Skip to content

Instantly share code, notes, and snippets.

@ewanharris

ewanharris/check.tests.yaml

Last active December 2, 2024 11:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ewanharris/c270eab0f4899aea5a1c24d9ee32cc49 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ewanharris/c270eab0f4899aea5a1c24d9ee32cc49 to your computer and use it in GitHub Desktop.
Download ZIP
Example of separating tests
Raw
check.tests.yaml
- name: "folder-document-access-checks"
description: ""
tuple_file: ./folder-document-access_tuples.json
check:
- user: user:anne
object: folder:product-2021
assertions:
can_view: true
can_write: true
can_share: false
- user: user:beth
object: folder:product-2021
assertions:
can_view: true
can_write: false
can_share: false
- user: user:anne
object: folder:product-2021Q1
assertions:
can_view: true
can_write: true
can_share: false
Raw
list_objects.tests.yaml
- name: "folder-document-access-list-objects"
description: ""
tuple_file: ./folder-document-access_tuples.json
list_objects:
- user: user:anne
type: folder
assertions:
can_view:
- folder:product
- folder:product-2021
- folder:product-2021Q1
can_write:
- folder:product
- folder:product-2021
- folder:product-2021Q1
can_share:
- folder:product
- user: user:beth
type: folder
assertions:
can_view:
- folder:product-2021
- folder:product-2021Q1
can_write: []
can_share: []
Raw
list_users.tests.yaml
- name: "folder-document-access-list-users"
description: ""
tuple_file: ./folder-document-access_tuples.json
list_users:
- object: folder:product-2021
user_filter:
- type: user
assertions:
can_view:
users:
- user:anne
- user:beth
can_write:
users:
- user:anne
- name: "we can have mutliple tests per yaml file too. Not sure if my yaml syntax is 100% right though"
tuple_file: ./another-tuple-file.json
check:
- user: user:anne
object: folder:product-2021
assertions:
can_view: true
Raw
store.fga.yaml
name: FolderBox
model_file: ./model.fga
tuple_file: ./model_tuples.yaml
test_files:
# Similar to how you interact with most test runners
# List out test files directly
- check.tests.yaml
- list_objects.tests.yaml
- list_users.tests.yaml
# Or maybe we could allow globbing
- ./*.tests.yaml # any files matching *.tests.yaml alongside this file
- ./**/*.tests.yaml # any files matching *.tests.yaml alongside and in child directories of this directory
@Oscmage
Copy link

Oscmage commented Nov 27, 2024

@ewanharris Thanks for the example, very useful! This is exactly what I meant with getting another solution to the problem, appreciate it.

I found the docs for both modules and tests

https://openfga.dev/docs/modeling/testing
https://openfga.dev/docs/modeling/modular-models

Is there any other place we have recommendations for structure?

I would happily try to contribute to the documentation here since it is really nice to have a "suggested structure" of the files for modules and testing somewhere documented. Maybe it is documented somewhere and I simply have missed it?

@aaguiarz
Copy link

aaguiarz commented Nov 27, 2024

The issue with this approach is that now I can't just run the test for one .fga.yaml (e.g. list_users.tests.yaml), and when I'm evolving the model or writing new tests that's probably what I want.

@ewanharris
Copy link
Author

ewanharris commented Dec 2, 2024

@Oscmage we don't support this structure yet, once we introduce it to the CLI then we'll definitely rework those testing and modular models guides to include a reference to this.

@aaguiarz We'd only support the fields listed here, I'm not sure if our parsing library errors or ignores unknown fields.

For running singular tests, we could (eventually) include something like a --filter flag like most test runners have that only run tests where the name matches a string. Longer term as we look to add test support within the IDEs this is something we would need for sure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment