Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OpenFGA as a Policy Store #661

Open
gemanor opened this issue Sep 18, 2024 · 21 comments
Open

Add OpenFGA as a Policy Store #661

gemanor opened this issue Sep 18, 2024 · 21 comments
Assignees
Labels

Comments

@gemanor
Copy link
Collaborator

gemanor commented Sep 18, 2024

An OPAL policy-store is an interface that enables OPAL to manage policy-engines that can make authorization decisions via OPAL clients.

This issue is a feature request to add OpenFGA as a policy-store in OPAL alongside the existing supported policy stores (OPA and Cedar) so developers can better manage OpenFGA services.

Acceptance criteria:

  • Ability to configure OpenFGA as a policy store in OPAL
  • OpenFGA models/policies are auto-synced from git
  • OpenFGA supports the data fetching pattern and syncing data from external data sources
  • A working end-to-end demo with example ReBAC policies and mock data
  • Docker-compose examples of running OPAL with single or multiple OpenFGA clients
  • 100% UT coverage on the code and at least one integration test
@gemanor gemanor added the enhancement New feature or request label Sep 18, 2024
@gemanor
Copy link
Collaborator Author

gemanor commented Sep 18, 2024

/bounty $1500

Copy link

algora-pbc bot commented Sep 18, 2024

💎 $1,500 bounty • Permit.io

Steps to solve:

  1. Start working: Comment /attempt #661 with your implementation plan
  2. Submit work: Create a pull request including /claim #661 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to permitio/opal!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🟢 @benya7 Sep 18, 2024, 12:14:54 PM WIP
🟢 @onyedikachi-david Sep 20, 2024, 2:55:29 PM WIP
🔴 @debaa98 Oct 15, 2024, 11:04:27 AM WIP
🟢 @zhanxini Dec 1, 2024, 7:58:29 AM WIP
🟢 @daveads #673

@benya7
Copy link

benya7 commented Sep 18, 2024

Hi @gemanor! I'm very interested in working on this task.
Can I be assigned? Thank you.

/attempt #661

Algora profile Completed bounties Tech Active attempts Options
@benya7 2 bounties from 2 projects
TypeScript, JavaScript,
Vue & more
Cancel attempt

@gemanor
Copy link
Collaborator Author

gemanor commented Sep 20, 2024

Hey @benya7, sure! Please share your working plan for this, so we can expect timelines, etc.

@gemanor gemanor assigned gemanor and benya7 and unassigned gemanor Sep 20, 2024
@onyedikachi-david
Copy link

onyedikachi-david commented Sep 20, 2024

/attempt #661

@gemanor do you accept multiple submissions for this?

Algora profile Completed bounties Tech Active attempts Options
@onyedikachi-david 7 bounties from 4 projects
JavaScript, Shell
Cancel attempt

@benya7
Copy link

benya7 commented Sep 20, 2024

Hey @benya7, sure! Please share your working plan for this, so we can expect timelines, etc.

@gemanor Thanks for that!
Here is my implementation plan.

Research OpenFGA API and OPAL's Policy-Store Architecture (3 days):

  • Study OpenFGA's API and data model.
  • Review existing policy stores (OPA, Cedar) in OPAL to understand the integration points, especially for fetching, syncing, and authorization patterns.

Development (2 weeks):

  • Integrate OpenFGA as a policy store within OPAL.
  • Implement Git-based auto-sync for OpenFGA policies.
  • Enable external data fetching and provide Docker Compose setup for single/multiple clients.

Testing, Documentation & Demo (1 week):

  • Write unit tests with 100% coverage.
  • Build integration tests with example ReBAC policies and mock data.
  • Write documentation for configuring OpenFGA in OPAL and Docker Compose examples.

I hope this is acceptable to you. Please let me know if you would like any changes.

@gemanor
Copy link
Collaborator Author

gemanor commented Sep 21, 2024

Sounds good to me! Looking forward for updates.

@gemanor
Copy link
Collaborator Author

gemanor commented Sep 25, 2024

Hey @benya7 I'll be happy if you can share your progress points here so we can track it :)

@varshith257
Copy link

@gemanor It's been a week without any visible activity from @benya7. I'd like to take over this issue. I have strong experience with Docker and have worked with Kubernetes policies, particularly with Kyverno. Additionally, I have a solid Python background and I feel confident in integrating OpenFGA into OPAL as a new policy store.

I've already reviewed the existing OPA and Cedar policy store implementations and now have a clear understanding of how to proceed with adding OpenFGA.

@gemanor
Copy link
Collaborator Author

gemanor commented Sep 29, 2024

Since we haven't seen any progress from @benya7 for the last four days, we are reassigning it to @daveads, who initially asked to take this issue.

@daveads, please share your plan for this ticket, including timeframes.

@varshith257 @onyedikachi-david, we will open similar tickets soon. Keep watching.

@daveads
Copy link
Contributor

daveads commented Sep 29, 2024

@gemanor Yea sure... already experimenting with OpenFGA...

will share my plan for this ticket here by Monday and constantly update you with my progress via Slack.

@gemanor
Copy link
Collaborator Author

gemanor commented Sep 29, 2024

Thanks @daveads, better to update here on the progress, to keep it open and collaborative.

@daveads
Copy link
Contributor

daveads commented Sep 29, 2024

Thanks @daveads, better to update here on the progress, to keep it open and collaborative.

okayy

@thekumbhaj
Copy link

Hey @daveads I would like to collabrate with you in this collabrations

@thekumbhaj
Copy link

#attempt #661

@daveads
Copy link
Contributor

daveads commented Oct 12, 2024

Hey @daveads I would like to collabrate with you in this collabrations

@thekumbhaj Am almost done.

@thekumbhaj
Copy link

@daveads let know when it's done....

@debaa98
Copy link

debaa98 commented Oct 15, 2024

hey @gemanor can i work in this issue? /attempt #661

Copy link

algora-pbc bot commented Oct 24, 2024

💡 @daveads submitted a pull request that claims the bounty. You can visit your bounty board to reward.

@zhanxini
Copy link

zhanxini commented Dec 1, 2024

can i work in this issue? /attempt #661

Copy link

algora-pbc bot commented Dec 25, 2024

🎉🎈 @daveads has been awarded $1,500! 🎈🎊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

8 participants