search

authzed / spicedb

Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data
https://authzed.com/docs
Apache License 2.0
5k stars 267 forks source link

Tooling to help debug cyclic data issues #2056

Open zxlin opened 1 month ago

zxlin commented 1 month ago

Problem Statement

Sometimes there may be cyclic data accidentally stored into SpiceDB and right now it's kind of hard to identify where in the data there is a cycle. It's only really realized with calls like lookup-resources as that will do a full traversal and not short circuit like with check permission.

Solution Brainstorm

It may be useful to include in the --explain feature some kind of highlighting if a particular node in the graph was traversed more than once (or however many time it was traversed), so that the user can more quickly identify a cyclic data problem in their DB.

josephschorr commented 1 month ago

zed --explain does indeed highlight recursions: https://authzed.com/docs/spicedb/modeling/recursion-and-max-depth#what-do-i-do-about-a-max-depth-error-on-checkpermission

corkrean commented 2 weeks ago

@josephschorr, sure, but that doesn't solve the problem statement. If a lookup-resources request results in a cycle, it can be challenging to identify where in the data the cycle is occurring. There is no equivalent of --explain for lookup-resources.