All Downloads are FREE. Search and download functionalities are using the official Maven repository.

dev.openfga.sdk.api.OpenFgaApi Maven / Gradle / Ivy

Go to download

This is an autogenerated Java SDK for OpenFGA. It provides a wrapper around the [OpenFGA API definition](https://openfga.dev/api).

There is a newer version: 0.7.2
Show newest version
/*
 * OpenFGA
 * A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar.
 *
 * The version of the OpenAPI document: 1.x
 * Contact: [email protected]
 *
 * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
 * https://openapi-generator.tech
 * Do not edit the class manually.
 */

package dev.openfga.sdk.api;

import static dev.openfga.sdk.util.StringUtil.isNullOrWhitespace;
import static dev.openfga.sdk.util.Validation.assertParamExists;

import dev.openfga.sdk.api.auth.*;
import dev.openfga.sdk.api.client.*;
import dev.openfga.sdk.api.configuration.*;
import dev.openfga.sdk.api.model.CheckRequest;
import dev.openfga.sdk.api.model.CheckResponse;
import dev.openfga.sdk.api.model.CreateStoreRequest;
import dev.openfga.sdk.api.model.CreateStoreResponse;
import dev.openfga.sdk.api.model.ExpandRequest;
import dev.openfga.sdk.api.model.ExpandResponse;
import dev.openfga.sdk.api.model.GetStoreResponse;
import dev.openfga.sdk.api.model.ListObjectsRequest;
import dev.openfga.sdk.api.model.ListObjectsResponse;
import dev.openfga.sdk.api.model.ListStoresResponse;
import dev.openfga.sdk.api.model.ListUsersRequest;
import dev.openfga.sdk.api.model.ListUsersResponse;
import dev.openfga.sdk.api.model.ReadAssertionsResponse;
import dev.openfga.sdk.api.model.ReadAuthorizationModelResponse;
import dev.openfga.sdk.api.model.ReadAuthorizationModelsResponse;
import dev.openfga.sdk.api.model.ReadChangesResponse;
import dev.openfga.sdk.api.model.ReadRequest;
import dev.openfga.sdk.api.model.ReadResponse;
import dev.openfga.sdk.api.model.WriteAssertionsRequest;
import dev.openfga.sdk.api.model.WriteAuthorizationModelRequest;
import dev.openfga.sdk.api.model.WriteAuthorizationModelResponse;
import dev.openfga.sdk.api.model.WriteRequest;
import dev.openfga.sdk.errors.*;
import dev.openfga.sdk.telemetry.Attribute;
import dev.openfga.sdk.telemetry.Attributes;
import dev.openfga.sdk.telemetry.Telemetry;
import dev.openfga.sdk.util.Pair;
import java.io.IOException;
import java.net.URI;
import java.net.http.HttpRequest;
import java.time.Duration;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/**
 * A low-level API representation of an OpenFGA server.
 * 

* Most code should favor the simpler and higher-level {@link OpenFgaClient} when calling an OpenFGA server. */ public class OpenFgaApi { private final Configuration configuration; private final ApiClient apiClient; private final OAuth2Client oAuth2Client; private final Telemetry telemetry; public OpenFgaApi(Configuration configuration) throws FgaInvalidParameterException { this(configuration, new ApiClient()); } public OpenFgaApi(Configuration configuration, ApiClient apiClient) throws FgaInvalidParameterException { this.apiClient = apiClient; this.configuration = configuration; this.telemetry = new Telemetry(this.configuration); if (configuration.getCredentials().getCredentialsMethod() == CredentialsMethod.CLIENT_CREDENTIALS) { this.oAuth2Client = new OAuth2Client(configuration, apiClient); } else { this.oAuth2Client = null; } var defaultHeaders = configuration.getDefaultHeaders(); if (defaultHeaders != null) { apiClient.addRequestInterceptor(httpRequest -> defaultHeaders.forEach(httpRequest::setHeader)); } } /** * Check whether a user is authorized to access an object * The Check API returns whether a given user has a relationship with a given object in a given store. The `user` field of the request can be a specific target, such as `user:anne`, or a userset (set of users) such as `group:marketing#member` or a type-bound public access `user:*`. To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`). A `contextual_tuples` object may also be included in the body of the request. This object contains one field `tuple_keys`, which is an array of tuple keys. Each of these tuples may have an associated `condition`. You may also provide an `authorization_model_id` in the body. This will be used to assert that the input `tuple_key` is valid for the model specified. If not specified, the assertion will be made against the latest authorization model ID. It is strongly recommended to specify authorization model id for better performance. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will return whether the relationship exists in the field `allowed`. Some exceptions apply, but in general, if a Check API responds with `{allowed: true}`, then you can expect the equivalent ListObjects query to return the object, and viceversa. For example, if `Check(user:anne, reader, document:2021-budget)` responds with `{allowed: true}`, then `ListObjects(user:anne, reader, document)` may include `document:2021-budget` in the response. ## Examples ### Querying with contextual tuples In order to check if user `user:anne` of type `user` has a `reader` relationship with object `document:2021-budget` given the following contextual tuple ```json { \"user\": \"user:anne\", \"relation\": \"member\", \"object\": \"time_slot:office_hours\" } ``` the Check API can be used with the following request body: ```json { \"tuple_key\": { \"user\": \"user:anne\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"contextual_tuples\": { \"tuple_keys\": [ { \"user\": \"user:anne\", \"relation\": \"member\", \"object\": \"time_slot:office_hours\" } ] }, \"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\" } ``` ### Querying usersets Some Checks will always return `true`, even without any tuples. For example, for the following authorization model ```python model schema 1.1 type user type document relations define reader: [user] ``` the following query ```json { \"tuple_key\": { \"user\": \"document:2021-budget#reader\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" } } ``` will always return `{ \"allowed\": true }`. This is because usersets are self-defining: the userset `document:2021-budget#reader` will always have the `reader` relation with `document:2021-budget`. ### Querying usersets with difference in the model A Check for a userset can yield results that must be treated carefully if the model involves difference. For example, for the following authorization model ```python model schema 1.1 type user type group relations define member: [user] type document relations define blocked: [user] define reader: [group#member] but not blocked ``` the following query ```json { \"tuple_key\": { \"user\": \"group:finance#member\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"contextual_tuples\": { \"tuple_keys\": [ { \"user\": \"user:anne\", \"relation\": \"member\", \"object\": \"group:finance\" }, { \"user\": \"group:finance#member\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, { \"user\": \"user:anne\", \"relation\": \"blocked\", \"object\": \"document:2021-budget\" } ] }, } ``` will return `{ \"allowed\": true }`, even though a specific user of the userset `group:finance#member` does not have the `reader` relationship with the given object. * @param storeId (required) * @param body (required) * @return CompletableFuture<ApiResponse<CheckResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> check(String storeId, CheckRequest body) throws ApiException, FgaInvalidParameterException { return check(storeId, body, this.configuration); } /** * Check whether a user is authorized to access an object * The Check API returns whether a given user has a relationship with a given object in a given store. The `user` field of the request can be a specific target, such as `user:anne`, or a userset (set of users) such as `group:marketing#member` or a type-bound public access `user:*`. To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`). A `contextual_tuples` object may also be included in the body of the request. This object contains one field `tuple_keys`, which is an array of tuple keys. Each of these tuples may have an associated `condition`. You may also provide an `authorization_model_id` in the body. This will be used to assert that the input `tuple_key` is valid for the model specified. If not specified, the assertion will be made against the latest authorization model ID. It is strongly recommended to specify authorization model id for better performance. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will return whether the relationship exists in the field `allowed`. Some exceptions apply, but in general, if a Check API responds with `{allowed: true}`, then you can expect the equivalent ListObjects query to return the object, and viceversa. For example, if `Check(user:anne, reader, document:2021-budget)` responds with `{allowed: true}`, then `ListObjects(user:anne, reader, document)` may include `document:2021-budget` in the response. ## Examples ### Querying with contextual tuples In order to check if user `user:anne` of type `user` has a `reader` relationship with object `document:2021-budget` given the following contextual tuple ```json { \"user\": \"user:anne\", \"relation\": \"member\", \"object\": \"time_slot:office_hours\" } ``` the Check API can be used with the following request body: ```json { \"tuple_key\": { \"user\": \"user:anne\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"contextual_tuples\": { \"tuple_keys\": [ { \"user\": \"user:anne\", \"relation\": \"member\", \"object\": \"time_slot:office_hours\" } ] }, \"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\" } ``` ### Querying usersets Some Checks will always return `true`, even without any tuples. For example, for the following authorization model ```python model schema 1.1 type user type document relations define reader: [user] ``` the following query ```json { \"tuple_key\": { \"user\": \"document:2021-budget#reader\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" } } ``` will always return `{ \"allowed\": true }`. This is because usersets are self-defining: the userset `document:2021-budget#reader` will always have the `reader` relation with `document:2021-budget`. ### Querying usersets with difference in the model A Check for a userset can yield results that must be treated carefully if the model involves difference. For example, for the following authorization model ```python model schema 1.1 type user type group relations define member: [user] type document relations define blocked: [user] define reader: [group#member] but not blocked ``` the following query ```json { \"tuple_key\": { \"user\": \"group:finance#member\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"contextual_tuples\": { \"tuple_keys\": [ { \"user\": \"user:anne\", \"relation\": \"member\", \"object\": \"group:finance\" }, { \"user\": \"group:finance#member\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, { \"user\": \"user:anne\", \"relation\": \"blocked\", \"object\": \"document:2021-budget\" } ] }, } ``` will return `{ \"allowed\": true }`, even though a specific user of the userset `group:finance#member` does not have the `reader` relationship with the given object. * @param storeId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<CheckResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> check( String storeId, CheckRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return check(storeId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> check( String storeId, CheckRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "check"); assertParamExists(body, "body", "check"); String path = "/stores/{store_id}/check".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "Check"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>(request, "check", CheckResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Create a store * Create a unique OpenFGA store which will be used to store authorization models and relationship tuples. * @param body (required) * @return CompletableFuture<ApiResponse<CreateStoreResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> createStore(CreateStoreRequest body) throws ApiException, FgaInvalidParameterException { return createStore(body, this.configuration); } /** * Create a store * Create a unique OpenFGA store which will be used to store authorization models and relationship tuples. * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<CreateStoreResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> createStore( CreateStoreRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return createStore(body, this.configuration.override(configurationOverride)); } private CompletableFuture> createStore( CreateStoreRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(body, "body", "createStore"); String path = "/stores"; Map methodParameters = new HashMap<>(); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "CreateStore"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>(request, "createStore", CreateStoreResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Delete a store * Delete an OpenFGA store. This does not delete the data associated with the store, like tuples or authorization models. * @param storeId (required) * @return CompletableFuture<ApiResponse<Void>> * @throws ApiException if fails to make API call */ public CompletableFuture> deleteStore(String storeId) throws ApiException, FgaInvalidParameterException { return deleteStore(storeId, this.configuration); } /** * Delete a store * Delete an OpenFGA store. This does not delete the data associated with the store, like tuples or authorization models. * @param storeId (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<Void>> * @throws ApiException if fails to make API call */ public CompletableFuture> deleteStore(String storeId, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return deleteStore(storeId, this.configuration.override(configurationOverride)); } private CompletableFuture> deleteStore(String storeId, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "deleteStore"); String path = "/stores/{store_id}".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "DeleteStore"); try { HttpRequest request = buildHttpRequest("DELETE", path, configuration); return new HttpRequestAttempt<>(request, "deleteStore", Void.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Expand all relationships in userset tree format, and following userset rewrite rules. Useful to reason about and debug a certain relationship * The Expand API will return all users and usersets that have certain relationship with an object in a certain store. This is different from the `/stores/{store_id}/read` API in that both users and computed usersets are returned. Body parameters `tuple_key.object` and `tuple_key.relation` are all required. The response will return a tree whose leaves are the specific users and usersets. Union, intersection and difference operator are located in the intermediate nodes. ## Example To expand all users that have the `reader` relationship with object `document:2021-budget`, use the Expand API with the following request body ```json { \"tuple_key\": { \"object\": \"document:2021-budget\", \"relation\": \"reader\" }, \"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\" } ``` OpenFGA's response will be a userset tree of the users and usersets that have read access to the document. ```json { \"tree\":{ \"root\":{ \"type\":\"document:2021-budget#reader\", \"union\":{ \"nodes\":[ { \"type\":\"document:2021-budget#reader\", \"leaf\":{ \"users\":{ \"users\":[ \"user:bob\" ] } } }, { \"type\":\"document:2021-budget#reader\", \"leaf\":{ \"computed\":{ \"userset\":\"document:2021-budget#writer\" } } } ] } } } } ``` The caller can then call expand API for the `writer` relationship for the `document:2021-budget`. * @param storeId (required) * @param body (required) * @return