-
Notifications
You must be signed in to change notification settings - Fork 225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(coverage) : improve accuracy for evaluating permission condition #844
base: master
Are you sure you want to change the base?
Conversation
Proposed design for incorporating detailed assessments of each condition part : Considering the following condition as provided in the issue - Following are the design aspects.
@tolgaOzen , Kindly share your thoughts on this. |
Hi @vijayraghav-io, I understand your aspects, but can you clarify with more different examples? |
Sure @tolgaOzen , will come up with more examples. |
Hi @tolgaOzen , Example: schema: >-
relationships:
scenarios:
For above check, how can i provide the value for |
Hi @vijayraghav-io, there is a field named 'attributes' in the YAML file, you can retrieve it from there. However, what I don't understand is, does it become 'cover' only when it is set to true? |
Thanks @tolgaOzen for providing your inputs on attributes. May be i was over analysing. Then, can you throw some more light on what is that we need to check to be covered/not in conditions? The conditions include relations and attributes. If any of relation is not input, then its shown in Does the current implementation done where i am including the condition parts as uncovered assertions (also doing it recursively for multi-level relations) will suffice? In this case the test cases need to be updated in Can you please explain with above example or any, if there is a gap in my understanding and needs correction. |
Fixes: #837
/claim #837
@tolgaOzen - Please find below the initial findings and approach, will update as i progress.
Action Items
[ ] - Review the current implementation of the 'Coverage' command - InProgress
As per the current implementation, only the action names or permission names inside the entity are added to Coverage.Assertions.
permify/pkg/development/coverage/coverage.go
Line 241 in 60c8fb3
This is compared with scenarios->checks->assertions in the input file.
Whereas the conditions inside the action/permission are not accounted, hence the coverage for assertions is inaccurate.
[ ] - Redesign the command to incorporate detailed assessments of each condition part - InProgress
The starting point for the approach is - the permission's or action's conditions are already captured into permission object, inside the Child attribute while parsing the input file. This permission.Child attribute is made use of to capture the assertions from conditions. Refer to the current commit.
Consider this as initial approach to start with. Will refine, redesign and update as I progress with the analysis and considering different scenarios.
Already there is some improvement in the accuracy (with current updates) for the following sample input file:
schema.yaml.txt
Before updates :
coverage assertions percentage is 50%
After updates from current commit:
The coverage assertions percentage is now 37% , as more uncovered assertions are captured from action/permission conditions.
[ ] - Implement tests and quality checks for the revised 'Coverage' command - To be Started
[ ] - Update documentation to reflect the new standards and procedures - To be Started
You can assign the issue #837 to me.