openfgatests

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: MIT Imports: 24 Imported by: 0

Documentation

Overview

Package openfgatests provides an adapter to run the official OpenFGA test suite against the melange authorization implementation.

This package implements the OpenFGA ClientInterface, allowing melange to be validated against the same test cases used by the official OpenFGA server.

Usage

The adapter uses testutil for database setup and integrates with the existing test infrastructure. 

func TestOpenFGACheck(t *testing.T) {
    client := openfgatests.NewClient(t)
    check.RunAllTests(t, client)
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BenchAllTests 

func BenchAllTests(b *testing.B)

BenchAllTests runs benchmarks for all OpenFGA tests. This is useful for getting a comprehensive performance profile.

func BenchTest 

func BenchTest(b *testing.B, tc TestCase)

BenchTest runs a benchmark for a single test case with separate sub-benchmarks for Check and List operations. Setup (model + tuples) is done once, then each operation type gets its own measured benchmark.

func BenchTestByName 

func BenchTestByName(b *testing.B, name string)

BenchTestByName runs a benchmark for a specific test by exact name.

func BenchTestsByPattern 

func BenchTestsByPattern(b *testing.B, pattern string)

BenchTestsByPattern runs benchmarks for tests whose names match the given regex pattern.

func ListTestNames 

func ListTestNames() ([]string, error)

ListTestNames returns the names of all available tests.

func RunAll 

func RunAll(t *testing.T, client *Client)

RunAll runs all available tests.

func RunTest 

func RunTest(t *testing.T, _ *Client, tc TestCase)

RunTest runs a single test case with its own isolated database. Each test gets a fresh database to enable parallel execution.

func RunTestByName 

func RunTestByName(t *testing.T, client *Client, name string)

RunTestByName runs a specific test by exact name.

func RunTestsByNegativePattern 

func RunTestsByNegativePattern(t *testing.T, client *Client, pattern string)

RunTestsByNegativePattern runs tests whose names do NOT match the given regex pattern.

func RunTestsByPattern 

func RunTestsByPattern(t *testing.T, client *Client, pattern string)

RunTestsByPattern runs tests whose names match the given regex pattern.

Types

type BenchmarkResult 

type BenchmarkResult struct {
	TestName      string
	CheckCount    int
	ListObjCount  int
	ListUserCount int
}

BenchmarkResult holds the results of a benchmark run.

type CheckAssertion 

type CheckAssertion struct {
	Name             string                `json:"name"`
	Tuple            *openfgav1.TupleKey   `json:"tuple"`
	ContextualTuples []*openfgav1.TupleKey `json:"contextualTuples"`
	Context          *structpb.Struct      `json:"context"`
	Expectation      bool                  `json:"expectation"`
	ErrorCode        int                   `json:"errorCode"`
}

CheckAssertion represents an expected result for a Check call.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client implements the OpenFGA ClientInterface for running tests against melange. It manages stores, authorization models, and tuples in PostgreSQL, routing permission checks through melange's Checker.

func NewClient 

func NewClient(tb testing.TB) *Client

NewClient creates a new test client using testutil infrastructure. The database is automatically set up with melange schema and cleaned up when the test completes.

func NewClientWithDB 

func NewClientWithDB(db *sql.DB) *Client

NewClientWithDB creates a test client with an existing database connection. Use this when you need more control over the database setup.

func (*Client) Check 

func (c *Client) Check(ctx context.Context, req *openfgav1.CheckRequest, opts ...grpc.CallOption) (*openfgav1.CheckResponse, error)

Check evaluates whether a user has a specific relation on an object.

func (*Client) CheckBulk added in v0.7.0 

func (c *Client) CheckBulk(ctx context.Context, storeID string, assertions []*CheckAssertion) (map[int]bool, error)

CheckBulk evaluates multiple permission checks in a single SQL call using check_permission_bulk. It takes a store ID and a slice of check assertions (without contextual tuples or error codes), builds parallel arrays, and returns a map from assertion index to whether the check was allowed.

