Add "warnings" field to FGA query and check response (#426)

* Add "warnings" field to FGA query and check response

* Remove print statement

* Change GetWarning to GetMessage

* Refactor warnings container to move unmarshing logic into

* Fix breaking change

Author: atainter

pkg/fga/client.go

@@ -379,10 +379,96 @@ type CheckBatchOpts struct {
 	WarrantToken string `json:"-"`
 }
 
+type Warning interface {
+	Warning() string
+}
+
+type BaseWarning struct {
+	Code    string `json:"code"`
+	Message string `json:"message"`
+}
+
+func (b BaseWarning) Warning() string { return fmt.Sprintf("%s: %s", b.Code, b.Message) }
+
+type MissingContextKeysWarning struct {
+	BaseWarning
+	Keys []string `json:"keys"`
+}
+
+func (m MissingContextKeysWarning) Warning() string {
+	return fmt.Sprintf("%s: %s [%s]", m.Code, m.Message, strings.Join(m.Keys, ", "))
+}
+
+type ConvertSchemaWarning struct {
+	BaseWarning
+}
+
+var warningRegistry = map[string]func() Warning{
+	"missing_context_keys": func() Warning { return &MissingContextKeysWarning{} },
+	"validation_warning":   func() Warning { return &ConvertSchemaWarning{} },
+}
+
+func unmarshalWarnings(raw json.RawMessage) ([]Warning, error) {
+	var rawList []json.RawMessage
+	if err := json.Unmarshal(raw, &rawList); err != nil {
+		return nil, fmt.Errorf("unmarshaling warnings list: %s", err.Error())
+	}
+
+	var warnings []Warning
+	for _, rawItem := range rawList {
+		var rawWarning struct {
+			Code string `json:"code"`
+		}
+		if err := json.Unmarshal(rawItem, &rawWarning); err != nil {
+			return nil, fmt.Errorf("extracting warning code: %s", err.Error())
+		}
+
+		var warning Warning
+		if constructor, ok := warningRegistry[rawWarning.Code]; ok {
+			warning = constructor()
+		} else {
+			warning = &BaseWarning{}
+		}
+
+		if err := json.Unmarshal(rawItem, warning); err != nil {
+			return nil, fmt.Errorf("decoding warning: %s", err.Error())
+		}
+
+		warnings = append(warnings, warning)
+	}
+
+	return warnings, nil
+}
+
+func (checkResponse *CheckResponse) UnmarshalJSON(data []byte) error {
+	type Alias CheckResponse
+	var raw struct {
+		Alias
+		Warnings json.RawMessage `json:"warnings,omitempty"`
+	}
+
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+
+	*checkResponse = CheckResponse(raw.Alias)
+
+	if len(raw.Warnings) > 0 {
+		warnings, err := unmarshalWarnings(raw.Warnings)
+		if err != nil {
+			return err
+		}
+		checkResponse.Warnings = warnings
+	}
+
+	return nil
+}
+
 type CheckResponse struct {
 	Result     string    `json:"result"`
 	IsImplicit bool      `json:"is_implicit"`
 	DebugInfo  DebugInfo `json:"debug_info,omitempty"`
+	Warnings   []Warning `json:"warnings,omitempty"`
 }
 
 func (checkResponse CheckResponse) Authorized() bool {
@@ -403,6 +489,7 @@ type DecisionTreeNode struct {
 }
 
 // Query
+
 type QueryOpts struct {
 	// Query to be executed.
 	Query string `url:"q"`
@@ -452,19 +539,42 @@ type QueryResponse struct {
 
 	// Cursor pagination options.
 	ListMetadata common.ListMetadata `json:"list_metadata"`
+
+	// Warnings generated from query issues.
+	Warnings []Warning `json:"warnings,omitempty"`
+}
+
+func (queryResponse *QueryResponse) UnmarshalJSON(data []byte) error {
+	type Alias QueryResponse
+	var raw struct {
+		Alias
+		Warnings json.RawMessage `json:"warnings,omitempty"`
+	}
+
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+
+	*queryResponse = QueryResponse(raw.Alias)
+
+	if len(raw.Warnings) > 0 {
+		warnings, err := unmarshalWarnings(raw.Warnings)
+		if err != nil {
+			return err
+		}
+		queryResponse.Warnings = warnings
+	}
+
+	return nil
 }
 
