feat: abac and conditions support

openfga · Sep 26, 2023 · 142fdce · 142fdce
1 parent e03ff4d
commit 142fdce
Show file tree

Hide file tree

Showing 46 changed files with 2,733 additions and 142 deletions.
diff --git a/.openapi-generator/FILES b/.openapi-generator/FILES
@@ -23,14 +23,18 @@ docs/Any.md
 docs/Assertion.md
 docs/AuthorizationModel.md
 docs/CheckRequest.md
+docs/CheckRequestTupleKey.md
 docs/CheckResponse.md
 docs/Computed.md
+docs/Condition.md
+docs/ConditionParamTypeRef.md
 docs/ContextualTupleKeys.md
 docs/CreateStoreRequest.md
 docs/CreateStoreResponse.md
 docs/Difference.md
 docs/ErrorCode.md
 docs/ExpandRequest.md
+docs/ExpandRequestTupleKey.md
 docs/ExpandResponse.md
 docs/GetStoreResponse.md
 docs/InternalErrorCode.md
@@ -43,6 +47,7 @@ docs/Metadata.md
 docs/Node.md
 docs/Nodes.md
 docs/NotFoundErrorCode.md
+docs/NullValue.md
 docs/ObjectRelation.md
 docs/OpenFgaApi.md
 docs/PathUnknownErrorMessageResponse.md
@@ -51,18 +56,20 @@ docs/ReadAuthorizationModelResponse.md
 docs/ReadAuthorizationModelsResponse.md
 docs/ReadChangesResponse.md
 docs/ReadRequest.md
+docs/ReadRequestTupleKey.md
 docs/ReadResponse.md
 docs/RelationMetadata.md
 docs/RelationReference.md
+docs/RelationshipCondition.md
 docs/Status.md
 docs/Store.md
 docs/Tuple.md
 docs/TupleChange.md
 docs/TupleKey.md
-docs/TupleKeys.md
 docs/TupleOperation.md
 docs/TupleToUserset.md
 docs/TypeDefinition.md
+docs/TypeName.md
 docs/Users.md
 docs/Userset.md
 docs/UsersetTree.md
@@ -74,6 +81,8 @@ docs/WriteAssertionsRequest.md
 docs/WriteAuthorizationModelRequest.md
 docs/WriteAuthorizationModelResponse.md
 docs/WriteRequest.md
+docs/WriteRequestTupleKey.md
+docs/WriteRequestTupleKeys.md
 git_push.sh
 go.mod
 go.sum
@@ -84,14 +93,18 @@ model_any.go
 model_assertion.go
 model_authorization_model.go
 model_check_request.go
+model_check_request_tuple_key.go
 model_check_response.go
 model_computed.go
+model_condition.go
+model_condition_param_type_ref.go
 model_contextual_tuple_keys.go
 model_create_store_request.go
 model_create_store_response.go
 model_difference.go
 model_error_code.go
 model_expand_request.go
+model_expand_request_tuple_key.go
 model_expand_response.go
 model_get_store_response.go
 model_internal_error_code.go
@@ -104,25 +117,28 @@ model_metadata.go
 model_node.go
 model_nodes.go
 model_not_found_error_code.go
+model_null_value.go
 model_object_relation.go
 model_path_unknown_error_message_response.go
 model_read_assertions_response.go
 model_read_authorization_model_response.go
 model_read_authorization_models_response.go
 model_read_changes_response.go
 model_read_request.go
+model_read_request_tuple_key.go
 model_read_response.go
 model_relation_metadata.go
 model_relation_reference.go
+model_relationship_condition.go
 model_status.go
 model_store.go
 model_tuple.go
 model_tuple_change.go
 model_tuple_key.go
-model_tuple_keys.go
 model_tuple_operation.go
 model_tuple_to_userset.go
 model_type_definition.go
+model_type_name.go
 model_users.go
 model_userset.go
 model_userset_tree.go
@@ -134,6 +150,8 @@ model_write_assertions_request.go
 model_write_authorization_model_request.go
 model_write_authorization_model_response.go
 model_write_request.go
+model_write_request_tuple_key.go
+model_write_request_tuple_keys.go
 oauth2/LICENSE
 oauth2/ORIGINAL_AUTHORS
 oauth2/ORIGINAL_CONTRIBUTORS

