v0.7.0-alpha.0
Pre-releaseWe are proud to present you a new release of Ory Keto! It has been a while, but
we have been working hard not only on code, but also concepts and discussing
many upcoming features. To join us on this exciting journey, watch 👀 and
start ⭐ the repository.
At a first glance the release might not look too exciting from the outside, but
we had 376 changed files with 47,578 additions and 25,418 deletions. In total,
12 contributors worked on the 192 commits. The most changes were bug fixes,
internal refactoring, and improving API consistency. Expect a more reliable
Keto, that is also prepared to receive
many new exciting features.
Because the database schema changed significantly, and it is not possible to
have SQL-only migrations, there is a special migration procedure needed to
upgrade from Ory Keto v0.6. Please follow the
migration guide and, as
always, read
the changelog before
upgrading.
Breaking Changes
This patch changes the payload of the REST API. The gRPC API is not affected. The parameter subject
was previously an encoded string. With this change clients have to explicitly use either subject_id
or (subject_set.namespace
and subject_set.object
and subject_set.relation
). The same is true for REST responses returned by Keto. An error with a hint will be returned if subject
is still used.
Bug Fixes
-
cli: Panic when printing empty expand trees (#686) (7956dec)
-
Handle relation tuple cycles in expand and check engine (#623) (8e30119)
-
Move gRPC client module root up (#620) (3b881f6):
BREAKING: The npm package
@ory/keto-grpc-client
from now on includes all API versions. Because of that, the import paths changed. For migrating to the new client package, change the import path according to the following example:- import acl from '@ory/keto-grpc-client/acl_pb.js' + // from the latest version + import { acl } from '@ory/keto-grpc-client' + // or a specific one + import acl from '@ory/keto-grpc-client/ory/keto/acl/v1alpha1/acl_pb.js'
-
Partially reference upstream schemas (#674) (e49e16c), closes #662:
This change significantly improves and the config schema. Parts will now be taken from upstream to ensure a more up-to-date schema.
-
Patch REST API input validation and SDK generation (#717) (d49e098)
-
Run a whole namespace migration as one transaction (#739) (142bd47)
-
Set version during release build and register version handler (#714) (8091475)
-
Update docker-compose.yml version (#595) (7fa4dca), closes #549
Chores
- Update repository templates (f53d3eb)
Code Generation
- Pin v0.7.0-alpha.0 release commit (7962e77)
Code Refactoring
-
Ensure namespace manager reload is resource contained (#735) (5696fc6)
-
Make subject sets and subject IDs unambiguous (#729) (5a1b0ba)
-
Persistence table structure (#638) (d02b818):
This big refactoring greatly reduces operation complexity and paves the way for upcoming performance improvements.
From now on the relation tuples from all namespaces are stored in the same table, instead of having tables per namespace. A migration path will be provided separately.
Documentation
- Add migration guide to v0.7 (#758) (3335a4b)
- Add new redoc docsc (#651) (435ae00)
- Change npm org scope from @oryd to @ory (#730) (945005f)
- Fix build and gen:config (#676) (f128732)
- Fix erroneous sidebar commit (5cf2b4c)
- Fix example not following best practice (#582) (a015818)
- Fix link in migration guide (e995829)
- Fix REST API reference (#718) (f989b39)
- Update NPM links due to organisation move (#616) (6355bea)
- Update reference to Zanzibar in README (#746) (a0d8caf)
Features
-
Add gRPC client utils helpers (#657) (8b18802):
Behold! The Keto gRPC client library now has useful helpers that allow you to replace:
- deltas := make([]*acl.RelationTupleDelta, len(tuples)) - for i := range rts { - deltas[i] = &acl.RelationTupleDelta{ - Action: acl.RelationTupleDelta_INSERT, - RelationTuple: rts[i], - } - } + deltas := acl.RelationTupleToDeltas(tuples, acl.RelationTupleDelta_INSERT)
and
- &acl.Subject{Ref: &acl.Subject_Set{Set: &acl.SubjectSet{ - Namespace: "directories", - Object: "/photos", - Relation: "access", - }}} + acl.NewSubjectSet("directories", "/photos", "access")
and
- &acl.Subject{Ref: &acl.Subject_Id{ - Id: "user1", - }} + acl.NewSubjectID("user1")
Enjoy these new treats 🍫 🍭 🍦
-
Migration to single table SQL schema (#707) (00713bc):
This change adds a migration path from Keto version v0.6.x to the new persistence structure introduced by #638. Every namespace has to be migrated separately, or you can use the CLI to detect and migrate all namespaces at once. Have a look at
keto help namespace migrate legacy
for all details.
