Skip to content

Commit

Permalink
Merge branch 'main' into feat/store-import-combine-tuples
Browse files Browse the repository at this point in the history
  • Loading branch information
DanielBertocci authored Dec 6, 2024
2 parents 1e6fda5 + 3d77e34 commit f2774db
Show file tree
Hide file tree
Showing 47 changed files with 1,137 additions and 399 deletions.
40 changes: 20 additions & 20 deletions .github/workflows/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@ jobs:
name: Lints
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.5.4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.5.4
with:
fetch-depth: 0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache-dependency-path: './go.sum'
check-latest: true
go-version: ${{ env.GO_VERSION }}
- name: golangci-lint
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
with:
version: latest
args: -v -c .golangci.yaml
Expand All @@ -39,10 +39,10 @@ jobs:
name: Security Audits
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.5.4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.5.4
with:
fetch-depth: 0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache-dependency-path: './go.sum'
check-latest: true
Expand All @@ -55,11 +55,11 @@ jobs:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.5.4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.5.4
with:
fetch-depth: 0

- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache-dependency-path: './go.sum'
check-latest: true
Expand All @@ -75,7 +75,7 @@ jobs:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 #2.0.0

Expand All @@ -84,10 +84,10 @@ jobs:
if: startsWith(github.ref, 'refs/tags/v') != true
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.5.4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.5.4
with:
fetch-depth: 0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache-dependency-path: './go.sum'
check-latest: true
Expand All @@ -100,21 +100,21 @@ jobs:
shell: bash

- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.5.4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.5.4
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache-dependency-path: './go.sum'
check-latest: true
go-version: ${{ env.GO_VERSION }}

- uses: anchore/sbom-action/download-syft@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0
- uses: anchore/sbom-action/download-syft@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8

- name: Run GoReleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
distribution: goreleaser
version: '~> v2'
Expand All @@ -139,12 +139,12 @@ jobs:
shell: bash

- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.5.4
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.5.4
with:
fetch-depth: 0

- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
cache-dependency-path: './go.sum'
check-latest: true
Expand All @@ -156,12 +156,12 @@ jobs:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
- uses: anchore/sbom-action/download-syft@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0
- uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- uses: anchore/sbom-action/download-syft@55dc4ee22412511ee8c3142cbea40418e6cec693 # v0.17.8

- name: Run GoReleaser
id: goreleaser
uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0
uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
with:
distribution: goreleaser
version: '~> v2'
Expand Down Expand Up @@ -271,7 +271,7 @@ jobs:
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0

- name: Verify image
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/semgrep.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.5.4
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.5.4
with:
fetch-depth: 0
- run: semgrep ci --no-suppress-errors
Expand Down
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,6 @@ dist/

# Mock source files
/mocks

# Test files
/tests/fixtures/identifiers
27 changes: 27 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,32 @@
# Changelog

### [0.6.2](https://github.com/openfga/cli/compare/v0.6.1...v0.6.2) (2024-12-02)

Fixed:
- Fixed issue where `fga store import` would error when importing a store with no tuples (#408) - thanks @ap0calypse8
- Fixed repetition in `fga query check` error output (#405) - thanks @Siddhant-K-code

### [0.6.1](https://github.com/openfga/cli/compare/v0.6.0...v0.6.1) (2024-09-09)

Fixed:
- Fixed issue where `fga store import`, `fga tuple write` and `fga tuple delete` could not be ran due to an issue with the `--max-tuples-per-write` and `--max-parallel-requests` options (#389)
- Fixed an issue where List Users failed test output did not include the returned response (#391)

### [0.6.0](https://github.com/openfga/cli/compare/v0.5.3...v0.6.0) (2024-09-08)

Added:
- Support usage of consistency parameter (#381)

### [0.5.3](https://github.com/openfga/cli/compare/v0.5.2...v0.5.3) (2024-08-15)

Fixed:
- Bump OpenFGA to v1.5.9 to fix an issue in the `check` API [CVE-2024-42473](https://github.com/openfga/openfga/security/advisories/GHSA-3f6g-m4hr-59h8)