 // Schema
+
 type ConvertSchemaToResourceTypesOpts struct {
 	// The schema to convert to resource types.
 	Schema string
 }
 
-type ConvertSchemaWarning struct {
-	// The warning message.
-	Message string `json:"message"`
-}
-
 type ConvertResourceTypesToSchemaOpts struct {
 	// The version of the transpiler to use.
 	Version string `json:"version"`

pkg/fga/client_test.go

@@ -1098,6 +1098,57 @@ func checkTestHandler(w http.ResponseWriter, r *http.Request) {
 	w.Write(body)
 }
 
+func checkTestHandlerWarnings(w http.ResponseWriter, r *http.Request) {
+	auth := r.Header.Get("Authorization")
+	if auth != "Bearer test" {
+		http.Error(w, "bad auth", http.StatusUnauthorized)
+		return
+	}
+
+	if userAgent := r.Header.Get("User-Agent"); !strings.Contains(userAgent, "workos-go/") {
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	// Create concrete warnings and wrap them
+	warnings := []Warning{
+		&MissingContextKeysWarning{
+			BaseWarning: BaseWarning{
+				Code:    "missing_context_keys",
+				Message: "Some context keys were not provided.",
+			},
+			Keys: []string{"user_id", "org_id"},
+		},
+
+		&BaseWarning{
+			Code:    "unknown",
+			Message: "Unknown warning occurred.",
+		},
+
+		&ConvertSchemaWarning{
+			BaseWarning: BaseWarning{
+				Code:    "validation_warning",
+				Message: "Schema validation produced a warning.",
+			},
+		},
+	}
+
+	body, err := json.Marshal(
+		CheckResponse{
+			Result:     CheckResultAuthorized,
+			IsImplicit: false,
+			Warnings:   warnings,
+		})
+
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	w.Write(body)
+}
+
 func TestCheckBatch(t *testing.T) {
 	tests := []struct {
 		scenario string
@@ -1317,6 +1368,75 @@ func queryTestHandler(w http.ResponseWriter, r *http.Request) {
 	w.Write(body)
 }
 
+func queryTestHandlerWarnings(w http.ResponseWriter, r *http.Request) {
+	auth := r.Header.Get("Authorization")
+	if auth != "Bearer test" {
+		http.Error(w, "bad auth", http.StatusUnauthorized)
+		return
+	}
+
+	if userAgent := r.Header.Get("User-Agent"); !strings.Contains(userAgent, "workos-go/") {
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+
+	// Create concrete warnings and wrap them
+	warnings := []Warning{
+		&MissingContextKeysWarning{
+			BaseWarning: BaseWarning{
+				Code:    "missing_context_keys",
+				Message: "Some context keys were not provided.",
+			},
+			Keys: []string{"user_id", "org_id"},
+		},
+		&BaseWarning{
+			Code:    "unknown",
+			Message: "Unknown warning occurred.",
+		},
+		&ConvertSchemaWarning{
+			BaseWarning: BaseWarning{
+				Code:    "validation_warning",
+				Message: "Schema validation produced a warning.",
+			},
+		},
+	}
+
+	body, err := json.Marshal(struct {
+		QueryResponse
+	}{
+		QueryResponse: QueryResponse{
+			Data: []QueryResult{
+				{
+					ResourceType: "role",
+					ResourceId:   "role_01SXW182",
+					Relation:     "member",
+					Warrant: Warrant{
+						ResourceType: "role",
+						ResourceId:   "role_01SXW182",
+						Relation:     "member",
+						Subject: Subject{
+							ResourceType: "user",
+							ResourceId:   "user_01SXW182",
+						},
+					},
+				},
+			},
+			ListMetadata: common.ListMetadata{
+				Before: "",
+				After:  "",
+			},
+			Warnings: warnings,
+		},
+	})
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	w.WriteHeader(http.StatusOK)
+	w.Write(body)
+}
+
 func convertSchemaToResourceTypesTestHandler(w http.ResponseWriter, r *http.Request) {
 	auth := r.Header.Get("Authorization")
 	if auth != "Bearer test" {

pkg/fga/fga_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"net/http"
 	"net/http/httptest"
+	"sort"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -371,6 +372,54 @@ func TestFGACheck(t *testing.T) {
 	require.True(t, checkResponse.Authorized())
 }
 
