From 6a333bcdab5f1c1204a3b362d3f5bd79acb8aefd Mon Sep 17 00:00:00 2001 From: "J.R. Hill" Date: Thu, 7 Dec 2023 12:39:25 -0800 Subject: [PATCH] test: update integ test auth model for ABAC --- .../sdk/api/OpenFgaApiIntegrationTest.java | 33 ++++++---- .../client/OpenFgaClientIntegrationTest.java | 52 ++++++++------- .../resources/auth-model.json | 66 +++++++++++++++++++ 3 files changed, 116 insertions(+), 35 deletions(-) create mode 100644 src/test-integration/resources/auth-model.json diff --git a/src/test-integration/java/dev/openfga/sdk/api/OpenFgaApiIntegrationTest.java b/src/test-integration/java/dev/openfga/sdk/api/OpenFgaApiIntegrationTest.java index a1cad97..8535a8a 100644 --- a/src/test-integration/java/dev/openfga/sdk/api/OpenFgaApiIntegrationTest.java +++ b/src/test-integration/java/dev/openfga/sdk/api/OpenFgaApiIntegrationTest.java @@ -16,25 +16,35 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import dev.openfga.sdk.api.client.*; import dev.openfga.sdk.api.configuration.*; import dev.openfga.sdk.api.model.*; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; import java.util.List; +import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.api.TestInstance.Lifecycle; +@TestInstance(Lifecycle.PER_CLASS) public class OpenFgaApiIntegrationTest { private static final ObjectMapper mapper = new ObjectMapper().findAndRegisterModules(); - private static final String DEFAULT_AUTH_MODEL = - "{\"schema_version\":\"1.1\",\"type_definitions\":[{\"type\":\"user\"},{\"type\":\"document\",\"relations\":{\"reader\":{\"this\":{}},\"writer\":{\"this\":{}},\"owner\":{\"this\":{}}},\"metadata\":{\"relations\":{\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\"}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\"}]},\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\"}]}}}}]}"; private static final String DEFAULT_USER = "user:81684243-9356-4421-8fbf-a4f8d36aa31b"; private static final String DEFAULT_DOC = "document:2021-budget"; - public static final TupleKey DEFAULT_TUPLE_KEY = + private static final TupleKey DEFAULT_TUPLE_KEY = new TupleKey().user(DEFAULT_USER).relation("reader")._object(DEFAULT_DOC); - public static final List DEFAULT_TUPLE_KEYS = List.of(DEFAULT_TUPLE_KEY); + private static final List DEFAULT_TUPLE_KEYS = List.of(DEFAULT_TUPLE_KEY); + private String authModelJson; private OpenFgaApi api; + @BeforeAll + public void loadAuthModelJson() throws IOException { + authModelJson = Files.readString(Paths.get("src", "test-integration", "resources", "auth-model.json")); + } + @BeforeEach public void initializeApi() throws Exception { System.setProperty("HttpRequestAttempt.debug-logging", "enable"); @@ -122,7 +132,7 @@ public void readAuthModel() throws Exception { assertEquals(authModelId, authModel.getId()); String typeDefsJson = mapper.writeValueAsString(authModel.getTypeDefinitions()); assertEquals( - "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]}}}}]", + "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"conditional_reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"name_starts_with_a\"}]},\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]}}}}]", typeDefsJson); } @@ -146,7 +156,7 @@ public void readAuthModels() throws Exception { String typeDefsJson = mapper.writeValueAsString(authModel.getTypeDefinitions()); assertEquals( - "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]}}}}]", + "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"conditional_reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"name_starts_with_a\"}]},\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]}}}}]", typeDefsJson); } catch (JsonProcessingException ex) { assertNull(ex); @@ -159,8 +169,7 @@ public void writeAuthModel() throws Exception { // Given String storeName = thisTestName(); String storeId = createStore(storeName); - WriteAuthorizationModelRequest request = - mapper.readValue(DEFAULT_AUTH_MODEL, WriteAuthorizationModelRequest.class); + WriteAuthorizationModelRequest request = mapper.readValue(authModelJson, WriteAuthorizationModelRequest.class); // When WriteAuthorizationModelResponse response = @@ -322,10 +331,8 @@ private String createStore(String storeName) throws Exception { * @return The created Authorization Model ID */ private String writeAuthModel(String storeId) throws Exception { - WriteAuthorizationModelRequest request = - mapper.readValue(DEFAULT_AUTH_MODEL, WriteAuthorizationModelRequest.class); - WriteAuthorizationModelResponse