### [0.5.2](https://github.com/openfga/cli/compare/v0.5.1...v0.5.2) (2024-08-08)

Fixed:
- Fixed issue where an error in getting the store in`fga store import` fails the import (#365)

### [0.5.1](https://github.com/openfga/cli/compare/v0.5.0...v0.5.1) (2024-06-25)

Fixed:
Expand Down
15 changes: 10 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ api-url: https://api.us1.fga.dev
client-id: 4Zb..UYjaHreLKOJuU8
client-secret: J3...2pBwiauD
api-audience: https://api.us1.fga.dev/
api-token-issuer: fga.us.auth0.com
api-token-issuer: auth.fga.dev
store-id: 01H0H015178Y2V4CX10C2KGHF4
```

Expand Down Expand Up @@ -981,10 +981,11 @@ fga query **check** <user> <relation> <object> [--condition] [--contextual-tuple
* `--model-id`: Specifies the model id to target (optional)
* `--contextual-tuple`: Contextual tuples (optional)
* `--context`: Condition context (optional)
* `--consistency`: Consistency preference (optional)

###### Example
- `fga query check --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document:roadmap --contextual-tuple "user:anne can_view folder:product" --contextual-tuple "folder:product parent document:roadmap"`
- `fga query check --store-id="01H4P8Z95KTXXEP6Z03T75Q984" user:anne can_view document:roadmap --context '{"ip_address":"127.0.0.1"}'`
- `fga query check --store-id="01H4P8Z95KTXXEP6Z03T75Q984" user:anne can_view document:roadmap --context '{"ip_address":"127.0.0.1"}' --consistency="HIGHER_CONSISTENCY"`


###### Response
Expand All @@ -1004,10 +1005,11 @@ fga query **list-objects** <user> <relation> <object_type> [--contextual-tuple "
* `--model-id`: Specifies the model id to target (optional)
* `--contextual-tuple`: Contextual tuples (optional) (can be multiple)
* `--context`: Condition context (optional)
* `--consistency`: Consistency preference (optional)

###### Example
- `fga query list-objects --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document --contextual-tuple "user:anne can_view folder:product" --contextual-tuple "folder:product parent document:roadmap"`
- `fga query list-objects --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document --context '{"ip_address":"127.0.0.1"}`
- `fga query list-objects --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document --context '{"ip_address":"127.0.0.1"} --consistency="HIGHER_CONSISTENCY"`

###### Response
```json5
Expand All @@ -1029,11 +1031,12 @@ fga query **list-relations** <user> <object> [--relation <relation>]* [--context
* `--model-id`: Specifies the model id to target (optional)
* `--contextual-tuple`: Contextual tuples (optional) (can be multiple)
* `--context`: Condition context (optional)
* `--consistency`: Consistency preference (optional)

###### Example
- `fga query list-relations --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne document:roadmap --relation can_view`
- `fga query list-relations --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne document:roadmap --relation can_view --contextual-tuple "user:anne can_view folder:product"`
- `fga query list-relations --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne document:roadmap --relation can_view --context '{"ip_address":"127.0.0.1"}`
- `fga query list-relations --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne document:roadmap --relation can_view --context '{"ip_address":"127.0.0.1"} --consistency="HIGHER_CONSISTENCY"`

###### Response
```json5
Expand All @@ -1052,6 +1055,7 @@ fga query **expand** <relation> <object> --store-id=<store-id> [--model-id=<mode
###### Parameters
* `--store-id`: Specifies the store id
* `--model-id`: Specifies the model id to target (optional)
* `--consistency`: Consistency preference (optional)

###### Example
`fga query expand --store-id=01H0H015178Y2V4CX10C2KGHF4 can_view document:roadmap`
Expand Down Expand Up @@ -1090,11 +1094,12 @@ fga query **list-users** --object <object> --relation <relation> --user-filter <
* `--model-id`: Specifies the model id to target (optional)
* `--contextual-tuple`: Contextual tuples (optional) (can be multiple)
* `--context`: Condition context (optional)
* `--consistency`: Consistency preference (optional)

###### Example
- `fga query list-users --store-id=01H0H015178Y2V4CX10C2KGHF4 --object document:roadmap --relation can_view --user-filter user`
- `fga query list-users --store-id=01H0H015178Y2V4CX10C2KGHF4 --object document:roadmap --relation can_view --user-filter user --contextual-tuple "user:anne can_view folder:product"`
- `fga query list-users --store-id=01H0H015178Y2V4CX10C2KGHF4 --object document:roadmap --relation can_view --user-filter group#member --context '{"ip_address":"127.0.0.1"}`
- `fga query list-users --store-id=01H0H015178Y2V4CX10C2KGHF4 --object document:roadmap --relation can_view --user-filter group#member --context '{"ip_address":"127.0.0.1"} --consistency="HIGHER_CONSISTENCY"`

###### Response
```json5
Expand Down
2 changes: 1 addition & 1 deletion cmd/model/list.go
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ var listCmd = &cobra.Command{

