Skip to content

Commit

Permalink
Merge pull request #414 from authzed/take-security-patch
Browse files Browse the repository at this point in the history
Take security patch
  • Loading branch information
tstirrat15 authored Sep 16, 2024
2 parents 16b534d + ce0ed02 commit da21cce
Show file tree
Hide file tree
Showing 15 changed files with 147 additions and 112 deletions.
3 changes: 2 additions & 1 deletion .github/workflows/lint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,8 @@ jobs:
id: "goreleaser"
with:
distribution: "goreleaser-pro"
version: "latest"
# Pinning to version 2.2.0 to get around a regression in 2.3.0.
version: "2.2.0"
args: "release -f .goreleaser.docker.yml --clean --split --snapshot"
env:
GORELEASER_KEY: "${{ secrets.GORELEASER_KEY }}"
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ jobs:
- uses: "goreleaser/goreleaser-action@v6"
with:
distribution: "goreleaser-pro"
version: "latest"
# Pinning to v2.2.0 to work around a regression in 2.3.0
version: &goreleaser_version "2.2.0"
args: "release --clean"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
Expand All @@ -46,7 +47,7 @@ jobs:
- uses: "goreleaser/goreleaser-action@v6"
with:
distribution: "goreleaser-pro"
version: "latest"
version: *goreleaser_version
args: "release --config=.goreleaser.docker.yml --clean"
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
Expand Down
2 changes: 1 addition & 1 deletion .goreleaser.yml
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ checksum:
name_template: "checksums.txt"

snapshot:
name_template: "{{ incpatch .Version }}-next"
version_template: "{{ incpatch .Version }}-next"

changelog:
use: "github-native"
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.22-alpine3.20 AS zed-builder
FROM golang:1.23-alpine3.20 AS zed-builder
WORKDIR /go/src/app
RUN apk update && apk add --no-cache git
COPY . .
Expand Down
8 changes: 5 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
module github.com/authzed/zed

go 1.22.4
go 1.22.7

toolchain go1.22.5
toolchain go1.23.1

require (
github.com/99designs/keyring v1.2.2
Expand All @@ -11,8 +11,10 @@ require (
github.com/authzed/grpcutil v0.0.0-20240123194739-2ea1e3d2d98b
github.com/authzed/spicedb v1.35.3
github.com/brianvoe/gofakeit/v6 v6.28.0
github.com/ccoveille/go-safecast v1.1.0
github.com/cenkalti/backoff/v4 v4.3.0
github.com/charmbracelet/lipgloss v0.12.1
github.com/charmbracelet/x/term v0.2.0
github.com/google/uuid v1.6.0
github.com/gookit/color v1.5.4
github.com/hamba/avro/v2 v2.22.1
Expand Down Expand Up @@ -230,7 +232,7 @@ require (
golang.org/x/crypto v0.25.0 // indirect
golang.org/x/net v0.27.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sys v0.22.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
Expand Down
7 changes: 6 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -720,6 +720,8 @@ github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl
github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
github.com/brianvoe/gofakeit/v6 v6.28.0 h1:Xib46XXuQfmlLS2EXRuJpqcw8St6qSZz75OUo0tgAW4=
github.com/brianvoe/gofakeit/v6 v6.28.0/go.mod h1:Xj58BMSnFqcn/fAQeSK+/PLtC5kSb7FJIq4JyGa8vEs=
github.com/ccoveille/go-safecast v1.1.0 h1:iHKNWaZm+OznO7Eh6EljXPjGfGQsSfa6/sxPlIEKO+g=
github.com/ccoveille/go-safecast v1.1.0/go.mod h1:QqwNjxQ7DAqY0C721OIO9InMk9zCwcsO7tnRuHytad8=
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
Expand All @@ -738,6 +740,8 @@ github.com/charmbracelet/lipgloss v0.12.1 h1:/gmzszl+pedQpjCOH+wFkZr/N90Snz40J/N
github.com/charmbracelet/lipgloss v0.12.1/go.mod h1:V2CiwIuhx9S1S1ZlADfOj9HmxeMAORuz5izHb0zGbB8=
github.com/charmbracelet/x/ansi v0.1.4 h1:IEU3D6+dWwPSgZ6HBH+v6oUuZ/nVawMiWj5831KfiLM=
github.com/charmbracelet/x/ansi v0.1.4/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=
github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0=
github.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
Expand Down Expand Up @@ -1707,8 +1711,9 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
Expand Down
4 changes: 2 additions & 2 deletions internal/cmd/backup.go
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ func registerBackupCmd(rootCmd *cobra.Command) {
}

