From 07bf422e1e7cb4e45c1484da5e0c6e37db40bc15 Mon Sep 17 00:00:00 2001 From: Yann D'Isanto Date: Thu, 16 May 2024 14:12:11 +0200 Subject: [PATCH] fix: missing store --- .github/workflows/test.yml | 19 +++++++++++++++++-- README.md | 28 ++++++++++++++++++++++------ action.yml | 16 +++++++++++----- 3 files changed, 50 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5b9c31e..23bc879 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,8 +25,8 @@ jobs: with: test_path: ./example/model.fga.yaml - test_conditions_against_openfga_version: - name: Run test against given OpenFGA version + test_conditions_support: + name: Test conditions support runs-on: ubuntu-latest strategy: matrix: @@ -64,6 +64,20 @@ jobs: - name: Start OpenFGA Server shell: bash run: openfga run & + - name: Install OpenFGA cli + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: openfga/cli + cache: enable + - name: Install jq + uses: dcarbone/install-jq-action@v2 + - name: Create store with model + id: 'store' + run: | + fga store create --model ./example/model_with_conditions.fga > store_response.json + cat store_response.json + store_id=$(jq -r '.store.id' store_response.json) + echo "store_id=${store_id}" >> $GITHUB_OUTPUT - name: Run OpenFGA CLI Tests id: 'tests' uses: ./ @@ -71,6 +85,7 @@ jobs: with: test_path: ./example/model_with_conditions.fga.yaml fga_server_url: 'http://localhost:8080' + fga_server_store_id: ${{ steps.store.outputs.store_id }} - name: Assert expected results run: | if [ "${{ matrix.test.conditions_supported }}" == "true" ] && [ "${{ steps.tests.outcome }}" == "failure" ] diff --git a/README.md b/README.md index 0bb5cb9..84d0212 100644 --- a/README.md +++ b/README.md @@ -6,12 +6,13 @@ This action can be used to test your authorization model using store test files. ## Parameter -| Parameter | Description | Required | Default | -|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|--------------| -| `test_path` | The path to your store test file or folder relative to the root of your project. | No | `.` | -| `test_files_pattern` | The pattern to match test files. | No | `*.fga.yaml` | -| `fga_server_url` | The OpenFGA server to test the Authorization Model against. If empty (which is the default value), the tests are run using the cli built-in OpenFGA instance. | No | _empty_ | -| `fga_api_token` | The api token to use for testing against an OpenFGA server. Ignored if `fga_server_url` is not provided. | No | _empty_ | +| Parameter | Description | Required | Default | +|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|--------------| +| `test_path` | The path to your store test file or folder relative to the root of your project. | No | `.` | +| `test_files_pattern` | The pattern to match test files. | No | `*.fga.yaml` | +| `fga_server_url` | The OpenFGA server to test the Authorization Model against. If empty (which is the default value), the tests are run using the cli built-in OpenFGA instance. | No | _empty_ | +| `fga_server_store_id` | The OpenFGA server store id. Must be provided if fga_server_url is configured. | No | _empty_ | +| `fga_api_token` | The api token to use for testing against an OpenFGA server. Ignored if `fga_server_url` is not provided. | No | _empty_ | > Note: the action will fail if no test is found in the specified test path with the given pattern @@ -107,10 +108,25 @@ jobs: - name: Start OpenFGA server in background shell: bash run: openfga run & + - name: Install OpenFGA cli + uses: jaxxstorm/action-install-gh-release@v1.11.0 + with: + repo: openfga/cli + cache: enable + - name: Install jq + uses: dcarbone/install-jq-action@v2 + - name: Create store with model + id: 'store' + run: | + fga store create --model ./example/model_with_conditions.fga > store_response.json + cat store_response.json + store_id= $(jq -r '.store.id' store_response.json) + echo "store_id=${store_id}" >> $GITHUB_OUTPUT - name: Run tests uses: openfga/action-openfga-test@v0.1 with: fga_server_url: 'http://localhost:8080' + fga_server_store_id: ${{ steps.store.outputs.store_id }} ``` ## License diff --git a/action.yml b/action.yml index e0c2826..77033ca 100644 --- a/action.yml +++ b/action.yml @@ -17,6 +17,10 @@ inputs: description: 'The OpenFGA server to test the Authorization Model against. If not provided, the tests will be run using the cli built-in OpenFGA instance.' required: false default: '' + fga_server_store_id: + description: 'The OpenFGA server store id. Must be provided if fga_server_url is configured.' + required: false + default: '' fga_api_token: description: 'The api token to use for testing against an OpenFGA server. Ignored if fga_server_url is not provided.' required: false @@ -33,13 +37,15 @@ runs: cache: enable - name: Run OpenFGA CLI shell: bash - env: - FGA_SERVER_URL: ${{ inputs.fga_server_url }} - FGA_API_TOKEN: ${{ inputs.fga_api_token }} run: | fga_opts="" - if [[ -n "${FGA_SERVER_URL}" ]]; then - fga_opts="--api-url ${FGA_SERVER_URL} ${FGA_API_TOKEN:+--api-token ${FGA_API_TOKEN}}" + fga_token="${{ inputs.fga_api_token }}" + if [[ -n "${{ inputs.fga_server_url }}" ]]; then + if [[ -z "${{ inputs.fga_server_store_id }}" ]]; then + echo "missing store id for specified OpenFGA server ${{ inputs.fga_server_url }}." + exit 1 + fi + fga_opts="--api-url ${{ inputs.fga_server_url }} --store-id ${{ inputs.fga_server_store_id }} ${fga_token:+--api-token ${fga_token}}" fi while IFS= read -r -d '' test_file