SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions.

SpiceDB

still not working, just to be super sure, this is what we are talking about, right?
var optionalCaveat = &authzed.ContextualizedCaveat{}
    relationship := &authzed.Relationship{
        Resource: spiceDBObject,
        Relation: *authzRelationship.Relation,
        Subject: &authzed.SubjectReference{
            Object: &authzed.ObjectReference{
                ObjectType: subjectType, ObjectId: *authzRelationship.Subject.ID,
            },
        },
    }
    if authzRelationship.Caveat != nil {
        optionalCaveat = &authzed.ContextualizedCaveat{
            CaveatName: *authzRelationship.Caveat,
        }
        relationship = &authzed.Relationship{
            Resource: spiceDBObject,
            Relation: *authzRelationship.Relation,
            Subject: &authzed.SubjectReference{
                Object: &authzed.ObjectReference{
                    ObjectType: subjectType, ObjectId: *authzRelationship.Subject.ID,
                },
            },
            OptionalCaveat: optionalCaveat,
        }
    }
i dont see any error but the has_2fa is not being removed. i will retry/retest everything tomorrow again just in case