc="
  }
}
  1. Dry Run - Schema (Success)
$ grpcurl -plaintext -H "authorization: Bearer development-key" -d '{"schema": "definition user {}\n\ndefinition organization {\n  relation admin: user\n  relation member: user\n  permission manage = admin\n}\n\ndefinition document {\n  relation viewer: user\n  relation editor: user | organization#member\n  relation owner: user | organization#admin\n  permission view = viewer + editor + owner\n  permission edit = editor + owner\n  permission delete = owner\n}", "dry_run": true}' localhost:50051 authzed.api.v1.SchemaService/WriteSchema
{
  "writtenAt": {
    "token": "GgYKBENPY0c="
  }
}
  1. Verify Schema Unchanged After Dry Run
$ grpcurl -plaintext -H "authorization: Bearer development-key" localhost:50051 authzed.api.v1.SchemaService/ReadSchema
{
  "schemaText": "definition user {}\n\ndefinition document {\n\trelation viewer: user\n}",
  "readAt": {
    "token": "GgYKBENPY0c="
  }
}
  1. Create Test Relationship
$ grpcurl -plaintext -H "authorization: Bearer development-key" -d '{"updates": [{"operation": "OPERATION_CREATE", "relationship": {"resource": {"objectType": "document", "objectId": "doc1"}, "relation": "viewer", "subject": {"object": {"objectType": "user", "objectId": "user1"}}}}]}' localhost:50051 authzed.api.v1.PermissionsService/WriteRelationships
{
  "writtenAt": {
    "token": "GgYKBENPd0c="
  }
}
  1. Dry Run - Breaking Change (Error)
$ grpcurl -plaintext -H "authorization: Bearer development-key" -d '{"schema": "definition user {}\n\ndefinition document {\n  relation editor: user\n  permission edit = editor\n}", "dry_run": true}' localhost:50051 authzed.api.v1.SchemaService/WriteSchema
ERROR:
  Code: InvalidArgument
  Message: cannot delete relation `viewer` in object definition `document`, as a relationship exists under it
  Details:
  1)	{
    	  "@type": "type.googleapis.com/google.rpc.ErrorInfo",
    	  "domain": "authzed.com",
    	  "reason": "ERROR_REASON_SCHEMA_TYPE_ERROR"
    	}
  1. Verify Schema Still Protected
$ grpcurl -plaintext -H "authorization: Bearer development-key" localhost:50051 authzed.api.v1.SchemaService/ReadSchema
{
  "schemaText": "definition user {}\n\ndefinition document {\n\trelation viewer: user\n}",
  "readAt": {
    "token": "GgYKBENQSUc="
  }
}

TODO: tests

@github-actions github-actions bot added the area/api v1 Affects the v1 API label Jul 7, 2025
@github-actions
Copy link

github-actions bot commented Jul 7, 2025
edited
Loading

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@arbhalerao arbhalerao mentioned this pull request Jul 8, 2025
Open
@arbhalerao
Copy link
Author

arbhalerao commented Jul 8, 2025

I have read the CLA Document and I hereby sign the CLA

@arbhalerao arbhalerao marked this pull request as ready for review July 8, 2025 15:46
@arbhalerao arbhalerao requested a review from a team as a code owner July 8, 2025 15:46
@arbhalerao
Copy link
Author

arbhalerao commented Jul 8, 2025

Requesting an initial review. I’m unsure about the extent of changes that may be needed, so I’ll add tests after the review.

@arbhalerao arbhalerao force-pushed the aditya/add-dry-run-to-write-schema branch from 268b914 to b4a7842 Compare July 9, 2025 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/api v1 Affects the v1 API

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support a WriteSchema dry-run

1 participant

@arbhalerao