Skip to content

Releases: ory/keto

v0.13.0-alpha.0

28 Feb 09:18
Compare
Choose a tag to compare
v0.13.0-alpha.0 Pre-release
Pre-release

What's Changed

Full Changelog: v0.12.0-alpha.0...v0.13.0-alpha.0

v0.12.0-alpha.0

01 Feb 15:34
4b40e18
Compare
Choose a tag to compare
v0.12.0-alpha.0 Pre-release
Pre-release

Improves performance, SDKs, and resolves minor issues.

Bug Fixes

  • Add width limit when expanding subject-sets in checks (#1433) (f1317da):

    This change limits the max width that can be expanded during checks. An integration that runs into this limit would previously likely have timed out. A correct integration should not run into this limit.

  • Config schema (generated) (#1502) (e7faf48)

  • Incorrect error return (#1332) (fc09573)

  • Missing block flag on migrate status (#1432) (040b3db)

  • Postgres docker-compose startup (#1295) (a4218d7):

    • Fix starting docker-compose-postgres.yml
    • bump docker image version
    • make format
  • Reduce SQL tracing noise (#1301) (b1cf198)

  • Sqa config values unified across projects (#1315) (0b9baed)

  • Sqa write key for correct product (#1297) (23ccef8)

  • Use correct tracer in middleware (#1373) (2bc4901)

  • Validate that namespace ID is int32 (#1278) (d093b37)

Code Generation

  • Pin v0.12.0-alpha.0 release commit (4b40e18)

Documentation

  • Fix multiline comments from proto files breaking tables (#1431) (ef9132d):

    • Add markdown.tmpl file for bufbuild
    • fix typo

    Signed-off-by: Cléo Rebert [email protected]

    • docs: add issue reference

Features

  • Add distroless (#1348) (f0839ee):

    • feat: add distroless
    • Update Dockerfile-build
    • Update Dockerfile-distroless-static
  • Add flag to block until migrations are done (#1380) (129902b)

  • Add tracing to fetcher (#1294) (4ffb7bc):

    • feat: add tracing to fetcher
    • rerun CI
  • Allow extra database migrations (#1365) (d3b62a9)

  • Cache OPL when loading from HTTP(S) (#1429) (b89ce02)

  • Clearer error messages when not using block (#1393) (a3b5494):

    • feat: clearer error messages when not using block
    • dont timeout if block is used
    • consolidate block flag into grpc client package
    • respect timeout context key
    • remove flake test by changing port manipulation in test
    • fix case=timeout,noblock status test
    • remove flakyness by reducing timeout to micro
  • Enable GRPC metrics (#1302) (91c12c9):

    • feat: enable GRPC metrics
    • fix: test and server registration
    • fix: GRPC metrics
    • fix: clean up for PR
  • Improve emitting of events (#1314) (5028c75):

    • feat: improve emitting of events
    • rename event constants
    • move events package
    • refactor event emitting
  • Sqa metrics v2 (#1335) (a115e15)

  • Upgrade grpc buf generator (#1507) (872b118)

  • Write to UUID mapper and relation tuples in one SQL transaction (#1340) (eeeecf6):

    • fix: lint
    • feat: wrap an SQL transaction around the UUID mapper's and the relation tuple manager's write operations

