-
Notifications
You must be signed in to change notification settings - Fork 246
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
moves seeding to the initialization of the datastore #539
moves seeding to the initialization of the datastore #539
Conversation
this moves the seeding responsibility out of IsReady and makes it side-effect free. Having the mutation as part of the datastore initialization gives us some nice properties: - the application fails to start if seeding didn't succeed. Lack of seeding is not something the application can recover from, and we wouldn't want to have a SpiceDB pod running as healthy when the datastore isn't seeded. If seeding failed due to a transient, the pod will get another chance as its restarted by kubernetes when non-zero error codes are returned. - IsReady is not invoked right after SpiceDB starts, so SpiceDB can start even though the datastore is not ready, leading to a situation where the service is healthy but unseeded until IsReady is invoked. This was reported in authzed#482 but there hasn't been traction on the proposal, so by moving seeding to datastore initialization we can make sure the application will fail to start.
# Conflicts: # internal/datastore/mysql/datastore_test.go
What is the plan for incremental seeding? For example, if a datastore were already seeded with the zeroth transaction and a new migration, e.g. the one proposed in #546 needed to do more "initial" DML statements, how would these get picked up? Can we add separate DML statements to migrations which get aggregated into a "seeded-through-migration" value which parallels the DDL statements? Maybe the migration executor could have both a |
Hey @jakedt, that's a great question. TL;DR I don't think it's needed, for now. Read further for the nitty gritty details: The way I think about the seeding is that is closely related to / needed by changes in the codebase, so deploying a new version of the codebase is warranted anyway, and so I haven't seen the need to run the seeding at any other moment during of the lifecycle of the spicedb processes. So in short, I don't think it's needed. Could you think of scenarios where it is? Doing this in initialization is somewhat the same because it makes sure that the application does not successfully startup unless the required migration and seeding is in place. This is also related to #482 A more fundamental question #546 opens up, and that I keep going back to, is the chicken and egg problem (we discussed about this recently in Discord). As far as I can tell, we can identify at least 2 classes of migrations:
#546 falls under the latter - it's adding a new table, and the currently running SpiceDB would remain unaffected by it. Then you deploy the application, and seeding happens. Great! 🎉 . Unfortunately due to how I addressed the reverse scenario with
I'm not sure I fully understood what you mentioned there. I thought about separating schema-migrations and data-migrations in |
Addresses one of the follow ups identified in #525
This moves the seeding responsibility out of
IsReady
and makes it side-effect free. It's conceptually unexpected thatIsReady
can have side effects, and beyond that, having the mutation as part of the datastore initialization gives us some nice properties:and we wouldn't want to have a SpiceDB pod running as healthy when the datastore isn't seeded. If seeding failed due to a transient, the pod will get another chance as its restarted by kubernetes when non-zero error codes are returned.
IsReady
is not invoked right after SpiceDB starts, so SpiceDB can start even though the datastore is not ready, leading to a situation where the service is healthy but unseeded until IsReady is invoked. This was reported in fail to start spice serve command if Datastore isn't ready #482 but there hasn't been traction on the proposal, so by moving seeding to datastore initialization we can make sure the application will fail to start.