Please make sure that you backup the database before running the migration command. Please note that this migration might be a bit slower than usual, as we have to pull the data from the database, transcode it in Keto, and then write it to the new table structure.
Versions of Keto >v0.7 will not include this migration script, so you will first have to migrate to v0.7 and move on from there. -
Support namespace validation from config files (#596) (f4253b8):
The
keto namespace validate
command now additionally supports:- validation of namespaces in config files
- validation of a directory specified in config files
Tests
-
De-flake status command test (#629) (3bcd0e3):
Confirmed that the fix works because
$ go test -tags sqlite -run TestStatusCmd/server_type=read/case=block -count 1000 ./cmd/status
passed.
-
Ensure problematic chars are not creatable over REST (#709) (12b7954)
Changelog
0c39ad8 autogen(docs): generate and format documentation
e1b3267 autogen(docs): generate and format documentation
ab885ed autogen(docs): generate and format documentation
408a34a autogen(docs): generate and format documentation
c9d91c1 autogen(docs): generate and format documentation
bab7566 autogen(docs): generate and format documentation
8bae3e7 autogen(docs): regenerate and update changelog
4e65c14 autogen(docs): regenerate and update changelog
6a94442 autogen(docs): regenerate and update changelog
79bf9dd autogen(docs): regenerate and update changelog
7d40435 autogen(docs): regenerate and update changelog
c2047cc autogen(docs): regenerate and update changelog
9f3e8c6 autogen(docs): regenerate and update changelog
fdf0e60 autogen(docs): regenerate and update changelog
cfb15e1 autogen(docs): regenerate and update changelog
00353f2 autogen(docs): regenerate and update changelog
99253a3 autogen(docs): regenerate and update changelog
9b449ed autogen(docs): regenerate and update changelog
d354f77 autogen(docs): regenerate and update changelog
dbd1c3c autogen(docs): regenerate and update changelog
fe92134 autogen(docs): regenerate and update changelog
54170e5 autogen(docs): regenerate and update changelog
5ae19ca autogen(docs): regenerate and update changelog
06bd105 autogen(docs): regenerate and update changelog
adf7d4c autogen(docs): regenerate and update changelog
5950110 autogen(docs): regenerate and update changelog
2e93d99 autogen(docs): regenerate and update changelog
1ed0683 autogen(docs): regenerate and update changelog
88cedc3 autogen(docs): regenerate and update changelog
83391b7 autogen(docs): regenerate and update changelog
c8d9bb9 autogen(docs): update milestone document
ac2d6ce autogen(docs): update milestone document
b4dea9c autogen(docs): update milestone document
0602e8c autogen(docs): update milestone document
85a058e autogen(docs): update milestone document
6ea7cd0 autogen(docs): update milestone document
09ef4b3 autogen(docs): update milestone document
687101d autogen(docs): update milestone document
a4102d4 autogen(docs): update milestone document
be7c3d8 autogen(docs): update milestone document
3d9944c autogen(docs): update milestone document
a17d79d autogen(docs): update milestone document
4795244 autogen(docs): update milestone document
d371902 autogen(docs): update milestone document
e665de5 autogen(docs): update milestone document
5f3ee68 autogen(docs): update milestone document
0080cc9 autogen(docs): update milestone document
1062063 autogen: build buf
7962e77 autogen: pin v0.7.0-alpha.0 release commit
