fix spice nr

cmd/serve.go

@@ -11,23 +11,19 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/odpf/shield/internal/permission"
-
-	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
-	"github.com/odpf/shield/internal/bootstrap"
-	"github.com/odpf/shield/internal/group"
-
-	"github.com/odpf/shield/internal/relation"
-	"github.com/odpf/shield/internal/resource"
-
 	"github.com/odpf/shield/api/handler"
 	v1 "github.com/odpf/shield/api/handler/v1beta1"
 	"github.com/odpf/shield/config"
 	"github.com/odpf/shield/hook"
 	authz_hook "github.com/odpf/shield/hook/authz"
 	"github.com/odpf/shield/internal/authz"
+	"github.com/odpf/shield/internal/bootstrap"
+	"github.com/odpf/shield/internal/group"
 	"github.com/odpf/shield/internal/org"
+	"github.com/odpf/shield/internal/permission"
 	"github.com/odpf/shield/internal/project"
+	"github.com/odpf/shield/internal/relation"
+	"github.com/odpf/shield/internal/resource"
 	"github.com/odpf/shield/internal/roles"
 	"github.com/odpf/shield/internal/schema"
 	"github.com/odpf/shield/internal/user"
@@ -36,6 +32,8 @@ import (
 	blobstore "github.com/odpf/shield/store/blob"
 	"github.com/odpf/shield/store/postgres"
 
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/newrelic/go-agent/v3/newrelic"
 	"github.com/odpf/salt/log"
 	"github.com/odpf/salt/server"
 	"github.com/pkg/errors"
@@ -292,8 +290,7 @@ func apiDependencies(ctx context.Context, db *sql.SQL, appConfig *config.Shield,
 		Logger:        logger,
 	}
 
-	bootstrapService.BootstrapDefaultDefinitions(ctx)
-	err := bootstrapService.BootstrapResources(ctx, resourceConfig)
+	err := bootstrapSpiceConfigs(ctx, appConfig, bootstrapService, resourceConfig, logger)
 
 	if err != nil {
 		return handler.Deps{}, err
@@ -334,3 +331,13 @@ func apiDependencies(ctx context.Context, db *sql.SQL, appConfig *config.Shield,
 	}
 	return dependencies, nil
 }
+
+func bootstrapSpiceConfigs(ctx context.Context, appConfig *config.Shield, bootstrapService bootstrap.Service, resourceConfig *blobstore.ResourcesRepository, logger log.Logger) error {
+	nrApp := setupNewRelic(appConfig.NewRelic, logger)
+	nrTxn := nrApp.StartTransaction("shield.bootstrap_resources")
+	ctx = newrelic.NewContext(ctx, nrTxn)
+	defer nrTxn.End()
+
+	bootstrapService.BootstrapDefaultDefinitions(ctx)
+	return bootstrapService.BootstrapResources(ctx, resourceConfig)
+}

docker-compose.yml

@@ -79,8 +79,8 @@ services:
     image: quay.io/authzed/spicedb:v1.0.0
     ports:
       - "8081:8080"
-      - "50052:50051"
-      - "50054:50053"
+      - "50051:50051"
+      - "50053:50053"
     command:
       spicedb serve --grpc-preshared-key "shield" --grpc-no-tls --datastore-engine postgres
       --datastore-conn-uri postgres://spicedb:@pg2:5432/spicedb?sslmode=disable

internal/authz/spicedb/spicedb.go

@@ -4,15 +4,15 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/odpf/shield/config"
 	"github.com/odpf/shield/internal/schema_generator"
 	"github.com/odpf/shield/model"
 
-	"github.com/odpf/salt/log"
-
 	pb "github.com/authzed/authzed-go/proto/authzed/api/v1"
 	"github.com/authzed/authzed-go/v1"
 	"github.com/authzed/grpcutil"
-	"github.com/odpf/shield/config"
+	"github.com/newrelic/go-agent/v3/newrelic"
+	"github.com/odpf/salt/log"
 	"google.golang.org/grpc"
 )
 
@@ -21,6 +21,8 @@ type SpiceDB struct {
 	Permission *Permission
 }
 
+const nrStoreSpiceDB = "spicedb"
+
 type Policy struct {
 	client *authzed.Client
 }
@@ -35,6 +37,14 @@ func (s *SpiceDB) Check() bool {
 
 func (p *Policy) AddPolicy(ctx context.Context, schema string) error {
 	request := &pb.WriteSchemaRequest{Schema: schema}
+	nr := newrelic.DatastoreSegment{
+		Product:    nrStoreSpiceDB,
+		Collection: "Policy",
+		Operation:  "AddPolicy",
+		StartTime:  newrelic.FromContext(ctx).StartSegmentNow(),
+	}
+	defer nr.End()
+
 	_, err := p.client.WriteSchema(ctx, request)
 	if err != nil {
 		return err
@@ -78,6 +88,14 @@ func (p Permission) AddRelation(ctx context.Context, relation model.Relation) er
 		},
 	}
 
+	nr := newrelic.DatastoreSegment{
+		Product:    nrStoreSpiceDB,
+		Collection: fmt.Sprintf("%s.%s", relationship.Resource.ObjectType, relationship.Subject.Object.ObjectType),
+		Operation:  "AddRelation",
+		StartTime:  newrelic.FromContext(ctx).StartSegmentNow(),
+	}
+	defer nr.End()
+
 	_, err = p.client.WriteRelationships(ctx, request)
 
 	if err != nil {
@@ -99,6 +117,14 @@ func (p Permission) CheckRelation(ctx context.Context, relation model.Relation,
 		Permission: action.Id,
 	}
 
+	nr := newrelic.DatastoreSegment{
+		Product:    nrStoreSpiceDB,
+		Collection: fmt.Sprintf("%s.%s", relationship.Resource.ObjectType, relationship.Subject.Object.ObjectType),
+		Operation:  "CheckRelation",
+		StartTime:  newrelic.FromContext(ctx).StartSegmentNow(),
+	}
+	defer nr.End()
+
 	response, err := p.client.CheckPermission(ctx, request)
 
 	if err != nil {
@@ -125,6 +151,14 @@ func (p Permission) DeleteRelation(ctx context.Context, relation model.Relation)
 		},
 	}
 
+	nr := newrelic.DatastoreSegment{
+		Product:    nrStoreSpiceDB,
+		Collection: fmt.Sprintf("%s.%s", relationship.Resource.ObjectType, relationship.Subject.Object.ObjectType),
+		Operation:  "DeleteRelation",
+		StartTime:  newrelic.FromContext(ctx).StartSegmentNow(),
+	}
+	defer nr.End()
+
 	_, err = p.client.DeleteRelationships(ctx, request)
 
 	if err != nil {
@@ -142,6 +176,14 @@ func (p Permission) DeleteSubjectRelations(ctx context.Context, resource model.R
 		},
 	}
 
+	nr := newrelic.DatastoreSegment{
+		Product:    nrStoreSpiceDB,
+		Collection: resource.NamespaceId,
+		Operation:  "DeleteRelationsForResource",
+		StartTime:  newrelic.FromContext(ctx).StartSegmentNow(),
+	}
+	defer nr.End()
+
 	_, err := p.client.DeleteRelationships(ctx, request)
 
 	if err != nil {