Changelog

  • f7009c5 autogen(docs): generate and bump docs
  • f55f912 autogen(docs): regenerate and update changelog
  • 023758d autogen(docs): regenerate and update changelog
  • 38e955f autogen(docs): regenerate and update changelog
  • 2dc62aa autogen(docs): regenerate and update changelog
  • 8c04af9 autogen(docs): regenerate and update changelog
  • c7c4737 autogen(docs): regenerate and update changelog
  • 35cf05a autogen(docs): regenerate and update changelog
  • a502c49 autogen(docs): regenerate and update changelog
  • 590520e autogen(docs): regenerate and update changelog
  • ae4a0f4 autogen(docs): regenerate and update changelog
  • 6df9fa0 autogen(docs): regenerate and update changelog
  • de6c885 autogen(docs): regenerate and update changelog
  • b2c3464 autogen(docs): regenerate and update changelog
  • 06b9013 autogen(docs): regenerate and update changelog
  • 06772e7 autogen(docs): regenerate and update changelog
  • 0d22943 autogen(docs): regenerate and update changelog
  • 4d627da autogen(docs): regenerate and update changelog
  • 78a0c66 autogen(docs): regenerate and update changelog
  • e91ea07 autogen(docs): regenerate and update changelog
  • f32d3d9 autogen(docs): regenerate and update changelog
  • 449f1b0 autogen(docs): regenerate and update changelog
  • 4d257bf autogen(docs): regenerate and update changelog
  • cfaefac autogen(docs): regenerate and update changelog
  • 9acf7fa autogen(docs): regenerate and update changelog
  • cedb3f5 autogen(docs): regenerate and update changelog
  • 421c17d autogen(docs): regenerate and update changelog
  • fa6a8ee autogen(docs): regenerate and update changelog
  • 1fbce3a autogen(docs): regenerate and update changelog
  • c53203e autogen(docs): regenerate and update changelog
  • 1e34dfc autogen(docs): regenerate and update changelog
  • 307ece9 autogen(docs): regenerate and update changelog
  • 03e1f4a autogen(docs): regenerate and update changelog
  • 782cbde autogen(docs): regenerate and update changelog
  • b9670e3 autogen(docs): regenerate and update changelog
  • 48d1050 autogen(docs): regenerate and update changelog
  • 7c4c4b1 autogen(docs): regenerate and update changelog
  • bd7ea28 autogen(docs): regenerate and update changelog
  • 4600a29 autogen(docs): regenerate and update changelog
  • 04d2a95 autogen(docs): regenerate and update changelog
  • 7c696b6 autogen(docs): regenerate and update changelog
  • cfda704 autogen(docs): regenerate and update changelog
  • 9dbd600 autogen(docs): regenerate and update changelog
  • e7b107c autogen(docs): regenerate and update changelog
  • 061f1c8 autogen(docs): regenerate and update changelog
  • 6697f74 autogen(docs): regenerate and update changelog
  • 523522a autogen(docs): regenerate and update changelog
  • f8469c5 autogen(docs): regenerate and update changelog
  • 7d15057 autogen(docs): regenerate and update changelog
  • ef5383c autogen(docs): regenerate and update changelog
  • a4b41bd autogen: add v0.11.1-alpha.0 to version.schema.json
  • c3d9f7b autogen: pin v0.11.2-alpha.0 release commit
  • 4b40e18 autogen: pin v0.12.0-alpha.0 release commit
  • ff4c3ec chore(deps): bump @grpc/grpc-js from 1.8.12 to 1.8.15 in /proto (#1336)
  • 5212b59 chore(deps): bump @grpc/grpc-js from 1.8.16 to 1.8.17 in /proto (#1362)
  • 1d95587 chore(deps): bump @grpc/grpc-js from 1.8.17 to 1.8.19 in /proto (#1383)
  • e1936c2 chore(deps): bump @grpc/grpc-js from 1.8.19 to 1.8.20 in /proto (#1384)
  • 51428be chore(deps): bump @grpc/grpc-js from 1.8.20 to 1.8.21 in /proto (#1389)
  • cccb779 chore(deps): bump @grpc/grpc-js from 1.8.21 to 1.9.0 in /proto (#1390)
  • 731c79b chore(deps): bump @grpc/grpc-js from 1.9.0 to 1.9.6 in /proto (#1454)
  • 189f3a1 chore(deps): bump @openapitools/openapi-generator-cli (#1379)
  • 35d444d chore(deps): bump alpine from 3.17.2 to 3.17.3 in /.docker (#1296)
  • b9e65a9 chore(deps): bump alpine from 3.18.3 to 3.18.4 in /.docker (#1439)
  • 0800704 chore(deps): bump github.com/docker/docker (#1303)
  • 74af97f chore(deps): bump github.com/go-sql-driver/mysql from 1.7.0 to 1.7.1 (#1361)
  • 54f763f chore(deps): bump github.com/knadh/koanf to v2.0.1 (#1338)
  • 991178a chore(deps): bump github.com/opencontainers/runc from 1.1.4 to 1.1.5 (#1293)
  • 84344a4 chore(deps): bump github.com/ory/x from 0.0.543 to 0.0.547 (#1299)
  • ad5b869 chore(deps): bump github.com/ory/x from 0.0.562 to 0.0.567 (#1364)
  • 19871ef chore(deps): bump github.com/ory/x from 0.0.567 to 0.0.568 (#1372)
  • 009ebdf chore(deps): bump github.com/ory/x from 0.0.568 to 0.0.572 (#1378)
  • b13fce3 chore(deps): bump github.com/ory/x from 0.0.572 to 0.0.573 (#1386)
  • c98314...
Read more

v0.11.1-alpha.0

09 Mar 14:30
v0.11.1-alpha.0
db5c007
Compare
Choose a tag to compare
v0.11.1-alpha.0 Pre-release
Pre-release

This release includes small fixes and improvements.

Bug Fixes

  • Return meaningful status code when relation is not known (#1275) (1fef45a)
  • Subject expansion is terminated unexpectedly (#1256) (f88a479)

Code Generation

  • Pin v0.11.1-alpha.0 release commit (db5c007)

