Merge pull request #1489 from authzed/multiple-slashes

all: support multiple slashes in object and caveat names

e2e/go.mod

@@ -3,7 +3,7 @@ module github.com/authzed/spicedb/e2e
 go 1.19
 
 require (
-	github.com/authzed/authzed-go v0.9.0
+	github.com/authzed/authzed-go v0.9.1-0.20230808160157-67ca5a9f8322
 	github.com/authzed/grpcutil v0.0.0-20230703173955-bdd0ac3f16a5
 	github.com/authzed/spicedb v1.23.1
 	github.com/brianvoe/gofakeit/v6 v6.23.0
@@ -31,7 +31,7 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.1 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
-	github.com/jzelinskie/stringz v0.0.1 // indirect
+	github.com/jzelinskie/stringz v0.0.2 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.19 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect

e2e/go.sum

@@ -5,8 +5,8 @@ cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGB
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
 github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
-github.com/authzed/authzed-go v0.9.0 h1:FBWWwYiZrreGN94R9EEIy1S2s0UAH0Hn7MWBRtbtF+w=
-github.com/authzed/authzed-go v0.9.0/go.mod h1:9Pl5jDQJHrjbMDuCrsa+Q6Tqmi1f2pDdIn/qNGI++vA=
+github.com/authzed/authzed-go v0.9.1-0.20230808160157-67ca5a9f8322 h1:xRXaLKkAQGF6aZv7KeoYCrxsHh1y9os6wFUUQ0TnMuE=
+github.com/authzed/authzed-go v0.9.1-0.20230808160157-67ca5a9f8322/go.mod h1:9Pl5jDQJHrjbMDuCrsa+Q6Tqmi1f2pDdIn/qNGI++vA=
 github.com/authzed/grpcutil v0.0.0-20230703173955-bdd0ac3f16a5 h1:Fg92G8sNNODbNe2ckJoLeMEPeDqSfygmXnpEXDnVifU=
 github.com/authzed/grpcutil v0.0.0-20230703173955-bdd0ac3f16a5/go.mod h1:qx105brQubHFYLRja6wlHA+JB8DSK+yhb8uc8aFA5NQ=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
@@ -68,8 +68,8 @@ github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/
 github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
 github.com/jackc/pgx/v5 v5.4.2 h1:u1gmGDwbdRUZiwisBm/Ky2M14uQyUP65bG8+20nnyrg=
 github.com/jackc/pgx/v5 v5.4.2/go.mod h1:q6iHT8uDNXWiFNOlRqJzBTaSH3+2xCXkokxHZC5qWFY=
-github.com/jzelinskie/stringz v0.0.1 h1:IahR+y8ct2nyj7B6i8UtFsGFj4ex1SX27iKFYsAheLk=
-github.com/jzelinskie/stringz v0.0.1/go.mod h1:hHYbgxJuNLRw91CmpuFsYEOyQqpDVFg8pvEh23vy4P0=
+github.com/jzelinskie/stringz v0.0.2 h1:OSjMEYvz8tjhovgZ/6cGcPID736ubeukr35mu6RYAmg=
+github.com/jzelinskie/stringz v0.0.2/go.mod h1:hHYbgxJuNLRw91CmpuFsYEOyQqpDVFg8pvEh23vy4P0=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

go.mod

@@ -7,7 +7,7 @@ require (
 	cloud.google.com/go/spanner v1.47.0
 	github.com/IBM/pgxpoolprometheus v1.1.1
 	github.com/Masterminds/squirrel v1.5.4
-	github.com/authzed/authzed-go v0.9.0
+	github.com/authzed/authzed-go v0.9.1-0.20230808160157-67ca5a9f8322
 	github.com/authzed/grpcutil v0.0.0-20230703173955-bdd0ac3f16a5
 	github.com/aws/aws-sdk-go v1.44.314
 	github.com/benbjohnson/clock v1.3.5
@@ -44,7 +44,7 @@ require (
 	github.com/jackc/pgx/v5 v5.4.2
 	github.com/johannesboyne/gofakes3 v0.0.0-20230506070712-04da935ef877
 	github.com/jzelinskie/cobrautil/v2 v2.0.0-20230714172849-80717639cec5
-	github.com/jzelinskie/stringz v0.0.1
+	github.com/jzelinskie/stringz v0.0.2
 	github.com/lib/pq v1.10.9
 	github.com/lthibault/jitterbug v2.0.0+incompatible
 	github.com/magefile/mage v1.15.0