func (*Client) CreateStore 

func (c *Client) CreateStore(ctx context.Context, req *openfgav1.CreateStoreRequest, opts ...grpc.CallOption) (*openfgav1.CreateStoreResponse, error)

CreateStore creates a new isolated store for testing. Each store has its own authorization model and tuples.

func (*Client) DB 

func (c *Client) DB() *sql.DB

DB returns the underlying database connection.

func (*Client) ListObjects 

func (c *Client) ListObjects(ctx context.Context, req *openfgav1.ListObjectsRequest, opts ...grpc.CallOption) (*openfgav1.ListObjectsResponse, error)

ListObjects returns all objects of a given type that the user has a relation on.

func (*Client) ListUsers 

func (c *Client) ListUsers(ctx context.Context, req *openfgav1.ListUsersRequest, opts ...grpc.CallOption) (*openfgav1.ListUsersResponse, error)

ListUsers returns all users that have a relation on the given object.

func (*Client) StreamedListObjects 

func (c *Client) StreamedListObjects(ctx context.Context, req *openfgav1.StreamedListObjectsRequest, opts ...grpc.CallOption) (openfgav1.OpenFGAService_StreamedListObjectsClient, error)

StreamedListObjects returns a stream of objects. For testing purposes, this returns a mock stream that yields results from ListObjects.

func (*Client) Write 

func (c *Client) Write(ctx context.Context, req *openfgav1.WriteRequest, opts ...grpc.CallOption) (*openfgav1.WriteResponse, error)

Write writes or deletes tuples in the store.

func (*Client) WriteAuthorizationModel 

func (c *Client) WriteAuthorizationModel(ctx context.Context, req *openfgav1.WriteAuthorizationModelRequest, opts ...grpc.CallOption) (*openfgav1.WriteAuthorizationModelResponse, error)

WriteAuthorizationModel writes an authorization model to the store. The model is parsed and stored for use in permission checks.

type ListObjectsAssertion 

type ListObjectsAssertion struct {
	Request          ListObjectsRequest    `json:"request"`
	ContextualTuples []*openfgav1.TupleKey `json:"contextualTuples"`
	Expectation      []string              `json:"expectation"`
	ErrorCode        int                   `json:"errorCode"`
}

ListObjectsAssertion represents an expected result for ListObjects.

type ListObjectsRequest 

type ListObjectsRequest struct {
	User     string `json:"user"`
	Type     string `json:"type"`
	Relation string `json:"relation"`
}

ListObjectsRequest represents a ListObjects request.

type ListUsersAssertion 

type ListUsersAssertion struct {
	Request          ListUsersRequest      `json:"request"`
	ContextualTuples []*openfgav1.TupleKey `json:"contextualTuples"`
	Expectation      []string              `json:"expectation"`
	ErrorCode        int                   `json:"errorCode"`
}

ListUsersAssertion represents an expected result for ListUsers.

type ListUsersRequest 

type ListUsersRequest struct {
	Filters  []string `json:"filters"`
	Object   string   `json:"object"`
	Relation string   `json:"relation"`
}

ListUsersRequest represents a ListUsers request.

type Stage 

type Stage struct {
	Name                  string                  `json:"name"`
	Model                 string                  `json:"model"`
	Tuples                []*openfgav1.TupleKey   `json:"tuples"`
	CheckAssertions       []*CheckAssertion       `json:"checkAssertions"`
	ListObjectsAssertions []*ListObjectsAssertion `json:"listObjectsAssertions"`
	ListUsersAssertions   []*ListUsersAssertion   `json:"listUsersAssertions"`
}

Stage represents a stage within a test case.

type TestCase 

type TestCase struct {
	Name   string   `json:"name"`
	Stages []*Stage `json:"stages"`
}

TestCase represents a single test from the OpenFGA test suite.

func LoadTests 

func LoadTests() ([]TestCase, error)

LoadTests loads all test cases from the embedded OpenFGA test files.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.