From ff3e3c0b63fb62163fa4ef342e3648628354e2f4 Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Mon, 30 Dec 2024 11:58:58 -0500 Subject: [PATCH] Add debug trace support to bulk check API --- authzed/api/v1/debug.proto | 7 +++++++ authzed/api/v1/permission_service.proto | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/authzed/api/v1/debug.proto b/authzed/api/v1/debug.proto index 03fc216..c29f64c 100644 --- a/authzed/api/v1/debug.proto +++ b/authzed/api/v1/debug.proto @@ -23,6 +23,9 @@ message DebugInformation { // schema_used holds the schema used for the request. string schema_used = 2; + + // checks holds debug information about the individual checks made in a bulk check request. + repeated CheckDebugTrace checks = 3; } // CheckDebugTrace is a recursive trace of the requests made for resolving a CheckPermission @@ -82,6 +85,10 @@ message CheckDebugTrace { // optional_expires_at is the time at which at least one of the relationships used to // compute this result, expires (if any). This is *not* related to the caching window. google.protobuf.Timestamp optional_expires_at = 10; + + // trace_id is a unique identifier for this trace. This identifier is only guanranteed + // to be unique within the same overall Check or CheckBulk operation. + string trace_id = 11; } // CaveatEvalInfo holds information about a caveat expression that was evaluated. diff --git a/authzed/api/v1/permission_service.proto b/authzed/api/v1/permission_service.proto index 1c754d5..d55bc1c 100644 --- a/authzed/api/v1/permission_service.proto +++ b/authzed/api/v1/permission_service.proto @@ -421,6 +421,11 @@ message CheckBulkPermissionsRequest { Consistency consistency = 1; repeated CheckBulkPermissionsRequestItem items = 2 [ (validate.rules).repeated .items.message.required = true ]; + + // with_tracing, if true, indicates that each response should include a debug trace. + // This can be useful for debugging and performance analysis, but adds a small amount + // of compute overhead to the request. + bool with_tracing = 3; } message CheckBulkPermissionsRequestItem { @@ -454,6 +459,9 @@ message CheckBulkPermissionsResponseItem { CheckPermissionResponse.Permissionship permissionship = 1 [ (validate.rules).enum = {defined_only: true, not_in: [0]} ]; PartialCaveatInfo partial_caveat_info = 2 [ (validate.rules).message.required = false ]; + + // debug_trace is the debugging trace of this check, if requested. + DebugInformation debug_trace = 3; } // ExpandPermissionTreeRequest returns a tree representing the expansion of all