Keto patch relation tuple REST API panic rather than return bad request for wrong input.

[counter2015]

see also: #701
Describe the bug

Keto patch relation tuple REST API does not work

Reproducing the bug

Steps to reproduce the behavior:

Server logs

keto_1       | time=2021-09-09T10:54:39Z level=info msg=started handling request http_request=map[headers:map[accept:*/* accept-encoding:gzip, deflate, br cookie:csrftoken=pfA5pKhWQh3zBIBGtRfDMV09Z1e8G9j6PIers6Z1iEeLBTXlwRbMylV9Q6JYYbZ7 user-agent:PostmanRuntime/7.26.5] host:127.0.0.1:4467 method:PATCH path:/relation-tuples query:<nil> remote:192.168.224.1:63756 scheme:http]
keto_1       | 2021/09/09 10:54:39 http: panic serving 192.168.224.1:63756: runtime error: invalid memory address or nil pointer dereference
keto_1       | goroutine 412 [running]:
keto_1       | net/http.(*conn).serve.func1(0xc000466f00)
keto_1       | 	/usr/local/go/src/net/http/server.go:1824 +0x153
keto_1       | panic(0x1115620, 0x1ad5d50)
keto_1       | 	/usr/local/go/src/runtime/panic.go:971 +0x499
keto_1       | github.com/ory/keto/internal/persistence/sql.(*Persister).DeleteRelationTuples.func1(0x1416c40, 0xc0001706c0, 0xc0005a9140, 0xc0005a9140, 0xc0005a8f60)
keto_1       | 	/home/ory/internal/persistence/sql/relationtuples.go:104 +0x97
keto_1       | github.com/ory/x/popx.Transaction(0x1416c40, 0xc0001706c0, 0xc0005a9080, 0xc000170720, 0x1, 0xc000170720)
keto_1       | 	/go/pkg/mod/github.com/ory/[email protected]/popx/transaction.go:24 +0xaf
keto_1       | github.com/ory/keto/internal/persistence/sql.(*Persister).transaction(0xc000334240, 0x1416c40, 0xc0001706c0, 0xc000170720, 0x0, 0x0)
keto_1       | 	/home/ory/internal/persistence/sql/persister.go:141 +0x72
keto_1       | github.com/ory/keto/internal/persistence/sql.(*Persister).DeleteRelationTuples(0xc000334240, 0x1416c40, 0xc0001706c0, 0xc0000c4008, 0x1, 0x1, 0x0, 0x0)
keto_1       | 	/home/ory/internal/persistence/sql/relationtuples.go:102 +0x8f
keto_1       | github.com/ory/keto/internal/persistence/sql.(*Persister).TransactRelationTuples.func1(0x1416c40, 0xc0001706c0, 0xc0005a8f60, 0x13dee58, 0x126c000)
keto_1       | 	/home/ory/internal/persistence/sql/relationtuples.go:197 +0xd2
keto_1       | github.com/ory/x/popx.Transaction.func2(0xc0005a8f60, 0xc0005a8f60, 0x0)
keto_1       | 	/go/pkg/mod/github.com/ory/[email protected]/popx/transaction.go:42 +0x95
keto_1       | github.com/gobuffalo/pop/v5.(*Connection).Transaction.func1(0xc0000a4000, 0x0)
keto_1       | 	/go/pkg/mod/github.com/gobuffalo/pop/[email protected]/connection.go:149 +0x65
keto_1       | github.com/gobuffalo/pop/v5.commonDialect.Lock(0xc00083e780, 0xc0002700d8, 0xc0000a4001, 0xc0002700d8)
keto_1       | 	/go/pkg/mod/github.com/gobuffalo/pop/[email protected]/dialect_common.go:29 +0x27
keto_1       | github.com/gobuffalo/pop/v5.(*Connection).Transaction(0xc00029c1e0, 0xc000cbc100, 0xc0000de0c0, 0xc00029c1e0)
keto_1       | 	/go/pkg/mod/github.com/gobuffalo/pop/[email protected]/connection.go:143 +0x72
keto_1       | github.com/ory/x/popx.Transaction(0x1416b98, 0xc0000de0c0, 0xc00029c180, 0xc0000de3c0, 0x1, 0xc0000de3c0)
keto_1       | 	/go/pkg/mod/github.com/ory/[email protected]/popx/transaction.go:41 +0x19a
keto_1       | github.com/ory/keto/internal/persistence/sql.(*Persister).transaction(0xc000334240, 0x1416b98, 0xc0000de0c0, 0xc0000de3c0, 0x0, 0x0)
keto_1       | 	/home/ory/internal/persistence/sql/persister.go:141 +0x72
keto_1       | github.com/ory/keto/internal/persistence/sql.(*Persister).TransactRelationTuples(0xc000334240, 0x1416b98, 0xc0000de0c0, 0x0, 0x0, 0x0, 0xc0000c4008, 0x1, 0x1, 0x2, ...)
keto_1       | 	/home/ory/internal/persistence/sql/relationtuples.go:193 +0xc7
keto_1       | github.com/ory/keto/internal/relationtuple.(*handler).patchRelations(0xc0005b4680, 0x7f0bbe8b5a38, 0xc0000c4000, 0xc000370000, 0x0, 0x0, 0x0)
keto_1       | 	/home/ory/internal/relationtuple/transact_server.go:170 +0x425
keto_1       | github.com/julienschmidt/httprouter.(*Router).ServeHTTP(0xc00006d320, 0x7f0bbe8b5a38, 0xc0000c4000, 0xc000370000)
keto_1       | 	/go/pkg/mod/github.com/julienschmidt/[email protected]/router.go:387 +0xc7e
keto_1       | github.com/urfave/negroni.Wrap.func1(0x7f0bbe8b5a38, 0xc0000c4000, 0xc000370000, 0xc000cbc080)
keto_1       | 	/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:46 +0x4d
keto_1       | github.com/urfave/negroni.HandlerFunc.ServeHTTP(0xc00000c528, 0x7f0bbe8b5a38, 0xc0000c4000, 0xc000370000, 0xc000cbc080)
keto_1       | 	/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:29 +0x4e
keto_1       | github.com/urfave/negroni.middleware.ServeHTTP(0x13fe540, 0xc00000c528, 0xc00000c5a0, 0x7f0bbe8b5a38, 0xc0000c4000, 0xc000370000)
keto_1       | 	/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 +0x9c
keto_1       | github.com/ory/x/reqlog.(*Middleware).ServeHTTP(0xc000164540, 0x7f0bbe8b5a38, 0xc0000c4000, 0xc000370000, 0xc000cbc020)
keto_1       | 	/go/pkg/mod/github.com/ory/[email protected]/reqlog/middleware.go:134 +0x2e4
keto_1       | github.com/urfave/negroni.middleware.ServeHTTP(0x13fb760, 0xc000164540, 0xc00000c588, 0x7f0bbe8b5a38, 0xc0000c4000, 0xc000370000)
keto_1       | 	/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:38 +0x9c
keto_1       | github.com/urfave/negroni.(*Negroni).ServeHTTP(0xc000441dd0, 0x1412430, 0xc000d800e0, 0xc000370000)
keto_1       | 	/go/pkg/mod/github.com/urfave/[email protected]/negroni.go:96 +0xf1
keto_1       | net/http.serverHandler.ServeHTTP(0xc0005da1c0, 0x1412430, 0xc000d800e0, 0xc000370000)
keto_1       | 	/usr/local/go/src/net/http/server.go:2887 +0xa3
keto_1       | net/http.(*conn).serve(0xc000466f00, 0x1416c40, 0xc0000de4c0)
keto_1       | 	/usr/local/go/src/net/http/server.go:1952 +0x8cd
keto_1       | created by net/http.(*Server).Serve
keto_1       | 	/usr/local/go/src/net/http/server.go:3013 +0x39b

