Skip to content

Commit

Permalink
ci: test with specified OpenFGA server
Browse files Browse the repository at this point in the history
  • Loading branch information
@le-yams
le-yams committed May 16, 2024
1 parent 10ecf0b commit 6081099
Show file tree
Hide file tree
Showing 3 changed files with 136 additions and 0 deletions.
60 changes: 60 additions & 0 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,63 @@ jobs:
uses: ./
with:
test_path: ./example/model.fga.yaml

test_conditions_against_openfga_version:
name: Run test against given OpenFGA version
runs-on: ubuntu-latest
strategy:
matrix:
test:
- openfga_version: 1.5.3
conditions_supported: true
- openfga_version: 1.4.3
conditions_supported: true
- openfga_version: 1.3.7
conditions_supported: false
services:
postgres:
image: postgres:14
env:
POSTGRES_USER: openfga
POSTGRES_PASSWORD: "1234"
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
env:
OPENFGA_DATASTORE_ENGINE: 'postgres'
OPENFGA_DATASTORE_URI: 'postgres://openfga:[email protected]:5432/openfga'
OPENFGA_LOG_LEVEL: debug
steps:
- uses: actions/checkout@v4
- name: Install OpenFGA server ${{ matrix.test.openfga_version }}
uses: jaxxstorm/[email protected]
with:
repo: openfga/openfga
tag: ${{ matrix.test.openfga_version }}
cache: enable
- name: Migrate OpenFGA Database
shell: bash
run: openfga migrate
- name: Start OpenFGA Server
shell: bash
run: openfga run &
- name: Run OpenFGA CLI Tests
id: 'tests'
uses: ./
continue-on-error: true
with:
test_path: ./example/model_with_conditions.fga.yaml
fga_server_url: 'http://localhost:8080'
- name: Assert expected results
run: |
if [ "${{ matrix.test.conditions_supported }}" == "true" ] && [ "${{ steps.tests.outcome }}" == "failure" ]
then
echo "${{ matrix.test.openfga_version }} is expected to support conditions but tests failed"
exit 1
fi
if [ "${{ matrix.test.conditions_supported }}" == "false" ] && [ "${{ steps.tests.outcome }}" == "success" ]
then
echo "${{ matrix.test.openfga_version }} is expected to not support conditions but tests passed"
exit 1
fi
12 changes: 12 additions & 0 deletions example/model_with_conditions.fga
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
model
schema 1.1

type user

type document
relations
define viewer: [user, user with non_expired_grant]

condition non_expired_grant(current_time: timestamp, grant_time: timestamp, grant_duration: duration) {
current_time < grant_time + grant_duration
}
64 changes: 64 additions & 0 deletions example/model_with_conditions.fga.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
name: FolderBox with temporal accesses # store name
model_file: ./model_with_conditions.fga

tuples:
- user: user:bob
relation: viewer
object: document:1

- user: user:anne
relation: viewer
object: document:1
condition:
name: non_expired_grant
context:
grant_time : "2023-01-01T00:00:00Z"
grant_duration : 1h

- user: user:anne
relation: viewer
object: document:2
condition:
name: non_expired_grant
context:
grant_time : "2023-01-01T00:00:00Z"
grant_duration : 5s

tests:
- name: Test temporal access
check:
- user: user:anne
object: document:1
context:
current_time: "2023-01-01T00:10:00Z"
assertions:
viewer: true

- user: user:anne
object: document:1
context:
current_time: "2023-01-01T02:00:00Z"
assertions:
viewer: false

- user: user:anne
object: document:2
context:
current_time: "2023-01-01T00:00:09Z"
assertions:
viewer: false

- user: user:bob
object: document:1
assertions:
viewer: true

list_objects:
- user: user:anne
type: document
context:
current_time: "2023-01-01T00:00:01Z"
assertions:
viewer:
- document:1
- document:2

0 comments on commit 6081099

Please sign in to comment.