You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I've been playing around with OpenFGA and I've noticed the following for a possible CI process:
To query a check you have to use a specific store ID and a specific authorization ID
you can create stores with the same Name but different unique ID created automatically
each store have one or multiple auth models, each defined by it's own unique ID (the API defines this ID as a version ID)
I've some challenges to think for a reliable CI process to create the same store with the same auth models from a plan, to a test and finally to a productive system.
I do not understand the motivation that OpenFGA may have multiple stores with the same name. That means for me to track the store's IDs, it's names and it's description/purpose in a different system. For example using a new or updated auth from test to prod would mean that I have different IDs (what may Ok) and no consistent process to get / create /update a store by it's name (because it's not unique).
Additionally, I'm facing problems with the auth models, it's versioning ID and not having a unique name (and maybe a version tag). So, every update of an auth model means a new ID which I have to track again and maybe update my services. Plus, listing all auth models by the API returns all models but no name, no version, and so on. I do have to check manually the JSON syntax to understand which auth models I should use.
So, basically I would like to understand the motivation of my challenges
why not using unique store names
how to update an auth model and using it without knowing it's ID
knowing what is the latest auth model
best practices for a CI process by using auth models in git and using the API (would mean to store the ID of each created store in a each environment?)
Hope to get some insight from other guys using OpenFGA in prod. Thanks and cheers!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi, I've been playing around with OpenFGA and I've noticed the following for a possible CI process:
I've some challenges to think for a reliable CI process to create the same store with the same auth models from a plan, to a test and finally to a productive system.
I do not understand the motivation that OpenFGA may have multiple stores with the same name. That means for me to track the store's IDs, it's names and it's description/purpose in a different system. For example using a new or updated auth from test to prod would mean that I have different IDs (what may Ok) and no consistent process to get / create /update a store by it's name (because it's not unique).
Additionally, I'm facing problems with the auth models, it's versioning ID and not having a unique name (and maybe a version tag). So, every update of an auth model means a new ID which I have to track again and maybe update my services. Plus, listing all auth models by the API returns all models but no name, no version, and so on. I do have to check manually the JSON syntax to understand which auth models I should use.
So, basically I would like to understand the motivation of my challenges
Hope to get some insight from other guys using OpenFGA in prod. Thanks and cheers!
Beta Was this translation helpful? Give feedback.
All reactions