func registerBackupRestoreFlags(cmd *cobra.Command) {
cmd.Flags().Int("batch-size", 1_000, "restore relationship write batch size")
cmd.Flags().Uint("batch-size", 1_000, "restore relationship write batch size")
cmd.Flags().Uint("batches-per-transaction", 10, "number of batches per transaction")
cmd.Flags().String("conflict-strategy", "fail", "strategy used when a conflicting relationship is found. Possible values: fail, skip, touch")
cmd.Flags().Bool("disable-retries", false, "retries when an errors is determined to be retryable (e.g. serialization errors)")
Expand Down Expand Up @@ -397,7 +397,7 @@ func backupRestoreCmdFunc(cmd *cobra.Command, args []string) error {
return fmt.Errorf("unable to initialize client: %w", err)
}

batchSize := cobrautil.MustGetInt(cmd, "batch-size")
batchSize := cobrautil.MustGetUint(cmd, "batch-size")
batchesPerTransaction := cobrautil.MustGetUint(cmd, "batches-per-transaction")

strategy, err := GetEnum[ConflictStrategy](cmd, "conflict-strategy", conflictStrategyMapping)
Expand Down
2 changes: 1 addition & 1 deletion internal/cmd/backup_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -330,7 +330,7 @@ func TestBackupRestoreCmdFunc(t *testing.T) {
zedtesting.BoolFlag{FlagName: "rewrite-legacy"},
zedtesting.StringFlag{FlagName: "conflict-strategy", FlagValue: "fail"},
zedtesting.BoolFlag{FlagName: "disable-retries"},
zedtesting.IntFlag{FlagName: "batch-size", FlagValue: 100},
zedtesting.UintFlag{FlagName: "batch-size", FlagValue: 100},
zedtesting.UintFlag{FlagName: "batches-per-transaction", FlagValue: 10},
zedtesting.DurationFlag{FlagName: "request-timeout"},
)
Expand Down
103 changes: 58 additions & 45 deletions internal/cmd/restorer.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ import (
"time"

v1 "github.com/authzed/authzed-go/proto/authzed/api/v1"
"github.com/authzed/spicedb/pkg/spiceerrors"
"github.com/ccoveille/go-safecast"
"github.com/cenkalti/backoff/v4"
"github.com/mattn/go-isatty"
"github.com/rs/zerolog/log"
Expand Down Expand Up @@ -57,25 +59,25 @@ type restorer struct {
decoder *backupformat.Decoder
client client.Client
prefixFilter string
batchSize int
batchSize uint
batchesPerTransaction uint
conflictStrategy ConflictStrategy
disableRetryErrors bool
bar *progressbar.ProgressBar

// stats
filteredOutRels int64
writtenRels int64
writtenBatches int64
skippedRels int64
skippedBatches int64
duplicateRels int64
duplicateBatches int64
totalRetries int64
filteredOutRels uint
writtenRels uint
writtenBatches uint
skippedRels uint
skippedBatches uint
duplicateRels uint
duplicateBatches uint
totalRetries uint
requestTimeout time.Duration
}

func newRestorer(schema string, decoder *backupformat.Decoder, client client.Client, prefixFilter string, batchSize int,
func newRestorer(schema string, decoder *backupformat.Decoder, client client.Client, prefixFilter string, batchSize uint,
batchesPerTransaction uint, conflictStrategy ConflictStrategy, disableRetryErrors bool,
requestTimeout time.Duration,
) *restorer {
Expand Down Expand Up @@ -129,7 +131,7 @@ func (r *restorer) restoreFromDecoder(ctx context.Context) error {

