Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/npm_and_yarn/dev-dependencies-d28…
Browse files Browse the repository at this point in the history 
…da65dbf
  • Loading branch information
@rhamzeh
rhamzeh authored Apr 22, 2024
2 parents bb98531 + 24edac3 commit 76fa963
Show file tree
Hide file tree
Showing 44 changed files with 127 additions and 142 deletions.
2 changes: 1 addition & 1 deletion blog/conditional-tuples-announcement.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ You'll get the following results for the [ListObjects](https://openfga.dev/api/s

Note that:

- `user:bob` will always get `allowed:true` as we has assigned as as viewer unconditionally.
- `user:bob` will always get `allowed:true` as we have assigned as viewer unconditionally.
- `user:anne` will get `allowed:true` if the `current_time` is before the `grant_time` + `grant_duration` and `allowed:false` otherwise.
- If you don't provide the `current_time` in the context, the Check and ListObjects operations will fail.

Expand Down
2 changes: 1 addition & 1 deletion docs/content/authorization-concepts.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ ReBAC also lets you natively solve for ABAC when attributes can be expressed in

<ProductName format={ProductNameFormat.ShortForm}/> extends ReBAC by making it simpler to express additional ABAC scenarios using [Conditions](./modeling/conditions.mdx) or [Contextual Tuples](./modeling/token-claims-contextual-tuples.mdx).

ReBAC can also be consided PBAC, as authorization policies are centralized.
ReBAC can also be considered PBAC, as authorization policies are centralized.

## What is Zanzibar?

Expand Down
2 changes: 1 addition & 1 deletion docs/content/concepts.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -584,7 +584,7 @@ The list objects endpoint responds with a list of objects for a given type that
For example, the following returns all the objects with document type for which `anne` of type user has a `viewer` relation with:

<ListObjectsRequestViewer
authorizationModelId="1uHxCSuTP0VKPYSnkq1pbb1jeZw"
authorizationModelId="01HVMMBCMGZNT3SED4Z17ECXCA"
objectType="document"
relation="viewer"
user="user:anne"
Expand Down
6 changes: 3 additions & 3 deletions docs/content/configuration-language.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import {

<DocumentationNotice />

<ProductName format={ProductNameFormat.LongForm}/>'s Configuration Language builds a representation of a system's <ProductConcept section="what-is-an-authorization-model" linkName="authorization model" />, which informs <UpdateProductNameInLinks link="/api/service" name="{ProductName}'s API" /> on the <ProductConcept section="what-is-a-type" linkName="object types" /> in the system are and how they relate to each other. The Configuration Language describes the <ProductConcept section="what-is-a-relation" linkName="relations" /> possible for an object of a given type and lists the conditions under which one is related to that object.
<ProductName format={ProductNameFormat.LongForm}/>'s Configuration Language builds a representation of a system's <ProductConcept section="what-is-an-authorization-model" linkName="authorization model" />, which informs <UpdateProductNameInLinks link="/api/service" name="{ProductName}'s API" /> on the <ProductConcept section="what-is-a-type" linkName="object types" /> in the system and how they relate to each other. The Configuration Language describes the <ProductConcept section="what-is-a-relation" linkName="relations" /> possible for an object of a given type and lists the conditions under which one is related to that object.

The Configuration Language can be presented in **DSL** or **JSON** syntax. The JSON syntax is accepted by the API and closely tracks the language in the [Zanzibar paper](https://research.google/pubs/pub48190/). The DSL adds syntactic sugar on top of JSON for ease of use, but compiles down to JSON before being sent to <ProductName format={ProductNameFormat.ShortForm}/>'s API. JSON syntax is used to call API directly or through the [SDKs](./getting-started), while DSL is used to interact with <ProductName format={ProductNameFormat.ShortForm}/> in the [Playground](https://play.fga.dev/), and they can be switched between throughout this documentation.

Expand Down Expand Up @@ -388,7 +388,7 @@ Above, `document` <ProductConcept section="what-is-a-type-definition" linkName="

:::info

`can_rename` does not reference the [direct relationship type restrictions](#the-direct-relationship-type-restrictions), which means a user cannot be directly assigned this relation and it must inherited when the `editor` relation is assigned. Conversely, the `viewer` relation allows both direct and indirect relationships using the [Union Operator](#the-union-operator).
`can_rename` does not reference the [direct relationship type restrictions](#the-direct-relationship-type-restrictions), which means a user cannot be directly assigned this relation and it must be inherited when the `editor` relation is assigned. Conversely, the `viewer` relation allows both direct and indirect relationships using the [Union Operator](#the-union-operator).

