feat: Add support for self keyword in schema for referencing a resource as a subject

[tstirrat15]

Reverts #1515
Fixes #338
Continues #1511

Description

The reason we reverted #1511 is that we'd break schemas where folks were using self as an actual relation name. We now have a mechanism to work around that, which is use directives. This updates the code from #1511 to introduce a use self directive which enables this feature at the schema level, disallows the use of self as a normal relation name, and then compiles accordingly.

TODO

• Figure out where this code moved: https://github.com/authzed/spicedb/pull/1511/changes#diff-b443ad8517c2657f0460e20d33e05f0f0f2a746c059f0e7db67f79f6ba16af7b
• Implement parser flag
• Ensure it works with composable schemas
• Update the integration test

Changes

Will annotate. See commits after the first one for the changes required for the use directive.

Testing

Review. See that tests pass.

[codecov]

Codecov Report

❌ Patch coverage is 1.85185% with 159 lines in your changes missing coverage. Please review.
✅ Project coverage is 39.56%. Comparing base (5243b57) to head (1307604).

Files with missing lines	Patch %	Lines
pkg/query/self.go	0.00%	41 Missing ⚠️
internal/graph/expand.go	0.00%	19 Missing ⚠️
internal/graph/check.go	0.00%	15 Missing ⚠️
internal/graph/lookupresources2.go	0.00%	15 Missing ⚠️
internal/graph/lookupsubjects.go	0.00%	15 Missing ⚠️
pkg/schemadsl/parser/parser.go	0.00%	9 Missing ⚠️
pkg/schema/reachabilitygraphbuilder.go	11.12%	8 Missing ⚠️
pkg/schema/reachabilitygraph.go	0.00%	6 Missing ⚠️
pkg/schema/v2/operations.go	0.00%	5 Missing ⚠️
pkg/schemadsl/lexer/flags.go	0.00%	5 Missing ⚠️
... and 8 more

❌ Your project check has failed because the head coverage (39.56%) is below the target coverage (75.00%). You can increase the head coverage or adjust the target coverage.

❗ There is a different number of reports uploaded between BASE (5243b57) and HEAD (1307604). Click for more details.

HEAD has 27 uploads less than BASE

Flag	BASE (5243b57)	HEAD (1307604)
	50	23

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2785       +/-   ##
===========================================
- Coverage   78.50%   39.56%   -38.94%     
===========================================
  Files         458      414       -44     
  Lines       44253    40864     -3389     
===========================================
- Hits        34736    16163    -18573     
- Misses       6698    22828    +16130     
+ Partials     2819     1873      -946     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[tstirrat15]

See comments

[tstirrat15]

I don't completely understand this part of the implementation. Where is the self logic here? Or is it actually implemented elsewhere?

[tstirrat15]

Should we refactor this to use an arrow, or is there something important about this being a userset?

[tstirrat15]

Why don't these need the use flags?

[tstirrat15]

Why was this necessary? Is it because we've already reserved self?

We'll probably refactor this when we go and collapse composableschemadsl and schemadsl.

[tstirrat15]

context?

[tstirrat15]

This seems like it's not necessary based on how this function is invoked. Is it worth keeping just so that the caller doesn't have to know that?

[tstirrat15]

Nit, move up

[tstirrat15]

@barakmich

[tstirrat15]

Need to update this - we're not actually checking the self relation because we're not asserting that a user is me_or_related to themselves.

[barakmich]

There's a helper for this (EmptyPathSeq()) but I went to find it and found more copies of this; so this is fine and I'll do a chore on it.

[barakmich]

Looks good from my end -- I checked pkg/query and pkg/schema/v2 thoroughly, and gave the parser a glance from my recollection of it

[tstirrat15]

For anyone following along:

The integration tests are broken because the expected relations portion of the integration test harness makes an assumption that it can calculate all accessibility information based on the test relations defined in the validation file. That no longer holds for self-defined permissions, because they're fully synthetic and aren't represented by a relation.

Barak and I talked about how we might fix it both in the short term and the long term; I'd like to revisit that conversation on Monday and figure out whether we want to just get this PR through or come up with a better way of structuring the integration tests.