Skip to content

Commit

Permalink
feat(python): add support for the BatchCheck API
Browse files Browse the repository at this point in the history
  • Loading branch information
ewanharris committed Dec 12, 2024
1 parent c9b904d commit 2b93149
Show file tree
Hide file tree
Showing 20 changed files with 1,561 additions and 176 deletions.
16 changes: 16 additions & 0 deletions config/clients/python/config.overrides.json
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,26 @@
"destinationFilename": "openfga_sdk/client/models/assertion.py",
"templateType": "SupportingFiles"
},
"src/client/models/batch_check_item.py.mustache": {
"destinationFilename": "openfga_sdk/client/models/batch_check_item.py",
"templateType": "SupportingFiles"
},
"src/client/models/batch_check_request.py.mustache": {
"destinationFilename": "openfga_sdk/client/models/batch_check_request.py",
"templateType": "SupportingFiles"
},
"src/client/models/batch_check_response.py.mustache": {
"destinationFilename": "openfga_sdk/client/models/batch_check_response.py",
"templateType": "SupportingFiles"
},
"src/client/models/batch_check_single_response.py.mustache": {
"destinationFilename": "openfga_sdk/client/models/batch_check_single_response.py",
"templateType": "SupportingFiles"
},
"src/client/models/client_batch_check_response.py.mustache": {
"destinationFilename": "openfga_sdk/client/models/client_batch_check_response.py",
"templateType": "SupportingFiles"
},
"src/client/models/check_request.py.mustache": {
"destinationFilename": "openfga_sdk/client/models/check_request.py",
"templateType": "SupportingFiles"
Expand Down
35 changes: 22 additions & 13 deletions config/clients/python/template/README_calling_api.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -492,17 +492,19 @@ If 429s or 5xxs are encountered, the underlying check will retry up to {{default

```python
# from {{packageName}} import OpenFgaClient
# from {{packageName}}.client import ClientCheckRequest
# from {{packageName}}.client.models import ClientTuple

# from {{packageName}}.client.models import (
# ClientTuple,
# ClientBatchCheckItem,
# ClientBatchCheckRequest,
# )
# Initialize the fga_client
# fga_client = OpenFgaClient(configuration)

options = {
# You can rely on the model id set in the configuration or override it for this specific request
"authorization_model_id": "01GXSA8YR785C4FYS3C0RTG7B1"
}
body = [ClientCheckRequest(
checks = [ClientBatchCheckItem(
user="user:81684243-9356-4421-8fbf-a4f8d36aa31b",
relation="viewer",
object="document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
Expand All @@ -516,7 +518,7 @@ body = [ClientCheckRequest(
context=dict(
ViewCount=100
)
), ClientCheckRequest(
), ClientBatchCheckItem(
user="user:81684243-9356-4421-8fbf-a4f8d36aa31b",
relation="admin",
object="document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
Expand All @@ -527,20 +529,21 @@ body = [ClientCheckRequest(
object="document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
),
]
), ClientCheckRequest(
), ClientBatchCheckItem(
user="user:81684243-9356-4421-8fbf-a4f8d36aa31b",
relation="creator",
object="document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
), ClientCheckRequest(
), ClientBatchCheckItem(
user="user:81684243-9356-4421-8fbf-a4f8d36aa31b",
relation="deleter",
object="document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
)]

response = await fga_client.batch_check(body, options)
# response.responses = [{
response = await fga_client.batch_check(ClientBatchCheckRequest(checks=checks), options)
# response.result = [{
# allowed: false,
# request: {
# correlation_id: "de3630c2-f9be-4ee5-9441-cb1fbd82ce75",
# tuple: {
# user: "user:81684243-9356-4421-8fbf-a4f8d36aa31b",
# relation: "viewer",
# object: "document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
Expand All @@ -555,7 +558,8 @@ response = await fga_client.batch_check(body, options)
# }
# }, {
# allowed: false,
# request: {
# correlation_id: "6d7c7129-9607-480e-bfd0-17c16e46b9ec",
# tuple: {
# user: "user:81684243-9356-4421-8fbf-a4f8d36aa31b",
# relation: "admin",
# object: "document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
Expand All @@ -567,14 +571,19 @@ response = await fga_client.batch_check(body, options)
# }
# }, {
# allowed: false,
# request: {
# correlation_id: "210899b9-6bc3-4491-bdd1-d3d79780aa31",
# tuple: {
# user: "user:81684243-9356-4421-8fbf-a4f8d36aa31b",
# relation: "creator",
# object: "document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
# },
# error: <FgaError ...>
# error: {
# input_error: "validation_error",
# message: "relation 'document#creator' not found"
# }
# }, {
# allowed: true,
# correlation_id: "55cc1946-9fc3-4710-bd40-8fe2687ed8da",
# request: {
# user: "user:81684243-9356-4421-8fbf-a4f8d36aa31b",
# relation: "deleter",
Expand Down
35 changes: 18 additions & 17 deletions config/clients/python/template/docs/opentelemetry.md.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -30,23 +30,24 @@ If you configure the OpenTelemetry SDK, these metrics will be exported and sent

### Supported Attributes

| Attribute Name | Type | Enabled by Default | Description |
| ------------------------------ | ------ | ------------------ | --------------------------------------------------------------------------------- |
| `fga-client.request.client_id` | string | Yes | Client ID associated with the request, if any |
| `fga-client.request.method` | string | Yes | FGA method/action that was performed (e.g., Check, ListObjects) in TitleCase |
| `fga-client.request.model_id` | string | Yes | Authorization model ID that was sent as part of the request, if any |
| `fga-client.request.store_id` | string | Yes | Store ID that was sent as part of the request |
| `fga-client.response.model_id` | string | Yes | Authorization model ID that the FGA server used |
| `fga-client.user` | string | No | User associated with the action of the request for check and list users |
| `http.client.request.duration` | int | No | Duration for the SDK to complete the request, in milliseconds |
| `http.host` | string | Yes | Host identifier of the origin the request was sent to |
| `http.request.method` | string | Yes | HTTP method for the request |
| `http.request.resend_count` | int | Yes | Number of retries attempted, if any |
| `http.response.status_code` | int | Yes | Status code of the response (e.g., `200` for success) |
| `http.server.request.duration` | int | No | Time taken by the FGA server to process and evaluate the request, in milliseconds |
| `url.scheme` | string | Yes | HTTP scheme of the request (`http`/`https`) |
| `url.full` | string | Yes | Full URL of the request |
| `user_agent.original` | string | Yes | User Agent used in the query |
| Attribute Name | Type | Enabled by Default | Description |
| ------------------------------------- | ------ | ------------------ | --------------------------------------------------------------------------------- |
| `fga-client.request.batch_check_size` | int | No | The total size of the `check` list in a `BatchCheck` call |
| `fga-client.request.client_id` | string | Yes | Client ID associated with the request, if any |
| `fga-client.request.method` | string | Yes | FGA method/action that was performed (e.g., Check, ListObjects) in TitleCase |
| `fga-client.request.model_id` | string | Yes | Authorization model ID that was sent as part of the request, if any |
| `fga-client.request.store_id` | string | Yes | Store ID that was sent as part of the request |
| `fga-client.response.model_id` | string | Yes | Authorization model ID that the FGA server used |
| `fga-client.user` | string | No | User associated with the action of the request for check and list users |
| `http.client.request.duration` | int | No | Duration for the SDK to complete the request, in milliseconds |
| `http.host` | string | Yes | Host identifier of the origin the request was sent to |
| `http.request.method` | string | Yes | HTTP method for the request |
| `http.request.resend_count` | int | Yes | Number of retries attempted, if any |
| `http.response.status_code` | int | Yes | Status code of the response (e.g., `200` for success) |
| `http.server.request.duration` | int | No | Time taken by the FGA server to process and evaluate the request, in milliseconds |
| `url.scheme` | string | Yes | HTTP scheme of the request (`http`/`https`) |
| `url.full` | string | Yes | Full URL of the request |
| `user_agent.original` | string | Yes | User Agent used in the query |

## Customizing Reporting

Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import asyncio
import os
import uuid

from {{packageName}} import (
ClientConfiguration,
Expand All @@ -21,6 +22,8 @@ from {{packageName}} import (
)
from {{packageName}}.client.models import (
ClientAssertion,
ClientBatchCheckItem,
ClientBatchCheckRequest,
ClientCheckRequest,
ClientListObjectsRequest,
ClientListRelationsRequest,
Expand Down Expand Up @@ -266,6 +269,32 @@ async def main():
)
print(f"Allowed: {response.allowed}")

# Performing a BatchCheck
print("Checking for access via BatchCheck")

anne_cor_id = str(uuid.uuid4())
response = await fga_client.batch_check(
ClientBatchCheckRequest(
checks=[
ClientBatchCheckItem(
user="user:anne",
relation="viewer",
object="document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
context=dict(ViewCount=100),
correlation_id=anne_cor_id
),
ClientBatchCheckItem(
user="user:bob",
relation="viewer",
object="document:0192ab2a-d83f-756d-9397-c5ed9f3cb69a",
context=dict(ViewCount=100),
)
]
)
)
print(f"Anne allowed: {response.result[0].allowed}")
print(f"Bob allowed: {response.result[1].allowed}")

# List objects with context
print("Listing objects for access with context")

Expand Down
5 changes: 5 additions & 0 deletions config/clients/python/template/src/api.py.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,11 @@ class {{classname}}:
),
}

telemetry_attributes = TelemetryAttributes.fromBody(
body=body_params,
attributes=telemetry_attributes,
)

return {{#asyncio}}await ({{/asyncio}}self.api_client.call_api(
'{{{path}}}'.replace('{store_id}', store_id), '{{httpMethod}}',
path_params,
Expand Down
Loading

0 comments on commit 2b93149

Please sign in to comment.