Implement Topaz adapter

2026-05-17 06:58:04 +02:00
parent 0fbb2a45c2
commit 1ce0181e8f
15 changed files with 1727 additions and 4 deletions
--- a/examples/topaz/README.md
+++ b/examples/topaz/README.md
@@ -30,8 +30,9 @@ docker compose down -v
 ## What the example proves

 - Topaz's v3 manifest can express flex-auth's canonical object types
-  (`user`, `group`, `tenant`, `knowledge_base`, `document`) and
-  relations (`member`, `parent`, `owner_team`, `reader`, `steward`).
+  (`user`, `identity`, `group`, `tenant`, `knowledge_base`, `document`)
+  and relations (`identifier`, `member`, `parent`, `owner_team`,
+  `reader`, `steward`).
 - The Markitect fixture data
  (`examples/markitect/resource_manifest.yaml`, mirrored here) seeds
  the directory without translation.
--- a/examples/topaz/data/objects.json
+++ b/examples/topaz/data/objects.json
@@ -4,8 +4,11 @@
    {"type": "group", "id": "team:platform-architecture", "display_name": "Platform Architecture"},
    {"type": "group", "id": "reader:platform-architecture", "display_name": "Platform Architecture Readers"},
    {"type": "user", "id": "alice@example.test", "display_name": "Alice (steward)"},
+    {"type": "identity", "id": "identity:alice@example.test", "properties": {"identifier": "alice@example.test", "subject": "alice@example.test"}},
    {"type": "user", "id": "bob@example.test", "display_name": "Bob (reader)"},
+    {"type": "identity", "id": "identity:bob@example.test", "properties": {"identifier": "bob@example.test", "subject": "bob@example.test"}},
    {"type": "user", "id": "eve@example.test", "display_name": "Eve (outsider)"},
+    {"type": "identity", "id": "identity:eve@example.test", "properties": {"identifier": "eve@example.test", "subject": "eve@example.test"}},
    {
      "type": "knowledge_base",
      "id": "knowledge-base:markitect-example",
--- a/examples/topaz/data/relations.json
+++ b/examples/topaz/data/relations.json
@@ -2,6 +2,9 @@
  "relations": [
    {"object_type": "group", "object_id": "team:platform-architecture", "relation": "member", "subject_type": "user", "subject_id": "alice@example.test"},
    {"object_type": "group", "object_id": "reader:platform-architecture", "relation": "member", "subject_type": "user", "subject_id": "bob@example.test"},
+    {"object_type": "identity", "object_id": "identity:alice@example.test", "relation": "identifier", "subject_type": "user", "subject_id": "alice@example.test"},
+    {"object_type": "identity", "object_id": "identity:bob@example.test", "relation": "identifier", "subject_type": "user", "subject_id": "bob@example.test"},
+    {"object_type": "identity", "object_id": "identity:eve@example.test", "relation": "identifier", "subject_type": "user", "subject_id": "eve@example.test"},
    {"object_type": "knowledge_base", "object_id": "knowledge-base:markitect-example", "relation": "owner_team", "subject_type": "group", "subject_id": "team:platform-architecture"},
    {"object_type": "document", "object_id": "document:internal-note", "relation": "parent", "subject_type": "knowledge_base", "subject_id": "knowledge-base:markitect-example"},
    {"object_type": "document", "object_id": "document:internal-note", "relation": "steward", "subject_type": "user", "subject_id": "alice@example.test"},
--- a/examples/topaz/manifest.yaml
+++ b/examples/topaz/manifest.yaml
@@ -17,6 +17,10 @@ types:
    relations:
      manager: user

+  identity:
+    relations:
+      identifier: user
+
  group:
    relations:
      member: user | group#member