feat(query): support contextual tuples (#27)

openfga · Jul 5, 2023 · 41a3043 · 41a3043
2 parents 68380b1 + db2ede1
commit 41a3043
Show file tree

Hide file tree

Showing 15 changed files with 281 additions and 67 deletions.
diff --git a/README.md b/README.md
@@ -376,15 +376,15 @@ fga tuples **changes** --type <type> --store-id=<store-id>
 ##### Check
 
 ###### Command
-fga query **check** <user> <relation> <object> [--contextual-tuple <user> <relation> <object>]* --store-id=<store-id> [--model-id=<model-id>]
+fga query **check** <user> <relation> <object> [--contextual-tuple "<user> <relation> <object>"]* --store-id=<store-id> [--model-id=<model-id>]
 
 ###### Parameters
 * `--store-id`: Specifies the store id
 * `--model-id`: Specifies the model id to target (optional)
 * `--contextual-tuple`: Contextual tuples
 
 ###### Example
-`fga query check --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document:roadmap --contextual-tuple user:anne can_view folder:product --contextual-tuple folder:product parent document:roadmap`
+`fga query check --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document:roadmap --contextual-tuple "user:anne can_view folder:product" --contextual-tuple "folder:product parent document:roadmap"`
 
 ###### JSON Response
 ```json5
@@ -396,15 +396,15 @@ fga query **check** <user> <relation> <object> [--contextual-tuple <user> <relat
 ##### List Objects
 
 ###### Command
-fga query **list-objects** <user> <relation> <object_type> [--contextual-tuple <user> <relation> <object>]* --store-id=<store-id> [--model-id=<model-id>]
+fga query **list-objects** <user> <relation> <object_type> [--contextual-tuple "<user> <relation> <object>"]* --store-id=<store-id> [--model-id=<model-id>]
 
 ###### Parameters
 * `--store-id`: Specifies the store id
 * `--model-id`: Specifies the model id to target (optional)
 * `--contextual-tuple`: Contextual tuples (optional) (can be multiple)
 
 ###### Example
-`fga query list-objects --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document --contextual-tuple user:anne can_view folder:product --contextual-tuple folder:product parent document:roadmap`
+`fga query list-objects --store-id=01H0H015178Y2V4CX10C2KGHF4 user:anne can_view document --contextual-tuple "user:anne can_view folder:product" --contextual-tuple "folder:product parent document:roadmap"`
 
 ###### JSON Response
 ```json5
@@ -419,7 +419,7 @@ fga query **list-objects** <user> <relation> <object_type> [--contextual-tuple <
 ##### List Relations
 
 ###### Command
-fga query **list-objects** <user> <object> [--relation <relation>]* [--contextual-tuple <user> <relation> <object>]* --store-id=<store-id> [--model-id=<model-id>]
+fga query **list-objects** <user> <object> [--relation <relation>]* [--contextual-tuple "<user> <relation> <object>"]* --store-id=<store-id> [--model-id=<model-id>]
 
 ###### Parameters
 * `--store-id`: Specifies the store id
@@ -443,12 +443,11 @@ fga query **list-objects** <user> <object> [--relation <relation>]* [--contextua
 ##### Expand
 
 ###### Command
-fga query **expand** <relation> <object> [--contextual-tuple <user> <relation> <object>]* --store-id=<store-id> [--model-id=<model-id>]
+fga query **expand** <relation> <object> --store-id=<store-id> [--model-id=<model-id>]
 
 ###### Parameters
 * `--store-id`: Specifies the store id
 * `--model-id`: Specifies the model id to target (optional)
-* `--contextual-tuple`: Contextual tuples (optional) (can be multiple)
 
 ###### Example
 `fga query expand --store-id=01H0H015178Y2V4CX10C2KGHF4 can_view document:roadmap`

diff --git a/cmd/models/models.go b/cmd/models/models.go
@@ -34,8 +34,7 @@ func init() {
 	ModelsCmd.AddCommand(getCmd)
 
 	ModelsCmd.PersistentFlags().String("store-id", "", "Store ID")
-	ModelsCmd.Flags().String("store-id", "", "Store ID")
-	err := ModelsCmd.MarkFlagRequired("store-id")
+	err := ModelsCmd.MarkPersistentFlagRequired("store-id")
 	if err != nil { //nolint:wsl
 		fmt.Print(err)
 		os.Exit(1)

diff --git a/cmd/query/check.go b/cmd/query/check.go
@@ -25,11 +25,18 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func check(fgaClient client.SdkClient, user string, relation string, object string) (string, error) {
+func check(
+	fgaClient client.SdkClient,
+	user string,
+	relation string,
+	object string,
+	contextualTuples []client.ClientTupleKey,
+) (string, error) {
 	body := &client.ClientCheckRequest{
-		User:     user,
-		Relation: relation,
-		Object:   object,
+		User:             user,
+		Relation:         relation,
+		Object:           object,
+		ContextualTuples: &contextualTuples,
 	}
 	options := &client.ClientCheckOptions{}
 
@@ -50,7 +57,7 @@ func check(fgaClient client.SdkClient, user string, relation string, object stri
 var checkCmd = &cobra.Command{
 	Use:   "check",
 	Short: "Check",
-	Long:  "Check if a user has a particular relation with an object.",
+	Long:  "Check if a user has a particular relation with an object. E.g. \"check user:anne can_view document:roadmap\"",
 	Args:  cobra.ExactArgs(3), //nolint:gomnd
 	RunE: func(cmd *cobra.Command, args []string) error {
 		clientConfig := cmdutils.GetClientConfig(cmd)
@@ -59,9 +66,14 @@ var checkCmd = &cobra.Command{
 			return fmt.Errorf("failed to initialize FGA Client due to %w", err)
 		}
 
-		output, err := check(fgaClient, args[0], args[1], args[2])
+		contextualTuples, err := cmdutils.ParseContextualTuples(cmd)
 		if err != nil {
-			return err
+			return fmt.Errorf("error parsing contextual tuples for check: %w", err)
+		}
+
+		output, err := check(fgaClient, args[0], args[1], args[2], contextualTuples)
+		if err != nil {
+			return fmt.Errorf("error calling check: %w", err)
 		}
 		fmt.Print(output)
 

diff --git a/cmd/query/check_test.go b/cmd/query/check_test.go
@@ -31,17 +31,21 @@ func TestCheckWithError(t *testing.T) {
 	mockRequest.EXPECT().Options(options).Return(mockExecute)
 
 	mockBody := mock_client.NewMockSdkClientCheckRequestInterface(mockCtrl)
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
 
 	body := client.ClientCheckRequest{
-		User:     "user:foo",
-		Relation: "writer",
-		Object:   "doc:doc1",
+		User:             "user:foo",
+		Relation:         "writer",
+		Object:           "doc:doc1",
+		ContextualTuples: &contextualTuples,
 	}
 	mockBody.EXPECT().Body(body).Return(mockRequest)
 
 	mockFgaClient.EXPECT().Check(context.Background()).Return(mockBody)
 
-	_, err := check(mockFgaClient, "user:foo", "writer", "doc:doc1")
+	_, err := check(mockFgaClient, "user:foo", "writer", "doc:doc1", contextualTuples)
 	if err == nil {
 		t.Error("Expect error but there is none")
 	}
@@ -71,16 +75,20 @@ func TestCheckWithNoError(t *testing.T) {
 
 	mockBody := mock_client.NewMockSdkClientCheckRequestInterface(mockCtrl)
 
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
 	body := client.ClientCheckRequest{
-		User:     "user:foo",
-		Relation: "writer",
-		Object:   "doc:doc1",
+		User:             "user:foo",
+		Relation:         "writer",
+		Object:           "doc:doc1",
+		ContextualTuples: &contextualTuples,
 	}
 	mockBody.EXPECT().Body(body).Return(mockRequest)
 
 	mockFgaClient.EXPECT().Check(context.Background()).Return(mockBody)
 
-	output, err := check(mockFgaClient, "user:foo", "writer", "doc:doc1")
+	output, err := check(mockFgaClient, "user:foo", "writer", "doc:doc1", contextualTuples)
 	if err != nil {
 		t.Error(err)
 	}

diff --git a/cmd/query/list-objects.go b/cmd/query/list-objects.go
@@ -26,11 +26,18 @@ import (
 )
 
 // listObjects in the internal function for calling SDK for list objects.
-func listObjects(fgaClient client.SdkClient, user string, relation string, types string) (string, error) {
+func listObjects(
+	fgaClient client.SdkClient,
+	user string,
+	relation string,
+	objectType string,
+	contextualTuples []client.ClientTupleKey,
+) (string, error) {
 	body := &client.ClientListObjectsRequest{
-		User:     user,
-		Relation: relation,
-		Type:     types,
+		User:             user,
+		Relation:         relation,
+		Type:             objectType,
+		ContextualTuples: &contextualTuples,
 	}
 	options := &client.ClientListObjectsOptions{}
 
@@ -61,9 +68,14 @@ var listObjectsCmd = &cobra.Command{
 			return fmt.Errorf("failed to initialize FGA Client due to %w", err)
 		}
 
-		output, err := listObjects(fgaClient, args[0], args[1], args[2])
+		contextualTuples, err := cmdutils.ParseContextualTuples(cmd)
 		if err != nil {
-			return err
+			return fmt.Errorf("error parsing contextual tuples for listObjects: %w", err)
+		}
+
+		output, err := listObjects(fgaClient, args[0], args[1], args[2], contextualTuples)
+		if err != nil {
+			return fmt.Errorf("error listing objects: %w", err)
 		}
 
 		fmt.Print(output)

diff --git a/cmd/query/list-objects_test.go b/cmd/query/list-objects_test.go
@@ -31,16 +31,20 @@ func TestListObjectsWithError(t *testing.T) {
 
 	mockBody := mock_client.NewMockSdkClientListObjectsRequestInterface(mockCtrl)
 
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
 	body := client.ClientListObjectsRequest{
-		User:     "user:foo",
-		Relation: "writer",
-		Type:     "doc",
+		User:             "user:foo",
+		Relation:         "writer",
+		Type:             "doc",
+		ContextualTuples: &contextualTuples,
 	}
 	mockBody.EXPECT().Body(body).Return(mockRequest)
 
 	mockFgaClient.EXPECT().ListObjects(context.Background()).Return(mockBody)
 
-	_, err := listObjects(mockFgaClient, "user:foo", "writer", "doc")
+	_, err := listObjects(mockFgaClient, "user:foo", "writer", "doc", contextualTuples)
 	if err == nil {
 		t.Error("Expect error but there is none")
 	}
@@ -67,16 +71,20 @@ func TestListObjectsWithNoError(t *testing.T) {
 
 	mockBody := mock_client.NewMockSdkClientListObjectsRequestInterface(mockCtrl)
 
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
 	body := client.ClientListObjectsRequest{
-		User:     "user:foo",
-		Relation: "writer",
-		Type:     "doc",
+		User:             "user:foo",
+		Relation:         "writer",
+		Type:             "doc",
+		ContextualTuples: &contextualTuples,
 	}
 	mockBody.EXPECT().Body(body).Return(mockRequest)
 
 	mockFgaClient.EXPECT().ListObjects(context.Background()).Return(mockBody)
 
-	output, err := listObjects(mockFgaClient, "user:foo", "writer", "doc")
+	output, err := listObjects(mockFgaClient, "user:foo", "writer", "doc", contextualTuples)
 	if err != nil {
 		t.Error(err)
 	}

diff --git a/cmd/query/list-relations.go b/cmd/query/list-relations.go
@@ -32,6 +32,7 @@ func listRelations(clientConfig fga.ClientConfig,
 	fgaClient client.SdkClient,
 	user string,
 	objects string,
+	contextualTuples []client.ClientTupleKey,
 ) (string, error) {
 	var authorizationModel openfga.AuthorizationModel
 
@@ -69,9 +70,10 @@ func listRelations(clientConfig fga.ClientConfig,
 	}
 
 	body := &client.ClientListRelationsRequest{
-		User:      user,
-		Object:    objects,
-		Relations: relations,
+		User:             user,
+		Object:           objects,
+		Relations:        relations,
+		ContextualTuples: &contextualTuples,
 	}
 	options := &client.ClientListRelationsOptions{}
 
@@ -103,9 +105,14 @@ var listRelationsCmd = &cobra.Command{
 			return fmt.Errorf("failed to initialize FGA Client due to %w", err)
 		}
 
