release: v0.3.4 (#72)

* chore(deps): update dependencies * fix: WriteAuthorizationModel was not passing conditions to API * feat: configurable client credentials token url * release: v0.3.4 --------- Co-authored-by: Yann D'Isanto <ydisanto@gmail.com>
openfga · Jan 22, 2024 · f50d59c · f50d59c
1 parent 098688e
commit f50d59c
Show file tree

Hide file tree

Showing 8 changed files with 302 additions and 60 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,11 +1,18 @@
 # Changelog
 
+## v0.3.4
+
+### [0.3.4](https://github.com/openfga/go-sdk/compare/v0.3.3...v0.3.4) (2024-01-22)
+
+- feat: configurable client credentials token url - thanks @le-yams
+- fix: WriteAuthorizationModel was not passing conditions to API
+
 ## v0.3.3
 
 ### [0.3.3](https://github.com/openfga/go-sdk/compare/v0.3.2...v0.3.3) (2023-12-21)
 
 - fix: WriteAuthorizationModel was not passing conditions to API
-- chore: add example project
+- chore: add [example project](./example)
 
 ## v0.3.2
 
@@ -25,7 +32,7 @@
 
 ### [0.3.0](https://github.com/openfga/go-sdk/compare/v0.2.3...v0.3.0) (2023-12-11)
 
-- feat!: initial support for conditions
+- feat!: initial support for [conditions](https://openfga.dev/blog/conditional-tuples-announcement)
 - feat: support specifying a port and path for the API (You can now set the `ApiUrl` to something like: `https://api.fga.exampleL8080/some_path`)
 - fix: resolve a bug in `NewCredentials` (#60) - thanks @harper
 - chore!: use latest API interfaces

diff --git a/api_open_fga_test.go b/api_open_fga_test.go
@@ -246,7 +246,7 @@ func TestOpenFgaApiConfiguration(t *testing.T) {
 		}
 	})
 
-	clientCredentialsFirstRequestTest := func(t *testing.T, config Configuration) {
+	clientCredentialsFirstRequestTest := func(t *testing.T, config Configuration, expectedTokenEndpoint string) {
 		configuration, err := NewConfiguration(config)
 		if err != nil {
 			t.Fatalf("%v", err)
@@ -275,7 +275,7 @@ func TestOpenFgaApiConfiguration(t *testing.T) {
 			},
 		)
 
-		httpmock.RegisterResponder("POST", fmt.Sprintf("https://%s/oauth/token", configuration.Credentials.Config.ClientCredentialsApiTokenIssuer),
+		httpmock.RegisterResponder("POST", expectedTokenEndpoint,
 			func(req *http.Request) (*http.Response, error) {
 				resp, err := httpmock.NewJsonResponse(200, struct {
 					AccessToken string `json:"access_token"`
@@ -292,7 +292,7 @@ func TestOpenFgaApiConfiguration(t *testing.T) {
 		}
 
 		info := httpmock.GetCallCountInfo()
-		numCalls := info[fmt.Sprintf("POST https://%s/oauth/token", configuration.Credentials.Config.ClientCredentialsApiTokenIssuer)]
+		numCalls := info[fmt.Sprintf("POST %s", expectedTokenEndpoint)]
 		if numCalls != 1 {
 			t.Fatalf("Expected call to get access token to be made exactly once, saw: %d", numCalls)
 		}
@@ -302,39 +302,51 @@ func TestOpenFgaApiConfiguration(t *testing.T) {
 		}
 	}
 
