Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenFGA Integration #673

Open
wants to merge 53 commits into
base: master
Choose a base branch
from

Conversation

daveads
Copy link
Contributor

@daveads daveads commented Sep 30, 2024

Feature: Add OpenFGA Policy Store to OPAL

This PR addresses issue #661 by integrating OpenFGA Policy Store into OPAL.

/claim #661

Copy link

netlify bot commented Sep 30, 2024

Deploy Preview for opal-docs ready!

Name Link
🔨 Latest commit 088f9bc
🔍 Latest deploy log https://app.netlify.com/sites/opal-docs/deploys/6772312a25a1190008fcf8d7
😎 Deploy Preview https://deploy-preview-673--opal-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@daveads
Copy link
Contributor Author

daveads commented Sep 30, 2024

OpenFGA OPAL Integration Project Checklist

Week 1: Setup and Core Implementation

Days 1-2: Project Setup and Research

  • Set up development environment
  • Review OpenFGA documentation and API
  • Analyze OPAL's existing policy store implementations

Days 3-5: Core Implementation

  • Implement OpenFGA configuration in OPAL
  • Develop basic OpenFGA policy store interface
  • Begin implementation of auto-sync from git for OpenFGA models/policies

Week 2: Feature Completion and Demo Preparation

Days 1-3: Feature Implementation

  • Complete auto-sync from git for OpenFGA models/policies
  • Implement data fetching pattern and syncing from external data sources
  • Start working on Docker-compose examples

Days 4-5: Demo Preparation

  • Develop end-to-end demo with example ReBAC policies and mock data
  • Finalize Docker-compose examples for single and multiple OpenFGA clients
  • Prepare demonstration environment

Key Milestones:

  1. End of Week 1: Basic OpenFGA policy store implementation
  2. End of Week 2: Working end-to-end demo
  3. End of Week 3: update later*
  4. End of Week 4: update later*

@daveads
Copy link
Contributor Author

daveads commented Oct 1, 2024

Updates ::

Integration into Opal has already begun but is currently on hold. I'm working on the components in isolation from Opal, using the OpenFGA SDK first.
it's been interesting so far.

@daveads
Copy link
Contributor Author

daveads commented Oct 2, 2024

I've completed the isolation test and also simulated integration with OPAL in isolation. At some point, I had to mix the Python SDK with the raw API, but I'll likely find a fix for that later.

The test that involved missing the Python SDK and accessing via the raw API and stimulating opal integration was successful.

Going start core implementation asap

@daveads
Copy link
Contributor Author

daveads commented Oct 2, 2024

I've completed the isolation test and also simulated integration with OPAL in isolation. At some point, I had to mix the Python SDK with the raw API, but I'll likely find a fix for that later.

The test that involved missing the Python SDK and accessing via the raw API and stimulating opal integration was successful.

Going start core implementation asap

recording.mp4

@daveads
Copy link
Contributor Author

daveads commented Oct 4, 2024

@garnerp just push that to show what have been working on locally....

to show my current progress...

@gemanor
Copy link
Collaborator

gemanor commented Oct 11, 2024

@daveads I bet you meant to tag me. Any updates on this?

@daveads
Copy link
Contributor Author

daveads commented Oct 11, 2024

@daveads I bet you meant to tag me. Any updates on this?

oh oh... yea i meant to tag... lol

still on it... will give you an update on it soon

@daveads
Copy link
Contributor Author

daveads commented Oct 19, 2024

currently having issues with the config... buh i should fix it soon.

@danyi1212 danyi1212 changed the title Draft OpenFGA Integration Oct 22, 2024
@daveads
Copy link
Contributor Author

daveads commented Oct 24, 2024

Demo ready...

just fixing bugs...

opening pr for now...

@daveads daveads marked this pull request as ready for review October 24, 2024 14:40
@daveads
Copy link
Contributor Author

daveads commented Oct 25, 2024

Based on my discussion with @gemanor, Decided to drop the use of openfga_sdk and use API calls instead, similar to the OPA implementation.

@daveads
Copy link
Contributor Author

daveads commented Nov 27, 2024

review.mp4

Copy link
Collaborator

@gemanor gemanor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all the work @daveads :)
Now, it's my turn, with the comments on the docs. Please address them and let me know when ready.

documentation/docs/tutorials/openfga.mdx Show resolved Hide resolved
documentation/docs/tutorials/openfga.mdx Outdated Show resolved Hide resolved
documentation/docs/tutorials/openfga.mdx Outdated Show resolved Hide resolved
documentation/docs/tutorials/openfga.mdx Outdated Show resolved Hide resolved
documentation/docs/tutorials/openfga.mdx Outdated Show resolved Hide resolved
documentation/docs/tutorials/openfga.mdx Outdated Show resolved Hide resolved
documentation/docs/tutorials/openfga.mdx Outdated Show resolved Hide resolved
documentation/docs/tutorials/openfga.mdx Outdated Show resolved Hide resolved
packages/opal-server/opal_server/data/api.py Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants