VS Code extension that provides syntax highlighting for the OpenFGA language for authorization models.
OpenFGA is an open source Fine-Grained Authorization solution inspired by Google's Zanzibar paper. It was created by the FGA team at Auth0 based on Auth0 Fine-Grained Authorization (FGA), available under a permissive license (Apache-2) and welcomes community contributions.
OpenFGA is designed to make it easy for application builders to model their permission layer, and to add and integrate fine-grained authorization into their applications. OpenFGA’s design is optimized for reliability and low latency at a high scale.
- OpenFGA Documentation
- OpenFGA API Documentation
- OpenFGA on Twitter
- OpenFGA Community
- Zanzibar Academy
- Google's Zanzibar Paper (2019)
You can install the OpenFGA VS Code plugin from:
-
The VSIX releases on GitHub for manual installation
The extension currently offers 4 core features, with more to come.
- Syntax Highlighting for OpenFGA files
- A unique theme for OpenFGA for VS Code
- Once installed, go to your extensions
- Click on
OpenFGAand clickSet Color Scheme - Click on
OpenFGA Darkin the prompt
- A command to transform
.fgaOpenFGA files toJSON- Open a
.fgaOpenFGA file in the editor - Open the
Command Palletteusing Ctrl+Shift+P (Windows) or Command+Shift+P (OSX) - Select
OpenFGA: Transform DSL to JSON - A new tab will open with the transformed code
- Open a
- Validation of OpenFGA's
.fgafiles- As you type in a
.fgaOpenFGA file in the editor, the extension will highlight errors that make your models invalid
- As you type in a
The extension works great when combined with the FGA CLI to iterate on your model and test it.
In order to do that:
1- Create a working directory to house the files for your store
2- Inside this directory, create a model.fga file with your model
3- Alongside the model.fga, create a store.yaml file with the following syntax
---
name: Store Name # store name, optional
model_file: ./model.fga # a global model that would apply to all tests
tuples: # global tuples that would apply to all tests, optional
- user: folder:1
relation: parent
object: folder:2
- user: user:anne
relation: editor
object: folder:1
tests: # required
- name: test-1
description: testing that the model works # optional
tuples: # tuples that only apply within the scope of this test
- user: user:beth
relation: viewer
object: folder:2
check: # a set of checks to run
- user: user:anne
object: folder:1
assertions:
# a set of expected results for each relation
can_view: true
can_write: true
can_share: false
- user: user:beth
object: folder:2
assertions:
# a set of expected results for each relation
can_view: true
can_write: false
can_share: false
list_objects: # a set of list objects to run
- user: user:anne
type: folder
assertions:
# a set of expected results for each relation
can_view:
- folder:1
- folder:2
can_write:
- folder:1
- folder:2
can_share: []
- user: user:beth
type: folder
assertions:
# a set of expected results for each relation
can_view:
- folder:2
can_write: []
can_share: []When ready to test, from the terminal, and while inside your working directory, run:
fga model test --tests=./store.yamlA rough roadmap for development priorities.
See the DEVELOPMENT and CONTRIBUTING.
- CEL Textmate Grammar was taken from vscode-cel
- Range conversion from
yamltovscodefrom actions/languageservices
This project is licensed under the Apache-2.0 license. See the LICENSE file for more info.