-	t.Run("should issue a network call to get the token at the first request if client id is provided", func(t *testing.T) {
-		t.Run("with Auth0 configuration", func(t *testing.T) {
-			clientCredentialsFirstRequestTest(t, Configuration{
-				ApiHost: "api.fga.example",
-				StoreId: "01GXSB9YR785C4FYS3C0RTG7B2",
-				Credentials: &credentials.Credentials{
-					Method: credentials.CredentialsMethodClientCredentials,
-					Config: &credentials.Config{
-						ClientCredentialsClientId:       "some-id",
-						ClientCredentialsClientSecret:   "some-secret",
-						ClientCredentialsApiAudience:    "some-audience",
-						ClientCredentialsApiTokenIssuer: "tokenissuer.fga.example",
+	tokenIssuers := map[string]string{
+		"issuer.fga.example":                            "https://issuer.fga.example/oauth/token",
+		"https://issuer.fga.example":                    "https://issuer.fga.example/oauth/token",
+		"https://issuer.fga.example/":                   "https://issuer.fga.example/oauth/token",
+		"https://issuer.fga.example:8080":               "https://issuer.fga.example:8080/oauth/token",
+		"https://issuer.fga.example:8080/":              "https://issuer.fga.example:8080/oauth/token",
+		"issuer.fga.example/some_endpoint":              "https://issuer.fga.example/some_endpoint",
+		"https://issuer.fga.example/some_endpoint":      "https://issuer.fga.example/some_endpoint",
+		"https://issuer.fga.example:8080/some_endpoint": "https://issuer.fga.example:8080/some_endpoint",
+	}
+
+	for tokenIssuer, expectedTokenURL := range tokenIssuers {
+		t.Run("should issue a network call to get the token at the first request if client id is provided", func(t *testing.T) {
+			t.Run("with Auth0 configuration", func(t *testing.T) {
+				clientCredentialsFirstRequestTest(t, Configuration{
+					ApiUrl:  "http://api.fga.example",
+					StoreId: "01GXSB9YR785C4FYS3C0RTG7B2",
+					Credentials: &credentials.Credentials{
+						Method: credentials.CredentialsMethodClientCredentials,
+						Config: &credentials.Config{
+							ClientCredentialsClientId:       "some-id",
+							ClientCredentialsClientSecret:   "some-secret",
+							ClientCredentialsApiAudience:    "some-audience",
+							ClientCredentialsApiTokenIssuer: tokenIssuer,
+						},
 					},
-				},
+				}, expectedTokenURL)
 			})
-		})
-		t.Run("with OAuth2 configuration", func(t *testing.T) {
-			clientCredentialsFirstRequestTest(t, Configuration{
-				ApiHost: "api.fga.example",
-				StoreId: "01GXSB9YR785C4FYS3C0RTG7B2",
-				Credentials: &credentials.Credentials{
-					Method: credentials.CredentialsMethodClientCredentials,
-					Config: &credentials.Config{
-						ClientCredentialsClientId:       "some-id",
-						ClientCredentialsClientSecret:   "some-secret",
-						ClientCredentialsScopes:         "scope1 scope2",
-						ClientCredentialsApiTokenIssuer: "tokenissuer.fga.example",
+			t.Run("with OAuth2 configuration", func(t *testing.T) {
+				clientCredentialsFirstRequestTest(t, Configuration{
+					ApiUrl:  "http://api.fga.example",
+					StoreId: "01GXSB9YR785C4FYS3C0RTG7B2",
+					Credentials: &credentials.Credentials{
+						Method: credentials.CredentialsMethodClientCredentials,
+						Config: &credentials.Config{
+							ClientCredentialsClientId:       "some-id",
+							ClientCredentialsClientSecret:   "some-secret",
+							ClientCredentialsScopes:         "scope1 scope2",
+							ClientCredentialsApiTokenIssuer: tokenIssuer,
+						},
 					},
-				},
+				}, expectedTokenURL)
 			})
 		})
-	})
-
+	}
 	t.Run("should not issue a network call to get the token at the first request if the clientId is not provided", func(t *testing.T) {
 		configuration, err := NewConfiguration(Configuration{
 			ApiHost: "api.fga.example",

diff --git a/client/client.go b/client/client.go
@@ -822,10 +822,7 @@ func (request *SdkClientWriteAuthorizationModelRequest) GetContext() _context.Co
 }
 
 func (client *OpenFgaClient) WriteAuthorizationModelExecute(request SdkClientWriteAuthorizationModelRequestInterface) (*ClientWriteAuthorizationModelResponse, error) {
-	data, _, err := client.OpenFgaApi.WriteAuthorizationModel(request.GetContext()).Body(fgaSdk.WriteAuthorizationModelRequest{
-		TypeDefinitions: request.GetBody().TypeDefinitions,
-		SchemaVersion:   request.GetBody().SchemaVersion,
-	}).Execute()
+	data, _, err := client.OpenFgaApi.WriteAuthorizationModel(request.GetContext()).Body(*request.GetBody()).Execute()
 	if err != nil {
 		return nil, err
 	}

diff --git a/client/client_test.go b/client/client_test.go
@@ -531,6 +531,222 @@ func TestOpenFgaClient(t *testing.T) {
 		}
 	})
 
