Add FGA API support (#208)

* Add FGA API support

* Align model objects

* Update Readme

* delete

* Update pom

* Add integration tests and FGA schema for functional validation

* lint

* Try again

* fix test

Author: orius123

README.md

@@ -70,7 +70,8 @@ These sections show how to use the SDK to perform API management functions. Befo
 8. [Manage Flows](#manage-flows)
 9. [Manage JWTs](#manage-jwts)
 10. [Audit](#audit)
-11. [Manage Project](#manage-project)
+11. [FGA (Fine-Grained Authorization)](#fga-fine-grained-authorization)
+12. [Manage Project](#manage-project)
 
 If you wish to run any of our code samples and play with them, check out our [Code Examples](#code-examples) section.
 
@@ -1265,6 +1266,94 @@ try {
     // Handle the error
 }
 ```
+
+### FGA (Fine-Grained Authorization)
+
+You can manage fine-grained authorization schemas, relations, and resource metadata:
+
+```java
+// Create and manage authorization schemas
+FGAService fs = descopeClient.getManagementServices().getFgaService();
+
+String dsl = "model AuthZ 1.0\n" +
+             "type user\n" +
+             "type document\n" +
+             "  relation owner: user\n" +
+             "  relation editor: user\n" +
+             "  relation viewer: user";
+
+try {
+    FGASchema schema = new FGASchema(dsl);
+    fs.saveSchema(schema);
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Load the current authorization schema
+try {
+    FGASchema schema = fs.loadSchema();
+    // Do something with schema.getDsl()
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Create relations between resources and users
+List<FGARelation> relations = Arrays.asList(
+    new FGARelation("doc1", "document", "owner", "user123", "user"),
+    new FGARelation("doc1", "document", "viewer", "user456", "user")
+);
+
+try {
+    fs.createRelations(relations);
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Check if relations are allowed
+try {
+    List<FGACheckResult> results = fs.check(relations);
+    for (FGACheckResult result : results) {
+        // Do something with result.isAllowed()
+    }
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Delete relations
+try {
+    fs.deleteRelations(relations);
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Save resource metadata
+List<FGAResourceDetails> resourceDetails = Arrays.asList(
+    new FGAResourceDetails("doc1", "document", "Important Document"),
+    new FGAResourceDetails("doc2", "document", "Public Document")
+);
+
+try {
+    fs.saveResourcesDetails(resourceDetails);
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+// Load resource metadata
+List<FGAResourceIdentifier> identifiers = Arrays.asList(
+    new FGAResourceIdentifier("doc1", "document")
+);
+
+try {
+    List<FGAResourceDetails> details = fs.loadResourcesDetails(identifiers);
+    for (FGAResourceDetails detail : details) {
+        // Do something with detail.getDisplayName()
+    }
+} catch (DescopeException de) {
+    // Handle the error
+}
+
+```
+
 ### Manage Project
 
 You can change the project name, as well as to clone the current project to a new one.

src/main/java/com/descope/literals/Routes.java

@@ -215,6 +215,15 @@ public static class ManagementEndPoints {
     public static final String MANAGEMENT_AUTHZ_RE_TARGET_ALL = "/v1/mgmt/authz/re/targetall";
     public static final String MANAGEMENT_AUTHZ_GET_MODIFIED = "/v1/mgmt/authz/getmodified";
 
+    // FGA (Fine-grained Authorization)
+    public static final String MANAGEMENT_FGA_SAVE_SCHEMA = "/v1/mgmt/fga/schema";
+    public static final String MANAGEMENT_FGA_LOAD_SCHEMA = "/v1/mgmt/fga/schema";
+    public static final String MANAGEMENT_FGA_CREATE_RELATIONS = "/v1/mgmt/fga/relations";
+    public static final String MANAGEMENT_FGA_DELETE_RELATIONS = "/v1/mgmt/fga/relations/delete";
+    public static final String MANAGEMENT_FGA_CHECK = "/v1/mgmt/fga/check";
+    public static final String MANAGEMENT_FGA_RESOURCES_LOAD = "/v1/mgmt/fga/resources/load";
+    public static final String MANAGEMENT_FGA_RESOURCES_SAVE = "/v1/mgmt/fga/resources/save";
+
     // Password settings
     public static final String MANAGEMENT_PASSWORD_SETTINGS = "/v1/mgmt/password/settings";
 

src/main/java/com/descope/model/fga/FGACheckInfo.java

@@ -0,0 +1,14 @@
+package com.descope.model.fga;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FGACheckInfo {
+  private boolean direct;
+}

src/main/java/com/descope/model/fga/FGACheckResult.java

@@ -0,0 +1,16 @@
+package com.descope.model.fga;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FGACheckResult {
+  private boolean allowed;