CompletableFuture<ApiResponse<ExpandResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> expand(String storeId, ExpandRequest body) throws ApiException, FgaInvalidParameterException { return expand(storeId, body, this.configuration); } /** * Expand all relationships in userset tree format, and following userset rewrite rules. Useful to reason about and debug a certain relationship * The Expand API will return all users and usersets that have certain relationship with an object in a certain store. This is different from the `/stores/{store_id}/read` API in that both users and computed usersets are returned. Body parameters `tuple_key.object` and `tuple_key.relation` are all required. The response will return a tree whose leaves are the specific users and usersets. Union, intersection and difference operator are located in the intermediate nodes. ## Example To expand all users that have the `reader` relationship with object `document:2021-budget`, use the Expand API with the following request body ```json { \"tuple_key\": { \"object\": \"document:2021-budget\", \"relation\": \"reader\" }, \"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\" } ``` OpenFGA's response will be a userset tree of the users and usersets that have read access to the document. ```json { \"tree\":{ \"root\":{ \"type\":\"document:2021-budget#reader\", \"union\":{ \"nodes\":[ { \"type\":\"document:2021-budget#reader\", \"leaf\":{ \"users\":{ \"users\":[ \"user:bob\" ] } } }, { \"type\":\"document:2021-budget#reader\", \"leaf\":{ \"computed\":{ \"userset\":\"document:2021-budget#writer\" } } } ] } } } } ``` The caller can then call expand API for the `writer` relationship for the `document:2021-budget`. * @param storeId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ExpandResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> expand( String storeId, ExpandRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return expand(storeId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> expand( String storeId, ExpandRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "expand"); assertParamExists(body, "body", "expand"); String path = "/stores/{store_id}/expand".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "Expand"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>(request, "expand", ExpandResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Get a store * Returns an OpenFGA store by its identifier * @param storeId (required) * @return CompletableFuture<ApiResponse<GetStoreResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> getStore(String storeId) throws ApiException, FgaInvalidParameterException { return getStore(storeId, this.configuration); } /** * Get a store * Returns an OpenFGA store by its identifier * @param storeId (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<GetStoreResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> getStore( String storeId, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return getStore(storeId, this.configuration.override(configurationOverride)); } private CompletableFuture> getStore(String storeId, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "getStore"); String path = "/stores/{store_id}".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "GetStore"); try { HttpRequest request = buildHttpRequest("GET", path, configuration); return new HttpRequestAttempt<>(request, "getStore", GetStoreResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * List all objects of the given type that the user has a relation with * The ListObjects API returns a list of all the objects of the given type that the user has a relation with. To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`). An `authorization_model_id` may be specified in the body. If it is not specified, the latest authorization model ID will be used. It is strongly recommended to specify authorization model id for better performance. You may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will contain the related objects in an array in the \"objects\" field of the response and they will be strings in the object format `<type>:<id>` (e.g. \"document:roadmap\"). The number of objects in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_OBJECTS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_OBJECTS_MAX_RESULTS, whichever is hit first. The objects given will not be sorted, and therefore two identical calls can give a given different set of objects. * @param storeId (required) * @param body (required) * @return CompletableFuture<ApiResponse<ListObjectsResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> listObjects(String storeId, ListObjectsRequest body) throws ApiException, FgaInvalidParameterException { return listObjects(storeId, body, this.configuration); } /** * List all objects of the given type that the user has a relation with * The ListObjects API returns a list of all the objects of the given type that the user has a relation with. To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`). An `authorization_model_id` may be specified in the body. If it is not specified, the latest authorization model ID will be used. It is strongly recommended to specify authorization model id for better performance. You may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will contain the related objects in an array in the \"objects\" field of the response and they will be strings in the object format `<type>:<id>` (e.g. \"document:roadmap\"). The number of objects in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_OBJECTS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_OBJECTS_MAX_RESULTS, whichever is hit first. The objects given will not be sorted, and therefore two identical calls can give a given different set of objects. * @param storeId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ListObjectsResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> listObjects( String storeId, ListObjectsRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return listObjects(storeId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> listObjects( String storeId, ListObjectsRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "listObjects"); assertParamExists(body, "body", "listObjects"); String path = "/stores/{store_id}/list-objects".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "ListObjects"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>(request, "listObjects", ListObjectsResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * List all stores * Returns a paginated list of OpenFGA stores and a continuation token to get additional stores. The continuation token will be empty if there are no more stores. * @param pageSize (optional) * @param continuationToken (optional) * @return CompletableFuture<ApiResponse<ListStoresResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> listStores(Integer pageSize, String continuationToken) throws ApiException, FgaInvalidParameterException { return listStores(pageSize, continuationToken, this.configuration); } /** * List all stores * Returns a paginated list of OpenFGA stores and a continuation token to get additional stores. The continuation token will be empty if there are no more stores. * @param pageSize (optional) * @param continuationToken (optional) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ListStoresResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> listStores( Integer pageSize, String continuationToken, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return listStores(pageSize, continuationToken, this.configuration.override(configurationOverride)); } private CompletableFuture> listStores( Integer pageSize, String continuationToken, Configuration configuration) throws ApiException, FgaInvalidParameterException { String path = "/stores"; path = pathWithParams(path, "page_size", pageSize, "continuation_token", continuationToken); Map methodParameters = new HashMap<>(); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "ListStores"); try { HttpRequest request = buildHttpRequest("GET", path, configuration); return new HttpRequestAttempt<>(request, "listStores", ListStoresResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * List the users matching the provided filter who have a certain relation to a particular type. * The ListUsers API returns a list of all the users of a specific type that have a relation to a given object. To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`). An `authorization_model_id` may be specified in the body. If it is not specified, the latest authorization model ID will be used. It is strongly recommended to specify authorization model id for better performance. You may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will contain the related users in an array in the \"users\" field of the response. These results may include specific objects, usersets or type-bound public access. Each of these types of results is encoded in its own type and not represented as a string.In cases where a type-bound public acces result is returned (e.g. `user:*`), it cannot be inferred that all subjects of that type have a relation to the object; it is possible that negations exist and checks should still be queried on individual subjects to ensure access to that document.The number of users in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_USERS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_USERS_MAX_RESULTS, whichever is hit first. The returned users will not be sorted, and therefore two identical calls may yield different sets of users. * @param storeId (required) * @param body (required) * @return CompletableFuture<ApiResponse<ListUsersResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> listUsers(String storeId, ListUsersRequest body) throws ApiException, FgaInvalidParameterException { return listUsers(storeId, body, this.configuration); } /** * List the users matching the provided filter who have a certain relation to a particular type. * The ListUsers API returns a list of all the users of a specific type that have a relation to a given object. To arrive at a result, the API uses: an authorization model, explicit tuples written through the Write API, contextual tuples present in the request, and implicit tuples that exist by virtue of applying set theory (such as `document:2021-budget#viewer@document:2021-budget#viewer`; the set of users who are viewers of `document:2021-budget` are the set of users who are the viewers of `document:2021-budget`). An `authorization_model_id` may be specified in the body. If it is not specified, the latest authorization model ID will be used. It is strongly recommended to specify authorization model id for better performance. You may also specify `contextual_tuples` that will be treated as regular tuples. Each of these tuples may have an associated `condition`. You may also provide a `context` object that will be used to evaluate the conditioned tuples in the system. It is strongly recommended to provide a value for all the input parameters of all the conditions, to ensure that all tuples be evaluated correctly. The response will contain the related users in an array in the \"users\" field of the response. These results may include specific objects, usersets or type-bound public access. Each of these types of results is encoded in its own type and not represented as a string.In cases where a type-bound public acces result is returned (e.g. `user:*`), it cannot be inferred that all subjects of that type have a relation to the object; it is possible that negations exist and checks should still be queried on individual subjects to ensure access to that document.The number of users in the response array will be limited by the execution timeout specified in the flag OPENFGA_LIST_USERS_DEADLINE and by the upper bound specified in the flag OPENFGA_LIST_USERS_MAX_RESULTS, whichever is hit first. The returned users will not be sorted, and therefore two identical calls may yield different sets of users. * @param storeId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ListUsersResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> listUsers( String storeId, ListUsersRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return listUsers(storeId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> listUsers( String storeId, ListUsersRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "listUsers"); assertParamExists(body, "body", "listUsers"); String path = "/stores/{store_id}/list-users".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "ListUsers"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>(request, "listUsers", ListUsersResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Get tuples from the store that matches a query, without following userset rewrite rules * The Read API will return the tuples for a certain store that match a query filter specified in the body of the request. The API doesn't guarantee order by any field. It is different from the `/stores/{store_id}/expand` API in that it only returns relationship tuples that are stored in the system and satisfy the query. In the body: 1. `tuple_key` is optional. If not specified, it will return all tuples in the store. 2. `tuple_key.object` is mandatory if `tuple_key` is specified. It can be a full object (e.g., `type:object_id`) or type only (e.g., `type:`). 3. `tuple_key.user` is mandatory if tuple_key is specified in the case the `tuple_key.object` is a type only. ## Examples ### Query for all objects in a type definition To query for all objects that `user:bob` has `reader` relationship in the `document` type definition, call read API with body of ```json { \"tuple_key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:\" } } ``` The API will return tuples and a continuation token, something like ```json { \"tuples\": [ { \"key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-06T15:32:11.128Z\" } ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` This means that `user:bob` has a `reader` relationship with 1 document `document:2021-budget`. Note that this API, unlike the List Objects API, does not evaluate the tuples in the store. The continuation token will be empty if there are no more tuples to query. ### Query for all stored relationship tuples that have a particular relation and object To query for all users that have `reader` relationship with `document:2021-budget`, call read API with body of ```json { \"tuple_key\": { \"object\": \"document:2021-budget\", \"relation\": \"reader\" } } ``` The API will return something like ```json { \"tuples\": [ { \"key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-06T15:32:11.128Z\" } ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` This means that `document:2021-budget` has 1 `reader` (`user:bob`). Note that, even if the model said that all `writers` are also `readers`, the API will not return writers such as `user:anne` because it only returns tuples and does not evaluate them. ### Query for all users with all relationships for a particular document To query for all users that have any relationship with `document:2021-budget`, call read API with body of ```json { \"tuple_key\": { \"object\": \"document:2021-budget\" } } ``` The API will return something like ```json { \"tuples\": [ { \"key\": { \"user\": \"user:anne\", \"relation\": \"writer\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-05T13:42:12.356Z\" }, { \"key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-06T15:32:11.128Z\" } ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` This means that `document:2021-budget` has 1 `reader` (`user:bob`) and 1 `writer` (`user:anne`). * @param storeId (required) * @param body (required) * @return CompletableFuture<ApiResponse<ReadResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> read(String storeId, ReadRequest body) throws ApiException, FgaInvalidParameterException { return read(storeId, body, this.configuration); } /** * Get tuples from the store that matches a query, without following userset rewrite rules * The Read API will return the tuples for a certain store that match a query filter specified in the body of the request. The API doesn't guarantee order by any field. It is different from the `/stores/{store_id}/expand` API in that it only returns relationship tuples that are stored in the system and satisfy the query. In the body: 1. `tuple_key` is optional. If not specified, it will return all tuples in the store. 