:::

Expand Down Expand Up @@ -1013,7 +1013,7 @@ The following snippet:
},
},
{
// a user that is an viewer on any of the object's parents is also implicitly a viewer on the object
// a user that is a viewer on any of the object's parents is also implicitly a viewer on the object
tupleToUserset: {
tupleset: {
relation: 'parent',
Expand Down
4 changes: 2 additions & 2 deletions docs/content/getting-started/cli.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -331,7 +331,7 @@ Delete all tuples from a store by reading all the tuples first and then deleting
```bash
# Reads all the tuples and outputs them in a json format that can be used by 'fga tuple delete' and 'fga tuple write'.

$ fga tuple read --simple-output --max-pages 0 > tuples.json
$ fga tuple read --output-format=simple-json --max-pages 0 > tuples.json
$ fga tuple delete --file tuples.json
```
Expand Down Expand Up @@ -380,4 +380,4 @@ Use the `fga model get` command is used to verify that the model was correctly w
id: '../modeling/testing-models.mdx',
}
]}
/>
/>
14 changes: 7 additions & 7 deletions docs/content/getting-started/configure-model.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,53 +32,53 @@ This article explains how to configure an <ProductConcept section="what-is-an-au

1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx), [created the store](./create-store.mdx) and [setup the SDK client](./setup-sdk-client.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>
<TabItem value={SupportedLanguage.GO_SDK} label={languageLabelMap.get(SupportedLanguage.GO_SDK)}>

1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx), [created the store](./create-store.mdx) and [setup the SDK client](./setup-sdk-client.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.DOTNET_SDK} label={languageLabelMap.get(SupportedLanguage.DOTNET_SDK)}>

1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx), [created the store](./create-store.mdx) and [setup the SDK client](./setup-sdk-client.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.PYTHON_SDK} label={languageLabelMap.get(SupportedLanguage.PYTHON_SDK)}>

1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx), [created the store](./create-store.mdx) and [setup the SDK client](./setup-sdk-client.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.JAVA_SDK} label={languageLabelMap.get(SupportedLanguage.JAVA_SDK)}>

1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx), [created the store](./create-store.mdx) and [setup the SDK client](./setup-sdk-client.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.CLI} label={languageLabelMap.get(SupportedLanguage.CLI)}>

1. <SdkSetupPrerequisite />
2. You have [installed the CLI](./install-sdk.mdx), [created the store](./create-store.mdx) and [setup your environment variables](./setup-sdk-client.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_SERVER_URL` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.CURL} label={languageLabelMap.get(SupportedLanguage.CURL)}>

1. <SdkSetupPrerequisite />
2. You have [created the store](./create-store.mdx) and have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
2. You have [created the store](./create-store.mdx) and have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>
</Tabs>
Expand Down
6 changes: 3 additions & 3 deletions docs/content/getting-started/create-store.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ import TabItem from '@theme/TabItem';

A [store](../concepts.mdx#what-is-a-store) is a OpenFGA entity that contains your authorization data. You will need to create a store in OpenFGA before adding an [authorization model](../concepts.mdx#what-is-an-authorization-model) and [relationship tuples](../concepts.mdx#what-is-a-relationship-tuple) to it.

This article explains how to setup an OpenFGA store.
This article explains how to set up an OpenFGA store.

## Step By Step

Expand Down Expand Up @@ -148,15 +148,15 @@ public class Example {
fga store create --name "FGA Demo Store"

# To create the store and directly put the Store ID into an env variable:
# export FGA_STORE_ID=$(fga store create --name "FGA Demo Store" | jq -r .id)
# export FGA_STORE_ID=$(fga store create --name "FGA Demo Store" | jq -r .store.id)
```

</TabItem>

<TabItem value={SupportedLanguage.CURL} label={languageLabelMap.get(SupportedLanguage.CURL)}>