-		output, err := listRelations(clientConfig, fgaClient, args[0], args[1])
+		contextualTuples, err := cmdutils.ParseContextualTuples(cmd)
 		if err != nil {
-			return err
+			return fmt.Errorf("error parsing contextual tuples for listRelations: %w", err)
+		}
+
+		output, err := listRelations(clientConfig, fgaClient, args[0], args[1], contextualTuples)
+		if err != nil {
+			return fmt.Errorf("error listing relations: %w", err)
 		}
 
 		fmt.Print(output)

diff --git a/cmd/query/list-relations_test.go b/cmd/query/list-relations_test.go
@@ -32,7 +32,11 @@ func TestListRelationsLatestAuthModelError(t *testing.T) {
 
 	var clientConfig fga.ClientConfig
 
-	_, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1")
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
+	_, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1", contextualTuples)
+
 	if err == nil {
 		t.Error("Expect error but there is none")
 	}
@@ -56,7 +60,11 @@ func TestListRelationsAuthModelSpecifiedError(t *testing.T) {
 		AuthorizationModelID: "01GXSA8YR785C4FYS3C0RTG7B1",
 	}
 
-	_, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1")
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
+	_, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1", contextualTuples)
+
 	if err == nil {
 		t.Error("Expect error but there is none")
 	}
@@ -94,10 +102,14 @@ func TestListRelationsLatestAuthModelListError(t *testing.T) {
 
 	mockBody := mock_client.NewMockSdkClientListRelationsRequestInterface(mockCtrl)
 
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
 	body := client.ClientListRelationsRequest{
-		User:      "user:foo",
-		Relations: []string{"viewer"},
-		Object:    "doc:doc1",
+		User:             "user:foo",
+		Relations:        []string{"viewer"},
+		Object:           "doc:doc1",
+		ContextualTuples: &contextualTuples,
 	}
 	mockBody.EXPECT().Body(body).Return(mockListRelationsRequest)
 	gomock.InOrder(
@@ -107,7 +119,7 @@ func TestListRelationsLatestAuthModelListError(t *testing.T) {
 
 	var clientConfig fga.ClientConfig
 
-	_, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1")
+	_, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1", contextualTuples)
 	if err == nil {
 		t.Error("Expect error but there is none")
 	}
@@ -147,10 +159,14 @@ func TestListRelationsLatestAuthModelList(t *testing.T) {
 
 	mockBody := mock_client.NewMockSdkClientListRelationsRequestInterface(mockCtrl)
 
+	contextualTuples := []client.ClientTupleKey{
+		{User: "user:foo", Relation: "admin", Object: "doc:doc1"},
+	}
 	body := client.ClientListRelationsRequest{
-		User:      "user:foo",
-		Relations: []string{"viewer"},
-		Object:    "doc:doc1",
+		User:             "user:foo",
+		Relations:        []string{"viewer"},
+		Object:           "doc:doc1",
+		ContextualTuples: &contextualTuples,
 	}
 	mockBody.EXPECT().Body(body).Return(mockListRelationsRequest)
 	gomock.InOrder(
@@ -160,7 +176,7 @@ func TestListRelationsLatestAuthModelList(t *testing.T) {
 
 	var clientConfig fga.ClientConfig
 
-	output, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1")
+	output, err := listRelations(clientConfig, mockFgaClient, "user:foo", "doc:doc1", contextualTuples)
 	if err != nil {
 		t.Error(err)
 	}

diff --git a/cmd/query/query.go b/cmd/query/query.go
@@ -35,9 +35,11 @@ func init() {
 	QueryCmd.AddCommand(listRelationsCmd)
 
 	QueryCmd.PersistentFlags().String("store-id", "", "Store ID")
-	QueryCmd.Flags().String("store-id", "", "Store ID")
-	err := QueryCmd.MarkFlagRequired("store-id")
-	if err != nil { //nolint:wsl
+	QueryCmd.PersistentFlags().String("model-id", "", "Model ID")
+	QueryCmd.PersistentFlags().StringArray("contextual-tuple", []string{}, `Contextual Tuple, format: "user relation object"`) //nolint:lll
+
+	err := QueryCmd.MarkPersistentFlagRequired("store-id")
+	if err != nil {
 		fmt.Print(err)
 		os.Exit(1)
 	}