response = - api.writeAuthorizationModel(storeId, request).get().getData(); + var request = mapper.readValue(authModelJson, WriteAuthorizationModelRequest.class); + var response = api.writeAuthorizationModel(storeId, request).get().getData(); return response.getAuthorizationModelId(); } diff --git a/src/test-integration/java/dev/openfga/sdk/api/client/OpenFgaClientIntegrationTest.java b/src/test-integration/java/dev/openfga/sdk/api/client/OpenFgaClientIntegrationTest.java index 872b33a..fc617fa 100644 --- a/src/test-integration/java/dev/openfga/sdk/api/client/OpenFgaClientIntegrationTest.java +++ b/src/test-integration/java/dev/openfga/sdk/api/client/OpenFgaClientIntegrationTest.java @@ -18,31 +18,46 @@ import com.fasterxml.jackson.databind.ObjectMapper; import dev.openfga.sdk.api.configuration.*; import dev.openfga.sdk.api.model.*; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; import java.util.List; import java.util.Map; +import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.api.TestInstance.Lifecycle; +@TestInstance(Lifecycle.PER_CLASS) public class OpenFgaClientIntegrationTest { private static final ObjectMapper mapper = new ObjectMapper().findAndRegisterModules(); - private static final String DEFAULT_AUTH_MODEL = - "{\"schema_version\":\"1.1\",\"type_definitions\":[{\"type\":\"user\"},{\"type\":\"document\",\"relations\":{\"reader\":{\"this\":{}},\"writer\":{\"this\":{}},\"owner\":{\"this\":{}}},\"metadata\":{\"relations\":{\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\"}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\"}]},\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\"}]}}}}]}"; private static final String DEFAULT_USER = "user:81684243-9356-4421-8fbf-a4f8d36aa31b"; private static final String DEFAULT_DOC = "document:2021-budget"; - private static final ClientTupleKeyWithoutCondition DEFAULT_TUPLE_KEY = new ClientTupleKeyWithoutCondition() + private static final ClientTupleKeyWithoutCondition DEFAULT_TUPLE_KEY_NO_CONDITION = + new ClientTupleKeyWithoutCondition() + .user(DEFAULT_USER) + .relation("reader") + ._object(DEFAULT_DOC); + private static final ClientTupleKey DEFAULT_TUPLE_KEY = new ClientTupleKeyWithoutCondition() .user(DEFAULT_USER) .relation("reader") - ._object(DEFAULT_DOC); - private static final ClientRelationshipCondition DEFAULT_CONDITION = - new ClientRelationshipCondition().name("condition").context(Map.of("some", "context")); + ._object(DEFAULT_DOC) + .condition(null); // TODO: Add integ tests with conditions private static final ClientAssertion DEFAULT_ASSERTION = new ClientAssertion() .user(DEFAULT_USER) .relation("reader") ._object(DEFAULT_DOC) .expectation(true); + private String authModelJson; private OpenFgaClient fga; + @BeforeAll + public void loadAuthModelJson() throws IOException { + authModelJson = Files.readString(Paths.get("src", "test-integration", "resources", "auth-model.json")); + } + @BeforeEach public void initializeApi() throws Exception { System.setProperty("HttpRequestAttempt.debug-logging", "enable"); @@ -136,7 +151,7 @@ public void readAuthModel() throws Exception { assertEquals(authModelId, response.getAuthorizationModel().getId()); String typeDefsJson = mapper.writeValueAsString(authModel.getTypeDefinitions()); assertEquals( - "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]}}}}]", + "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"conditional_reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"name_starts_with_a\"}]},\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]}}}}]", typeDefsJson); } @@ -164,7 +179,7 @@ public void readAuthModels() throws Exception { String typeDefsJson = mapper.writeValueAsString(authModel.getTypeDefinitions()); assertEquals( - "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":null}]}}}}]", + "[{\"type\":\"user\",\"relations\":{},\"metadata\":null},{\"type\":\"document\",\"relations\":{\"owner\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"reader\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null},\"writer\":{\"this\":{},\"computedUserset\":null,\"tupleToUserset\":null,\"union\":null,\"intersection\":null,\"difference\":null}},\"metadata\":{\"relations\":{\"conditional_reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"name_starts_with_a\"}]},\"owner\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"reader\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]},\"writer\":{\"directly_related_user_types\":[{\"type\":\"user\",\"relation\":null,\"wildcard\":null,\"condition\":\"\"}]}}}}]", typeDefsJson); } catch (JsonProcessingException ex) { assertNull(ex); @@ -178,8 +193,7 @@ public void writeAuthModel() throws Exception { String storeName = thisTestName(); String storeId = createStore(storeName); fga.setStoreId(storeId); - WriteAuthorizationModelRequest request = - mapper.readValue(DEFAULT_AUTH_MODEL, WriteAuthorizationModelRequest.class); + WriteAuthorizationModelRequest request = mapper.readValue(authModelJson, WriteAuthorizationModelRequest.class); // When WriteAuthorizationModelResponse response = @@ -200,8 +214,7 @@ public void write_and_read() throws Exception { String authModelId = writeAuthModel(storeId); fga.setAuthorizationModelId(authModelId); - ClientWriteRequest writeRequest = - new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY.condition(DEFAULT_CONDITION))); + ClientWriteRequest writeRequest = new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY)); ClientReadRequest readRequest = new ClientReadRequest().user(DEFAULT_USER)._object(DEFAULT_DOC); @@ -226,8 +239,7 @@ public void write_and_check() throws Exception { fga.setStoreId(storeId); String authModelId = writeAuthModel(storeId); fga.setAuthorizationModelId(authModelId); - ClientWriteRequest writeRequest = - new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY.condition(DEFAULT_CONDITION))); + ClientWriteRequest writeRequest = new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY)); ClientCheckRequest checkRequest = new ClientCheckRequest().user(DEFAULT_USER).relation("reader")._object(DEFAULT_DOC); @@ -248,8 +260,7 @@ public void write_and_expand() throws Exception { fga.setStoreId(storeId); String authModelId = writeAuthModel(storeId); fga.setAuthorizationModelId(authModelId); - ClientWriteRequest writeRequest = - new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY.condition(DEFAULT_CONDITION))); + ClientWriteRequest writeRequest = new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY)); ClientExpandRequest expandRequest = new ClientExpandRequest()._object(DEFAULT_DOC).relation("reader"); @@ -279,8 +290,7 @@ public void write_and_listObjects() throws Exception { fga.setStoreId(storeId); String authModelId = writeAuthModel(storeId); fga.setAuthorizationModelId(authModelId); - ClientWriteRequest writeRequest = - new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY.condition(DEFAULT_CONDITION))); + ClientWriteRequest writeRequest = new ClientWriteRequest().writes(List.of(DEFAULT_TUPLE_KEY)); ClientListObjectsRequest listObjectsRequest = new ClientListObjectsRequest() .user(DEFAULT_USER) .relation("reader") @@ -335,10 +345,8 @@ private String createStore(String storeName) throws Exception { */ private String writeAuthModel(String storeId) throws Exception { fga.setStoreId(storeId); - WriteAuthorizationModelRequest request = - mapper.readValue(DEFAULT_AUTH_MODEL, WriteAuthorizationModelRequest.class); - WriteAuthorizationModelResponse response = - fga.writeAuthorizationModel(request).get(); + var request = mapper.readValue(authModelJson, WriteAuthorizationModelRequest.class); + var response = fga.writeAuthorizationModel(request).get(); return response.getAuthorizationModelId(); } diff --git a/src/test-integration/resources/auth-model.json b/src/test-integration/resources/auth-model.json new file mode 100644 index 0000000..f720d3c --- /dev/null +++ b/src/test-integration/resources/auth-model.json @@ -0,0 +1,66 @@ +{ + "schema_version": "1.1", + "type_definitions": [ + { + "type": "user" + }, + { + "type": "document", + "relations": { + "reader": { + "this": {} + }, + "writer": { + "this": {} + }, + "owner": { + "this": {} + } + }, + "metadata": { + "relations": { + "reader": { + "directly_related_user_types": [ + { + "type": "user" + } + ] + }, + "writer": { + "directly_related_user_types": [ + { + "type": "user" + } + ] + }, + "owner": { + "directly_related_user_types": [ + { + "type": "user" + } + ] + }, + "conditional_reader": { + "directly_related_user_types": [ + { + "condition": "name_starts_with_a", + "type": "user" + } + ] + } + } + } + } + ], + "conditions": { + "name_starts_with_a": { + "name": "name_starts_with_a", + "expression": "name.startsWith(\"a\")", + "parameters": { + "name": { + "type_name": "TYPE_NAME_STRING" + } + } + } + } +}