+	t.Run("WriteAuthorizationModelWithCondition", func(t *testing.T) {
+		test := TestDefinition{
+			Name:           "WriteAuthorizationModelWithCondition",
+			JsonResponse:   `{"authorization_model_id":"01GXSA8YR785C4FYS3C0RTG7B1"}`,
+			ResponseStatus: http.StatusOK,
+			Method:         http.MethodPost,
+			RequestPath:    "authorization-models",
+		}
+		requestBody := ClientWriteAuthorizationModelRequest{
+			SchemaVersion: "1.1",
+			TypeDefinitions: []openfga.TypeDefinition{
+				{
+					Type:      "user",
+					Relations: &map[string]openfga.Userset{},
+				},
+				{
+					Type: "document",
+					Relations: &map[string]openfga.Userset{
+						"writer": {This: &map[string]interface{}{}},
+						"viewer": {Union: &openfga.Usersets{
+							Child: []openfga.Userset{
+								{This: &map[string]interface{}{}},
+								{ComputedUserset: &openfga.ObjectRelation{
+									Object:   openfga.PtrString(""),
+									Relation: openfga.PtrString("writer"),
+								}},
+							},
+						}},
+					},
+					Metadata: &openfga.Metadata{
+						Relations: &map[string]openfga.RelationMetadata{
+							"writer": {
+								DirectlyRelatedUserTypes: &[]openfga.RelationReference{
+									{Type: "user"},
+									{Type: "user", Condition: openfga.PtrString("ViewCountLessThan200")},
+								},
+							},
+							"viewer": {
+								DirectlyRelatedUserTypes: &[]openfga.RelationReference{
+									{Type: "user"},
+								},
+							},
+						},
+					},
+				},
+			},
+			Conditions: &map[string]openfga.Condition{
+				"ViewCountLessThan200": {
+					Name:       "ViewCountLessThan200",
+					Expression: "ViewCount < 200",
+					Parameters: &map[string]openfga.ConditionParamTypeRef{
+						"ViewCount": {
+							TypeName: openfga.INT,
+						},
+						"Type": {
+							TypeName: openfga.STRING,
+						},
+						"Name": {
+							TypeName: openfga.STRING,
+						},
+					},
+				},
+			},
+		}
+
+		var expectedResponse openfga.WriteAuthorizationModelResponse
+		if err := json.Unmarshal([]byte(test.JsonResponse), &expectedResponse); err != nil {
+			t.Fatalf("%v", err)
+		}
+
+		httpmock.Activate()
+		defer httpmock.DeactivateAndReset()
+		httpmock.RegisterMatcherResponder(
+			test.Method,
+			fmt.Sprintf("%s/stores/%s/%s", fgaClient.GetConfig().ApiUrl, fgaClient.GetConfig().StoreId, test.RequestPath),
+			httpmock.BodyContainsString(`"ViewCountLessThan200"`),
+			func(req *http.Request) (*http.Response, error) {
+				resp, err := httpmock.NewJsonResponse(test.ResponseStatus, expectedResponse)
+				if err != nil {
+					return httpmock.NewStringResponse(http.StatusInternalServerError, ""), nil
+				}
+				return resp, nil
+			},
+		)
+		options := ClientWriteAuthorizationModelOptions{}
+		got, err := fgaClient.WriteAuthorizationModel(context.Background()).Body(requestBody).Options(options).Execute()
+		if err != nil {
+			t.Fatalf("%v", err)
+		}
+
+		_, err = got.MarshalJSON()
+		if err != nil {
+			t.Fatalf("%v", err)
+		}
+
+		if got.GetAuthorizationModelId() != expectedResponse.GetAuthorizationModelId() {
+			t.Fatalf("OpenFgaClient.%v() / AuthorizationModelId = %v, want %v", test.Name, got.GetAuthorizationModelId(), expectedResponse.GetAuthorizationModelId())
+		}
+
+		// WriteAuthorizationModel without options should work
+		_, err = fgaClient.WriteAuthorizationModel(context.Background()).Body(requestBody).Execute()
+		if err != nil {
+			t.Fatalf("%v", err)
+		}
+	})
+
+	t.Run("WriteAuthorizationModelWithCondition2", func(t *testing.T) {
+		test := TestDefinition{
+			Name:           "WriteAuthorizationModelWithCondition2",
+			JsonResponse:   `{"authorization_model_id":"01GXSA8YR785C4FYS3C0RTG7B1"}`,