65e69e4 autogen: pin v0.7.0-alpha.0.pre.0 release commit
2d1af4c autogen: pin v0.7.0-alpha.0.pre.1 release commit
ad9a463 autogen: pin v0.7.0-alpha.0.pre.2 release commit
cfe3af6 autogen: pin v0.7.0-alpha.0.pre.3 release commit
2ae265b autogen: pin v0.7.0-alpha.0.pre.4 release commit
8bf399e autogen: pin v0.7.0-alpha.0.pre.5 release commit
be364b1 chore: adjust CODEOWNERS (#671)
cc5ccdd chore: adjust CODEOWNERS for /docs/ (#672)
d92f92e chore: bump dependencies (#673)
fd437ef chore: bump dependencies (#687)
b8b23c3 chore: bump js dependencies (#711)
4586c83 chore: remove release artifact (#750)
f048929 chore: remove swagger (#744)
202b026 chore: update docusaurus template
a4b0564 chore: update docusaurus template
5a75301 chore: update docusaurus template
fea1af2 chore: update docusaurus template
89720e2 chore: update docusaurus template (#756)
2f85cb7 chore: update repository templates
419e061 chore: update repository templates
50f0dcc chore: update repository templates
f2c5fe7 chore: update repository templates
46d25a6 chore: update repository templates (#678)
0742495 chore: update repository templates (#685)
ed1cb80 ci: add arm64 to goreleaser config (#742)
d8b7bf6 ci: add config schema render script (#740)
0005a55 ci: add workflow to release the go gRPC client (#712)
4806dca ci: bump go to 1.17 for goreleaser/release job (#751)
e02abc0 ci: bump orbs (#688)
c4acefa ci: bump ory/cli version for release pipeline
fceb7c2 ci: distinguish Keto and proto/
releases (#715)
226c8e5 ci: fix go gRPC release script (#713)
421ff47 ci: fix pre-release render schema script (#747)
6811cd2 ci: introduce Docker CVE scanning (#745)
d08ef66 ci: release automation fixes (#748)
44a5603 ci: strip refs/tags/
for go-gRPC client tags (#754)
00fa3ea ci: use cimg/go:1.17-node for release job
831a57c ci: use proper goreleaser/release job
3335a4b docs: add migration guide to v0.7 (#758)
945005f docs: change npm org scope from @oryd to @ory (#730)
f989b39 docs: fix REST API reference (#718)
f128732 docs: fix build and gen:config (#676)
e995829 docs: fix link in migration guide
a0d8caf docs: update reference to Zanzibar in README (#746)
5ac8b0c feat: enable telemetry collection for gRPC (#738)
00713bc feat: migration to single table SQL schema (#707)
7956dec fix(cli): panic when printing empty expand trees (#686)
f10dec1 fix: Dockerfiles (#737)
0cb5706 fix: make sdk
dependency on the Ory CLI (#710)
7c27f92 fix: exclude /health
endpoints from logs (#716)
e49e16c fix: partially reference upstream schemas (#674)
d49e098 fix: patch REST API input validation and SDK generation (#717)
142bd47 fix: run a whole namespace migration as one transaction (#739)
8091475 fix: set version during release build and register version handler (#714)
5696fc6 refactor: ensure namespace manager reload is resource contained (#735)
5a1b0ba refactor: make subject sets and subject IDs unambiguous (#729)
d02b818 refactor: persistence table structure (#638)
3b946d0 test: add migration tests (#749)
12b7954 test: ensure problematic chars are not creatable over REST (#709)
9eda48c test: single table migration as transaction (#736)
Docker images
docker pull oryd/keto:v0-sqlite
docker pull oryd/keto:v0.7-sqlite
docker pull oryd/keto:v0.7.0-sqlite
docker pull oryd/keto:v0.7.0-alpha.0-sqlite
docker pull oryd/keto:latest-sqlite
docker pull oryd/keto:v0
docker pull oryd/keto:v0.7
docker pull oryd/keto:v0.7.0
docker pull oryd/keto:v0.7.0-alpha.0