CSS-4603 Refactor toward using canonical/ofga

.gitignore

@@ -18,5 +18,5 @@ local/vault/roleid.txt
 *.crt
 *.key
 *.csr
-jimmctl
+/jimmctl
 qa-controller

README.md

@@ -18,6 +18,7 @@ dependencies. **Note: Go 1.11 or greater needed.**
 ## Development environment
 
 ### Local:
+
 A couple of system packages are required in order to set up a development
 environment. To install them, run the following:
 `make sysdeps`

cmd/jimmctl/cmd/jimmsuite_test.go

@@ -57,11 +57,11 @@ func (s *jimmSuite) SetUpTest(c *gc.C) {
 	s.CandidSuite.SetUpTest(c)
 	s.JujuConnSuite.SetUpTest(c)
 
-	ofgaAPI, ofgaClient, cfg, err := jimmtest.SetupTestOFGAClient(c.TestName())
+	ofgaClient, cofgaClient, cofgaParams, err := jimmtest.SetupTestOFGAClient(c.TestName())
 	c.Assert(err, gc.Equals, nil)
-	s.OFGAApi = ofgaAPI
 	s.OFGAClient = ofgaClient
-	s.OFGAConfig = cfg
+	s.COFGAClient = cofgaClient
+	s.COFGAParams = cofgaParams
 
 	s.JIMM = &jimm.JIMM{
 		UUID: "914487b5-60e7-42bb-bd63-1adc3fd3a388",
@@ -81,11 +81,12 @@ func (s *jimmSuite) SetUpTest(c *gc.C) {
 		ControllerAdmins: []string{"admin"},
 		DSN:              fmt.Sprintf("file:%s?mode=memory&cache=shared", c.TestName()),
 		OpenFGAParams: service.OpenFGAParams{
-			Scheme:    cfg.ApiScheme,
-			Host:      cfg.ApiHost,
-			Store:     cfg.StoreId,
-			Token:     cfg.Credentials.Config.ApiToken,
-			AuthModel: ofgaClient.AuthModelId,
+			Scheme:    cofgaParams.Scheme,
+			Host:      cofgaParams.Host,
+			Port:      cofgaParams.Port,
+			Store:     cofgaParams.StoreID,
+			Token:     cofgaParams.Token,
+			AuthModel: cofgaParams.AuthModelID,
 		},
 	}
 	srv, err := service.NewService(ctx, s.Params)

cmd/jimmctl/cmd/relation_test.go

@@ -16,7 +16,6 @@ import (
 	"github.com/juju/cmd/v3/cmdtesting"
 	jujuparams "github.com/juju/juju/rpc/params"
 	"github.com/juju/names/v4"
-	openfga "github.com/openfga/go-sdk"
 	gc "gopkg.in/check.v1"
 	yamlv2 "gopkg.in/yaml.v2"
 	"gopkg.in/yaml.v3"
@@ -86,9 +85,10 @@ func (s *relationSuite) TestAddRelationSuperuser(c *gc.C) {
 			c.Assert(strings.Contains(err.Error(), tc.message), gc.Equals, true)
 		} else {
 			c.Assert(err, gc.IsNil)
-			resp, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), nil, 50, "")
+			tuples, ct, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), ofga.Tuple{}, 50, "")
 			c.Assert(err, gc.IsNil)
-			c.Assert(len(resp.Tuples), gc.Equals, i+3)
+			c.Assert(ct, gc.Equals, "")
+			c.Assert(len(tuples), gc.Equals, i+3)
 		}
 	}
 
@@ -131,9 +131,10 @@ func (s *relationSuite) TestAddRelationViaFileSuperuser(c *gc.C) {
 	_, err = cmdtesting.RunCommand(c, cmd.NewAddRelationCommandForTesting(s.ClientStore(), bClient), "-f", file.Name())
 	c.Assert(err, gc.IsNil)
 
-	resp, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), nil, 50, "")
+	tuples, ct, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), ofga.Tuple{}, 50, "")
 	c.Assert(err, gc.IsNil)
-	c.Assert(len(resp.Tuples), gc.Equals, 4)
+	c.Assert(ct, gc.Equals, "")
+	c.Assert(len(tuples), gc.Equals, 4)
 }
 
 func (s *relationSuite) TestAddRelationRejectsUnauthorisedUsers(c *gc.C) {
@@ -180,10 +181,11 @@ func (s *relationSuite) TestRemoveRelationSuperuser(c *gc.C) {
 			c.Assert(err, gc.ErrorMatches, tc.message)
 		} else {
 			c.Assert(err, gc.IsNil)
-			resp, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), nil, 50, "")
+			tuples, ct, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), ofga.Tuple{}, 50, "")
 			c.Assert(err, gc.IsNil)
+			c.Assert(ct, gc.Equals, "")
 			totalKeys--
-			c.Assert(len(resp.Tuples), gc.Equals, totalKeys)
+			c.Assert(len(tuples), gc.Equals, totalKeys)
 		}
 	}
 }
@@ -214,11 +216,12 @@ func (s *relationSuite) TestRemoveRelationViaFileSuperuser(c *gc.C) {
 	_, err = cmdtesting.RunCommand(c, cmd.NewRemoveRelationCommandForTesting(s.ClientStore(), bClient), "-f", file.Name())
 	c.Assert(err, gc.IsNil)
 
-	resp, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), nil, 50, "")
+	tuples, ct, err := s.jimmSuite.JIMM.OpenFGAClient.ReadRelatedObjects(context.Background(), ofga.Tuple{}, 50, "")
 	c.Assert(err, gc.IsNil)
-	c.Logf("existing relations %v", resp.Tuples)
+	c.Assert(ct, gc.Equals, "")
+	c.Logf("existing relations %v", tuples)
 	// Only two relations exist.
-	c.Assert(resp.Tuples, gc.DeepEquals, []ofga.Tuple{{
+	c.Assert(tuples, gc.DeepEquals, []ofga.Tuple{{
 		Object:   ofganames.ConvertTag(names.NewUserTag("admin")),
 		Relation: ofganames.AdministratorRelation,
 		Target:   ofganames.ConvertTag(names.NewControllerTag(s.Params.ControllerUUID)),
@@ -427,20 +430,6 @@ user-eve@external   	administrator	applicationoffer-test-controller-1:alice@exte
 	)
 }
 
-func createTupleKey(object, relation, target string) openfga.TupleKey {
-	k := openfga.NewTupleKey()
-	// in some cases specifying the object is not required
-	if object != "" {
-		k.SetUser(object)
-	}
-	// in some cases specifying the relation is not required
-	if relation != "" {
-		k.SetRelation(relation)
-	}
-	k.SetObject(target)
-	return *k
-}
-
 // TODO: remove boilerplate of env setup and use initialiseEnvironment
 func (s *relationSuite) TestCheckRelationViaSuperuser(c *gc.C) {
 	ctx := context.TODO()
@@ -515,7 +504,7 @@ func (s *relationSuite) TestCheckRelationViaSuperuser(c *gc.C) {
 	err = db.AddModel(ctx, &model)
 	c.Assert(err, gc.IsNil)
 
-	err = ofgaClient.AddRelations(ctx,
+	err = ofgaClient.AddRelation(ctx,
 		ofga.Tuple{
 			Object:   ofganames.ConvertTag(u.ResourceTag()),
 			Relation: "member",

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/canonical/candid v1.12.2
 	github.com/canonical/go-dqlite v1.11.9
 	github.com/canonical/go-service v1.0.0
-	github.com/frankban/quicktest v1.14.4
+	github.com/frankban/quicktest v1.14.5
 	github.com/go-macaroon-bakery/macaroon-bakery/v3 v3.0.1
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe // indirect
 	github.com/google/go-cmp v0.5.9
@@ -30,7 +30,7 @@ require (
 	github.com/juju/version/v2 v2.0.1
 	github.com/juju/zaputil v0.0.0-20190326175239-ef53049637ac
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible
-	github.com/openfga/go-sdk v0.2.1
+	github.com/openfga/go-sdk v0.2.2
 	github.com/prometheus/client_golang v1.14.0
 	github.com/rogpeppe/fastuuid v1.2.0
 	go.uber.org/zap v1.24.0
@@ -46,6 +46,7 @@ require (
 )
 
 require (
+	github.com/canonical/ofga v0.3.0
 	github.com/dustinkirkland/golang-petname v0.0.0-20191129215211-8e5a1ed0cff0
 	github.com/go-chi/chi/v5 v5.0.8
 	github.com/go-chi/render v1.0.2

go.sum

@@ -256,6 +256,7 @@ github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8=
 github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -285,6 +286,8 @@ github.com/canonical/go-dqlite v1.11.9 h1:aO7GG3QohddXsT+C7yEetdRHhhPUWNBKavz+/J
 github.com/canonical/go-dqlite v1.11.9/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg=
 github.com/canonical/go-service v1.0.0 h1:TF6TsEp04xAoI5pPoWjTYmEwLjbPATSnHEyeJCvzElg=
 github.com/canonical/go-service v1.0.0/go.mod h1:GzNLXpkGdglL0kjREXoLXj2rB2Qx+EvAGncRDqCENYQ=
+github.com/canonical/ofga v0.3.0 h1:c0/1Kt4Gesehdy8bOJLDRu4dRt4et+kDACZZL53Rgf4=
+github.com/canonical/ofga v0.3.0/go.mod h1:u4Ou8dbIhO7FmVlT7W3rX2roD9AOGz/CqmGh7AdF0Lo=
 github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
@@ -545,6 +548,8 @@ github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM
 github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU=
 github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
 github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/frankban/quicktest v1.14.5 h1:dfYrrRyLtiqT9GyKXgdh+k4inNeTvmGbuSgZ3lx3GhA=
+github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
@@ -982,6 +987,7 @@ github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dv
 github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
 github.com/jarcoal/httpmock v1.2.0 h1:gSvTxxFR/MEMfsGrvRbdfpRUMBStovlSRLw0Ep1bwwc=
+github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM=
@@ -1474,6 +1480,8 @@ github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqi
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
 github.com/openfga/go-sdk v0.2.1 h1:aAZsuKF2r7XUrh00OxfGT3XI2FaNKR/w/cbgmPUS2uA=
 github.com/openfga/go-sdk v0.2.1/go.mod h1:drrrTgot7shtdwQbEYr6p/1rQsnZ87oex6QhSvZiC+Y=
+github.com/openfga/go-sdk v0.2.2 h1:zzQPdcX/CNLXwycqYNx5LvP78kzVs6R8p5GXw/0II3s=
+github.com/openfga/go-sdk v0.2.2/go.mod h1:ZB13O8GilPc0ITWssOszgxmz6CnIe8PQLZqbqAnx2IY=
 github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
 github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
@@ -1859,6 +1867,7 @@ go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
+go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=

internal/auth/jujuauth_test.go

@@ -25,7 +25,7 @@ import (
 func TestAuthenticateLogin(t *testing.T) {
 	c := qt.New(t)
 
-	_, ofgaclient, _, err := jimmtest.SetupTestOFGAClient(c.Name())
+	ofgaClient, _, _, err := jimmtest.SetupTestOFGAClient(c.Name())
 	c.Assert(err, qt.IsNil)
 
 	discharger := bakerytest.NewDischarger(nil)
@@ -36,7 +36,7 @@ func TestAuthenticateLogin(t *testing.T) {
 		},
 	)
 	authenticator := auth.JujuAuthenticator{
-		Client: ofgaclient,
+		Client: ofgaClient,
 		Bakery: identchecker.NewBakery(identchecker.BakeryParams{
 			Locator:        discharger,
 			Key:            bakery.MustGenerateKey(),
@@ -68,7 +68,7 @@ func TestAuthenticateLogin(t *testing.T) {
 func TestAuthenticateLoginWithDomain(t *testing.T) {
 	c := qt.New(t)
 
