Merge pull request #4 from theopenlane/fix-fga-tests

Fix borked fga tests and base image ref
theopenlane · Aug 28, 2024 · d69f303 · d69f303
2 parents 1414db1 + e40856b
commit d69f303
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 43 deletions.
diff --git a/.buildkite/pipeline.yaml b/.buildkite/pipeline.yaml
@@ -13,7 +13,7 @@ steps:
         cancel_on_build_failing: true
         plugins:
           - docker#v5.11.0:
-              image: "ghcr.io/theopenlane/base-ci-image:v1.1.9"
+              image: "ghcr.io/theopenlane/build-image:v0.1.2"
               command: ["task", "ci"]
               environment:
                 - "GOTOOLCHAIN=auto"
@@ -22,7 +22,7 @@ steps:
         cancel_on_build_failing: true
         plugins:
           - docker#v5.11.0:
-              image: "ghcr.io/theopenlane/base-ci-image:v1.1.9"
+              image: "ghcr.io/theopenlane/build-image:v0.1.2"
               command: ["task", "config:ci"]
               environment:
                 - "GOTOOLCHAIN=auto"

diff --git a/fga/model/model.fga b/fga/model/model.fga
@@ -5,6 +5,9 @@ type service
 type role
   relations
     define assignee: [user]
+type search
+  relations
+    define admin: [user]
 type organization
   relations
     # main roles

diff --git a/fga/tests/tests.yaml b/fga/tests/tests.yaml
@@ -1,42 +1,42 @@
-name: TheOpenLane
+name: OpenLane
 model_file: ../model/model.fga
 tuples:
   # setup parent child org relationship
-  - user: organization:meow
+  - user: organization:openlane
     relation: parent
-    object: organization:woof
+    object: organization:foo
   # setup org primary owner
   - user: user:ulid-of-owner
     relation: owner
-    object: organization:meow
+    object: organization:openlane
   # setup org admin
   - user: user:ulid-of-admin
     relation: admin
-    object: organization:meow
+    object: organization:openlane
   # setup org member
   - user: user:ulid-of-member
     relation: member
-    object: organization:meow
+    object: organization:openlane
   # setup audit log viewer
   - user: user:ulid-of-audit-log-viewer
     relation: audit_log_viewer
-    object: organization:meow
+    object: organization:openlane
   # setup service user
   - user: service:ulid-of-service-editor
     relation: can_edit
-    object: organization:meow
+    object: organization:openlane
   # setup service user
   - user: service:ulid-of-service-viewer
     relation: can_view
-    object: organization:meow
+    object: organization:openlane
 tests:
   - name: organization
     description: test organization relationships
     tuples:
     # add test local tuples here
     check:
       - user: user:ulid-of-owner
-        object: organization:meow # parent org
+        object: organization:openlane # parent org
         assertions:
           member: true
           admin: false
@@ -48,7 +48,7 @@ tests:
           can_invite_members: true
           can_invite_admins: true
       - user: user:ulid-of-member
-        object: organization:meow # parent org
+        object: organization:openlane # parent org
         assertions:
           member: true
           admin: false
@@ -60,7 +60,7 @@ tests:
           can_invite_members: true
           can_invite_admins: false
       - user: service:ulid-of-service-editor
-        object: organization:meow # parent org
+        object: organization:openlane # parent org
         assertions:
           member: false
           admin: false
@@ -72,7 +72,7 @@ tests:
           can_invite_members: true
           can_invite_admins: true
       - user: service:ulid-of-service-viewer
-        object: organization:meow # parent org
+        object: organization:openlane # parent org
         assertions:
           member: false
           admin: false
@@ -84,7 +84,7 @@ tests:
           can_invite_members: false
           can_invite_admins: false
       - user: user:ulid-of-admin
-        object: organization:meow # parent org
+        object: organization:openlane # parent org
         assertions:
           member: true
           admin: true
@@ -96,7 +96,7 @@ tests:
           can_invite_members: true
           can_invite_admins: true
       - user: user:ulid-of-audit-log-viewer
-        object: organization:meow # parent org
+        object: organization:openlane # parent org
         assertions:
           member: false
           admin: false
@@ -108,7 +108,7 @@ tests:
           can_invite_members: false
           can_invite_admins: false
       - user: user:ulid-of-owner
-        object: organization:dog #child org
+        object: organization:foo #child org
         assertions:
           member: true
           admin: false
@@ -120,7 +120,7 @@ tests:
           can_invite_members: true
           can_invite_admins: true
       - user: user:ulid-of-member
-        object: organization:dog # child org
+        object: organization:foo # child org
         assertions:
           member: true
           admin: false
@@ -132,7 +132,7 @@ tests:
           can_invite_members: true
           can_invite_admins: false
       - user: user:ulid-of-admin
-        object: organization:dog # child org
+        object: organization:foo # child org
         assertions:
           member: true
           admin: true
@@ -148,51 +148,51 @@ tests:
         type: organization
         assertions:
           owner:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
           admin:
           member:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
       - user: user:ulid-of-member
         type: organization
         assertions:
           owner:
           admin:
           member:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
       - user: service:ulid-of-service-editor
         type: organization
         assertions:
           can_edit:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
           can_view:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
       - user: service:ulid-of-service-viewer
         type: organization
         assertions:
           can_edit:
           can_view:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
       - user: user:ulid-of-admin
         type: organization
         assertions:
           owner:
           admin:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
           member:
-            - organization:dog
-            - organization:meow
+            - organization:foo
+            - organization:openlane
   - name: groups
     description: test group relationships to their parent (organization)
     tuples:
       # setup group with owner
-      - user: organization:meow
+      - user: organization:openlane
         relation: parent
         object: group:cat-lovers
       # add group admin
@@ -212,7 +212,7 @@ tests:
         relation: member
         object: group:cat-lovers
     check:
-      - user: organization:meow
+      - user: organization:openlane
         object: group:cat-lovers
         assertions:
           parent: true
@@ -274,20 +274,20 @@ tests:
     description: subscription tiers are associated to organizations, and members are part of that organization
     tuples:
       # setup organization with pro tier
-      - user: organization:meow
+      - user: organization:openlane
         relation: subscriber
         object: subscription_tier:pro
       # setup organization with free tier
       - user: organization:startup
         relation: subscriber
         object: subscription_tier:free
     check:
-      - user: organization:meow
+      - user: organization:openlane
         object: subscription_tier:pro
         assertions:
           subscriber: true
           subscriber_member: false
-      - user: organization:meow
+      - user: organization:openlane
         object: subscription_tier:free
         assertions:
           subscriber: false
@@ -331,7 +331,7 @@ tests:
           subscriber_member:
             - subscription_tier:pro
           subscriber:
-      - user: organization:meow
+      - user: organization:openlane
         type: subscription_tier
         assertions:
           subscriber_member:
@@ -352,7 +352,7 @@ tests:
     description: features tiers are associated to subscription tiers, and users can access features based on their subscription tier of their organization
     tuples:
       # setup organization with pro tier
-      - user: organization:meow
+      - user: organization:openlane
         relation: subscriber
         object: subscription_tier:pro
       # setup organization with free tier