+			ResponseStatus: http.StatusOK,
+			Method:         http.MethodPost,
+			RequestPath:    "authorization-models",
+		}
+
+		schemaVersion := "1.1"
+		typeDefs := []openfga.TypeDefinition{
+			{
+				Type:      "user",
+				Relations: &map[string]openfga.Userset{},
+			},
+			{
+				Type: "document",
+				Relations: &map[string]openfga.Userset{
+					"writer": {This: &map[string]interface{}{}},
+					"viewer": {Union: &openfga.Usersets{
+						Child: []openfga.Userset{
+							{This: &map[string]interface{}{}},
+							{ComputedUserset: &openfga.ObjectRelation{
+								Object:   openfga.PtrString(""),
+								Relation: openfga.PtrString("writer"),
+							}},
+						},
+					}},
+				},
+				Metadata: &openfga.Metadata{
+					Relations: &map[string]openfga.RelationMetadata{
+						"writer": {
+							DirectlyRelatedUserTypes: &[]openfga.RelationReference{
+								{Type: "user"},
+								{Type: "user", Condition: openfga.PtrString("ViewCountLessThan200")},
+							},
+						},
+						"viewer": {
+							DirectlyRelatedUserTypes: &[]openfga.RelationReference{
+								{Type: "user"},
+							},
+						},
+					},
+				},
+			},
+		}
+		conditions := map[string]openfga.Condition{
+			"ViewCountLessThan200": {
+				Name:       "ViewCountLessThan200",
+				Expression: "ViewCount < 200",
+				Parameters: &map[string]openfga.ConditionParamTypeRef{
+					"ViewCount": {
+						TypeName: openfga.INT,
+					},
+					"Type": {
+						TypeName: openfga.STRING,
+					},
+					"Name": {
+						TypeName: openfga.STRING,
+					},
+				},
+			},
+		}
+		requestBody := ClientWriteAuthorizationModelRequest{
+			SchemaVersion:   schemaVersion,
+			TypeDefinitions: typeDefs,
+			Conditions:      &conditions,
+		}
+
+		var expectedResponse openfga.WriteAuthorizationModelResponse
+		if err := json.Unmarshal([]byte(test.JsonResponse), &expectedResponse); err != nil {
+			t.Fatalf("%v", err)
+		}
+
+		httpmock.Activate()
+		defer httpmock.DeactivateAndReset()
+		httpmock.RegisterMatcherResponder(
+			test.Method,
+			fmt.Sprintf("%s/stores/%s/%s", fgaClient.GetConfig().ApiUrl, fgaClient.GetConfig().StoreId, test.RequestPath),
+			httpmock.BodyContainsString(`"ViewCountLessThan200"`),
+			func(req *http.Request) (*http.Response, error) {
+				resp, err := httpmock.NewJsonResponse(test.ResponseStatus, expectedResponse)
+				if err != nil {
+					return httpmock.NewStringResponse(http.StatusInternalServerError, ""), nil
+				}
+				return resp, nil
+			},
+		)
+		options := ClientWriteAuthorizationModelOptions{}
+		got, err := fgaClient.WriteAuthorizationModel(context.Background()).Body(requestBody).Options(options).Execute()
+		if err != nil {
+			t.Fatalf("%v", err)
+		}
+
+		_, err = got.MarshalJSON()
+		if err != nil {
+			t.Fatalf("%v", err)
+		}
+
+		if got.GetAuthorizationModelId() != expectedResponse.GetAuthorizationModelId() {
+			t.Fatalf("OpenFgaClient.%v() / AuthorizationModelId = %v, want %v", test.Name, got.GetAuthorizationModelId(), expectedResponse.GetAuthorizationModelId())
+		}
+
+		// WriteAuthorizationModel without options should work
+		_, err = fgaClient.WriteAuthorizationModel(context.Background()).Body(requestBody).Execute()
+		if err != nil {
+			t.Fatalf("%v", err)
+		}
+	})
+
 	t.Run("ReadAuthorizationModel", func(t *testing.T) {
 		test := TestDefinition{
 			Name:           "ReadAuthorizationModel",

diff --git a/configuration.go b/configuration.go
@@ -20,9 +20,9 @@ import (
 )
 
 const (
-	SdkVersion = "0.3.3"
+	SdkVersion = "0.3.4"
 
-	defaultUserAgent = "openfga-sdk go/0.3.3"
+	defaultUserAgent = "openfga-sdk go/0.3.4"
 )
 
 // RetryParams configures configuration for retry in case of HTTP too many request