From 8000fd49874aaa0d3561804713a51ac2764f0aed Mon Sep 17 00:00:00 2001 From: Kartik Verma Date: Mon, 11 Jul 2022 23:19:00 +0530 Subject: [PATCH] fix spice nr --- cmd/serve.go | 29 ++++++++++++------- docker-compose.yml | 4 +-- internal/authz/spicedb/spicedb.go | 48 +++++++++++++++++++++++++++++-- 3 files changed, 65 insertions(+), 16 deletions(-) diff --git a/cmd/serve.go b/cmd/serve.go index 9143d166a..707cd713d 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -11,23 +11,19 @@ import ( "syscall" "time" - "github.com/odpf/shield/internal/permission" - - "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" - "github.com/odpf/shield/internal/bootstrap" - "github.com/odpf/shield/internal/group" - - "github.com/odpf/shield/internal/relation" - "github.com/odpf/shield/internal/resource" - "github.com/odpf/shield/api/handler" v1 "github.com/odpf/shield/api/handler/v1beta1" "github.com/odpf/shield/config" "github.com/odpf/shield/hook" authz_hook "github.com/odpf/shield/hook/authz" "github.com/odpf/shield/internal/authz" + "github.com/odpf/shield/internal/bootstrap" + "github.com/odpf/shield/internal/group" "github.com/odpf/shield/internal/org" + "github.com/odpf/shield/internal/permission" "github.com/odpf/shield/internal/project" + "github.com/odpf/shield/internal/relation" + "github.com/odpf/shield/internal/resource" "github.com/odpf/shield/internal/roles" "github.com/odpf/shield/internal/schema" "github.com/odpf/shield/internal/user" @@ -36,6 +32,8 @@ import ( blobstore "github.com/odpf/shield/store/blob" "github.com/odpf/shield/store/postgres" + "github.com/grpc-ecosystem/grpc-gateway/v2/runtime" + "github.com/newrelic/go-agent/v3/newrelic" "github.com/odpf/salt/log" "github.com/odpf/salt/server" "github.com/pkg/errors" @@ -292,8 +290,7 @@ func apiDependencies(ctx context.Context, db *sql.SQL, appConfig *config.Shield, Logger: logger, } - bootstrapService.BootstrapDefaultDefinitions(ctx) - err := bootstrapService.BootstrapResources(ctx, resourceConfig) + err := bootstrapSpiceConfigs(ctx, appConfig, bootstrapService, resourceConfig, logger) if err != nil { return handler.Deps{}, err @@ -334,3 +331,13 @@ func apiDependencies(ctx context.Context, db *sql.SQL, appConfig *config.Shield, } return dependencies, nil } + +func bootstrapSpiceConfigs(ctx context.Context, appConfig *config.Shield, bootstrapService bootstrap.Service, resourceConfig *blobstore.ResourcesRepository, logger log.Logger) error { + nrApp := setupNewRelic(appConfig.NewRelic, logger) + nrTxn := nrApp.StartTransaction("shield.bootstrap_resources") + ctx = newrelic.NewContext(ctx, nrTxn) + defer nrTxn.End() + + bootstrapService.BootstrapDefaultDefinitions(ctx) + return bootstrapService.BootstrapResources(ctx, resourceConfig) +} diff --git a/docker-compose.yml b/docker-compose.yml index 68473dde7..21cc737ce 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -79,8 +79,8 @@ services: image: quay.io/authzed/spicedb:v1.0.0 ports: - "8081:8080" - - "50052:50051" - - "50054:50053" + - "50051:50051" + - "50053:50053" command: spicedb serve --grpc-preshared-key "shield" --grpc-no-tls --datastore-engine postgres --datastore-conn-uri postgres://spicedb:@pg2:5432/spicedb?sslmode=disable diff --git a/internal/authz/spicedb/spicedb.go b/internal/authz/spicedb/spicedb.go index 7be56f843..6649e1b6b 100644 --- a/internal/authz/spicedb/spicedb.go +++ b/internal/authz/spicedb/spicedb.go @@ -4,15 +4,15 @@ import ( "context" "fmt" + "github.com/odpf/shield/config" "github.com/odpf/shield/internal/schema_generator" "github.com/odpf/shield/model" - "github.com/odpf/salt/log" - pb "github.com/authzed/authzed-go/proto/authzed/api/v1" "github.com/authzed/authzed-go/v1" "github.com/authzed/grpcutil" - "github.com/odpf/shield/config" + "github.com/newrelic/go-agent/v3/newrelic" + "github.com/odpf/salt/log" "google.golang.org/grpc" ) @@ -21,6 +21,8 @@ type SpiceDB struct { Permission *Permission } +const nrStoreSpiceDB = "spicedb" + type Policy struct { client *authzed.Client } @@ -35,6 +37,14 @@ func (s *SpiceDB) Check() bool { func (p *Policy) AddPolicy(ctx context.Context, schema string) error { request := &pb.WriteSchemaRequest{Schema: schema} + nr := newrelic.DatastoreSegment{ + Product: nrStoreSpiceDB, + Collection: "Policy", + Operation: "AddPolicy", + StartTime: newrelic.FromContext(ctx).StartSegmentNow(), + } + defer nr.End() + _, err := p.client.WriteSchema(ctx, request) if err != nil { return err @@ -78,6 +88,14 @@ func (p Permission) AddRelation(ctx context.Context, relation model.Relation) er }, } + nr := newrelic.DatastoreSegment{ + Product: nrStoreSpiceDB, + Collection: fmt.Sprintf("%s.%s", relationship.Resource.ObjectType, relationship.Subject.Object.ObjectType), + Operation: "AddRelation", + StartTime: newrelic.FromContext(ctx).StartSegmentNow(), + } + defer nr.End() + _, err = p.client.WriteRelationships(ctx, request) if err != nil { @@ -99,6 +117,14 @@ func (p Permission) CheckRelation(ctx context.Context, relation model.Relation, Permission: action.Id, } + nr := newrelic.DatastoreSegment{ + Product: nrStoreSpiceDB, + Collection: fmt.Sprintf("%s.%s", relationship.Resource.ObjectType, relationship.Subject.Object.ObjectType), + Operation: "CheckRelation", + StartTime: newrelic.FromContext(ctx).StartSegmentNow(), + } + defer nr.End() + response, err := p.client.CheckPermission(ctx, request) if err != nil { @@ -125,6 +151,14 @@ func (p Permission) DeleteRelation(ctx context.Context, relation model.Relation) }, } + nr := newrelic.DatastoreSegment{ + Product: nrStoreSpiceDB, + Collection: fmt.Sprintf("%s.%s", relationship.Resource.ObjectType, relationship.Subject.Object.ObjectType), + Operation: "DeleteRelation", + StartTime: newrelic.FromContext(ctx).StartSegmentNow(), + } + defer nr.End() + _, err = p.client.DeleteRelationships(ctx, request) if err != nil { @@ -142,6 +176,14 @@ func (p Permission) DeleteSubjectRelations(ctx context.Context, resource model.R }, } + nr := newrelic.DatastoreSegment{ + Product: nrStoreSpiceDB, + Collection: resource.NamespaceId, + Operation: "DeleteRelationsForResource", + StartTime: newrelic.FromContext(ctx).StartSegmentNow(), + } + defer nr.End() + _, err := p.client.DeleteRelationships(ctx, request) if err != nil {