diff --git a/README.md b/README.md
@@ -801,14 +801,18 @@ Class | Method | HTTP request | Description
  - [Assertion](docs/Assertion.md)
  - [AuthorizationModel](docs/AuthorizationModel.md)
  - [CheckRequest](docs/CheckRequest.md)
+ - [CheckRequestTupleKey](docs/CheckRequestTupleKey.md)
  - [CheckResponse](docs/CheckResponse.md)
  - [Computed](docs/Computed.md)
+ - [Condition](docs/Condition.md)
+ - [ConditionParamTypeRef](docs/ConditionParamTypeRef.md)
  - [ContextualTupleKeys](docs/ContextualTupleKeys.md)
  - [CreateStoreRequest](docs/CreateStoreRequest.md)
  - [CreateStoreResponse](docs/CreateStoreResponse.md)
  - [Difference](docs/Difference.md)
  - [ErrorCode](docs/ErrorCode.md)
  - [ExpandRequest](docs/ExpandRequest.md)
+ - [ExpandRequestTupleKey](docs/ExpandRequestTupleKey.md)
  - [ExpandResponse](docs/ExpandResponse.md)
  - [GetStoreResponse](docs/GetStoreResponse.md)
  - [InternalErrorCode](docs/InternalErrorCode.md)
@@ -821,25 +825,28 @@ Class | Method | HTTP request | Description
  - [Node](docs/Node.md)
  - [Nodes](docs/Nodes.md)
  - [NotFoundErrorCode](docs/NotFoundErrorCode.md)
+ - [NullValue](docs/NullValue.md)
  - [ObjectRelation](docs/ObjectRelation.md)
  - [PathUnknownErrorMessageResponse](docs/PathUnknownErrorMessageResponse.md)
  - [ReadAssertionsResponse](docs/ReadAssertionsResponse.md)
  - [ReadAuthorizationModelResponse](docs/ReadAuthorizationModelResponse.md)
  - [ReadAuthorizationModelsResponse](docs/ReadAuthorizationModelsResponse.md)
  - [ReadChangesResponse](docs/ReadChangesResponse.md)
  - [ReadRequest](docs/ReadRequest.md)
+ - [ReadRequestTupleKey](docs/ReadRequestTupleKey.md)
  - [ReadResponse](docs/ReadResponse.md)
  - [RelationMetadata](docs/RelationMetadata.md)
  - [RelationReference](docs/RelationReference.md)
+ - [RelationshipCondition](docs/RelationshipCondition.md)
  - [Status](docs/Status.md)
  - [Store](docs/Store.md)
  - [Tuple](docs/Tuple.md)
  - [TupleChange](docs/TupleChange.md)
  - [TupleKey](docs/TupleKey.md)
- - [TupleKeys](docs/TupleKeys.md)
  - [TupleOperation](docs/TupleOperation.md)
  - [TupleToUserset](docs/TupleToUserset.md)
  - [TypeDefinition](docs/TypeDefinition.md)
+ - [TypeName](docs/TypeName.md)
  - [Users](docs/Users.md)
  - [Userset](docs/Userset.md)
  - [UsersetTree](docs/UsersetTree.md)
@@ -851,6 +858,8 @@ Class | Method | HTTP request | Description
  - [WriteAuthorizationModelRequest](docs/WriteAuthorizationModelRequest.md)
  - [WriteAuthorizationModelResponse](docs/WriteAuthorizationModelResponse.md)
  - [WriteRequest](docs/WriteRequest.md)
+ - [WriteRequestTupleKey](docs/WriteRequestTupleKey.md)
+ - [WriteRequestTupleKeys](docs/WriteRequestTupleKeys.md)
 
 
 ## Contributing

diff --git a/api_open_fga.go b/api_open_fga.go
@@ -252,8 +252,7 @@ type OpenFgaApi interface {
 	}
 	```
 	This means that `user:bob` has a `reader` relationship with 1 document `document:2021-budget`. Note that this API, unlike the List Objects API, does not evaluate the tuples in the store.
-	The continuation token will be empty if there are no more tuples to query.
-	### Query for all stored relationship tuples that have a particular relation and object
+	The continuation token will be empty if there are no more tuples to query.### Query for all stored relationship tuples that have a particular relation and object
 	To query for all users that have `reader` relationship with `document:2021-budget`, call read API with body of
 	```json
 	{
@@ -2574,8 +2573,7 @@ The API will return tuples and a continuation token, something like
 
 ```
 This means that `user:bob` has a `reader` relationship with 1 document `document:2021-budget`. Note that this API, unlike the List Objects API, does not evaluate the tuples in the store.
-The continuation token will be empty if there are no more tuples to query.
-### Query for all stored relationship tuples that have a particular relation and object
+The continuation token will be empty if there are no more tuples to query.### Query for all stored relationship tuples that have a particular relation and object
 To query for all users that have `reader` relationship with `document:2021-budget`, call read API with body of
 ```json
 

diff --git a/api_open_fga_test.go b/api_open_fga_test.go
@@ -569,7 +569,7 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "check",
 		}
 		requestBody := CheckRequest{
-			TupleKey: TupleKey{
+			TupleKey: CheckRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
@@ -621,8 +621,8 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "write",
 		}
 		requestBody := WriteRequest{
-			Writes: &TupleKeys{
-				TupleKeys: []TupleKey{{
+			Writes: &WriteRequestTupleKeys{
+				TupleKeys: []WriteRequestTupleKey{{
 					User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 					Relation: PtrString("viewer"),
 					Object:   PtrString("document:roadmap"),
@@ -667,8 +667,8 @@ func TestOpenFgaApi(t *testing.T) {
 		}
 
 		requestBody := WriteRequest{
-			Deletes: &TupleKeys{
-				TupleKeys: []TupleKey{{
+			Deletes: &WriteRequestTupleKeys{
+				TupleKeys: []WriteRequestTupleKey{{
 					User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 					Relation: PtrString("viewer"),
 					Object:   PtrString("document:roadmap"),
@@ -713,7 +713,7 @@ func TestOpenFgaApi(t *testing.T) {
 		}
 
 		requestBody := ExpandRequest{
-			TupleKey: TupleKey{
+			TupleKey: ExpandRequestTupleKey{
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
 			},
@@ -761,7 +761,7 @@ func TestOpenFgaApi(t *testing.T) {
 		}
 
 		requestBody := ReadRequest{
-			TupleKey: &TupleKey{
+			TupleKey: &ReadRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
@@ -924,7 +924,7 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "check",
 		}
 		requestBody := CheckRequest{
-			TupleKey: TupleKey{
+			TupleKey: CheckRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
@@ -987,7 +987,7 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "check",
 		}
 		requestBody := CheckRequest{
-			TupleKey: TupleKey{
+			TupleKey: CheckRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
@@ -1043,7 +1043,7 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "check",
 		}
 		requestBody := CheckRequest{
-			TupleKey: TupleKey{
+			TupleKey: CheckRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
@@ -1106,7 +1106,7 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "check",
 		}
 		requestBody := CheckRequest{
-			TupleKey: TupleKey{
+			TupleKey: CheckRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
@@ -1177,7 +1177,7 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "check",
 		}
 		requestBody := CheckRequest{
-			TupleKey: TupleKey{
+			TupleKey: CheckRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),
@@ -1239,7 +1239,7 @@ func TestOpenFgaApi(t *testing.T) {
 			RequestPath:    "check",
 		}
 		requestBody := CheckRequest{
-			TupleKey: TupleKey{
+			TupleKey: CheckRequestTupleKey{
 				User:     PtrString("user:81684243-9356-4421-8fbf-a4f8d36aa31b"),
 				Relation: PtrString("viewer"),
 				Object:   PtrString("document:roadmap"),

diff --git a/client/client.go b/client/client.go
@@ -127,6 +127,14 @@ func (tupleKey ClientTupleKey) ToTupleKey() openfga.TupleKey {
 	}
 }
 