Server configuration

version: v0.6.0-alpha.3

log:
  level: trace
  leak_sensitive_values: true

namespaces:
  - id: 0
    name: role
  - id: 1
    name: user

dsn: postgresql://keto:keto@keto-db:5432/keto

serve:
  read:
    host: 0.0.0.0
    port: 4466
  write:
    host: 0.0.0.0
    port: 4467

docker-compose.yaml

version: "3.2"
services:
  keto:
    image: oryd/keto:v0.6.0-alpha.3
    restart: on-failure
    command: serve -c /home/keto/keto.yaml

    ports:
      - '4466:4466'
      - '4467:4467'

    volumes:
      - type: bind
        source: ./keto
        target: /home/keto

    depends_on:
      - keto-db

  keto-init:
    image: oryd/keto:v0.6.0-alpha.3
    environment:
      KETO_WRITE_REMOTE: keto:4467
    volumes:
      - ./keto/:/home/keto/
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
       keto migrate up --all-namespaces -y -c /home/keto/keto.yaml
       keto relation-tuple create /home/keto/relation-tuples -c /home/keto/keto.yaml
    restart: "no"

    depends_on:
      - keto-db

  keto-db:
    image: postgres:13.4
    restart: always
    ports:
      - '35432:5432'

    environment:
      POSTGRES_USER: keto
      POSTGRES_DB: keto
      POSTGRES_PASSWORD: keto

Expected behavior

It should work.

Environment

• Version: 0.6.0-alpha.3

[zepatrik]

Could not reproduce with current master. I added test cases that should cover your case in #717. Comment and reopen if the issue still persists.

[kleyow]

@counter2015 try

[
    {
        "action": "delete",
        "relation_tuple":{
            "namespace":"role",
            "object":"super-admin",
            "relation":"member",
            "subject":"role:company-admin"
        }
    }
]

[counter2015]

I found that I uploaded a wrong schema.

[counter2015]

Could not reproduce with current master. I added test cases that should cover your case in #717. Comment and reopen if the issue still persists.

So the excat problem is that it should return 400 rather than 500 for wrong input.

[
    {
        "action": "insert",
         "namespace":"role",
         "object":"super-admin",
         "relation":"member",
         "subject":"role:company-admin"
    }
]

I have not compile keto program local, so I just test on brew install version 0.6.0-alpha.3

[zepatrik]

I see, will add a case with the raw JSON then.