2. `tuple_key.object` is mandatory if `tuple_key` is specified. It can be a full object (e.g., `type:object_id`) or type only (e.g., `type:`). 3. `tuple_key.user` is mandatory if tuple_key is specified in the case the `tuple_key.object` is a type only. ## Examples ### Query for all objects in a type definition To query for all objects that `user:bob` has `reader` relationship in the `document` type definition, call read API with body of ```json { \"tuple_key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:\" } } ``` The API will return tuples and a continuation token, something like ```json { \"tuples\": [ { \"key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-06T15:32:11.128Z\" } ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` This means that `user:bob` has a `reader` relationship with 1 document `document:2021-budget`. Note that this API, unlike the List Objects API, does not evaluate the tuples in the store. The continuation token will be empty if there are no more tuples to query. ### Query for all stored relationship tuples that have a particular relation and object To query for all users that have `reader` relationship with `document:2021-budget`, call read API with body of ```json { \"tuple_key\": { \"object\": \"document:2021-budget\", \"relation\": \"reader\" } } ``` The API will return something like ```json { \"tuples\": [ { \"key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-06T15:32:11.128Z\" } ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` This means that `document:2021-budget` has 1 `reader` (`user:bob`). Note that, even if the model said that all `writers` are also `readers`, the API will not return writers such as `user:anne` because it only returns tuples and does not evaluate them. ### Query for all users with all relationships for a particular document To query for all users that have any relationship with `document:2021-budget`, call read API with body of ```json { \"tuple_key\": { \"object\": \"document:2021-budget\" } } ``` The API will return something like ```json { \"tuples\": [ { \"key\": { \"user\": \"user:anne\", \"relation\": \"writer\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-05T13:42:12.356Z\" }, { \"key\": { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" }, \"timestamp\": \"2021-10-06T15:32:11.128Z\" } ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` This means that `document:2021-budget` has 1 `reader` (`user:bob`) and 1 `writer` (`user:anne`). * @param storeId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ReadResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> read( String storeId, ReadRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return read(storeId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> read( String storeId, ReadRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "read"); assertParamExists(body, "body", "read"); String path = "/stores/{store_id}/read".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "Read"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>(request, "read", ReadResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Read assertions for an authorization model ID * The ReadAssertions API will return, for a given authorization model id, all the assertions stored for it. An assertion is an object that contains a tuple key, and the expectation of whether a call to the Check API of that tuple key will return true or false. * @param storeId (required) * @param authorizationModelId (required) * @return CompletableFuture<ApiResponse<ReadAssertionsResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readAssertions( String storeId, String authorizationModelId) throws ApiException, FgaInvalidParameterException { return readAssertions(storeId, authorizationModelId, this.configuration); } /** * Read assertions for an authorization model ID * The ReadAssertions API will return, for a given authorization model id, all the assertions stored for it. An assertion is an object that contains a tuple key, and the expectation of whether a call to the Check API of that tuple key will return true or false. * @param storeId (required) * @param authorizationModelId (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ReadAssertionsResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readAssertions( String storeId, String authorizationModelId, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return readAssertions(storeId, authorizationModelId, this.configuration.override(configurationOverride)); } private CompletableFuture> readAssertions( String storeId, String authorizationModelId, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "readAssertions"); assertParamExists(authorizationModelId, "authorizationModelId", "readAssertions"); String path = "/stores/{store_id}/assertions/{authorization_model_id}" .replace("{store_id}", ApiClient.urlEncode(storeId.toString())) .replace("{authorization_model_id}", ApiClient.urlEncode(authorizationModelId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("authorizationModelId", authorizationModelId); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "ReadAssertions"); try { HttpRequest request = buildHttpRequest("GET", path, configuration); return new HttpRequestAttempt<>( request, "readAssertions", ReadAssertionsResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Return a particular version of an authorization model * The ReadAuthorizationModel API returns an authorization model by its identifier. The response will return the authorization model for the particular version. ## Example To retrieve the authorization model with ID `01G5JAVJ41T49E9TT3SKVS7X1J` for the store, call the GET authorization-models by ID API with `01G5JAVJ41T49E9TT3SKVS7X1J` as the `id` path parameter. The API will return: ```json { \"authorization_model\":{ \"id\":\"01G5JAVJ41T49E9TT3SKVS7X1J\", \"type_definitions\":[ { \"type\":\"user\" }, { \"type\":\"document\", \"relations\":{ \"reader\":{ \"union\":{ \"child\":[ { \"this\":{} }, { \"computedUserset\":{ \"object\":\"\", \"relation\":\"writer\" } } ] } }, \"writer\":{ \"this\":{} } } } ] } } ``` In the above example, there are 2 types (`user` and `document`). The `document` type has 2 relations (`writer` and `reader`). * @param storeId (required) * @param id (required) * @return CompletableFuture<ApiResponse<ReadAuthorizationModelResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readAuthorizationModel( String storeId, String id) throws ApiException, FgaInvalidParameterException { return readAuthorizationModel(storeId, id, this.configuration); } /** * Return a particular version of an authorization model * The ReadAuthorizationModel API returns an authorization model by its identifier. The response will return the authorization model for the particular version. ## Example To retrieve the authorization model with ID `01G5JAVJ41T49E9TT3SKVS7X1J` for the store, call the GET authorization-models by ID API with `01G5JAVJ41T49E9TT3SKVS7X1J` as the `id` path parameter. The API will return: ```json { \"authorization_model\":{ \"id\":\"01G5JAVJ41T49E9TT3SKVS7X1J\", \"type_definitions\":[ { \"type\":\"user\" }, { \"type\":\"document\", \"relations\":{ \"reader\":{ \"union\":{ \"child\":[ { \"this\":{} }, { \"computedUserset\":{ \"object\":\"\", \"relation\":\"writer\" } } ] } }, \"writer\":{ \"this\":{} } } } ] } } ``` In the above example, there are 2 types (`user` and `document`). The `document` type has 2 relations (`writer` and `reader`). * @param storeId (required) * @param id (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ReadAuthorizationModelResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readAuthorizationModel( String storeId, String id, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return readAuthorizationModel(storeId, id, this.configuration.override(configurationOverride)); } private CompletableFuture> readAuthorizationModel( String storeId, String id, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "readAuthorizationModel"); assertParamExists(id, "id", "readAuthorizationModel"); String path = "/stores/{store_id}/authorization-models/{id}" .replace("{store_id}", ApiClient.urlEncode(storeId.toString())) .replace("{id}", ApiClient.urlEncode(id.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("id", id); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "ReadAuthorizationModel"); try { HttpRequest request = buildHttpRequest("GET", path, configuration); return new HttpRequestAttempt<>( request, "readAuthorizationModel", ReadAuthorizationModelResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Return all the authorization models for a particular store * The ReadAuthorizationModels API will return all the authorization models for a certain store. OpenFGA's response will contain an array of all authorization models, sorted in descending order of creation. ## Example Assume that a store's authorization model has been configured twice. To get all the authorization models that have been created in this store, call GET authorization-models. The API will return a response that looks like: ```json { \"authorization_models\": [ { \"id\": \"01G50QVV17PECNVAHX1GG4Y5NC\", \"type_definitions\": [...] }, { \"id\": \"01G4ZW8F4A07AKQ8RHSVG9RW04\", \"type_definitions\": [...] }, ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` If there are no more authorization models available, the `continuation_token` field will be empty ```json { \"authorization_models\": [ { \"id\": \"01G50QVV17PECNVAHX1GG4Y5NC\", \"type_definitions\": [...] }, { \"id\": \"01G4ZW8F4A07AKQ8RHSVG9RW04\", \"type_definitions\": [...] }, ], \"continuation_token\": \"\" } ``` * @param storeId (required) * @param pageSize (optional) * @param continuationToken (optional) * @return CompletableFuture<ApiResponse<ReadAuthorizationModelsResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readAuthorizationModels( String storeId, Integer pageSize, String continuationToken) throws ApiException, FgaInvalidParameterException { return readAuthorizationModels(storeId, pageSize, continuationToken, this.configuration); } /** * Return all the authorization models for a particular store * The ReadAuthorizationModels API will return all the authorization models for a certain store. OpenFGA's response will contain an array of all authorization models, sorted in descending order of creation. ## Example Assume that a store's authorization model has been configured twice. To get all the authorization models that have been created in this store, call GET authorization-models. The API will return a response that looks like: ```json { \"authorization_models\": [ { \"id\": \"01G50QVV17PECNVAHX1GG4Y5NC\", \"type_definitions\": [...] }, { \"id\": \"01G4ZW8F4A07AKQ8RHSVG9RW04\", \"type_definitions\": [...] }, ], \"continuation_token\": \"eyJwayI6IkxBVEVTVF9OU0NPTkZJR19hdXRoMHN0b3JlIiwic2siOiIxem1qbXF3MWZLZExTcUoyN01MdTdqTjh0cWgifQ==\" } ``` If there are no more authorization models available, the `continuation_token` field will be empty ```json { \"authorization_models\": [ { \"id\": \"01G50QVV17PECNVAHX1GG4Y5NC\", \"type_definitions\": [...] }, { \"id\": \"01G4ZW8F4A07AKQ8RHSVG9RW04\", \"type_definitions\": [...] }, ], \"continuation_token\": \"\" } ``` * @param storeId (required) * @param pageSize (optional) * @param continuationToken (optional) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ReadAuthorizationModelsResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readAuthorizationModels( String storeId, Integer pageSize, String continuationToken, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return readAuthorizationModels( storeId, pageSize, continuationToken, this.configuration.override(configurationOverride)); } private CompletableFuture> readAuthorizationModels( String storeId, Integer pageSize, String continuationToken, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "readAuthorizationModels"); String path = "/stores/{store_id}/authorization-models" .replace("{store_id}", ApiClient.urlEncode(storeId.toString())); path = pathWithParams(path, "page_size", pageSize, "continuation_token", continuationToken); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "ReadAuthorizationModels"); try { HttpRequest request = buildHttpRequest("GET", path, configuration); return new HttpRequestAttempt<>( request, "readAuthorizationModels", ReadAuthorizationModelsResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Return a list of all the tuple changes * The ReadChanges API will return a paginated list of tuple changes (additions and deletions) that occurred in a given store, sorted by ascending time. The response will include a continuation token that is used to get the next set of changes. If there are no changes after the provided continuation token, the same token will be returned in order for it to be used when new changes are recorded. If the store never had any tuples added or removed, this token will be empty. You can use the `type` parameter to only get the list of tuple changes that affect objects of that type. When reading a write tuple change, if it was conditioned, the condition will be returned. When reading a delete tuple change, the condition will NOT be returned regardless of whether it was originally conditioned or not. * @param storeId (required) * @param type (optional) * @param pageSize (optional) * @param continuationToken (optional) * @return CompletableFuture<ApiResponse<ReadChangesResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readChanges( String storeId, String type, Integer pageSize, String continuationToken) throws ApiException, FgaInvalidParameterException { return readChanges(storeId, type, pageSize, continuationToken, this.configuration); } /** * Return a list of all the tuple changes * The ReadChanges API will return a paginated list of tuple changes (additions and deletions) that occurred in a given store, sorted by ascending time. The response will include a continuation token that is used to get the next set of changes. If there are no changes after the provided continuation token, the same token will be returned in order for it to be used when new changes are recorded. If the store never had any tuples added or removed, this token will be empty. You can use the `type` parameter to only get the list of tuple changes that affect objects of that type. When reading a write tuple change, if it was conditioned, the condition will be returned. When reading a delete tuple change, the condition will NOT be returned regardless of whether it was originally conditioned or not. * @param storeId (required) * @param type (optional) * @param pageSize (optional) * @param continuationToken (optional) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<ReadChangesResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> readChanges( String storeId, String type, Integer pageSize, String continuationToken, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return readChanges( storeId, type, pageSize, continuationToken, this.configuration.override(configurationOverride)); } private CompletableFuture> readChanges( String storeId, String type, Integer pageSize, String continuationToken, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "readChanges"); String path = "/stores/{store_id}/changes".