canonical · kian99 · Aug 23, 2023 · Aug 23, 2023 · Aug 23, 2023 · Aug 23, 2023
diff --git a/internal/jujuapi/jimm.go b/internal/jujuapi/jimm.go
@@ -501,10 +501,6 @@ func (r *controllerRoot) CrossModelQuery(ctx context.Context, req apiparams.Cros
 	if err != nil {
 		return apiparams.CrossModelQueryResponse{}, errors.E(op, errors.Code("failed to list user's model access"))
 	}
-	// UUIDs are returned in the form "model:uuid"
-	for i, uuid := range modelUUIDs {
-		modelUUIDs[i] = strings.Split(uuid, ":")[1]
-	}
 	models, err := r.jimm.Database.GetModelsByUUID(ctx, modelUUIDs)
 	if err != nil {
 		return apiparams.CrossModelQueryResponse{}, errors.E(op, errors.Code("failed to get models for user"))

diff --git a/internal/openfga/openfga.go b/internal/openfga/openfga.go
@@ -80,24 +80,20 @@ func (o *OFGAClient) getRelatedObjects(ctx context.Context, tuple Tuple, pageSiz
 // must NOT include the ID, i.e.,
 //
 //   - "group:" vs "group:mygroup", where "mygroup" is the ID and the correct objType would be "group".
-func (o *OFGAClient) listObjects(ctx context.Context, user string, relation string, objType string, contextualTuples []Tuple) (objectIds []string, err error) {
+func (o *OFGAClient) listObjects(ctx context.Context, user string, relation string, objType string, contextualTuples []Tuple) (objectIds []Tag, err error) {
 	userEntity, err := cofga.ParseEntity(user)
 	if err != nil {
 		return nil, err
 	}
 	entities, err := o.cofgaClient.FindAccessibleObjectsByRelation(ctx, Tuple{
 		Object:   &userEntity,
 		Relation: cofga.Relation(relation),
-		Target:   &cofga.Entity{Kind: cofga.Kind(objType)},
+		Target:   &Tag{Kind: cofga.Kind(objType)},
 	}, contextualTuples...)
 	if err != nil {
 		return nil, err
 	}
-	result := make([]string, len(entities))
-	for i, entity := range entities {
-		result[i] = entity.String()
-	}
-	return result, nil
+	return entities, nil
 }
 
 // AddRelation adds given relations (tuples).
@@ -111,7 +107,7 @@ func (o *OFGAClient) RemoveRelation(ctx context.Context, tuples ...Tuple) error
 }
 
 // ListObjects returns all object IDs of <objType> that a user has the relation <relation> to.
-func (o *OFGAClient) ListObjects(ctx context.Context, user string, relation string, objType string, contextualTuples []Tuple) ([]string, error) {
+func (o *OFGAClient) ListObjects(ctx context.Context, user string, relation string, objType string, contextualTuples []Tuple) ([]Tag, error) {
 	return o.listObjects(ctx, user, relation, objType, contextualTuples)
 }
 

diff --git a/internal/openfga/openfga_test.go b/internal/openfga/openfga_test.go
@@ -435,9 +435,12 @@ func (s *openFGATestSuite) TestListObjectsWithContextualTuples(c *gc.C) {
 		"30000000-0000-0000-0000-000000000000",
 	}
 
-	expected := make([]string, len(modelUUIDs))
+	expected := make([]openfga.Tag, len(modelUUIDs))
 	for i, v := range modelUUIDs {
-		expected[i] = "model:" + v
+		expected[i] = openfga.Tag{
+			Kind: "model",
+			ID:   v,
+		}
 	}
 
 	ids, err := s.ofgaClient.ListObjects(ctx, "user:alice", "reader", "model", []openfga.Tuple{
@@ -474,8 +477,8 @@ func (s *openFGATestSuite) TestListObjectsWithContextualTuples(c *gc.C) {
 	c.Assert(cmp.Equal(
 		ids,
 		expected,
-		cmpopts.SortSlices(func(want string, expected string) bool {
-			return want < expected
+		cmpopts.SortSlices(func(want openfga.Tag, expected openfga.Tag) bool {
+			return want.ID < expected.ID
 		}),
 	), gc.Equals, true)
 }
@@ -489,9 +492,12 @@ func (s *openFGATestSuite) TestListObjectsWithPeristedTuples(c *gc.C) {
 		"30000000-0000-0000-0000-000000000000",
 	}
 
-	expected := make([]string, len(modelUUIDs))
+	expected := make([]openfga.Tag, len(modelUUIDs))
 	for i, v := range modelUUIDs {
-		expected[i] = "model:" + v
+		expected[i] = openfga.Tag{
+			Kind: "model",
+			ID:   v,
+		}
 	}
 
 	c.Assert(s.ofgaClient.AddRelation(ctx,
@@ -531,8 +537,8 @@ func (s *openFGATestSuite) TestListObjectsWithPeristedTuples(c *gc.C) {
 	c.Assert(cmp.Equal(
 		ids,
 		expected,
-		cmpopts.SortSlices(func(want string, expected string) bool {
-			return want < expected
+		cmpopts.SortSlices(func(want openfga.Tag, expected openfga.Tag) bool {
+			return want.ID < expected.ID
 		}),
 	), gc.Equals, true)
 }

diff --git a/internal/openfga/user.go b/internal/openfga/user.go
@@ -217,7 +217,15 @@ func (u *User) UnsetApplicationOfferAccess(ctx context.Context, resource names.A
 
 // ListModels returns a slice of model UUIDs this user has at least reader access to.
 func (u *User) ListModels(ctx context.Context) ([]string, error) {
-	return u.client.ListObjects(ctx, ofganames.ConvertTag(u.ResourceTag()).String(), ofganames.ReaderRelation.String(), "model", nil)
+	entities, err := u.client.ListObjects(ctx, ofganames.ConvertTag(u.ResourceTag()).String(), ofganames.ReaderRelation.String(), "model", nil)
+	if err != nil {
+		return nil, err
+	}
+	modelUUIDs := make([]string, len(entities))
+	for i, model := range entities {
+		modelUUIDs[i] = model.ID
+	}
+	return modelUUIDs, err
 }
 
 type administratorT interface {