batch = append(batch, rel)

if len(batch)%r.batchSize == 0 {
if uint(len(batch))%r.batchSize == 0 {
batchesToBeCommitted = append(batchesToBeCommitted, batch)
err := relationshipWriter.Send(&v1.BulkImportRelationshipsRequest{
Relationships: batch,
Expand Down Expand Up @@ -195,13 +197,13 @@ func (r *restorer) restoreFromDecoder(ctx context.Context) error {

totalTime := time.Since(relationshipWriteStart)
log.Info().
Int64("batches", r.writtenBatches).
Int64("relationships_loaded", r.writtenRels).
Int64("relationships_skipped", r.skippedRels).
Int64("duplicate_relationships", r.duplicateRels).
Int64("relationships_filtered_out", r.filteredOutRels).
Int64("retried_errors", r.totalRetries).
Uint64("perSecond", perSec(uint64(r.writtenRels+r.skippedRels), totalTime)).
Uint("batches", r.writtenBatches).
Uint("relationships_loaded", r.writtenRels).
Uint("relationships_skipped", r.skippedRels).
Uint("duplicate_relationships", r.duplicateRels).
Uint("relationships_filtered_out", r.filteredOutRels).
Uint("retried_errors", r.totalRetries).
Uint64("perSecond", perSec(uint64(r.writtenRels), totalTime)).
Stringer("duration", totalTime).
Msg("finished restore")
return nil
Expand All @@ -210,9 +212,9 @@ func (r *restorer) restoreFromDecoder(ctx context.Context) error {
func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.ExperimentalService_BulkImportRelationshipsClient,
batchesToBeCommitted [][]*v1.Relationship,
) error {
var numLoaded, expectedLoaded, retries uint64
var numLoaded, expectedLoaded, retries uint
for _, b := range batchesToBeCommitted {
expectedLoaded += uint64(len(b))
expectedLoaded += uint(len(b))
}

resp, err := bulkImportClient.CloseAndRecv() // transaction commit happens here
Expand All @@ -225,6 +227,8 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim
canceled, cancelErr := isCanceledError(ctx.Err(), err)
unknown := !retryable && !conflict && !canceled && err != nil

numBatches := uint(len(batchesToBeCommitted))

switch {
case canceled:
r.bar.Describe("backup restore aborted")
Expand All @@ -235,24 +239,24 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim
case retryable && r.disableRetryErrors:
return err
case conflict && r.conflictStrategy == Skip:
r.skippedRels += int64(expectedLoaded)
r.skippedBatches += int64(len(batchesToBeCommitted))
r.duplicateBatches += int64(len(batchesToBeCommitted))
r.duplicateRels += int64(expectedLoaded)
r.skippedRels += expectedLoaded
r.skippedBatches += numBatches
r.duplicateBatches += numBatches
r.duplicateRels += expectedLoaded
r.bar.Describe("skipping conflicting batch")
case conflict && r.conflictStrategy == Touch:
r.bar.Describe("touching conflicting batch")
r.duplicateRels += int64(expectedLoaded)
r.duplicateBatches += int64(len(batchesToBeCommitted))
r.duplicateRels += expectedLoaded
r.duplicateBatches += numBatches
r.totalRetries++
numLoaded, retries, err = r.writeBatchesWithRetry(ctx, batchesToBeCommitted)
if err != nil {
return fmt.Errorf("failed to write retried batch: %w", err)
}

retries++ // account for the initial attempt
r.writtenBatches += int64(len(batchesToBeCommitted))
r.writtenRels += int64(numLoaded)
r.writtenBatches += numBatches
r.writtenRels += numLoaded
case conflict && r.conflictStrategy == Fail:
r.bar.Describe("conflict detected, aborting restore")
return fmt.Errorf("duplicate relationships found")
Expand All @@ -265,34 +269,43 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim
}

retries++ // account for the initial attempt
r.writtenBatches += int64(len(batchesToBeCommitted))
r.writtenRels += int64(numLoaded)
r.writtenBatches += numBatches
r.writtenRels += numLoaded
default:
r.bar.Describe("restoring relationships from backup")
r.writtenBatches += int64(len(batchesToBeCommitted))
r.writtenBatches += numBatches
}