+func TestFGACheckWithWarnings(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(checkTestHandlerWarnings))
+	defer server.Close()
+
+	DefaultClient = &Client{
+		HTTPClient: &retryablehttp.HttpClient{Client: *server.Client()},
+		Endpoint:   server.URL,
+	}
+	SetAPIKey("test")
+
+	checkResponse, err := Check(context.Background(), CheckOpts{
+		Checks: []WarrantCheck{
+			{
+				ResourceType: "report",
+				ResourceId:   "ljc_1029",
+				Relation:     "member",
+				Subject: Subject{
+					ResourceType: "user",
+					ResourceId:   "user_01SXW182",
+				},
+			},
+		},
+	})
+
+	require.NoError(t, err)
+	require.Len(t, checkResponse.Warnings, 3)
+
+	sort.Slice(checkResponse.Warnings, func(i, j int) bool {
+		return checkResponse.Warnings[i].Warning() < checkResponse.Warnings[j].Warning()
+	})
+
+	first := checkResponse.Warnings[0]
+	second := checkResponse.Warnings[1]
+	third := checkResponse.Warnings[2]
+
+	mw, ok := first.(*MissingContextKeysWarning)
+	require.True(t, ok)
+	require.ElementsMatch(t, mw.Keys, []string{"user_id", "org_id"})
+
+	bw, ok := second.(*BaseWarning)
+	require.True(t, ok)
+	require.Equal(t, "unknown", bw.Code)
+
+	cw, ok := third.(*ConvertSchemaWarning)
+	require.True(t, ok)
+	require.Equal(t, "validation_warning", cw.Code)
+}
+
 func TestFGACheckBatch(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(checkBatchTestHandler))
 	defer server.Close()
@@ -441,6 +490,44 @@ func TestFGAQuery(t *testing.T) {
 	require.Equal(t, expectedResponse, queryResponse)
 }
 
+func TestFGAQueryWithWarnings(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(queryTestHandlerWarnings))
+	defer server.Close()
+
+	DefaultClient = &Client{
+		HTTPClient: &retryablehttp.HttpClient{Client: *server.Client()},
+		Endpoint:   server.URL,
+	}
+	SetAPIKey("test")
+
+	queryResponse, err := Query(context.Background(), QueryOpts{
+		Query: "select role where user:user_01SXW182 is member",
+	})
+
+	require.NoError(t, err)
+	require.Len(t, queryResponse.Warnings, 3)
+
+	sort.Slice(queryResponse.Warnings, func(i, j int) bool {
+		return queryResponse.Warnings[i].Warning() < queryResponse.Warnings[j].Warning()
+	})
+
+	first := queryResponse.Warnings[0]
+	second := queryResponse.Warnings[1]
+	third := queryResponse.Warnings[2]
+
+	mw, ok := first.(*MissingContextKeysWarning)
+	require.True(t, ok)
+	require.ElementsMatch(t, mw.Keys, []string{"user_id", "org_id"})
+
+	bw, ok := second.(*BaseWarning)
+	require.True(t, ok)
+	require.Equal(t, "unknown", bw.Code)
+
+	cw, ok := third.(*ConvertSchemaWarning)
+	require.True(t, ok)
+	require.Equal(t, "validation_warning", cw.Code)
+}
+
 func TestFGAConvertSchemaToResourceTypes(t *testing.T) {
 	server := httptest.NewServer(http.HandlerFunc(convertSchemaToResourceTypesTestHandler))
 	defer server.Close()