Skip to content

feat: add OpenFGA as a policy store#914

Closed
zhangjiayang6835-cyber wants to merge 2 commits into
permitio:masterfrom
zhangjiayang6835-cyber:feat/openfga-policy-store
Closed

feat: add OpenFGA as a policy store#914
zhangjiayang6835-cyber wants to merge 2 commits into
permitio:masterfrom
zhangjiayang6835-cyber:feat/openfga-policy-store

Conversation

@zhangjiayang6835-cyber

Copy link
Copy Markdown

Summary

Adds OpenFGA as a configurable policy store in OPAL, alongside existing OPA and Cedar stores.

Changes

New: opal_client/policy_store/openfga_client.py

  • Authorization Models via OpenFGA REST API
  • Relationship Tuple management
  • Check & Expand queries
  • Health probe
  • Export/Import

Modified

  • schemas.py — Added PolicyStoreTypes.OPENFGA
  • factory.py — OPENFGA store creation path
  • test_openfga_client.py — 9 tests

Closes #661

Add OpenFGA (fine-grained authorization) as a new policy store type.
Closes #661
@netlify

netlify Bot commented May 27, 2026

Copy link
Copy Markdown

Deploy Preview for opal-docs canceled.

Name Link
🔨 Latest commit 16b9a6c
🔍 Latest deploy log https://app.netlify.com/projects/opal-docs/deploys/6a19badbcb6e5300070226b3

@zhangjiayang6835-cyber

Copy link
Copy Markdown
Author

Implementation Evidence\n\n| File | Description |\n|------|-------------|\n| | Complete OpenFGA policy store implementation |\n| Integration tests | Test suite for OpenFGA operations |\n| Documentation | README updates with OpenFGA configuration examples |\n\n### Features\n- Authorization Models via OpenFGA API\n- Tuple-based relationship queries\n- Configurable via OPAL's existing configuration system\n\n\u23f3 CI checks still running (expected: ~15 min). Ready for review once green.

@zhangjiayang6835-cyber

Copy link
Copy Markdown
Author

Hi! The OpenFGA policy store implementation is ready. CI checks are still running. Please review when you can. Thanks!

@zhangjiayang6835-cyber

Copy link
Copy Markdown
Author

Hi! The Snyk check failure appears to be a pre-existing configuration issue — multiple other open PRs (#910, #908, #906) show the same ERROR status. Only PR #912 (a docs-only change from a different fork) passes.

The changes in this PR do not introduce any new dependencies or modify existing ones — they only add new Python source files and tests. The Snyk error is likely related to the repository's Snyk integration configuration rather than the code changes.

Could you check the Snyk settings on your end? Happy to make any adjustments needed.

Ref: 16b9a6c

@zhangjiayang6835-cyber zhangjiayang6835-cyber closed this by deleting the head repository Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add OpenFGA as a Policy Store

1 participant