-	_, ofgaclient, _, err := jimmtest.SetupTestOFGAClient(c.Name())
+	ofgaClient, _, _, err := jimmtest.SetupTestOFGAClient(c.Name())
 	c.Assert(err, qt.IsNil)
 
 	discharger := bakerytest.NewDischarger(nil)
@@ -79,7 +79,7 @@ func TestAuthenticateLoginWithDomain(t *testing.T) {
 		},
 	)
 	authenticator := auth.JujuAuthenticator{
-		Client: ofgaclient,
+		Client: ofgaClient,
 		Bakery: identchecker.NewBakery(identchecker.BakeryParams{
 			Locator:        discharger,
 			Key:            bakery.MustGenerateKey(),
@@ -111,7 +111,7 @@ func TestAuthenticateLoginWithDomain(t *testing.T) {
 func TestAuthenticateLoginSuperuser(t *testing.T) {
 	c := qt.New(t)
 
-	_, ofgaclient, _, err := jimmtest.SetupTestOFGAClient(c.Name())
+	ofgaClient, _, _, err := jimmtest.SetupTestOFGAClient(c.Name())
 	c.Assert(err, qt.IsNil)
 
 	discharger := bakerytest.NewDischarger(nil)
@@ -122,7 +122,7 @@ func TestAuthenticateLoginSuperuser(t *testing.T) {
 		},
 	)
 	authenticator := auth.JujuAuthenticator{
-		Client: ofgaclient,
+		Client: ofgaClient,
 		Bakery: identchecker.NewBakery(identchecker.BakeryParams{
 			Locator:        discharger,
 			Key:            bakery.MustGenerateKey(),
@@ -156,7 +156,7 @@ func TestAuthenticateLoginSuperuser(t *testing.T) {
 func TestAuthenticateLoginInvalidUsernameDeclared(t *testing.T) {
 	c := qt.New(t)
 
-	_, ofgaclient, _, err := jimmtest.SetupTestOFGAClient(c.Name())
+	ofgaClient, _, _, err := jimmtest.SetupTestOFGAClient(c.Name())
 	c.Assert(err, qt.IsNil)
 
 	discharger := bakerytest.NewDischarger(nil)
@@ -167,7 +167,7 @@ func TestAuthenticateLoginInvalidUsernameDeclared(t *testing.T) {
 		},
 	)
 	authenticator := auth.JujuAuthenticator{
-		Client: ofgaclient,
+		Client: ofgaClient,
 		Bakery: identchecker.NewBakery(identchecker.BakeryParams{
 			Locator:        discharger,
 			Key:            bakery.MustGenerateKey(),

internal/jimm/access.go

@@ -17,7 +17,7 @@ import (
 )
 
 // ToOfferAccessString maps relation to an application offer access string.
-func ToOfferAccessString(relation ofganames.Relation) string {
+func ToOfferAccessString(relation openfga.Relation) string {
 	switch relation {
 	case ofganames.AdministratorRelation:
 		return string(jujuparams.OfferAdminAccess)
@@ -31,7 +31,7 @@ func ToOfferAccessString(relation ofganames.Relation) string {
 }
 
 // ToCloudAccessString maps relation to a cloud access string.
-func ToCloudAccessString(relation ofganames.Relation) string {
+func ToCloudAccessString(relation openfga.Relation) string {
 	switch relation {
 	case ofganames.AdministratorRelation:
 		return "admin"
@@ -43,7 +43,7 @@ func ToCloudAccessString(relation ofganames.Relation) string {
 }
 
