Skip to content

OpenFGA Integration#673

Open
daveads wants to merge 54 commits into
permitio:masterfrom
daveads:feat/openfga-policy-engine
Open

OpenFGA Integration#673
daveads wants to merge 54 commits into
permitio:masterfrom
daveads:feat/openfga-policy-engine

Conversation

@daveads

@daveads daveads commented Sep 30, 2024

Copy link
Copy Markdown
Contributor

Feature: Add OpenFGA Policy Store to OPAL

This PR addresses issue #661 by integrating OpenFGA Policy Store into OPAL.

/claim #661

@netlify

netlify Bot commented Sep 30, 2024

Copy link
Copy Markdown

Deploy Preview for opal-docs ready!

Name Link
🔨 Latest commit d1421cc
🔍 Latest deploy log https://app.netlify.com/sites/opal-docs/deploys/67a411b59c01f200080a96cc
😎 Deploy Preview https://deploy-preview-673--opal-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@daveads

daveads commented Sep 30, 2024

Copy link
Copy Markdown
Contributor Author

OpenFGA OPAL Integration Project Checklist

Week 1: Setup and Core Implementation

Days 1-2: Project Setup and Research

  • Set up development environment
  • Review OpenFGA documentation and API
  • Analyze OPAL's existing policy store implementations

Days 3-5: Core Implementation

  • Implement OpenFGA configuration in OPAL
  • Develop basic OpenFGA policy store interface
  • Begin implementation of auto-sync from git for OpenFGA models/policies

Week 2: Feature Completion and Demo Preparation

Days 1-3: Feature Implementation

  • Complete auto-sync from git for OpenFGA models/policies
  • Implement data fetching pattern and syncing from external data sources
  • Start working on Docker-compose examples

Days 4-5: Demo Preparation

  • Develop end-to-end demo with example ReBAC policies and mock data
  • Finalize Docker-compose examples for single and multiple OpenFGA clients
  • Prepare demonstration environment

Key Milestones:

  1. End of Week 1: Basic OpenFGA policy store implementation
  2. End of Week 2: Working end-to-end demo
  3. End of Week 3: update later*
  4. End of Week 4: update later*

@daveads

daveads commented Oct 1, 2024

Copy link
Copy Markdown
Contributor Author

Updates ::

Integration into Opal has already begun but is currently on hold. I'm working on the components in isolation from Opal, using the OpenFGA SDK first.
it's been interesting so far.

@daveads

daveads commented Oct 2, 2024

Copy link
Copy Markdown
Contributor Author

I've completed the isolation test and also simulated integration with OPAL in isolation. At some point, I had to mix the Python SDK with the raw API, but I'll likely find a fix for that later.

The test that involved missing the Python SDK and accessing via the raw API and stimulating opal integration was successful.

Going start core implementation asap

@daveads

daveads commented Oct 2, 2024

Copy link
Copy Markdown
Contributor Author

I've completed the isolation test and also simulated integration with OPAL in isolation. At some point, I had to mix the Python SDK with the raw API, but I'll likely find a fix for that later.

The test that involved missing the Python SDK and accessing via the raw API and stimulating opal integration was successful.

Going start core implementation asap

recording.mp4

@daveads

daveads commented Oct 4, 2024

Copy link
Copy Markdown
Contributor Author

@garnerp just push that to show what have been working on locally....

to show my current progress...

@gemanor

gemanor commented Oct 11, 2024

Copy link
Copy Markdown
Collaborator

@daveads I bet you meant to tag me. Any updates on this?

@daveads

daveads commented Oct 11, 2024

Copy link
Copy Markdown
Contributor Author

@daveads I bet you meant to tag me. Any updates on this?

oh oh... yea i meant to tag... lol

still on it... will give you an update on it soon

@daveads

daveads commented Oct 19, 2024

Copy link
Copy Markdown
Contributor Author

currently having issues with the config... buh i should fix it soon.

@danyi1212 danyi1212 changed the title Draft OpenFGA Integration Oct 22, 2024
@daveads

daveads commented Oct 24, 2024

Copy link
Copy Markdown
Contributor Author

Demo ready...

just fixing bugs...

opening pr for now...

@daveads daveads marked this pull request as ready for review October 24, 2024 14:40
@daveads

daveads commented Oct 25, 2024

Copy link
Copy Markdown
Contributor Author

Based on my discussion with @gemanor, Decided to drop the use of openfga_sdk and use API calls instead, similar to the OPA implementation.

Comment thread docker/docker-compose-example-openfga.yml
Comment thread app-tests/docker-compose-app-tests-openfga.yml
@daveads

daveads commented Nov 27, 2024

Copy link
Copy Markdown
Contributor Author
review.mp4

@gemanor gemanor left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all the work @daveads :)
Now, it's my turn, with the comments on the docs. Please address them and let me know when ready.

Comment thread documentation/docs/tutorials/openfga.mdx
Comment thread documentation/docs/tutorials/openfga.mdx Outdated
Comment thread documentation/docs/tutorials/openfga.mdx Outdated
Comment thread documentation/docs/tutorials/openfga.mdx Outdated
Comment thread documentation/docs/tutorials/openfga.mdx Outdated
Comment thread documentation/docs/tutorials/openfga.mdx Outdated
Comment thread documentation/docs/tutorials/openfga.mdx Outdated
Comment thread documentation/docs/tutorials/openfga.mdx Outdated
Comment thread packages/opal-server/opal_server/data/api.py Outdated
@swelborn

swelborn commented Mar 2, 2026

Copy link
Copy Markdown

any updates on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants