feat: support list users

.github/workflows/main.yaml

@@ -10,7 +10,7 @@ jobs:
  test:
  runs-on: ubuntu-latest
  steps:
- - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
  with:
  fetch-depth: 0
 
@@ -33,7 +33,7 @@ jobs:
  run: govulncheck ./...
 
  - name: Upload coverage to Codecov
- uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0
+ uses: codecov/codecov-action@c16abc29c95fcf9174b58eb7e1abf4c866893bc8 # v4.1.1
  continue-on-error: true
  with:
  token: ${{ secrets.CODECOV_TOKEN }}
@@ -45,7 +45,7 @@ jobs:
  needs: [test]
 
  steps:
- - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
  with:
  fetch-depth: 0
 

.github/workflows/semgrep.yaml

@@ -11,7 +11,7 @@ jobs:
  image: returntocorp/semgrep
  if: (github.actor != 'dependabot[bot]' && github.actor != 'snyk-bot')
  steps:
- - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+ - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
  with:
  fetch-depth: 0
  - run: semgrep ci --no-suppress-errors

.openapi-generator/FILES

@@ -42,18 +42,22 @@ docs/ErrorCode.md
 docs/ExpandRequest.md
 docs/ExpandRequestTupleKey.md
 docs/ExpandResponse.md
+docs/FgaObject.md
 docs/GetStoreResponse.md
 docs/InternalErrorCode.md
 docs/InternalErrorMessageResponse.md
 docs/Leaf.md
 docs/ListObjectsRequest.md
 docs/ListObjectsResponse.md
 docs/ListStoresResponse.md
+docs/ListUsersRequest.md
+docs/ListUsersResponse.md
 docs/Metadata.md
 docs/Node.md
 docs/Nodes.md
 docs/NotFoundErrorCode.md
 docs/NullValue.md
+docs/ObjectOrUserset.md
 docs/ObjectRelation.md
 docs/OpenFgaApi.md
 docs/PathUnknownErrorMessageResponse.md
@@ -78,11 +82,17 @@ docs/TupleOperation.md
 docs/TupleToUserset.md
 docs/TypeDefinition.md
 docs/TypeName.md
+docs/TypedWildcard.md
+docs/UnprocessableContentErrorCode.md
+docs/UnprocessableContentMessageResponse.md
+docs/User.md
+docs/UserTypeFilter.md
 docs/Users.md
 docs/Userset.md
 docs/UsersetTree.md
 docs/UsersetTreeDifference.md
 docs/UsersetTreeTupleToUserset.md
+docs/UsersetUser.md
 docs/Usersets.md
 docs/ValidationErrorMessageResponse.md
 docs/WriteAssertionsRequest.md
@@ -122,18 +132,22 @@ model_error_code.go
 model_expand_request.go
 model_expand_request_tuple_key.go
 model_expand_response.go
+model_fga_object.go
 model_get_store_response.go
 model_internal_error_code.go
 model_internal_error_message_response.go
 model_leaf.go
 model_list_objects_request.go
 model_list_objects_response.go
 model_list_stores_response.go
+model_list_users_request.go
+model_list_users_response.go
 model_metadata.go
 model_node.go
 model_nodes.go
 model_not_found_error_code.go
 model_null_value.go
+model_object_or_userset.go
 model_object_relation.go
 model_path_unknown_error_message_response.go
 model_read_assertions_response.go
@@ -157,11 +171,17 @@ model_tuple_operation.go
 model_tuple_to_userset.go
 model_type_definition.go
 model_type_name.go
+model_typed_wildcard.go
+model_unprocessable_content_error_code.go
+model_unprocessable_content_message_response.go
+model_user.go
+model_user_type_filter.go
 model_users.go
 model_userset.go
 model_userset_tree.go
 model_userset_tree_difference.go
 model_userset_tree_tuple_to_userset.go
+model_userset_user.go
 model_usersets.go
 model_validation_error_message_response.go
 model_write_assertions_request.go

CHANGELOG.md

@@ -61,7 +61,7 @@ Some of the changes to expect:
 fgaClient, err := NewSdkClient(&ClientConfiguration{
  ApiUrl: os.Getenv("FGA_API_URL"), // required, e.g. https://api.fga.example
  StoreId: os.Getenv("FGA_STORE_ID"), // not needed when calling `CreateStore` or `ListStores`
- AuthorizationModelId: os.Getenv("FGA_AUTHORIZATION_MODEL_ID"), // optional, recommended to be set for production
+ AuthorizationModelId: os.Getenv("FGA_MODEL_ID"), // optional, recommended to be set for production
 })
 ```
 - When initializing a client, `AuthorizationModelId` is no longer a pointer, and you can just pass the string directly

README.md

@@ -38,6 +38,7 @@ This is an autogenerated Go SDK for OpenFGA. It provides a wrapper around the [O
  - [Expand](#expand)
  - [List Objects](#list-objects)
  - [List Relations](#list-relations)
+ - [List Users](#list-users)
  - [Assertions](#assertions)
  - [Read Assertions](#read-assertions)
  - [Write Assertions](#write-assertions)
@@ -114,7 +115,7 @@ func main() {
  fgaClient, err := NewSdkClient(&ClientConfiguration{
  ApiUrl: os.Getenv("FGA_API_URL"), // required, e.g. https://api.fga.example
  StoreId: os.Getenv("FGA_STORE_ID"), // not needed when calling `CreateStore` or `ListStores`
- AuthorizationModelId: os.Getenv("FGA_AUTHORIZATION_MODEL_ID"), // optional, recommended to be set for production
+ AuthorizationModelId: os.Getenv("FGA_MODEL_ID"), // optional, recommended to be set for production
  })
 
  if err != nil {
@@ -136,7 +137,7 @@ func main() {
  fgaClient, err := NewSdkClient(&ClientConfiguration{
  ApiUrl: os.Getenv("FGA_API_URL"), // required, e.g. https://api.fga.example
  StoreId: os.Getenv("FGA_STORE_ID"), // not needed when calling `CreateStore` or `ListStores`
- AuthorizationModelId: os.Getenv("FGA_AUTHORIZATION_MODEL_ID"), // optional, recommended to be set for production
+ AuthorizationModelId: os.Getenv("FGA_MODEL_ID"), // optional, recommended to be set for production
  Credentials: &credentials.Credentials{
  Method: credentials.CredentialsMethodApiToken,
  Config: &credentials.Config{
@@ -165,7 +166,7 @@ func main() {
  fgaClient, err := NewSdkClient(&ClientConfiguration{
  ApiUrl: os.Getenv("FGA_API_URL"), // required, e.g. https://api.fga.example
  StoreId: os.Getenv("FGA_STORE_ID"), // not needed when calling `CreateStore` or `ListStores`
- AuthorizationModelId: os.Getenv("FGA_AUTHORIZATION_MODEL_ID"), // optional, recommended to be set for production
+ AuthorizationModelId: os.Getenv("FGA_MODEL_ID"), // optional, recommended to be set for production
  Credentials: &credentials.Credentials{
  Method: credentials.CredentialsMethodClientCredentials,
  Config: &credentials.Config{
@@ -197,7 +198,7 @@ func main() {
  fgaClient, err := NewSdkClient(&ClientConfiguration{
  ApiUrl: os.Getenv("FGA_API_URL"), // required, e.g. https://api.fga.example
  StoreId: os.Getenv("FGA_STORE_ID"), // not needed when calling `CreateStore` or `ListStores`
- AuthorizationModelId: os.Getenv("FGA_AUTHORIZATION_MODEL_ID"), // optional, recommended to be set for production
+ AuthorizationModelId: os.Getenv("FGA_MODEL_ID"), // optional, recommended to be set for production
  Credentials: &credentials.Credentials{
  Method: credentials.CredentialsMethodClientCredentials,
  Config: &credentials.Config{
@@ -762,6 +763,50 @@ data, err := fgaClient.ListRelations(context.Background()).
 // data.Relations = ["can_view", "can_edit"]
 ```
 
+##### List Users
+
+List the users who have a certain relation to a particular type.
+
+[API Documentation](https://openfga.dev/api/service#/Relationship%20Queries/ListUsers)
+
+```golang
+options := ClientListRelationsOptions{
+ // You can rely on the model id set in the configuration or override it for this specific request
+ AuthorizationModelId: openfga.PtrString("01GAHCE4YVKPQEKZQHT2R89MQV"),
+}
+
+// Only a single filter is allowed by the API for the time being
+userFilters := []openfga.UserTypeFilter{{ Type: "user" }}
+// user filters can also be of the form
+// userFilters := []openfga.UserTypeFilter{{ Type: "team", Relation: openfga.PtrString("member") }}
+
+requestBody := ClientListUsersRequest{
+ Object: openfga.Object{
+ Type: "document",
+ Id: "roadmap",
+ },
+ Relation: "can_read",
+ UserFilters: userFilters,
+ ContextualTuples: []ClientContextualTupleKey{{
+ User: "user:81684243-9356-4421-8fbf-a4f8d36aa31b",
+ Relation: "editor",
+ Object: "folder:product",
+ }, {
+ User: "folder:product",
+ Relation: "parent",
+ Object: "document:roadmap",
+ }},
+ Context: &map[string]interface{}{"ViewCount": 100},
+}
+data, err := fgaClient.ListRelations(context.Background()).
+ Body(requestBody).
+ Options(options).
+ Execute()
+
+// response.users = [{object: {type: "user", id: "81684243-9356-4421-8fbf-a4f8d36aa31b"}}, {userset: { type: "user" }}, ...]
+// response.excluded_users = [ {object: {type: "user", id: "4a455e27-d15a-4434-82e0-136f9c2aa4cf"}}, ... ]
+```
+
 ### Assertions
 
 #### Read Assertions
@@ -826,7 +871,7 @@ func main() {
  fgaClient, err := NewSdkClient(&ClientConfiguration{
  ApiUrl: os.Getenv("FGA_API_URL"), // required, e.g. https://api.fga.example
  StoreId: os.Getenv("FGA_STORE_ID"), // not needed when calling `CreateStore` or `ListStores`
- AuthorizationModelId: os.Getenv("FGA_AUTHORIZATION_MODEL_ID"), // optional, recommended to be set for production
+ AuthorizationModelId: os.Getenv("FGA_MODEL_ID"), // optional, recommended to be set for production
  RetryParams: &openfga.RetryParams{
  MaxRetry: 3, // retry up to 3 times on API requests
  MinWaitInMs: 250, // wait a minimum of 250 milliseconds between requests
@@ -849,6 +894,7 @@ Class | Method | HTTP request | Description
 *OpenFgaApi* | [**GetStore**](docs/OpenFgaApi.md#getstore) | **Get** /stores/{store_id} | Get a store
 *OpenFgaApi* | [**ListObjects**](docs/OpenFgaApi.md#listobjects) | **Post** /stores/{store_id}/list-objects | List all objects of the given type that the user has a relation with
 *OpenFgaApi* | [**ListStores**](docs/OpenFgaApi.md#liststores) | **Get** /stores | List all stores
+*OpenFgaApi* | [**ListUsers**](docs/OpenFgaApi.md#listusers) | **Post** /stores/{store_id}/list-users | List all users of the given type that the object has a relation with
 *OpenFgaApi* | [**Read**](docs/OpenFgaApi.md#read) | **Post** /stores/{store_id}/read | Get tuples from the store that matches a query, without following userset rewrite rules
 *OpenFgaApi* | [**ReadAssertions**](docs/OpenFgaApi.md#readassertions) | **Get** /stores/{store_id}/assertions/{authorization_model_id} | Read assertions for an authorization model ID
 *OpenFgaApi* | [**ReadAuthorizationModel**](docs/OpenFgaApi.md#readauthorizationmodel) | **Get** /stores/{store_id}/authorization-models/{id} | Return a particular version of an authorization model
@@ -881,18 +927,22 @@ Class | Method | HTTP request | Description
  - [ExpandRequest](docs/ExpandRequest.md)
  - [ExpandRequestTupleKey](docs/ExpandRequestTupleKey.md)
  - [ExpandResponse](docs/ExpandResponse.md)
+ - [FgaObject](docs/FgaObject.md)
  - [GetStoreResponse](docs/GetStoreResponse.md)
  - [InternalErrorCode](docs/InternalErrorCode.md)
  - [InternalErrorMessageResponse](docs/InternalErrorMessageResponse.md)
  - [Leaf](docs/Leaf.md)
  - [ListObjectsRequest](docs/ListObjectsRequest.md)
  - [ListObjectsResponse](docs/ListObjectsResponse.md)
  - [ListStoresResponse](docs/ListStoresResponse.md)
+ - [ListUsersRequest](docs/ListUsersRequest.md)
+ - [ListUsersResponse](docs/ListUsersResponse.md)
  - [Metadata](docs/Metadata.md)
  - [Node](docs/Node.md)
  - [Nodes](docs/Nodes.md)
  - [NotFoundErrorCode](docs/NotFoundErrorCode.md)
  - [NullValue](docs/NullValue.md)
+ - [ObjectOrUserset](docs/ObjectOrUserset.md)
  - [ObjectRelation](docs/ObjectRelation.md)
  - [PathUnknownErrorMessageResponse](docs/PathUnknownErrorMessageResponse.md)
  - [ReadAssertionsResponse](docs/ReadAssertionsResponse.md)
@@ -916,11 +966,17 @@ Class | Method | HTTP request | Description
  - [TupleToUserset](docs/TupleToUserset.md)
  - [TypeDefinition](docs/TypeDefinition.md)
  - [TypeName](docs/TypeName.md)
+ - [TypedWildcard](docs/TypedWildcard.md)
+ - [UnprocessableContentErrorCode](docs/UnprocessableContentErrorCode.md)
+ - [UnprocessableContentMessageResponse](docs/UnprocessableContentMessageResponse.md)
+ - [User](docs/User.md)
+ - [UserTypeFilter](docs/UserTypeFilter.md)
  - [Users](docs/Users.md)
  - [Userset](docs/Userset.md)
  - [UsersetTree](docs/UsersetTree.md)
  - [UsersetTreeDifference](docs/UsersetTreeDifference.md)
  - [UsersetTreeTupleToUserset](docs/UsersetTreeTupleToUserset.md)
+ - [UsersetUser](docs/UsersetUser.md)
  - [Usersets](docs/Usersets.md)
  - [ValidationErrorMessageResponse](docs/ValidationErrorMessageResponse.md)
  - [WriteAssertionsRequest](docs/WriteAssertionsRequest.md)