so a user provides a zedtoken to provide a "point in time" for snapshot isolation

that's how versionined namespaces will work today

that could also be generalized to say "snapshot isolation for the schema"

versioned*

but the open question would be how to support new relationships on a staged schema

out of curiosity: what are the goals (or what is being addressed) y'all have for versioned schemas you are implementing today?

ensuring schema changes use the same MVCC as relationship changes

so you can request a schema matching a zedtoken, etc

got it!

I'm using Postgres. From what I see the request made at Postgres there are no check that "deleted_transaction" is set or not. I'll try with a touch

yeah the touch should give us a pretty clear indicator of what's going wrong

Touch returns the same error :

failed precondition: unable to write tuples: unable to satisfy write precondition `operation:OPERATION_MUST_NOT_MATCH filter:{resource_type:"user" optional_resource_id:"user_id" optional_subject_filter:{subject_type:"project"}}`

The SQL query made seems to be the following :

{
  "level": "info",
  "module": "pgx",
  "args": [
    "user",
    "user_id",
    "project"
  ],
  "pid": 45594,
  "rowCount": 1,
  "sql": "SELECT id FROM relation_tuple WHERE namespace = $1 AND object_id = $2 AND userset_namespace = $3 LIMIT 1",
  "time": "2021-12-14T16:16:40Z",
  "message": "Query"
}

@User I've created an issue: https://github.com/authzed/spicedb/issues/339

do you want to take a stab at fixing it or should we schedule it on our end?

the first step is to write a repro test case in

internal/datastore/test

so that we can ensure that all datastore implementations are handling this in a compliant fashion

I tried to fix it on my own and make a PR but honestly I'm really not that good in GoLang, I'll try to dig a bit on it but it is probably better to not expect a lot from me haha

ok no problem, just figured I would give you dibs on the implementation since you found the problem!

I am getting this error while creating schema in spicedb

Unknown desc = could not lookup definition `user` for relation `team_admin`: unknown definition user",

my input is this

definition team {
    relation team_admin: user
    relation team_member: user
    permission view = team_admin + team_member
}

I already created the user schema in the previous call and it is in db

definition user {}

@rsbh in v1 writing the schema completely replaces all schema that came before it, and the schema object must be self-consistent. If that write succeeded it would remove your user object definition

So we have to pass all schemas everytime

In v1, yes. If you need isolated smaller virtual spicedbs on the same cluster, that is a feature of authzed enterprise.

Okay, are we getting Validate schema api in future?

I have seen validate command PR

Yes, that is the plan, there is also an API for that in the developer API I believe, I can follow up when I get to a computer

@User here is the draft PR that adds the validate command: https://github.com/authzed/spicedb/pull/292

@rsbh and here is the developer API that you can run today if you need something sooner: https://buf.build/authzed/api/docs/main/authzed.api.v0#Validate

and here is an issue where we're gathering thoughts about whether people are interested in an LSP implementation of the dev tools

@User i was talking about Validate for v1.WriteSchema api. we wants to just dry run and validate the schema before pushing it to spicedb

@User the general recommendation will be to validate it using the new

validate

command once its been added into SpiceDB; that way, you not only validate the schema itself, but you can define test relationships, and a set of assertions that must be true/false