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); path = pathWithParams(path, "type", type, "page_size", pageSize, "continuation_token", continuationToken); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "ReadChanges"); try { HttpRequest request = buildHttpRequest("GET", path, configuration); return new HttpRequestAttempt<>(request, "readChanges", ReadChangesResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Add or delete tuples from the store * The Write API will transactionally update the tuples for a certain store. Tuples and type definitions allow OpenFGA to determine whether a relationship exists between an object and an user. In the body, `writes` adds new tuples and `deletes` removes existing tuples. When deleting a tuple, any `condition` specified with it is ignored. The API is not idempotent: if, later on, you try to add the same tuple key (even if the `condition` is different), or if you try to delete a non-existing tuple, it will throw an error. The API will not allow you to write tuples such as `document:2021-budget#viewer@document:2021-budget#viewer`, because they are implicit. An `authorization_model_id` may be specified in the body. If it is, it will be used to assert that each written tuple (not deleted) is valid for the model specified. If it is not specified, the latest authorization model ID will be used. ## Example ### Adding relationships To add `user:anne` as a `writer` for `document:2021-budget`, call write API with the following ```json { \"writes\": { \"tuple_keys\": [ { \"user\": \"user:anne\", \"relation\": \"writer\", \"object\": \"document:2021-budget\" } ] }, \"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\" } ``` ### Removing relationships To remove `user:bob` as a `reader` for `document:2021-budget`, call write API with the following ```json { \"deletes\": { \"tuple_keys\": [ { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" } ] } } ``` * @param storeId (required) * @param body (required) * @return CompletableFuture<ApiResponse<Object>> * @throws ApiException if fails to make API call */ public CompletableFuture> write(String storeId, WriteRequest body) throws ApiException, FgaInvalidParameterException { return write(storeId, body, this.configuration); } /** * Add or delete tuples from the store * The Write API will transactionally update the tuples for a certain store. Tuples and type definitions allow OpenFGA to determine whether a relationship exists between an object and an user. In the body, `writes` adds new tuples and `deletes` removes existing tuples. When deleting a tuple, any `condition` specified with it is ignored. The API is not idempotent: if, later on, you try to add the same tuple key (even if the `condition` is different), or if you try to delete a non-existing tuple, it will throw an error. The API will not allow you to write tuples such as `document:2021-budget#viewer@document:2021-budget#viewer`, because they are implicit. An `authorization_model_id` may be specified in the body. If it is, it will be used to assert that each written tuple (not deleted) is valid for the model specified. If it is not specified, the latest authorization model ID will be used. ## Example ### Adding relationships To add `user:anne` as a `writer` for `document:2021-budget`, call write API with the following ```json { \"writes\": { \"tuple_keys\": [ { \"user\": \"user:anne\", \"relation\": \"writer\", \"object\": \"document:2021-budget\" } ] }, \"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\" } ``` ### Removing relationships To remove `user:bob` as a `reader` for `document:2021-budget`, call write API with the following ```json { \"deletes\": { \"tuple_keys\": [ { \"user\": \"user:bob\", \"relation\": \"reader\", \"object\": \"document:2021-budget\" } ] } } ``` * @param storeId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<Object>> * @throws ApiException if fails to make API call */ public CompletableFuture> write( String storeId, WriteRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return write(storeId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> write(String storeId, WriteRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "write"); assertParamExists(body, "body", "write"); String path = "/stores/{store_id}/write".replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "Write"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>(request, "write", Object.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Upsert assertions for an authorization model ID * The WriteAssertions API will upsert new assertions for an authorization model id, or overwrite the existing ones. An assertion is an object that contains a tuple key, and the expectation of whether a call to the Check API of that tuple key will return true or false. * @param storeId (required) * @param authorizationModelId (required) * @param body (required) * @return CompletableFuture<ApiResponse<Void>> * @throws ApiException if fails to make API call */ public CompletableFuture> writeAssertions( String storeId, String authorizationModelId, WriteAssertionsRequest body) throws ApiException, FgaInvalidParameterException { return writeAssertions(storeId, authorizationModelId, body, this.configuration); } /** * Upsert assertions for an authorization model ID * The WriteAssertions API will upsert new assertions for an authorization model id, or overwrite the existing ones. An assertion is an object that contains a tuple key, and the expectation of whether a call to the Check API of that tuple key will return true or false. * @param storeId (required) * @param authorizationModelId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<Void>> * @throws ApiException if fails to make API call */ public CompletableFuture> writeAssertions( String storeId, String authorizationModelId, WriteAssertionsRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return writeAssertions(storeId, authorizationModelId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> writeAssertions( String storeId, String authorizationModelId, WriteAssertionsRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "writeAssertions"); assertParamExists(authorizationModelId, "authorizationModelId", "writeAssertions"); assertParamExists(body, "body", "writeAssertions"); String path = "/stores/{store_id}/assertions/{authorization_model_id}" .replace("{store_id}", ApiClient.urlEncode(storeId.toString())) .replace("{authorization_model_id}", ApiClient.urlEncode(authorizationModelId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("authorizationModelId", authorizationModelId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "WriteAssertions"); try { HttpRequest request = buildHttpRequest("PUT", path, body, configuration); return new HttpRequestAttempt<>(request, "writeAssertions", Void.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } /** * Create a new authorization model * The WriteAuthorizationModel API will add a new authorization model to a store. Each item in the `type_definitions` array is a type definition as specified in the field `type_definition`. The response will return the authorization model's ID in the `id` field. ## Example To add an authorization model with `user` and `document` type definitions, call POST authorization-models API with the body: ```json { \"type_definitions\":[ { \"type\":\"user\" }, { \"type\":\"document\", \"relations\":{ \"reader\":{ \"union\":{ \"child\":[ { \"this\":{} }, { \"computedUserset\":{ \"object\":\"\", \"relation\":\"writer\" } } ] } }, \"writer\":{ \"this\":{} } } } ] } ``` OpenFGA's response will include the version id for this authorization model, which will look like ``` {\"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\"} ``` * @param storeId (required) * @param body (required) * @return CompletableFuture<ApiResponse<WriteAuthorizationModelResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> writeAuthorizationModel( String storeId, WriteAuthorizationModelRequest body) throws ApiException, FgaInvalidParameterException { return writeAuthorizationModel(storeId, body, this.configuration); } /** * Create a new authorization model * The WriteAuthorizationModel API will add