Skip to content

feat: organization tuples as contextual checks#462

Merged
golanglemonade merged 4 commits into
mainfrom
feat-parent-context-tuple
May 18, 2026
Merged

feat: organization tuples as contextual checks#462
golanglemonade merged 4 commits into
mainfrom
feat-parent-context-tuple

Conversation

@golanglemonade
Copy link
Copy Markdown
Member

@golanglemonade golanglemonade commented Mar 16, 2026
edited
Loading

This supports new permissions updates: theopenlane/core#2398

adds parent_context for organization level tuples; related to theopenlane/core#2398
setup with a config that allows disbaling for backwards compatibility as well as configuring the skip and conditions via fga client config opts, e.g:

	suite.ofgaTF = fgatest.NewFGATestcontainer(context.Background(),
		fgatest.WithModuleFile(fgaModuleFile),
		fgatest.WithEnvVars(coreutils.GetDefaultFGAEnvs()),
		fgatest.WithVersion(version),
		fgatest.WithSkipParentContextKinds("organization", "user", "system"),
		fgatest.WithParentSkipConditions(fgax.ParentContextConditionConfig{Kind: "group", Name: "public_group", Context: map[string]any{"public": false}}),
	)

or via core config:

authz:
  parentcontextconditions:
    - kind: group
      name: public_group
      context:
        public: false
  parentcontextskipkinds: 
    - organization
    - user
    - system

this is a breaking change but I've allowed it to be configured with backwards compatibly; see the draft PR in core.

@github-actions github-actions Bot added the enhancement New feature or request label Mar 16, 2026
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 19, 2026

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
62.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@golanglemonade golanglemonade force-pushed the feat-parent-context-tuple branch from ced2a0d to b0c0f70 Compare May 5, 2026 04:11
@golanglemonade golanglemonade force-pushed the feat-parent-context-tuple branch from d02a398 to 1200f6c Compare May 14, 2026 06:21
@golanglemonade
feat: parent context
a997d5f 
Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
@golanglemonade golanglemonade force-pushed the feat-parent-context-tuple branch from 1200f6c to a997d5f Compare May 14, 2026 06:30
@golanglemonade
make configurable
30aac05 
Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
@golanglemonade
that would help
034a321 
Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
@golanglemonade golanglemonade marked this pull request as ready for review May 14, 2026 07:17
@golanglemonade golanglemonade requested a review from a team as a code owner May 14, 2026 07:17
@golanglemonade golanglemonade mentioned this pull request May 15, 2026
Closed
@golanglemonade
missing comments
cd2529e 
Signed-off-by: Sarah Funkhouser <147884153+golanglemonade@users.noreply.github.com>
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 15, 2026

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
43.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@golanglemonade golanglemonade merged commit 519b585 into main May 18, 2026
15 checks passed
@golanglemonade golanglemonade deleted the feat-parent-context-tuple branch May 18, 2026 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matoszz matoszz matoszz approved these changes

@adelowo adelowo Awaiting requested review from adelowo adelowo is a code owner automatically assigned from theopenlane/blacksmiths

@LemonAid711 LemonAid711 Awaiting requested review from LemonAid711 LemonAid711 is a code owner automatically assigned from theopenlane/blacksmiths

Assignees

No one assigned

Labels

breaking-change enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@golanglemonade @matoszz