WIP OpenFGA

hansetag · Oct 7, 2024 · d68f393 · d68f393
1 parent 99f4a45
commit d68f393
Show file tree

Hide file tree

Showing 73 changed files with 8,551 additions and 2,519 deletions.
diff --git a/.github/workflows/authz.yml b/.github/workflows/authz.yml
@@ -0,0 +1,48 @@
+name: AuthZ Unittests
+
+on:
+ push:
+ branches:
+ - main
+ pull_request:
+ branches:
+ - main
+
+env:
+ CARGO_TERM_COLOR: always
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
+ cancel-in-progress: true
+
+jobs:
+ openfga:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Install FGA CLI
+ run: |
+ wget https://github.com/openfga/cli/releases/download/v0.6.1/fga_0.6.1_linux_amd64.deb
+ sudo apt-get install -yqq ./fga_0.6.1_linux_amd64.deb
+
+ - name: Validate Collaboration Model
+ run: |
+ BASE_PATH=authz/openfga/collaboration_model
+ LAST_VERSION=$(ls $BASE_PATH | sort -r | head -n 1)
+ VALIDATION_OUTPUT=$(fga model validate --file $BASE_PATH/$LAST_VERSION/schema.fga)
+ echo $VALIDATION_OUTPUT | jq -e '.is_valid == true' > /dev/null || { echo "Validation failed"; exit 1; }
+
+ - name: Test Collaboration Model
+ run: |
+ BASE_PATH=authz/openfga/collaboration_model
+ LAST_VERSION=$(ls $BASE_PATH | sort -r | head -n 1)
+ fga model test --tests $BASE_PATH/$LAST_VERSION/store.fga.yaml
+
+ - name: Check json up-to-date
+ run: |
+ BASE_PATH=authz/openfga/collaboration_model
+ LAST_VERSION=$(ls $BASE_PATH | sort -r | head -n 1)
+ DESIRED_SCHEMA_JSON=$(fga model transform --file $BASE_PATH/$LAST_VERSION/schema.fga)
+ CURRENT_SCHEMA_JSON=$(cat $BASE_PATH/$LAST_VERSION/schema.json)
+ echo $DESIRED_SCHEMA_JSON | jq -e '. == '"$CURRENT_SCHEMA_JSON" > /dev/null || { echo "Schema json is not up-to-date"; exit 1; }
diff --git a/.run/Run iceberg-catalog.run.xml b/.run/Run iceberg-catalog.run.xml
@@ -0,0 +1,20 @@
+<component name="ProjectRunConfigurationManager">
+ <configuration default="false" name="Run iceberg-catalog" type="CargoCommandRunConfiguration" factoryName="Cargo Command">
+ <option name="buildProfileId" value="dev" />
+ <option name="command" value="run --package iceberg-catalog-bin --bin iceberg-catalog" />
+ <option name="workingDirectory" value="file://$PROJECT_DIR$" />
+ <envs />
+ <option name="emulateTerminal" value="true" />
+ <option name="channel" value="DEFAULT" />
+ <option name="requiredFeatures" value="true" />
+ <option name="allFeatures" value="true" />
+ <option name="withSudo" value="false" />
+ <option name="buildTarget" value="REMOTE" />
+ <option name="backtrace" value="SHORT" />
+ <option name="isRedirectInput" value="false" />
+ <option name="redirectInputPath" value="" />
+ <method v="2">
+ <option name="CARGO.BUILD_TASK_PROVIDER" enabled="true" />
+ </method>
+ </configuration>
+</component>
diff --git a/.run/Test iceberg-catalog.run.xml b/.run/Test iceberg-catalog.run.xml
@@ -0,0 +1,20 @@
+<component name="ProjectRunConfigurationManager">
+ <configuration default="false" name="Test iceberg-catalog" type="CargoCommandRunConfiguration" factoryName="Cargo Command">
+ <option name="buildProfileId" value="test" />
+ <option name="command" value="test --workspace" />
+ <option name="workingDirectory" value="file://$PROJECT_DIR$" />
+ <envs />
+ <option name="emulateTerminal" value="true" />
+ <option name="channel" value="DEFAULT" />
+ <option name="requiredFeatures" value="true" />
+ <option name="allFeatures" value="true" />
+ <option name="withSudo" value="false" />
+ <option name="buildTarget" value="REMOTE" />
+ <option name="backtrace" value="SHORT" />
+ <option name="isRedirectInput" value="false" />
+ <option name="redirectInputPath" value="" />
+ <method v="2">
+ <option name="CARGO.BUILD_TASK_PROVIDER" enabled="true" />
+ </method>
+ </configuration>
+</component>
diff --git a/.sqlx/query-26bd0bc7465c39b18aead34361447d4135e95e648756ed48d4c7307e836fc445.json b/.sqlx/query-26bd0bc7465c39b18aead34361447d4135e95e648756ed48d4c7307e836fc445.json
diff --git a/...fc3a26029093aeab467746b9364678d60e39.json → ...e9b51086398b361f68cecf288b938419299d.json b/...fc3a26029093aeab467746b9364678d60e39.json → ...e9b51086398b361f68cecf288b938419299d.json
diff --git a/...f73b595e13f359b5a5262886d0fdd7787d89.json → ...9c0fd7bbd66f5d6cb3e2647ede55908dfcd0.json b/...f73b595e13f359b5a5262886d0fdd7787d89.json → ...9c0fd7bbd66f5d6cb3e2647ede55908dfcd0.json
diff --git a/.sqlx/query-8433eb675bfcb5889af1630acc05111399d8f4ebbeef8305ec7191e5ed4fe62f.json b/.sqlx/query-8433eb675bfcb5889af1630acc05111399d8f4ebbeef8305ec7191e5ed4fe62f.json
diff --git a/.sqlx/query-912d8790ca799aee4352541d7d952bc41f9c7370f807c06d519d65afd95de29d.json b/.sqlx/query-912d8790ca799aee4352541d7d952bc41f9c7370f807c06d519d65afd95de29d.json
diff --git a/.sqlx/query-a3f11deca8e24c4cf4ad2a5e0c39bb678d30c9f7ab7619a8050e5c7c4456517a.json b/.sqlx/query-a3f11deca8e24c4cf4ad2a5e0c39bb678d30c9f7ab7619a8050e5c7c4456517a.json
diff --git a/.sqlx/query-c55a718665b391b12d46e0e3e3fa165160719ce6d16ce3b1c86fbc128eb4c6cb.json b/.sqlx/query-c55a718665b391b12d46e0e3e3fa165160719ce6d16ce3b1c86fbc128eb4c6cb.json
diff --git a/.sqlx/query-d5bd155e925d579cac2091d20b67070e2d8ae7595b5ef43eb4ddffdbf169482a.json b/.sqlx/query-d5bd155e925d579cac2091d20b67070e2d8ae7595b5ef43eb4ddffdbf169482a.json
diff --git a/.sqlx/query-d91c1870ad0bed668cff251ac0f4d9bdae0e58c4af5c31c2079d17a58c336e5b.json b/.sqlx/query-d91c1870ad0bed668cff251ac0f4d9bdae0e58c4af5c31c2079d17a58c336e5b.json