add draft OpenFGA client

[leovalais]

Note

This is a lengthy PR which also requires some amount of OpenFGA knowledge to be understood. It's probably better to peer review it.

Draft OpenFGA client.

• Will be moved into editoast's workspace when ready (it's currently outside for dev comfort)
• Only a few operations have been implemented
• Meant to remain a new sub-crate which will be included in editoast_authz (in which we'll map the authorization model, define our objects, their conversion, relations, etc.)
• The fga binary is necessary to run unit tests for now: https://github.com/openfga/cli

TODO:

• Implement all the operations we'll need
  • Operations needed for the roles reimplementation
  • POST /stores/{}/list-users
  • POST /stores/{}/stream-list-objects
  • POST /stores/{}/expand
  • POST /stores/{}/read
  • POST /stores/{}/batch-check
  • Other operations currently not needed, but since there's so few of them, we may want to implement them for completeness?
• Keep an authorization_model_id in the client to forward it to requests—as advised by OpenFGA
• Improve tests utils & debugging tools
  • Client check assertions (make them public + async variant?)
  • Forward error body from OpenFGA response
  • Expose compile_model?
• Documentation (for real this time 👀)
  • mod client
  • mod model
  • crate (ongoing)
• INSTRUMENT EVERYTHING
• Setup OpenFGA in docker compose
• Add check for User.id ≠ '*'
• Add early verification of User.id and Object.id? Not really required for us.
• Implement list-users as this will change the trait User API
• Macros
  • fga!
  • relations!
  • derive(User)
  • derive(Object)

About macros

This crates introduces a few macro_rules, which are only used for tests currently.

• relations! allows defining typed relations concisely to allow quick comparisons with the OpenFGA schema. I think we should keep this one, that'll help the review process and reduce straightforward boilerplate.
• fga_type! declares the newtype structs representing the types of OpenFGA and generates a few implementations. I think this one should remain a #[cfg(test)] definition. However I think derive macros derive(fga::User, fga::Object) would help us and cost nothing as they are trivial to implement.
• fga! allows manipulating and instantiating types and relations with the same syntax as OpenFGA, but in a type-safe way. This is particularly useful for the conciseness of unit tests. I think it should be exported.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 0% with 271 lines in your changes missing coverage. Please review.

Project coverage is 82.20%. Comparing base (34159e3) to head (e5416a8).
Report is 19 commits behind head on dev.

Files with missing lines	Patch %	Lines
fga/src/client.rs	0.00%	271 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##              dev   #10504      +/-   ##
==========================================
- Coverage   82.56%   82.20%   -0.37%     
==========================================
  Files        1084     1085       +1     
  Lines      107257   107811     +554     
  Branches      729      729              
==========================================
+ Hits        88559    88622      +63     
- Misses      18656    19147     +491     
  Partials       42       42              

Flag	Coverage Δ
editoast	74.39% <ø> (-0.01%)	⬇️
front	90.51% <ø> (+0.04%)	⬆️
gateway	2.18% <ø> (ø)
osrdyne	2.98% <0.00%> (-0.31%)	⬇️
railjson_generator	87.58% <ø> (ø)
tests	87.91% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[woshilapin]

Only a first pass on src/client.rs. I'll take a look at the rest later.

[flomonster]

Small review of the docker-compose

[woshilapin]

Maybe need to be renamed all? Or wildcard?

[leovalais]

wildcard, as discussed

[leovalais]

4279493

[woshilapin]

We're missing an additionnal step in the CI to launch the tests? (or do we wait for this crate to be merged into editoast's workspace?

[woshilapin]

Can be move at the top.

[leovalais]

7d6841c

[woshilapin]

This piece of code is the same between User and Object. How about making an trait Id that both Object and User would be a subset of?

[leovalais]

done, by yourself

[leovalais]

trait Type

[leovalais]

e5416a8

[woshilapin]

I don't understand why we need this trait. It's exactly the same than User (except User has a bit more). It feels that everywhere a AsUser would be expected, a User bound would be enough.