 // ToModelAccessString maps relation to a model access string.
-func ToModelAccessString(relation ofganames.Relation) string {
+func ToModelAccessString(relation openfga.Relation) string {
 	switch relation {
 	case ofganames.AdministratorRelation:
 		return "admin"
@@ -57,7 +57,7 @@ func ToModelAccessString(relation ofganames.Relation) string {
 }
 
 // ToModelAccessString maps relation to a controller access string.
-func ToControllerAccessString(relation ofganames.Relation) string {
+func ToControllerAccessString(relation openfga.Relation) string {
 	switch relation {
 	case ofganames.AdministratorRelation:
 		return "superuser"
@@ -70,7 +70,7 @@ func ToControllerAccessString(relation ofganames.Relation) string {
 // string can be either "admin", in which case the administrator relation
 // is returned, or "add-model", in which case the can_addmodel relation is
 // returned.
-func ToCloudRelation(accessLevel string) (ofganames.Relation, error) {
+func ToCloudRelation(accessLevel string) (openfga.Relation, error) {
 	switch accessLevel {
 	case "admin":
 		return ofganames.AdministratorRelation, nil
@@ -82,7 +82,7 @@ func ToCloudRelation(accessLevel string) (ofganames.Relation, error) {
 }
 
 // ToModelRelation returns a valid relation for the model.
-func ToModelRelation(accessLevel string) (ofganames.Relation, error) {
+func ToModelRelation(accessLevel string) (openfga.Relation, error) {
 	switch accessLevel {
 	case "admin":
 		return ofganames.AdministratorRelation, nil
@@ -96,7 +96,7 @@ func ToModelRelation(accessLevel string) (ofganames.Relation, error) {
 }
 
 // ToOfferRelation returns a valid relation for the application offer.
-func ToOfferRelation(accessLevel string) (ofganames.Relation, error) {
+func ToOfferRelation(accessLevel string) (openfga.Relation, error) {
 	switch accessLevel {
 	case "":
 		return ofganames.NoRelation, nil
@@ -223,7 +223,7 @@ func checkPermission(ctx context.Context, user *openfga.User, cachedPerms map[st
 			if err != nil {
 				return cachedPerms, errors.E(op, fmt.Sprintf("failed to parse relation %s", stringVal), err)
 			}
-			check, _, err := openfga.CheckRelation(ctx, user, tag, relation)
+			check, err := openfga.CheckRelation(ctx, user, tag, relation)
 			if err != nil {
 				return cachedPerms, errors.E(op, err)
 			}

internal/jimm/access_test.go

@@ -27,7 +27,7 @@ import (
 // func TestJwtGenerator(t *testing.T) {
 // 	c := qt.New(t)
 
-// 	_, client, _, err := jimmtest.SetupTestOFGAClient(c.Name())
+// 	client, _, _, err := jimmtest.SetupTestOFGAClient(c.Name())
 // 	c.Assert(err, qt.IsNil)
 
 // 	j := &jimm.JIMM{
@@ -51,7 +51,7 @@ import (
 func TestAuditLogAccess(t *testing.T) {
 	c := qt.New(t)
 
-	_, ofgaClient, _, err := jimmtest.SetupTestOFGAClient(c.Name())
+	ofgaClient, _, _, err := jimmtest.SetupTestOFGAClient(c.Name())
 	c.Assert(err, qt.IsNil)
 
 	now := time.Now().UTC().Round(time.Millisecond)

internal/jimm/applicationoffer.go

@@ -260,7 +260,7 @@ func (j *JIMM) listApplicationOfferUsers(ctx context.Context, offer names.Applic
 	users := make(map[string]string)
 
 	// we loop through relations in a decreasing order of access
-	for _, relation := range []ofganames.Relation{
+	for _, relation := range []openfga.Relation{
 		ofganames.AdministratorRelation,
 		ofganames.ConsumerRelation,
 		ofganames.ReaderRelation,