OpenFGA¶

Introduction¶

The Testcontainers module for OpenFGA.

Adding this module to your project dependencies¶

Please run the following command to add the OpenFGA module to your Go dependencies:

go get github.com/testcontainers/testcontainers-go/modules/openfga

Usage example¶

Creating a OpenFGA container

ctx := context.Background()

openfgaContainer, err := openfga.Run(ctx, "openfga/openfga:v1.5.0")
defer func() {
    if err := testcontainers.TerminateContainer(openfgaContainer); err != nil {
        log.Printf("failed to terminate container: %s", err)
    }
}()
if err != nil {
    log.Printf("failed to start container: %s", err)
    return
}

Module Reference¶

Run function¶

Since v0.32.0

Info

The RunContainer(ctx, opts...) function is deprecated and will be removed in the next major release of Testcontainers for Go.

The OpenFGA module exposes one entrypoint function to create the OpenFGA container, and this function receives three parameters:

func Run(ctx context.Context, img string, opts ...testcontainers.ContainerCustomizer) (*OpenFGAContainer, error)

context.Context, the Go context.
string, the Docker image to use.
testcontainers.ContainerCustomizer, a variadic argument for passing options.

Image¶

Use the second argument in the Run function to set a valid Docker image. In example: Run(context.Background(), "openfga/openfga:v1.5.0").

Container Options¶

When starting the OpenFGA container, you can pass options in a variadic way to configure it.

The following options are exposed by the testcontainers package.

Basic Options¶

WithExposedPorts Since v0.37.0
WithEnv Since v0.29.0
WithWaitStrategy Since v0.20.0
WithAdditionalWaitStrategy Since v0.38.0
WithWaitStrategyAndDeadline Since v0.20.0
WithAdditionalWaitStrategyAndDeadline Since v0.38.0
WithEntrypoint Since v0.37.0
WithEntrypointArgs Since v0.37.0
WithCmd Since v0.37.0
WithCmdArgs Since v0.37.0
WithLabels Since v0.37.0

Lifecycle Options¶

WithLifecycleHooks Since v0.38.0
WithAdditionalLifecycleHooks Since v0.38.0
WithStartupCommand Since v0.25.0
WithAfterReadyCommand Since v0.28.0

Files & Mounts Options¶

Build Options¶

WithDockerfile Since v0.37.0

Logging Options¶

Image Options¶

Networking Options¶

Advanced Options¶

WithHostPortAccess Since v0.31.0
WithConfigModifier Since v0.20.0
WithHostConfigModifier Since v0.20.0
WithEndpointSettingsModifier Since v0.20.0
CustomizeRequest Since v0.20.0
WithName Since v0.38.0
WithNoStart Since v0.38.0
WithProvider Not available until the next release main

Experimental Options¶

WithReuseByName Since v0.37.0

Container Methods¶

The OpenFGA container exposes the following methods:

HttpEndpoint¶

Since v0.30.0

This method returns the HTTP endpoint to connect to the OpenFGA container, using the 8080 port.

Get HTTP endpoint

httpEndpoint, err := openfgaContainer.HttpEndpoint(context.Background())
if err != nil {
    log.Printf("failed to get HTTP endpoint: %s", err)
    return
}

GrpcEndpoint¶

Since v0.30.0

This method returns the gRPC endpoint to connect to the OpenFGA container, using the 8081 port.

Playground URL¶

Since v0.30.0

In case you want to interact with the openfga playground, please use the PlaygroundEndpoint method, using the 3000 port.

Get Playground endpoint

playgroundEndpoint, err := openfgaContainer.PlaygroundEndpoint(context.Background())
if err != nil {
    log.Printf("failed to get playground endpoint: %s", err)
    return
}

Examples¶

Writing an OpenFGA model¶

The following example shows how to write an OpenFGA model using the OpenFGA container.

Get Playground endpoint

secret := "openfga-secret"
openfgaContainer, err := openfga.Run(
    context.Background(),
    "openfga/openfga:v1.5.0",
    testcontainers.WithEnv(map[string]string{
        "OPENFGA_LOG_LEVEL":            "warn",
        "OPENFGA_AUTHN_METHOD":         "preshared",
        "OPENFGA_AUTHN_PRESHARED_KEYS": secret,
    }),
)
defer func() {
    if err := testcontainers.TerminateContainer(openfgaContainer); err != nil {
        log.Printf("failed to terminate container: %s", err)
    }
}()
if err != nil {
    log.Printf("failed to start container: %s", err)
    return
}

httpEndpoint, err := openfgaContainer.HttpEndpoint(context.Background())
if err != nil {
    log.Printf("failed to get HTTP endpoint: %s", err)
    return
}

fgaClient, err := client.NewSdkClient(&client.ClientConfiguration{
    ApiUrl: httpEndpoint,
    Credentials: &credentials.Credentials{
        Method: credentials.CredentialsMethodApiToken,
        Config: &credentials.Config{
            ApiToken: secret,
        },
    },
    // because we are going to write an authorization model,
    // we need to specify a store id. Else, it will fail with
    // "Configuration.StoreId is required and must be specified to call this method"
    // In this example, it's an arbitrary store id, that will be created
    // on the fly.
    StoreId: "11111111111111111111111111",
})
if err != nil {
    log.Printf("failed to create openfga client: %v", err)
    return
}

f, err := os.Open(filepath.Join("testdata", "authorization_model.json"))
if err != nil {
    log.Printf("failed to open file: %v", err)
    return
}
defer f.Close()

bs, err := io.ReadAll(f)
if err != nil {
    log.Printf("failed to read file: %v", err)
    return
}

var body client.ClientWriteAuthorizationModelRequest
if err := json.Unmarshal(bs, &body); err != nil {
    log.Printf("failed to unmarshal json: %v", err)
    return
}

resp, err := fgaClient.WriteAuthorizationModel(context.Background()).Body(body).Execute()
if err != nil {
    log.Printf("failed to write authorization model: %v", err)
    return
}