properly handle conditions

openfga · Oct 4, 2023 · 04b5396 · 04b5396
1 parent 5ef0d33
commit 04b5396
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 24 deletions.
diff --git a/example/store.abac.yaml b/example/store.abac.yaml
@@ -13,7 +13,7 @@ tuples: # global tuples that would apply to all tests
     condition:
       condition_name: non_expired_grant_and_valid_ip
       context:
-        grant_timestamp: 2023-05-03T21:25:20+00:00
+        grant_timestamp: "2023-05-03T21:25:20+00:00"
         grant_duration: 10s
         cidr: 192.168.0.0/24
 tests:
@@ -22,44 +22,44 @@ tests:
       - user: user:anne
         object: document:1
         context:
-          current_timestamp: 2023-05-03T21:25:23+00:00
-          user_ip: 192.168.0.0
+          current_timestamp: "2023-05-03T21:25:23+00:00"
+          user_ip: "192.168.0.0"
         assertions:
           viewer: true # current time is within granted time interval and the user's ip is within the CIDR range
       - user: user:anne
         object: document:1
         context:
-          current_timestamp: 2023-05-03T21:25:31+00:00
-          user_ip: 192.168.0.0
+          current_timestamp: "2023-05-03T21:25:31+00:00"
+          user_ip: "192.168.0.0"
         assertions:
           viewer: false # current time is not within granted time
       - user: user:anne
         object: document:1
         context:
-          current_timestamp: 2023-05-03T21:25:23+00:00
-          user_ip: 192.168.1.0
+          current_timestamp: "2023-05-03T21:25:23+00:00"
+          user_ip: "192.168.1.0"
         assertions:
           viewer: false # current time is within granted time interval but the user's ip address is outside the CIDR range
     list_objects: # Each check test is made of: a user, an object type and the expected result for one or more relations
       - user: user:anne
         type: document
         context:
-          current_timestamp: 2023-05-03T21:25:23+00:00
-          user_ip: 192.168.0.0
+          current_timestamp: "2023-05-03T21:25:23+00:00"
+          user_ip: "192.168.0.0"
         assertions:
           viewer:
             - document:1
       - user: user:anne
         type: document
         context:
-          current_timestamp: 2023-05-03T21:25:31+00:001
-          user_ip: 192.168.0.0
+          current_timestamp: "2023-05-03T21:25:31+00:00"
+          user_ip: "192.168.0.0"
         assertions:
           viewer: []
       - user: user:anne
         type: document
         context:
-          current_timestamp: 2023-05-03T21:25:23+00:00
-          user_ip: 192.168.1.0
+          current_timestamp: "2023-05-03T21:25:23+00:00"
+          user_ip: "192.168.1.0"
         assertions:
-          viewer: []
+          viewer: []
diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/openfga/api/proto v0.0.0-20231003221420-8def83092353
 	github.com/openfga/go-sdk v0.2.3-0.20231003224507-5ba756a8fad3
 	github.com/openfga/language/pkg/go v0.0.0-20231003224558-7065d3ba122b
-	github.com/openfga/openfga v1.3.3-0.20231003221623-5af24375b9dd
+	github.com/openfga/openfga v1.3.3-0.20231004031727-08d9566abe19
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.16.0

diff --git a/go.sum b/go.sum
@@ -256,8 +256,8 @@ github.com/openfga/go-sdk v0.2.3-0.20231003224507-5ba756a8fad3 h1:3SabhrH+1Slk+E
 github.com/openfga/go-sdk v0.2.3-0.20231003224507-5ba756a8fad3/go.mod h1:ZB13O8GilPc0ITWssOszgxmz6CnIe8PQLZqbqAnx2IY=
 github.com/openfga/language/pkg/go v0.0.0-20231003224558-7065d3ba122b h1:Rosp+WKsM5UBwRNC7gIV9z+AwbRf6BaRVJ/G86ieJRQ=
 github.com/openfga/language/pkg/go v0.0.0-20231003224558-7065d3ba122b/go.mod h1:I/qb0YatVKwwnXX/kdVVtaGKw3aY5573NVBP8ZLjLnE=
-github.com/openfga/openfga v1.3.3-0.20231003221623-5af24375b9dd h1:KqUwZU/EyqqhSjocfbtbMdJLxcQ9sgiYvm1t6CLqtSQ=
-github.com/openfga/openfga v1.3.3-0.20231003221623-5af24375b9dd/go.mod h1:j9pWKpo9iK8RhsWHhyWLJTZNSaA7xTf1gnM++BYoYKA=
+github.com/openfga/openfga v1.3.3-0.20231004031727-08d9566abe19 h1:GK5dVCiFvLYkWJR/mtA24AXyOi4830YRlI/9B3KO14w=
+github.com/openfga/openfga v1.3.3-0.20231004031727-08d9566abe19/go.mod h1:j9pWKpo9iK8RhsWHhyWLJTZNSaA7xTf1gnM++BYoYKA=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
 github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=

diff --git a/internal/authorizationmodel/model.go b/internal/authorizationmodel/model.go
@@ -45,10 +45,11 @@ type AuthzModelList struct {
 }
 
 type AuthzModel struct {
-	ID              *string                   `json:"id,omitempty"`
-	CreatedAt       *time.Time                `json:"created_at,omitempty"`
-	SchemaVersion   *string                   `json:"schema_version,omitempty"`
-	TypeDefinitions *[]openfga.TypeDefinition `json:"type_definitions,omitempty"`
+	ID              *string                       `json:"id,omitempty"`
+	CreatedAt       *time.Time                    `json:"created_at,omitempty"`
+	SchemaVersion   *string                       `json:"schema_version,omitempty"`
+	TypeDefinitions *[]openfga.TypeDefinition     `json:"type_definitions,omitempty"`
+	Conditions      map[string]*openfga.Condition `json:"conditions,omitempty"`
 }
 
 func (model *AuthzModel) GetID() string {
@@ -126,6 +127,16 @@ func (model *AuthzModel) Set(authzModel openfga.AuthorizationModel) {
 	if model.ID != nil {
 		model.setCreatedAt()
 	}
+
+	conditions := authzModel.GetConditions()
+	if len(conditions) > 0 {
+		model.Conditions = make(map[string]*openfga.Condition, len(conditions))
+
+		for k, v := range conditions {
+			condition := v
+			model.Conditions[k] = &condition
+		}
+	}
 }
 
 func (model *AuthzModel) ReadFromJSONString(jsonString string) error {

diff --git a/internal/storetest/localstore.go b/internal/storetest/localstore.go
@@ -22,7 +22,11 @@ func initLocalStore(
 	var modelID *string
 
 	storeID := ulid.Make().String()
-	tuples := convertClientTupleKeysToProtoTupleKeys(testTuples)
+
+	tuples, err := convertClientTupleKeysToProtoTupleKeys(testTuples)
+	if err != nil {
+		return nil, nil, err
+	}
 
 	var authModelWriteReq *pb.WriteAuthorizationModelRequest
 
@@ -31,6 +35,7 @@ func initLocalStore(
 			StoreId:         storeID,
 			TypeDefinitions: model.GetTypeDefinitions(),
 			SchemaVersion:   model.GetSchemaVersion(),
+			Conditions:      model.GetConditions(),
 		}
 	}
 

diff --git a/internal/storetest/tuplekey.go b/internal/storetest/tuplekey.go
@@ -1,11 +1,16 @@
 package storetest
 
 import (
+	"fmt"
+
 	pb "github.com/openfga/api/proto/openfga/v1"
 	"github.com/openfga/go-sdk/client"
+	"google.golang.org/protobuf/types/known/structpb"
 )
 
-func convertClientTupleKeysToProtoTupleKeys(tuples []client.ClientContextualTupleKey) []*pb.WriteRequestTupleKey {
+func convertClientTupleKeysToProtoTupleKeys(
+	tuples []client.ClientContextualTupleKey,
+) ([]*pb.WriteRequestTupleKey, error) {
 	pbTuples := []*pb.WriteRequestTupleKey{}
 
 	for index := 0; index < len(tuples); index++ {
@@ -15,8 +20,21 @@ func convertClientTupleKeysToProtoTupleKeys(tuples []client.ClientContextualTupl
 			Relation: tuple.Relation,
 			Object:   tuple.Object,
 		}
+
+		if tuple.Condition != nil {
+			conditionContext, err := structpb.NewStruct(*tuple.Condition.Context)
+			if err != nil {
+				return nil, fmt.Errorf("failed to construct a proto struct: %w", err)
+			}
+
+			tpl.Condition = &pb.RelationshipCondition{
+				ConditionName: tuple.Condition.ConditionName,
+				Context:       conditionContext,
+			}
+		}
+
 		pbTuples = append(pbTuples, &tpl)
 	}
 
-	return pbTuples
+	return pbTuples, nil
 }