Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update zed validate docs #302

Merged
merged 3 commits into from
Jan 23, 2025
Merged

Update zed validate docs #302

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b10e11b
Update zed validate docs
tstirrat15 Jan 22, 2025
aa80fcc
Update pages/spicedb/modeling/validation-testing-debugging.mdx
tstirrat15 Jan 22, 2025
94fe6ef
Update pages/spicedb/modeling/validation-testing-debugging.mdx
tstirrat15 Jan 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 56 additions & 7 deletions pages/spicedb/modeling/validation-testing-debugging.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,19 +164,68 @@ Request tracing information by setting `with_tracing: true` in the request messa

### Zed Validate

Files exported from the [Playground](#playground) can also be validated by the `zed validate` command.
This is particularly useful for testing locally or checking into a CI/CD workflow.
If you're using GitHub, there's [GitHub Action][validate-action] for running this validation.
The `zed` binary provides a means of validating and testing a schema locally and in CI:

[validate-action]: #authzedaction-spicedb-validate
```sh
zed validate my-schema.zed
```

It will load and validate the schema using the same parsing logic that the SpiceDB binary uses,
ensuring that a schema that passes validation will be considered a valid schema by your SpiceDB instance.

<Callout type="warning">
Note that a schema write can still fail if a relation is removed and there are still instances of that
relation in your database. `zed` doesn't know about your data.
</Callout>

Here's an example using `zed validate`:
You can validate the functionality of your schema using validation yaml files, such as those exported
by the [Playground](#playground):

```sh
zed validate schema-and-validations.yaml
```
$ zed validate schema-and-assertions.yaml
Success! - 3 relationships loaded, 4 assertions run, 2 expected relations validated

Validation files take this form:

```yaml
schema: >-
// schema goes here
# -- OR --
schemaFile: "./path/to/schema.zed"

# Note that relations are a single heredoc string rather than a yaml list
relationships: >-
object:foo#relation@subject:bar
object:baz#relation@subject:qux

assertions:
assertTrue:
- object:foo#relation@subject:bar
assertFalse:
- object:foo#relation@subject:qux
validation:
object:foo#relation:
- "[subject:bar] is <object:foo#user>"
```

As of version v0.25.0, `zed validate` command can take multiple files as arguments:

```sh
zed validate some-validations.yaml some-other-validations.yaml
```

This means you can validate a folder full of files using shell globbing:

```sh
zed validate validations/*
```

There's an example of this available in the [examples repository](https://github.com/authzed/examples/tree/main/schemas/multiple-validation-files).

If you're using GitHub, there's a [GitHub Action][validate-action] for running this validation.

[validate-action]: #authzedaction-spicedb-validate

### Explain Flag

The `zed permission check` command has an optional flag, `--explain`, that will cause SpiceDB to collect the actual paths taken against the live system to compute a permission check.
Expand Down
Loading