Add simplified FGA model and tests for same #1790
Conversation
evankanderson
force-pushed
the
explore-fga
branch
from
665c0f7 to
7304da6
Compare
evankanderson
force-pushed
the
explore-fga
branch
from
7304da6 to
219bb29
Compare
|
Passing tests look like: Failing tests look like: |
evankanderson
force-pushed
the
explore-fga
branch
from
5ea9d47 to
598c0f4
Compare
|
FYI, I removed the I also filed openfga/language#115, because the comment support was clearly half-baked. 😁 |
JAORMX
left a comment
JAORMX
left a comment
There was a problem hiding this comment.
Let's rename this directory to authz to denote it doesn't have to do with authentication.
Can you add the license headers to the new files?
Otherwise I think this is good to go! Thanks for researching this!
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
evankanderson
force-pushed
the
explore-fga
branch
from
94ea8a3 to
0105b62
Compare
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
evankanderson
force-pushed
the
explore-fga
branch
from
0105b62 to
3410b66
Compare
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
evankanderson
force-pushed
the
explore-fga
branch
from
3410b66 to
277a82a
Compare
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
Address feedback from code review: - role name -> verb - add licenses to files
evankanderson
force-pushed
the
explore-fga
branch
from
277a82a to
5e26642
Compare
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
stacklokbot
left a comment
stacklokbot
left a comment
There was a problem hiding this comment.
Minder analyzed this PR and found no vulnerable dependencies.
JAORMX
left a comment
JAORMX
left a comment
There was a problem hiding this comment.
I really like how the model ended up. Looks quite understandable.
authz/tests/fga_test.go
Outdated
| t.Run(file, func(t *testing.T) { | ||
| t.Parallel() | ||
|
|
||
| output, err := exec.Command("fga", "model", "test", "--tests", file).CombinedOutput() |
There was a problem hiding this comment.
We don't do make boostrap before the unit tests. We'd need to start doing that, or run the FGA tests as a separate CI job or test unit.
There was a problem hiding this comment.
I could also add a go install for the one binary, but it feels like calling make bootstrap might be clearer?
There was a problem hiding this comment.
It is cleaner, but make bootstrap is also very time consuming. What about separating the FGA tests and have a dedicated target that does the docker invocation?
There was a problem hiding this comment.
There's no docker invocation here, just the CLI process.
Oh, but I could actually just import the command code... let me try that.
There was a problem hiding this comment.
Okay, I've fixed this by actually importing the FGA CLI bits and invoking them directly, so we don't even need bootstrap anymore.
The fga_test.go still doesn't realize that it depends on minder.fga, so it will use cached results if you make changes, but that seems like a minor thing that we can figure out later.
evankanderson
force-pushed
the
explore-fga
branch
4 times, most recently
from
ec5932d to
01c1aab
Compare
evankanderson
force-pushed
the
explore-fga
branch
from
01c1aab to
079138b
Compare
authz/tests/fga_test.go
Outdated
| // We invoke cobra commands directly, which references some global state in FGA. | ||
| // Call .SetEnv here to hint to paralleltest that this can't be parallelized. | ||
| // See https://github.com/kunwardeep/paralleltest/pull/33 | ||
| t.Setenv("PARALLELTEST_NO_PARALLEL", "true") |
There was a problem hiding this comment.
I would love to have a comment or something that can quiet parelleltest, but the code seems to be constructed to parse the AST for methods, rather than comment-driven. kunwardeep/paralleltest#33 provides a hook to do this, though it also forces us to make this test not run at all in parallel with our other tests. It runs in 0.2s on my MacBook, so it's not too bad at the moment.
There was a problem hiding this comment.
... and golangci-lint hasn't been released to pick up that change yet, so I needed to edit the workflow, too.
There was a problem hiding this comment.
I just figured out that I can just use a file-level mutex around calls to .Execute(), which is much simpler.
JAORMX
left a comment
JAORMX
left a comment
There was a problem hiding this comment.
I like your new solution a lot better. thanks for working on this!
5 participants
Fixes https://github.com/stacklok/epics/issues/131
Followup to auth model discussion on Nov 30 and #1781
Closes: #1843