Skip to content

OpenFGA

Since v0.30.0

Introduction

The Testcontainers module for OpenFGA.

Adding this module to your project dependencies

Please run the following command to add the OpenFGA module to your Go dependencies:

go get github.com/testcontainers/testcontainers-go/modules/openfga

Usage example

ctx := context.Background()

openfgaContainer, err := openfga.Run(ctx, "openfga/openfga:v1.5.0")
defer func() {
    if err := testcontainers.TerminateContainer(openfgaContainer); err != nil {
        log.Printf("failed to terminate container: %s", err)
    }
}()
if err != nil {
    log.Printf("failed to start container: %s", err)
    return
}

Module Reference

Run function

Info

The RunContainer(ctx, opts...) function is deprecated and will be removed in the next major release of Testcontainers for Go.

The OpenFGA module exposes one entrypoint function to create the OpenFGA container, and this function receives three parameters:

func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustomizer) (*OpenFGAContainer, error)
  • context.Context, the Go context.
  • string, the Docker image to use.
  • testcontainers.ContainerCustomizer, a variadic argument for passing options.

Image

Use the second argument in the Run function to set a valid Docker image. In example: Run(context.Background(), "openfga/openfga:v1.5.0").

Container Options

When starting the OpenFGA container, you can pass options in a variadic way to configure it.

The following options are exposed by the testcontainers package.

Basic Options

Lifecycle Options

Files & Mounts Options

Build Options

Logging Options

Image Options

Networking Options

Advanced Options

Experimental Options

Container Methods

The OpenFGA container exposes the following methods:

HttpEndpoint

This method returns the HTTP endpoint to connect to the OpenFGA container, using the 8080 port.

httpEndpoint, err := openfgaContainer.HttpEndpoint(context.Background())
if err != nil {
    log.Printf("failed to get HTTP endpoint: %s", err)
    return
}

GrpcEndpoint

This method returns the gRPC endpoint to connect to the OpenFGA container, using the 8081 port.

Playground URL

In case you want to interact with the openfga playground, please use the PlaygroundEndpoint method, using the 3000 port.

playgroundEndpoint, err := openfgaContainer.PlaygroundEndpoint(context.Background())
if err != nil {
    log.Printf("failed to get playground endpoint: %s", err)
    return
}

Examples

Writing an OpenFGA model

The following example shows how to write an OpenFGA model using the OpenFGA container.

secret := "openfga-secret"
openfgaContainer, err := openfga.Run(
    context.Background(),
    "openfga/openfga:v1.5.0",
    testcontainers.WithEnv(map[string]string{
        "OPENFGA_LOG_LEVEL":            "warn",
        "OPENFGA_AUTHN_METHOD":         "preshared",
        "OPENFGA_AUTHN_PRESHARED_KEYS": secret,
    }),
)
defer func() {
    if err := testcontainers.TerminateContainer(openfgaContainer); err != nil {
        log.Printf("failed to terminate container: %s", err)
    }
}()
if err != nil {
    log.Printf("failed to start container: %s", err)
    return
}

httpEndpoint, err := openfgaContainer.HttpEndpoint(context.Background())
if err != nil {
    log.Printf("failed to get HTTP endpoint: %s", err)
    return
}

fgaClient, err := client.NewSdkClient(&client.ClientConfiguration{
    ApiUrl: httpEndpoint,
    Credentials: &credentials.Credentials{
        Method: credentials.CredentialsMethodApiToken,
        Config: &credentials.Config{
            ApiToken: secret,
        },
    },
    // because we are going to write an authorization model,
    // we need to specify a store id. Else, it will fail with
    // "Configuration.StoreId is required and must be specified to call this method"
    // In this example, it's an arbitrary store id, that will be created
    // on the fly.
    StoreId: "11111111111111111111111111",
})
if err != nil {
    log.Printf("failed to create openfga client: %v", err)
    return
}

f, err := os.Open(filepath.Join("testdata", "authorization_model.json"))
if err != nil {
    log.Printf("failed to open file: %v", err)
    return
}
defer f.Close()

bs, err := io.ReadAll(f)
if err != nil {
    log.Printf("failed to read file: %v", err)
    return
}

var body client.ClientWriteAuthorizationModelRequest
if err := json.Unmarshal(bs, &body); err != nil {
    log.Printf("failed to unmarshal json: %v", err)
    return
}

resp, err := fgaClient.WriteAuthorizationModel(context.Background()).Body(body).Execute()
if err != nil {
    log.Printf("failed to write authorization model: %v", err)
    return
}