https://authzed.com logo
Join Discord
Powered by
i'm using spiceDB in python flask app to manage pe...
# spicedb
y
i'm using spiceDB in python flask app to manage permission. and I'm using gunicorn to start my app with 20 workers. all gRPC API works fine except 'server_stream' type API such as LookupSubjects, the code just blocked where `client.LookupSubjects(req)`are
Copy code
...
user_list = []
# 流式调用
print(f"hello~ client={client}") # stuck here
for resp in client.LookupSubjects(request=req):
    print(f"tsktsk {resp}")      # this never ouput when API called in flask view functions
    resp: LookupSubjectsResponse
    if resp.subject.permissionship == LookupPermissionship.LOOKUP_PERMISSIONSHIP_HAS_PERMISSION.value:
        user_list.append(resp.subject.subject_object_id)
logging.info("users have [%s] role/permission towards [%s:%s] are %s", permission.value,
             resource_type.value, resource_id, user_list)
but when when i call the 
client.LookupSubjects(request=req)
in my test file, it worked fine. while the flask app did not.
v
👋🏻 please have a look at our tests on how to use that API method: https://github.com/authzed/authzed-py/blob/main/tests/v1_test.py#L145-L163
y
yeah, i did like that. and it worked well while i'm directly call lookupSubjects() API in my test case. but if I add this to my flask app which is run by gunicorn as i mentioned before. it just stuck where the api called.
yeah, i did like that. and it worked well while i'm directly call lookupSubjects() API in my single test case. but if I add this to my flask app which is run by gunicorn as i mentioned before. It just stuck where the api called. my view func is like:
Copy code
@mod.route("/admin/<uid>", methods=["POST"])
@system_admin_required # here's a checkPermission() API called, which is a unary type gRPC call. it worked as expected
def SetAdmin(uid):
    try:
        # 检查admin的人数, spiceDB 接口流式调用放在 视图函数/装饰器 中调用都会阻塞住Orz
        if len(lookup_user(resource_type=licObjectType.SYSTEM, resource_id=licSingletonID.SYSTEM_ID.value,
                    permission=licRelation.SYSTEM_ADMIN)) >= 3: # there's a client.lookupSubjects() call in look_user(), code just stuck there
           return "to much admin", 400
        # 添加权限
        grant_system_admin(uid)
        return jsonify(msg="operate success")
    except Exception as e:
        logging.error("grant admin to <%s> failed: %s", uid, e)
        return "grant admin failed", 400
P.S. I checked the code, in both single test file and the flask app logic code, the spiceDB client are both using 
grpc.secure_channel
instead of 
grpc.aio.secure_channel
v
so you say that it works on a plain old python app, but when you use the gunicorn server it wont work?
y
yes, i believed so
v
@youling66 did you figure it out? otherwise please open an issue in the https://github.com/authzed/authzed-py repository with a description on how to reproduce the problem, ideally with a test case
2 Views
PreviousNext
Powered by