models := authorizationmodel.AuthzModelList{}
authzModels := response.AuthorizationModels
for index := range len(authzModels) {
for index := range authzModels {
authModel := authorizationmodel.AuthzModel{}
authModel.Set(authzModels[index])
models.AuthorizationModels = append(models.AuthorizationModels, authModel.DisplayAsJSON(fields))
Expand Down
2 changes: 1 addition & 1 deletion cmd/model/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ func validate(inputModel authorizationmodel.AuthzModel) validationResult {
return output
}

createdAt := time.Unix(int64(modelID.Time()/1_000), 0).UTC() //nolint:mnd
createdAt := ulid.Time(modelID.Time()).UTC()
output.CreatedAt = &createdAt
}

Expand Down
20 changes: 16 additions & 4 deletions cmd/query/check.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"context"
"fmt"

openfga "github.com/openfga/go-sdk"
"github.com/openfga/go-sdk/client"
"github.com/spf13/cobra"

Expand All @@ -34,6 +35,7 @@ func check(
object string,
contextualTuples []client.ClientContextualTupleKey,
queryContext *map[string]interface{},
consistency *openfga.ConsistencyPreference,
) (*client.ClientCheckResponse, error) {
body := &client.ClientCheckRequest{
User: user,
Expand All @@ -44,9 +46,14 @@ func check(
}
options := &client.ClientCheckOptions{}

// Don't set if UNSPECIFIED has been provided, it's the default anyway
if *consistency != openfga.CONSISTENCYPREFERENCE_UNSPECIFIED {
options.Consistency = consistency
}

response, err := fgaClient.Check(context.Background()).Body(*body).Options(*options).Execute()
if err != nil {
return nil, fmt.Errorf("failed to check due to %w", err)
return nil, err //nolint:wrapcheck
}

return response, nil
Expand All @@ -56,7 +63,7 @@ func check(
var checkCmd = &cobra.Command{
Use: "check",
Short: "Check",
Example: `fga query check --store-id="01H4P8Z95KTXXEP6Z03T75Q984" user:anne can_view document:roadmap --context '{"ip_address":"127.0.0.1"}'`, //nolint:lll
Example: `fga query check --store-id="01H4P8Z95KTXXEP6Z03T75Q984" user:anne can_view document:roadmap --context '{"ip_address":"127.0.0.1"}' --consistency "HIGHER_CONSISTENCY"`, //nolint:lll
Long: "Check if a user has a particular relation with an object.",
Args: cobra.ExactArgs(3), //nolint:mnd
RunE: func(cmd *cobra.Command, args []string) error {
Expand All @@ -76,9 +83,14 @@ var checkCmd = &cobra.Command{
return fmt.Errorf("error parsing query context for check: %w", err)
}

response, err := check(fgaClient, args[0], args[1], args[2], contextualTuples, queryContext)
consistency, err := cmdutils.ParseConsistencyFromCmd(cmd)
if err != nil {
return fmt.Errorf("error parsing consistency for check: %w", err)
}

response, err := check(fgaClient, args[0], args[1], args[2], contextualTuples, queryContext, consistency)
if err != nil {
return fmt.Errorf("failed to check due to %w", err)
return fmt.Errorf("check failed: %w", err)
}

return output.Display(*response)
Expand Down
Loading

0 comments on commit f2774db

Please sign in to comment.