```shell
curl -X POST $FGA_API_HOST/stores \
curl -X POST $FGA_API_URL/stores \
-H "content-type: application/json" \
-d '{"name": "FGA Demo Store"}'
```
Expand Down
4 changes: 2 additions & 2 deletions docs/content/getting-started/framework.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ This section will illustrate how to integrate <ProductName format={ProductNameFo
2. You have [installed the OpenFGA SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You know how to [perform a Check](./perform-check.mdx).
5. You have loaded `FGA_API_HOST` and `FGA_STORE_ID` as environment variables.
5. You have loaded `FGA_API_URL` and `FGA_STORE_ID` as environment variables.

</TabItem>
<TabItem value={SupportedLanguage.GO_SDK} label={languageLabelMap.get(SupportedLanguage.GO_SDK)}>
Expand All @@ -43,7 +43,7 @@ This section will illustrate how to integrate <ProductName format={ProductNameFo
2. You have [installed the OpenFGA SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You know how to [perform a Check](./perform-check.mdx).
5. You have loaded `FGA_API_HOST` and `FGA_STORE_ID` as environment variables.
5. You have loaded `FGA_API_URL` and `FGA_STORE_ID` as environment variables.

</TabItem>
</Tabs>
Expand Down
2 changes: 1 addition & 1 deletion docs/content/getting-started/immutable-models.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ You can list all the authorization models for a store using the [ReadAuthorizati

Some endpoints relating to tuples ([Check](/api/service#/Relationship%20Queries/Check), [ListObjects](/api/service#/Relationship%20Queries/ListObjects), [Expand](/api/service#/Relationship%20Queries/Expand), [Write](/api/service#/Relationship%20Tuples/Write)) accept an `authorization_model_id`, which we strongly recommend passing, especially in production.

In practice, you would pin the authorization model ID alongside the store ID in your configuration management system. Your services would read this value and use it in their requests to FGA. This helps you ensure that your services are using the same consistent ID across all your applications, and that rollouts can be seemless.
In practice, you would pin the authorization model ID alongside the store ID in your configuration management system. Your services would read this value and use it in their requests to FGA. This helps you ensure that your services are using the same consistent ID across all your applications, and that rollouts can be seamless.

### Benefits of Passing in an Authorization Model ID

Expand Down
2 changes: 1 addition & 1 deletion docs/content/getting-started/overview.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import { DocumentationNotice, IntroCard, CardGrid, ProductName } from '@componen

<DocumentationNotice />

The following will provide a step by step guide on how to get started with <ProductName />.
The following will provide a step-by-step guide on how to get started with <ProductName />.

<IntroCard
title="When to use"
Expand Down
14 changes: 7 additions & 7 deletions docs/content/getting-started/perform-check.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -44,7 +44,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -53,7 +53,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -62,7 +62,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -71,23 +71,23 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.CLI} label={languageLabelMap.get(SupportedLanguage.CLI)}>

1. <SdkSetupPrerequisite />
2. You have [configured the _authorization model_](./configure-model.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_SERVER_URL` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.CURL} label={languageLabelMap.get(SupportedLanguage.CURL)}>

1. <SdkSetupPrerequisite />
2. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>
</Tabs>
Expand Down
18 changes: 9 additions & 9 deletions docs/content/getting-started/perform-list-objects.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -44,7 +44,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -53,7 +53,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -62,7 +62,7 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

Expand All @@ -71,23 +71,23 @@ This section will illustrate how to perform a <ProductConcept section="what-is-a
1. <SdkSetupPrerequisite />
2. You have [installed the SDK](./install-sdk.mdx).
3. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
4. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
4. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.CLI} label={languageLabelMap.get(SupportedLanguage.CLI)}>

1. <SdkSetupPrerequisite />
2. You have [configured the _authorization model_](./configure-model.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_SERVER_URL` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>

<TabItem value={SupportedLanguage.CURL} label={languageLabelMap.get(SupportedLanguage.CURL)}>

1. <SdkSetupPrerequisite />
2. You have [configured the _authorization model_](./configure-model.mdx) and [updated the _relationship tuples_](./update-tuples.mdx).
3. You have loaded `FGA_STORE_ID` and `FGA_API_HOST` as environment variables.
3. You have loaded `FGA_STORE_ID` and `FGA_API_URL` as environment variables.

</TabItem>
</Tabs>
Expand Down Expand Up @@ -145,7 +145,7 @@ To obtain the [access token](https://auth0.com/docs/get-started/authentication-a
To return all documents that user `user:anne` has relationship `reader` with:

<ListObjectsRequestViewer
authorizationModelId="1uHxCSuTP0VKPYSnkq1pbb1jeZw"
authorizationModelId="01HVMMBCMGZNT3SED4Z17ECXCA"
objectType="document"
relation="reader"
user="user:anne"
Expand All @@ -165,7 +165,7 @@ To return all documents that user `user:anne` has relationship `reader` with:
The result `document:otherdoc` and `document:planning` are the document objects that `user:anne` has `reader` relationship with.

:::caution Warning
The performance characteristics of the ListObjects endpoint vary drastically depending on the model complexity, number of tuples, and the relations it needs to evaluate. Relations with 'and' or 'but not' are more expensive to evaluate than relations with 'or'."
The performance characteristics of the ListObjects endpoint vary drastically depending on the model complexity, number of tuples, and the relations it needs to evaluate. Relations with 'and' or 'but not' are more expensive to evaluate than relations with 'or'.
:::

## Related Sections
Expand Down
Loading

0 comments on commit 76fa963

Please sign in to comment.