+func (tupleKey ClientTupleKey) ToWriteRequestTupleKey() openfga.WriteRequestTupleKey {
+	return openfga.WriteRequestTupleKey{
+		User:     openfga.PtrString(tupleKey.User),
+		Relation: openfga.PtrString(tupleKey.Relation),
+		Object:   openfga.PtrString(tupleKey.Object),
+	}
+}
+
 type ClientPaginationOptions struct {
 	PageSize          *int32  `json:"page_size,omitempty"`
 	ContinuationToken *string `json:"continuation_token,omitempty"`
@@ -1129,7 +1137,7 @@ func (client *OpenFgaClient) ReadExecute(request SdkClientReadRequestInterface)
 		ContinuationToken: getContinuationTokenFromRequest((*ClientPaginationOptions)(request.GetOptions())),
 	}
 	if request.GetBody() != nil && (request.GetBody().User != nil || request.GetBody().Relation != nil || request.GetBody().Object != nil) {
-		body.TupleKey = &openfga.TupleKey{
+		body.TupleKey = &openfga.ReadRequestTupleKey{
 			User:     request.GetBody().User,
 			Relation: request.GetBody().Relation,
 			Object:   request.GetBody().Object,
@@ -1292,16 +1300,16 @@ func (client *OpenFgaClient) WriteExecute(request SdkClientWriteRequestInterface
 			AuthorizationModelId: authorizationModelId,
 		}
 		if request.GetBody().Writes != nil && len(*request.GetBody().Writes) > 0 {
-			writes := openfga.TupleKeys{}
+			writes := openfga.WriteRequestTupleKeys{}
 			for index := 0; index < len(*request.GetBody().Writes); index++ {
-				writes.TupleKeys = append(writes.TupleKeys, (*request.GetBody().Writes)[index].ToTupleKey())
+				writes.TupleKeys = append(writes.TupleKeys, (*request.GetBody().Writes)[index].ToWriteRequestTupleKey())
 			}
 			writeRequest.Writes = &writes
 		}
 		if request.GetBody().Deletes != nil && len(*request.GetBody().Deletes) > 0 {
-			deletes := openfga.TupleKeys{}
+			deletes := openfga.WriteRequestTupleKeys{}
 			for index := 0; index < len(*request.GetBody().Deletes); index++ {
-				deletes.TupleKeys = append(deletes.TupleKeys, (*request.GetBody().Deletes)[index].ToTupleKey())
+				deletes.TupleKeys = append(deletes.TupleKeys, (*request.GetBody().Deletes)[index].ToWriteRequestTupleKey())
 			}
 			writeRequest.Deletes = &deletes
 		}
@@ -1652,7 +1660,7 @@ func (client *OpenFgaClient) CheckExecute(request SdkClientCheckRequestInterface
 		return nil, err
 	}
 	requestBody := openfga.CheckRequest{
-		TupleKey: openfga.TupleKey{
+		TupleKey: openfga.CheckRequestTupleKey{
 			User:     openfga.PtrString(request.GetBody().User),
 			Relation: openfga.PtrString(request.GetBody().Relation),
 			Object:   openfga.PtrString(request.GetBody().Object),
@@ -1869,7 +1877,7 @@ func (client *OpenFgaClient) ExpandExecute(request SdkClientExpandRequestInterfa
 	}
 
 	data, _, err := client.OpenFgaApi.Expand(request.GetContext()).Body(openfga.ExpandRequest{
-		TupleKey: openfga.TupleKey{
+		TupleKey: openfga.ExpandRequestTupleKey{
 			Relation: &request.GetBody().Relation,
 			Object:   &request.GetBody().Object,
 		},
@@ -2201,7 +2209,7 @@ type ClientWriteAssertionsRequest = []ClientAssertion
 
 func (clientAssertion ClientAssertion) ToAssertion() openfga.Assertion {
 	return openfga.Assertion{
-		TupleKey: openfga.TupleKey{
+		TupleKey: openfga.CheckRequestTupleKey{
 			User:     openfga.PtrString(clientAssertion.User),
 			Relation: openfga.PtrString(clientAssertion.Relation),
 			Object:   openfga.PtrString(clientAssertion.Object),