go.sum

@@ -453,8 +453,8 @@ github.com/ashanbrown/forbidigo v1.6.0 h1:D3aewfM37Yb3pxHujIPSpTf6oQk9sc9WZi8ger
 github.com/ashanbrown/forbidigo v1.6.0/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU=
 github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s=
 github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI=
-github.com/authzed/authzed-go v0.9.0 h1:FBWWwYiZrreGN94R9EEIy1S2s0UAH0Hn7MWBRtbtF+w=
-github.com/authzed/authzed-go v0.9.0/go.mod h1:9Pl5jDQJHrjbMDuCrsa+Q6Tqmi1f2pDdIn/qNGI++vA=
+github.com/authzed/authzed-go v0.9.1-0.20230808160157-67ca5a9f8322 h1:xRXaLKkAQGF6aZv7KeoYCrxsHh1y9os6wFUUQ0TnMuE=
+github.com/authzed/authzed-go v0.9.1-0.20230808160157-67ca5a9f8322/go.mod h1:9Pl5jDQJHrjbMDuCrsa+Q6Tqmi1f2pDdIn/qNGI++vA=
 github.com/authzed/grpcutil v0.0.0-20230703173955-bdd0ac3f16a5 h1:Fg92G8sNNODbNe2ckJoLeMEPeDqSfygmXnpEXDnVifU=
 github.com/authzed/grpcutil v0.0.0-20230703173955-bdd0ac3f16a5/go.mod h1:qx105brQubHFYLRja6wlHA+JB8DSK+yhb8uc8aFA5NQ=
 github.com/aws/aws-sdk-go v1.44.256/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
@@ -903,8 +903,8 @@ github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY=
 github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0=
 github.com/jzelinskie/cobrautil/v2 v2.0.0-20230714172849-80717639cec5 h1:X7vo4fEmuKLS4YQ+WkQ9xEtnR93tqkcYnH4rDDkfzhI=
 github.com/jzelinskie/cobrautil/v2 v2.0.0-20230714172849-80717639cec5/go.mod h1:954benQgK9Oi403yRaIot4TgRM0dDLKrBj48K7J8NZg=
-github.com/jzelinskie/stringz v0.0.1 h1:IahR+y8ct2nyj7B6i8UtFsGFj4ex1SX27iKFYsAheLk=
-github.com/jzelinskie/stringz v0.0.1/go.mod h1:hHYbgxJuNLRw91CmpuFsYEOyQqpDVFg8pvEh23vy4P0=
+github.com/jzelinskie/stringz v0.0.2 h1:OSjMEYvz8tjhovgZ/6cGcPID736ubeukr35mu6RYAmg=
+github.com/jzelinskie/stringz v0.0.2/go.mod h1:hHYbgxJuNLRw91CmpuFsYEOyQqpDVFg8pvEh23vy4P0=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/errcheck v1.6.3 h1:dEKh+GLHcWm2oN34nMvDzn1sqI0i0WxPvrgiJA5JuM8=
 github.com/kisielk/errcheck v1.6.3/go.mod h1:nXw/i/MfnvRHqXa7XXmQMUB0oNFGuBrNI8d8NLy0LPw=

internal/services/integrationtesting/testconfigs/multipleslashes.yaml

@@ -0,0 +1,37 @@
+---
+schema: |+
+    definition org/identity_team/user {}
+
+    definition org/identity_team/group {
+    	relation member: org/identity_team/user | org/identity_team/group#member
+    }
+
+    definition org/docs_team/resource {
+        relation host: org/infra_team/resource
+
+    	relation viewer: org/identity_team/group#member | org/identity_team/group#member with foo/bar/only_on_tuesday
+    }
+
+    definition org/infra_team/resource {
+    	relation viewer: org/identity_team/group#member | org/identity_team/group#member with foo/bar/only_on_tuesday
+    }
+
+    caveat foo/bar/only_on_tuesday(day_of_week string) {
+      day_of_week == 'tuesday'
+    }
+
+relationships: >-
+    org/identity_team/group:ultragroup#member@org/identity_team/user:someguy#...
+
+    org/identity_team/group:megagroup#member@org/identity_team/group:ultragroup#member
+
+    org/identity_team/group:supergroup#member@org/identity_team/group:megagroup#member
+
+    org/identity_team/group:subgroup#member@org/identity_team/group:supergroup#member
+
+    org/docs_team/resource:someresource#viewer@org/identity_team/group:subgroup#member
+
+    org/docs_team/resource:someresource#host@org/infra_team/resource:prod-box
+assertions:
+    assertTrue: []
+    assertFalse: []

pkg/development/wasm/operations_test.go

@@ -77,7 +77,7 @@ func TestCheckOperation(t *testing.T) {
 			tuple.MustParse("somenamespace:someobj#anotherrel@user:foo"),
 			nil,
 			&devinterface.DeveloperError{
-				Message: "error in object definition fo: invalid NamespaceDefinition.Name: value does not match regex pattern \"^([a-z][a-z0-9_]{1,62}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$\"",
+				Message: "error in object definition fo: invalid NamespaceDefinition.Name: value does not match regex pattern \"^([a-z][a-z0-9_]{1,62}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$\"",
 				Kind:    devinterface.DeveloperError_SCHEMA_ISSUE,
 				Source:  devinterface.DeveloperError_SCHEMA,
 				Line:    1,

