Proposal: Operator-boostrapped schema

Proposal: Operator-boostrapped schema · ...

user

07/03/2024, 9:42 AM

Hello im trying to define the spicedb schema in a configMap while deploying the spicedb-operator as it mentionned here https://github.com/authzed/spicedb-operator/issues/259 , when i try to update the schema and redeploy i have error that suggest to use

--datastore-bootstrap-overwrite=true

but when i use this flag the previous namespaces in schema remain existing while the new one is added, is there's a way to only apply the new schema after updating the bootstrap file?

vroldanbet

07/03/2024, 9:59 AM

please note that if the schema change is a breaking change, the schema write operation is going to fail anyway, so that's not something you can automate with the operator (yet)

vroldanbet

07/03/2024, 10:00 AM

have you cheked if

--datastore-bootstrap-overwrite=true

is being correctly injected into your SpiceDB

Deployment

vroldanbet

07/03/2024, 10:00 AM

should be set like an env var:

SPICEDB_DATASTORE_BOOTSTRAP_OVERWRITE

vroldanbet

07/03/2024, 10:01 AM

these are the flags available:

Copy code

--datastore-bootstrap-files strings                               bootstrap data yaml files to load
      --datastore-bootstrap-overwrite                                   overwrite any existing data with bootstrap data
      --datastore-bootstrap-timeout duration                            maximum duration before timeout for the bootstrap data to be written (default 10s)
`

user

07/03/2024, 10:01 AM

yes when added the

--datastore-bootstrap-overwrite=true

i don't have any error again but the old schema is not deleted, i have the old schema merged with the new schema definition

vroldanbet

07/03/2024, 10:11 AM

I don't understand what "the old schema is not deleted" means. SpiceDB can only have 1 schema at a time.

user

07/03/2024, 10:20 AM

the old schema not replaced with the new schema. as an example if i have a first schema with this namespace

definition file{...}

and i want to replace it with new schema with another namespace

definition document{..}

, as a result i have a schema with two namespaces `definition file{...} `and

definition document{..}

vroldanbet

07/03/2024, 10:23 AM

you saying they are getting merged?

vroldanbet

07/03/2024, 10:23 AM

that's odd

user

07/03/2024, 10:23 AM

yes exactly

user

07/03/2024, 10:23 AM

and i only want to keep the new schema definition with new namespaces

vroldanbet

07/03/2024, 10:29 AM

I think this may be a bug, I believe this behaviour was deprecated a long time ago and somehow it was left in the bootstrap logic. @Joey can you clarify if it is intentional that

--datastore-bootstrap-overwrite

is "additive" in that it leaves the previous namespaces around and adds the ones from the bootstrap file?

vroldanbet

07/03/2024, 10:31 AM

@user there is unfortunately no workaround at the moment, as far as I can tell. An alternative would be to have an

init

container in your deployment that calls

zed schema write

. You can use the operators "patch" functionality to patch the SpiceDB deployment with such an init container, which would mount the config map and write to spicedb using

zed schema write

vroldanbet

07/03/2024, 10:32 AM

not ideal but should unblock you

user

07/03/2024, 11:19 AM

thank you so much @vroldanbet

user

07/03/2024, 12:33 PM

is there a fix planned for this bug soon?

vroldanbet

07/03/2024, 3:03 PM

first we need to confirmation from @Joey it's not intended behaviour. Given this is not a critical production issue, it's likely low priority

user

07/04/2024, 7:04 PM

hey @Joey can you confirm its/ its not intendend behaviour?

Joey

07/04/2024, 7:05 PM

it was intended behavior at the time, but we can likely change it now

Joey

07/04/2024, 7:05 PM

please file an issue

user

07/04/2024, 7:28 PM

I filed an issue : https://github.com/authzed/spicedb-operator/issues/319

user

07/04/2024, 7:29 PM

thank you @Joey 😇

vroldanbet

07/05/2024, 9:35 AM

thanks for opening the issue!

5 Views

Previous Next