Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenFGA Integration #673

Open
wants to merge 39 commits into
base: master
Choose a base branch
from
Open

OpenFGA Integration #673

wants to merge 39 commits into from

Conversation

daveads
Copy link
Contributor

@daveads daveads commented Sep 30, 2024
edited
Loading

Feature: Add OpenFGA Policy Store to OPAL

This PR addresses issue #661 by integrating OpenFGA Policy Store into OPAL.

/claim #661

@netlify Netlify
Copy link

netlify bot commented Sep 30, 2024
edited
Loading

Deploy Preview for opal-docs canceled.

Name Link
🔨 Latest commit f8c3eea
🔍 Latest deploy log https://app.netlify.com/sites/opal-docs/deploys/6746e5696a54c40008903dfc

@daveads
Copy link
Contributor Author

daveads commented Sep 30, 2024
edited
Loading

OpenFGA OPAL Integration Project Checklist

Week 1: Setup and Core Implementation

Days 1-2: Project Setup and Research

  • Set up development environment
  • Review OpenFGA documentation and API
  • Analyze OPAL's existing policy store implementations

Days 3-5: Core Implementation

  • Implement OpenFGA configuration in OPAL
  • Develop basic OpenFGA policy store interface
  • Begin implementation of auto-sync from git for OpenFGA models/policies

Week 2: Feature Completion and Demo Preparation

Days 1-3: Feature Implementation

  • Complete auto-sync from git for OpenFGA models/policies
  • Implement data fetching pattern and syncing from external data sources
  • Start working on Docker-compose examples

Days 4-5: Demo Preparation

  • Develop end-to-end demo with example ReBAC policies and mock data
  • Finalize Docker-compose examples for single and multiple OpenFGA clients
  • Prepare demonstration environment

Key Milestones:

  1. End of Week 1: Basic OpenFGA policy store implementation
  2. End of Week 2: Working end-to-end demo
  3. End of Week 3: update later*
  4. End of Week 4: update later*

@daveads
Copy link
Contributor Author

daveads commented Oct 1, 2024

Updates ::

Integration into Opal has already begun but is currently on hold. I'm working on the components in isolation from Opal, using the OpenFGA SDK first.
it's been interesting so far.

@daveads
Copy link
Contributor Author

daveads commented Oct 2, 2024

I've completed the isolation test and also simulated integration with OPAL in isolation. At some point, I had to mix the Python SDK with the raw API, but I'll likely find a fix for that later.

The test that involved missing the Python SDK and accessing via the raw API and stimulating opal integration was successful.

Going start core implementation asap

@daveads
Copy link
Contributor Author

daveads commented Oct 2, 2024

I've completed the isolation test and also simulated integration with OPAL in isolation. At some point, I had to mix the Python SDK with the raw API, but I'll likely find a fix for that later.

The test that involved missing the Python SDK and accessing via the raw API and stimulating opal integration was successful.

Going start core implementation asap

recording.mp4

@daveads
Copy link
Contributor Author

daveads commented Oct 4, 2024

@garnerp just push that to show what have been working on locally....

to show my current progress...

@gemanor
Copy link
Collaborator

gemanor commented Oct 11, 2024

@daveads I bet you meant to tag me. Any updates on this?

@daveads
Copy link
Contributor Author

daveads commented Oct 11, 2024

@daveads I bet you meant to tag me. Any updates on this?

oh oh... yea i meant to tag... lol

still on it... will give you an update on it soon

@daveads
Copy link
Contributor Author

daveads commented Oct 19, 2024

currently having issues with the config... buh i should fix it soon.

@danyi1212 danyi1212 changed the title Draft OpenFGA Integration Oct 22, 2024
@daveads
Copy link
Contributor Author

daveads commented Oct 24, 2024
edited
Loading

Demo ready...

just fixing bugs...

opening pr for now...

@daveads daveads marked this pull request as ready for review October 24, 2024 14:40
@algora-pbc algora-pbc bot mentioned this pull request Oct 24, 2024
Open
@daveads
Copy link
Contributor Author

daveads commented Oct 25, 2024

Based on my discussion with @gemanor, Decided to drop the use of openfga_sdk and use API calls instead, similar to the OPA implementation.

@danyi1212 danyi1212 self-requested a review October 27, 2024 15:11
iwphonedo
iwphonedo suggested changes Nov 11, 2024
View reviewed changes
Copy link

@iwphonedo iwphonedo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @daveads, here is my initial review to the implementation. Please feel free to contact me with any comment/question.

Best,
Israel

packages/opal-client/opal_client/client.py Outdated Show resolved Hide resolved
packages/opal-client/opal_client/config.py Outdated Show resolved Hide resolved
packages/opal-client/opal_client/engine/options.py Show resolved Hide resolved
packages/opal-client/opal_client/engine/runner.py Outdated Show resolved Hide resolved
packages/opal-common/opal_common/engine/paths.py Outdated Show resolved Hide resolved
packages/opal-server/opal_server/data/api.py Outdated Show resolved Hide resolved
packages/opal-client/opal_client/policy/updater.py Show resolved Hide resolved
packages/opal-client/opal_client/policy/updater.py Outdated Show resolved Hide resolved
packages/opal-client/opal_client/policy_store/policy_store_client_factory.py Outdated Show resolved Hide resolved
docker/docker-compose-example-openfga.yml Show resolved Hide resolved
@daveads
Copy link
Contributor Author

daveads commented Nov 11, 2024

Sure @iwphonedo i will check them out today.

@daveads
Copy link
Contributor Author

daveads commented Nov 17, 2024

working on the failing pytests...

@daveads
Copy link
Contributor Author

daveads commented Nov 27, 2024

review.mp4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iwphonedo iwphonedo iwphonedo requested changes

@danyi1212 danyi1212 Awaiting requested review from danyi1212

At least 1 approving review is required to merge this pull request.

Assignees

@daveads daveads

Labels
🙋 Bounty claim
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@daveads @gemanor @danyi1212 @iwphonedo