// it was a successful transaction commit without duplicates
if resp != nil {
r.writtenRels += int64(resp.NumLoaded)
if expectedLoaded != resp.NumLoaded {
log.Warn().Uint64("loaded", resp.NumLoaded).Uint64("expected", expectedLoaded).Msg("unexpected number of relationships loaded")
numLoaded, err := safecast.ToUint(resp.NumLoaded)
if err != nil {
return spiceerrors.MustBugf("could not cast numLoaded to uint")
}
r.writtenRels += numLoaded
if uint64(expectedLoaded) != resp.NumLoaded {
log.Warn().Uint64("loaded", resp.NumLoaded).Uint("expected", expectedLoaded).Msg("unexpected number of relationships loaded")
}
}

if err := r.bar.Set64(r.writtenRels + r.skippedRels); err != nil {
writtenAndSkipped, err := safecast.ToInt64(r.writtenRels + r.skippedRels)
if err != nil {
return fmt.Errorf("too many written and skipped rels for an int64")
}

if err := r.bar.Set64(writtenAndSkipped); err != nil {
return fmt.Errorf("error incrementing progress bar: %w", err)
}

if !isatty.IsTerminal(os.Stderr.Fd()) {
log.Trace().
Int64("batches_written", r.writtenBatches).
Int64("relationships_written", r.writtenRels).
Int64("duplicate_batches", r.duplicateBatches).
Int64("duplicate_relationships", r.duplicateRels).
Int64("skipped_batches", r.skippedBatches).
Int64("skipped_relationships", r.skippedRels).
Uint64("retries", retries).
Uint("batches_written", r.writtenBatches).
Uint("relationships_written", r.writtenRels).
Uint("duplicate_batches", r.duplicateBatches).
Uint("duplicate_relationships", r.duplicateRels).
Uint("skipped_batches", r.skippedBatches).
Uint("skipped_relationships", r.skippedRels).
Uint("retries", retries).
Msg("restore progress")
}

Expand All @@ -301,14 +314,14 @@ func (r *restorer) commitStream(ctx context.Context, bulkImportClient v1.Experim

// writeBatchesWithRetry writes a set of batches using touch semantics and without transactional guarantees -
// each batch will be committed independently. If a batch fails, it will be retried up to 10 times with a backoff.
func (r *restorer) writeBatchesWithRetry(ctx context.Context, batches [][]*v1.Relationship) (uint64, uint64, error) {
func (r *restorer) writeBatchesWithRetry(ctx context.Context, batches [][]*v1.Relationship) (uint, uint, error) {
backoffInterval := backoff.NewExponentialBackOff()
backoffInterval.InitialInterval = defaultBackoff
backoffInterval.MaxInterval = 2 * time.Second
backoffInterval.MaxElapsedTime = 0
backoffInterval.Reset()

var currentRetries, totalRetries, loadedRels uint64
var currentRetries, totalRetries, loadedRels uint
for _, batch := range batches {
updates := lo.Map[*v1.Relationship, *v1.RelationshipUpdate](batch, func(item *v1.Relationship, _ int) *v1.RelationshipUpdate {
return &v1.RelationshipUpdate{
Expand Down Expand Up @@ -339,7 +352,7 @@ func (r *restorer) writeBatchesWithRetry(ctx context.Context, batches [][]*v1.Re

currentRetries = 0
backoffInterval.Reset()
loadedRels += uint64(len(batch))
loadedRels += uint(len(batch))
break
}
}
Expand Down
Loading

0 comments on commit da21cce

Please sign in to comment.