pkg/schemadsl/compiler/compiler_test.go

@@ -485,7 +485,7 @@ func TestCompile(t *testing.T) {
 			"invalid definition name",
 			nil,
 			`definition someTenant/fo {}`,
-			"parse error in `invalid definition name`, line 1, column 1: error in object definition someTenant/fo: invalid NamespaceDefinition.Name: value does not match regex pattern \"^([a-z][a-z0-9_]{1,62}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$\"",
+			"parse error in `invalid definition name`, line 1, column 1: error in object definition someTenant/fo: invalid NamespaceDefinition.Name: value does not match regex pattern \"^([a-z][a-z0-9_]{1,62}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$\"",
 			[]SchemaDefinition{},
 		},
 		{
@@ -801,6 +801,46 @@ func TestCompile(t *testing.T) {
 				),
 			},
 		},
+		{
+			"wrong tenant is not translated",
+			&someTenant,
+			`definition someothertenant/simple {
+				permission foos = (first + second) + (third + fourth)
+			}`,
+			"",
+			[]SchemaDefinition{
+				namespace.Namespace("someothertenant/simple",
+					namespace.MustRelation("foos",
+						namespace.Union(
+							namespace.ComputedUserset("first"),
+							namespace.ComputedUserset("second"),
+							namespace.ComputedUserset("third"),
+							namespace.ComputedUserset("fourth"),
+						),
+					),
+				),
+			},
+		},
+		{
+			"multiple-segment tenant",
+			&someTenant,
+			`definition sometenant/some_team/simple {
+				permission foos = (first + second) + (third + fourth)
+			}`,
+			"",
+			[]SchemaDefinition{
+				namespace.Namespace("sometenant/some_team/simple",
+					namespace.MustRelation("foos",
+						namespace.Union(
+							namespace.ComputedUserset("first"),
+							namespace.ComputedUserset("second"),
+							namespace.ComputedUserset("third"),
+							namespace.ComputedUserset("fourth"),
+						),
+					),
+				),
+			},
+		},
 		{
 			"multiple levels of compressed nesting",
 			&someTenant,

pkg/schemadsl/compiler/translator.go

@@ -24,7 +24,7 @@ type translationContext struct {
 
 func (tctx translationContext) prefixedPath(definitionName string) (string, error) {
 	var prefix, name string
-	if err := stringz.SplitExact(definitionName, "/", &prefix, &name); err != nil {
+	if err := stringz.SplitInto(definitionName, "/", &prefix, &name); err != nil {
 		if tctx.objectTypePrefix == nil {
 			return "", fmt.Errorf("found reference `%s` without prefix", definitionName)
 		}

pkg/schemadsl/compiler/translator_test.go

@@ -0,0 +1,45 @@
+package compiler
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestPrefixedPath(t *testing.T) {
+	fooPrefix := "foo"
+	barPrefix := "bar"
+	noPrefix := ""
+
+	testCases := []struct {
+		input         string
+		prefix        *string
+		expectedError bool
+		expected      string
+	}{
+		{"bar", &fooPrefix, false, "foo/bar"},
+		{"bar", &barPrefix, false, "bar/bar"},
+		{"bar", &noPrefix, false, "bar"},
+		{"foo/bar", &fooPrefix, false, "foo/bar"},
+		{"foo/bar", &barPrefix, false, "foo/bar"},
+		{"foo/bar", &noPrefix, false, "foo/bar"},
+		{"bar", nil, true, ""},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.input, func(t *testing.T) {
+			require := require.New(t)
+
+			tctx := translationContext{
+				objectTypePrefix: tc.prefix,
+			}
+			output, err := tctx.prefixedPath(tc.input)
+			if tc.expectedError {
+				require.Error(err)
+			} else {
+				require.NoError(err)
+				require.Equal(tc.expected, output)
+			}
+		})
+	}
+}

pkg/schemadsl/lexer/lex_test.go

@@ -66,6 +66,19 @@ var lexerTests = []lexerTest{
 		tEOF,
 	}},
 
+	{"multiple slash path", "foo/bar/baz/bang/zoom", []Lexeme{
+		{TokenTypeIdentifier, 0, "foo", ""},
+		{TokenTypeDiv, 0, "/", ""},
+		{TokenTypeIdentifier, 0, "bar", ""},
+		{TokenTypeDiv, 0, "/", ""},
+		{TokenTypeIdentifier, 0, "baz", ""},
+		{TokenTypeDiv, 0, "/", ""},
+		{TokenTypeIdentifier, 0, "bang", ""},
+		{TokenTypeDiv, 0, "/", ""},
+		{TokenTypeIdentifier, 0, "zoom", ""},
+		tEOF,
+	}},
+
 	{"type star", "foo:*", []Lexeme{
 		{TokenTypeIdentifier, 0, "foo", ""},
 		{TokenTypeColon, 0, ":", ""},