+  private FGARelation relation;
+  private FGACheckInfo info;
+}

src/main/java/com/descope/model/fga/FGARelation.java

@@ -0,0 +1,18 @@
+package com.descope.model.fga;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FGARelation {
+  private String resource;
+  private String resourceType;
+  private String relation;
+  private String target;
+  private String targetType;
+}

src/main/java/com/descope/model/fga/FGAResourceDetails.java

@@ -0,0 +1,16 @@
+package com.descope.model.fga;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FGAResourceDetails {
+  private String resourceId;
+  private String resourceType;
+  private String displayName;
+}

src/main/java/com/descope/model/fga/FGAResourceIdentifier.java

@@ -0,0 +1,15 @@
+package com.descope.model.fga;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FGAResourceIdentifier {
+  private String resourceId;
+  private String resourceType;
+}

src/main/java/com/descope/model/fga/FGASchema.java

@@ -0,0 +1,14 @@
+package com.descope.model.fga;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class FGASchema {
+  private String dsl;
+}

src/main/java/com/descope/model/mgmt/ManagementServices.java

@@ -3,6 +3,7 @@
 import com.descope.sdk.mgmt.AccessKeyService;
 import com.descope.sdk.mgmt.AuditService;
 import com.descope.sdk.mgmt.AuthzService;
+import com.descope.sdk.mgmt.FGAService;
 import com.descope.sdk.mgmt.FlowService;
 import com.descope.sdk.mgmt.GroupService;
 import com.descope.sdk.mgmt.InboundAppsService;
@@ -35,6 +36,7 @@ public class ManagementServices {
   GroupService groupService;
   AuditService auditService;
   AuthzService authzService;
+  FGAService fgaService;
   ProjectService projectService;
   PasswordSettingsService passwordSettingsService;
   OutboundAppsService outboundAppsService;

src/main/java/com/descope/sdk/mgmt/FGAService.java

@@ -0,0 +1,77 @@
+package com.descope.sdk.mgmt;
+
+import com.descope.exception.DescopeException;
+import com.descope.model.fga.FGACheckResult;
+import com.descope.model.fga.FGARelation;
+import com.descope.model.fga.FGAResourceDetails;
+import com.descope.model.fga.FGAResourceIdentifier;
+import com.descope.model.fga.FGASchema;
+import java.util.List;
+
+/**
+ * Provides functions for managing Fine-Grained Authorization (FGA) in a project.
+ * FGA allows for creating and managing schemas and relations using a Zanzibar-like model.
+ */
+public interface FGAService {
+
+  /**
+   * Creates or updates an FGA schema for the project.
+   * The schema is provided in the AuthZ 1.0 DSL format.
+   *
+   * @param schema the FGA schema containing the DSL definition
+   * @throws DescopeException if the operation fails
+   */
+  void saveSchema(FGASchema schema) throws DescopeException;
+
+  /**
+   * Loads the current FGA schema for the project.
+   *
+   * @return the current FGA schema
+   * @throws DescopeException if the operation fails
+   */
+  FGASchema loadSchema() throws DescopeException;
+
+  /**
+   * Creates new FGA relations (tuples) based on the existing schema.
+   *
+   * @param relations list of relations to create
+   * @throws DescopeException if the operation fails
+   */
+  void createRelations(List<FGARelation> relations) throws DescopeException;
+
+  /**
+   * Deletes existing FGA relations (tuples).
+   *
+   * @param relations list of relations to delete
+   * @throws DescopeException if the operation fails
+   */
+  void deleteRelations(List<FGARelation> relations) throws DescopeException;
+
+  /**
+   * Checks if the given FGA relations are satisfied.
+   * This is a read-only operation that validates whether relations exist.
+   *
+   * @param relations list of relations to check
+   * @return list of check results indicating whether each relation is allowed
+   * @throws DescopeException if the operation fails
+   */
+  List<FGACheckResult> check(List<FGARelation> relations) throws DescopeException;
+
+  /**
+   * Loads detailed information for the given resource identifiers.
+   *
+   * @param resourceIdentifiers list of resource identifiers to load details for
+   * @return list of resource details
+   * @throws DescopeException if the operation fails
+   */
+  List<FGAResourceDetails> loadResourcesDetails(List<FGAResourceIdentifier> resourceIdentifiers)
+      throws DescopeException;
+
+  /**
+   * Saves detailed information for the given resources.
+   *
+   * @param resourcesDetails list of resource details to save
+   * @throws DescopeException if the operation fails
+   */
+  void saveResourcesDetails(List<FGAResourceDetails> resourcesDetails) throws DescopeException;
+}