a new authorization model to a store. Each item in the `type_definitions` array is a type definition as specified in the field `type_definition`. The response will return the authorization model's ID in the `id` field. ## Example To add an authorization model with `user` and `document` type definitions, call POST authorization-models API with the body: ```json { \"type_definitions\":[ { \"type\":\"user\" }, { \"type\":\"document\", \"relations\":{ \"reader\":{ \"union\":{ \"child\":[ { \"this\":{} }, { \"computedUserset\":{ \"object\":\"\", \"relation\":\"writer\" } } ] } }, \"writer\":{ \"this\":{} } } } ] } ``` OpenFGA's response will include the version id for this authorization model, which will look like ``` {\"authorization_model_id\": \"01G50QVV17PECNVAHX1GG4Y5NC\"} ``` * @param storeId (required) * @param body (required) * @param configurationOverride Override the {@link Configuration} this OpenFgaApi was constructed with * @return CompletableFuture<ApiResponse<WriteAuthorizationModelResponse>> * @throws ApiException if fails to make API call */ public CompletableFuture> writeAuthorizationModel( String storeId, WriteAuthorizationModelRequest body, ConfigurationOverride configurationOverride) throws ApiException, FgaInvalidParameterException { return writeAuthorizationModel(storeId, body, this.configuration.override(configurationOverride)); } private CompletableFuture> writeAuthorizationModel( String storeId, WriteAuthorizationModelRequest body, Configuration configuration) throws ApiException, FgaInvalidParameterException { assertParamExists(storeId, "storeId", "writeAuthorizationModel"); assertParamExists(body, "body", "writeAuthorizationModel"); String path = "/stores/{store_id}/authorization-models" .replace("{store_id}", ApiClient.urlEncode(storeId.toString())); Map methodParameters = new HashMap<>(); methodParameters.put("storeId", storeId); methodParameters.put("body", body); Map telemetryAttributes = buildTelemetryAttributes(methodParameters); telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_METHOD, "WriteAuthorizationModel"); try { HttpRequest request = buildHttpRequest("POST", path, body, configuration); return new HttpRequestAttempt<>( request, "writeAuthorizationModel", WriteAuthorizationModelResponse.class, apiClient, configuration) .addTelemetryAttributes(telemetryAttributes) .attemptHttpRequest(); } catch (ApiException e) { return CompletableFuture.failedFuture(e); } } private Map buildTelemetryAttributes(Map attributes) { Map telemetryAttributes = new HashMap<>(); Object storeId = attributes.get("storeId"); Object authorizationModelId = attributes.get("authorizationModelId"); Object body = attributes.get("body"); if (storeId != null) { telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_STORE_ID, storeId.toString()); } if (authorizationModelId != null) { telemetryAttributes.put(Attributes.FGA_CLIENT_REQUEST_MODEL_ID, authorizationModelId.toString()); } if (body != null) { if (body instanceof CheckRequest) { CheckRequest checkRequest = (CheckRequest) body; if (checkRequest.getTupleKey() != null && !isNullOrWhitespace(checkRequest.getTupleKey().getUser())) { telemetryAttributes.put( Attributes.FGA_CLIENT_USER, checkRequest.getTupleKey().getUser()); } if (!isNullOrWhitespace(checkRequest.getAuthorizationModelId())) { telemetryAttributes.put( Attributes.FGA_CLIENT_REQUEST_MODEL_ID, checkRequest.getAuthorizationModelId()); } } if (body instanceof ExpandRequest) { ExpandRequest expandRequest = (ExpandRequest) body; if (!isNullOrWhitespace(expandRequest.getAuthorizationModelId())) { telemetryAttributes.put( Attributes.FGA_CLIENT_REQUEST_MODEL_ID, expandRequest.getAuthorizationModelId()); } } if (body instanceof ListObjectsRequest) { ListObjectsRequest listObjectsRequest = (ListObjectsRequest) body; if (!isNullOrWhitespace(listObjectsRequest.getAuthorizationModelId())) { telemetryAttributes.put( Attributes.FGA_CLIENT_REQUEST_MODEL_ID, listObjectsRequest.getAuthorizationModelId()); } } if (body instanceof ListUsersRequest) { ListUsersRequest listUsersRequest = (ListUsersRequest) body; if (!isNullOrWhitespace(listUsersRequest.getAuthorizationModelId())) { telemetryAttributes.put( Attributes.FGA_CLIENT_REQUEST_MODEL_ID, listUsersRequest.getAuthorizationModelId()); } } if (body instanceof WriteRequest) { WriteRequest writeRequest = (WriteRequest) body; if (!isNullOrWhitespace(writeRequest.getAuthorizationModelId())) { telemetryAttributes.put( Attributes.FGA_CLIENT_REQUEST_MODEL_ID, writeRequest.getAuthorizationModelId()); } } } return telemetryAttributes; } private HttpRequest buildHttpRequest(String method, String path, Configuration configuration) throws ApiException, FgaInvalidParameterException { return buildHttpRequestWithPublisher(method, path, HttpRequest.BodyPublishers.noBody(), configuration); } private HttpRequest buildHttpRequest(String method, String path, T body, Configuration configuration) throws ApiException, FgaInvalidParameterException { try { byte[] localVarPostBody = apiClient.getObjectMapper().writeValueAsBytes(body); var bodyPublisher = HttpRequest.BodyPublishers.ofByteArray(localVarPostBody); return buildHttpRequestWithPublisher(method, path, bodyPublisher, configuration); } catch (IOException e) { throw new ApiException(e); } } private HttpRequest buildHttpRequestWithPublisher( String method, String path, HttpRequest.BodyPublisher bodyPublisher, Configuration configuration) throws ApiException, FgaInvalidParameterException { // verify the Configuration is valid configuration.assertValid(); var httpRequest = HttpRequest.newBuilder(); httpRequest.uri(URI.create(configuration.getApiUrl() + path)); httpRequest.header("Content-Type", "application/json"); httpRequest.header("Accept", "application/json"); if (configuration.getCredentials().getCredentialsMethod() != CredentialsMethod.NONE) { String accessToken = getAccessToken(configuration); httpRequest.header("Authorization", "Bearer " + accessToken); } if (configuration.getUserAgent() != null) { httpRequest.header("User-Agent", configuration.getUserAgent()); } if (configuration.getDefaultHeaders() != null) { configuration.getDefaultHeaders().forEach(httpRequest::header); } httpRequest.method(method, bodyPublisher); Duration readTimeout = configuration.getReadTimeout(); if (readTimeout != null) { httpRequest.timeout(readTimeout); } if (apiClient.getRequestInterceptor() != null) { apiClient.getRequestInterceptor().accept(httpRequest); } return httpRequest.build(); } private String pathWithParams(String basePath, Object... params) { var path = new StringBuilder().append(basePath); var paramStream = Stream.builder(); for (int i = 0; i < params.length - 1; i += 2) { if (params[i] == null || params[i + 1] == null) { continue; } Pair.of(params[i].toString(), params[i + 1].toString()) .map(Pair::asQueryStringPair) .ifPresent(paramStream::add); } String parameters = paramStream.build().collect(Collectors.joining("&")); if (!isNullOrWhitespace(parameters)) { path.append("?").append(parameters); } return path.toString(); } /** * Get an access token. Expects that configuration is valid (meaning it can * pass {@link Configuration#assertValid()}) and expects that if the * CredentialsMethod is CLIENT_CREDENTIALS that a valid {@link OAuth2Client} * has been initialized. Otherwise, it will throw an IllegalStateException. * @throws IllegalStateException when the configuration is invalid */ private String getAccessToken(Configuration configuration) throws ApiException { CredentialsMethod credentialsMethod = configuration.getCredentials().getCredentialsMethod(); if (credentialsMethod == CredentialsMethod.API_TOKEN) { return configuration.getCredentials().getApiToken().getToken(); } if (credentialsMethod == CredentialsMethod.CLIENT_CREDENTIALS) { try { return oAuth2Client.getAccessToken().get(); } catch (Exception e) { throw new ApiException(e); } } throw new IllegalStateException("Configuration is invalid."); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy