From 74cb4ae465a8ffe00d0e0689a52a77f4f2dbb862 Mon Sep 17 00:00:00 2001 From: Yann D'Isanto Date: Thu, 16 May 2024 14:53:47 +0200 Subject: [PATCH] fix: remove model for testing against given openfga server --- README.md | 14 +++++++------- action.yml | 32 ++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 84d0212..035b61f 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,13 @@ This action can be used to test your authorization model using store test files. ## Parameter -| Parameter | Description | Required | Default | -|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|--------------| -| `test_path` | The path to your store test file or folder relative to the root of your project. | No | `.` | -| `test_files_pattern` | The pattern to match test files. | No | `*.fga.yaml` | -| `fga_server_url` | The OpenFGA server to test the Authorization Model against. If empty (which is the default value), the tests are run using the cli built-in OpenFGA instance. | No | _empty_ | -| `fga_server_store_id` | The OpenFGA server store id. Must be provided if fga_server_url is configured. | No | _empty_ | -| `fga_api_token` | The api token to use for testing against an OpenFGA server. Ignored if `fga_server_url` is not provided. | No | _empty_ | +| Parameter | Description | Required | Default | +|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|--------------| +| `test_path` | The path to your store test file or folder relative to the root of your project. | No | `.` | +| `test_files_pattern` | The pattern to match test files. | No | `*.fga.yaml` | +| `fga_server_url` | The OpenFGA server to test the Authorization Model against. If empty (which is the default value), the tests are run using the cli built-in OpenFGA instance. If specified, it is mandatory to specify the store id with the `fga_server_store_id` input, also the `model` and `model_file` entries of the tests are ignored | No | _empty_ | +| `fga_server_store_id` | The OpenFGA server store id. Must be provided if fga_server_url is configured. | No | _empty_ | +| `fga_api_token` | The api token to use for testing against an OpenFGA server. Ignored if `fga_server_url` is not provided. | No | _empty_ | > Note: the action will fail if no test is found in the specified test path with the given pattern diff --git a/action.yml b/action.yml index 77033ca..6ab2930 100644 --- a/action.yml +++ b/action.yml @@ -35,24 +35,32 @@ runs: with: repo: openfga/cli cache: enable + - uses: chrisdickinson/setup-yq@v1.0.1 + with: + yq-version: v4.25.3 - name: Run OpenFGA CLI shell: bash run: | - fga_opts="" - fga_token="${{ inputs.fga_api_token }}" - if [[ -n "${{ inputs.fga_server_url }}" ]]; then - if [[ -z "${{ inputs.fga_server_store_id }}" ]]; then - echo "missing store id for specified OpenFGA server ${{ inputs.fga_server_url }}." - exit 1 - fi - fga_opts="--api-url ${{ inputs.fga_server_url }} --store-id ${{ inputs.fga_server_store_id }} ${fga_token:+--api-token ${fga_token}}" - fi - while IFS= read -r -d '' test_file do ((test_files_count+=1)) - echo "Running FGA test file ${test_file}" - fga model test ${fga_opts} --tests "${test_file}" + + if [[ -z "${{ inputs.fga_server_url }}" ]]; then + echo "Running FGA test file ${test_file}" + fga model test --tests "${test_file}" + else + echo "Running FGA test file ${test_file} against OpenFGA server ${{ inputs.fga_server_url }}" + fga_token="${{ inputs.fga_api_token }}" + test_file_without_model=mktemp + yq 'del(.model_file, .model)' ${test_file} > ${test_file_without_model} + fga model test \ + ${fga_server_opts} \ + --api-url "${{ inputs.fga_server_url }}" \ + --store-id "${{ inputs.fga_server_store_id }}" \ + ${fga_token:+--api-token ${fga_token}} \ + --tests "${test_file_without_model}" + fi + done < <(find ${{ inputs.test_path }} -name "${{ inputs.test_files_pattern }}" -print0) if [[ ${test_files_count} -eq 0 ]]; then