Features

Tests

Changelog

  • 04ed50a autogen(docs): generate and bump docs
  • e3d581c autogen(docs): regenerate and update changelog
  • eb4c499 autogen(docs): regenerate and update changelog
  • 5862245 autogen(docs): regenerate and update changelog
  • f2256d3 autogen(docs): regenerate and update changelog
  • c0b0321 autogen(docs): regenerate and update changelog
  • de864ef autogen(docs): regenerate and update changelog
  • 4eab4b5 autogen(docs): regenerate and update changelog
  • 7e24711 autogen(docs): regenerate and update changelog
  • 151db7c autogen(docs): regenerate and update changelog
  • db59a33 autogen: add v0.11.0-alpha.0 to version.schema.json
  • db5c007 autogen: pin v0.11.1-alpha.0 release commit
  • 8e0efee chore(deps): bump @grpc/grpc-js from 1.8.10 to 1.8.12 in /proto (#1271)
  • 8435a31 chore(deps): bump github.com/moby/buildkit in /.bin (#1270)
  • 9ea0bb2 chore(deps): bump github.com/ory/x from 0.0.542 to 0.0.543 (#1268)
  • 891bca4 chore(deps): bump golang in /.docker (#1272)
  • 80c6e71 chore(deps): bump golang.org/x/oauth2 from 0.5.0 to 0.6.0 (#1269)
  • a84d946 chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0 (#1277)
  • 11d0916 chore(deps): bump google.golang.org/protobuf in /proto (#1276)
  • 0dd2ba9 chore: add missing ON DELETE CASCADE to keto_relation_tuples (#1264)
  • 30b9669 chore: bump deps (#1267)
  • 963fad2 chore: downgrade otel (#1265)
  • 75ae307 feat(parser): allow quoted property access (#1273)
  • 1fef45a fix: return meaningful status code when relation is not known (#1275)
  • f88a479 fix: subject expansion is terminated unexpectedly (#1256)
  • b41bfb8 test: faster tests (#1266)

Artifacts can be verified with cosign using this public key.

v0.11.0-alpha.0

23 Feb 17:10
Compare
Choose a tag to compare
v0.11.0-alpha.0 Pre-release
Pre-release

This release includes a ton of bugfixes, especially around the Ory Permission Language and language parser.

Also, we started a greater effort to drastically improve latency, currently by introducing an experimental strict mode that reduces the number of SQL queries performed during checks. This is experimental to allow adjusting its behavior in a breaking manner, but it is ready for production usage. Do expect a non-stable behavior over the next releases. Any breaking behavior will be properly documented.
Further, we also optimized some of the non-strict queries.

Bug Fixes

  • Allow comments in more places in OPL (#1117) (5f89fcf), closes #1116

  • Do not insert UUID mappings on readonly APIs (#1190) (a86db70):

    Endpoints that do not mutate the database (such as list
    or check) now use a read-only version of the UUID mapper
    that does not write the mapping to the database (as all
    relevant mapping information is already mapped).

  • Docs broken links (#1254) (e646380):

    • fix: docs broken links

    • fix: edit proto files to fix links

  • More robust parser (d38e006)

  • More robust query counting (#1218) (4503a74)

  • Only type-check if there are no parser errors (b4bef07):

    Type checks are not particularly useful on partially parsed input.

  • Panic with unknown subject set during expand (#1139) (1f3c568)

  • Properly lex imports in OPL (#1041) (26944e9)

  • Race condition (05ec2da)

  • Race condition in setup (#1107) (07dfce7)

  • Recover from panics in gRPC server (#1149) (3e38d13):

    Panics in the gRPC server now result in codes.Internal being returned, instead of killing the server.

  • Relative file URL parsing (#1145) (03cac63)

  • Relax OPL parsing (#1059) (a15c5ad):

    • Allow semicolons in more places
    • Allow commas in more places
  • Tiny stuff (#1211) (719a7d5):

    • fix: tracing in persistence.sql.TraverseSubjectSetRewrite

    • fix: incorrect HTTP return code

  • Trace SQL in TraverseSubjectSetExpansion (#1242) (8968451)

  • Tune error message (b51d215)

  • Use resilient HTTP client (e431978)

  • Validate subjects before mapping (#1039) (71b30c4)

Code Generation

  • Pin v0.11.0-alpha.0 release commit (7f1f580)

Code Refactoring

Documentation

  • Add getting started guide to readme (#1094) (e3b88d2)

  • Adds JSDoc to the npm package '@ory/keto-namespace-types' (#1136) (b582375)

  • Allow $schema key in config.schema.json (#1083) (333af27)

  • Fix invalid link (#1072) (2686e98)

  • Fix quickstart up.sh (#1158) (30a74c6):

    Added --insecure-disable-transport-security flag to all client commands.

  • Improve rewrites example (d809c76)

  • Standardize license headers (#1061) (6c0e1ba)

  • Update README content and links (#1043) (7aacf0d)

Features

  • Add API to list namespaces (a8d8767)

  • Add libfuzzer for parser (05c9a01)

  • Add option to add custom health checks (#1225) (3399f60)

  • Allow loading OPL configs from base64 URLs (640abc1)

  • Allow permits referencing permits (c4d84f6):

    You can now use this.permits.<permission>(ctx) to reference another
    permission in a permission declaration.

    Example:

    comment: (ctx: Context) => this.permits.read(ctx)
    
  • Allow quoting object keys in OPL (081d834)

  • Allow setting the authority header in the CLI (17f10ef)

  • Emit events through tracing (#1244) (70dd8be)

  • Expose function to generate OPL (#1057) (b80a230)

  • Expose OPL syntax check API (57ff639)

  • Faster SQL queries for checks and strict check mode (#1171) (8e07890):

    With this change we introduce an experimental strict mode that drastically reduces the number of SQL queries performed during checks. This is experimental to allow adjusting its behavior in a breaking manner, but it is ready for production usage.
    Also some of the non-strict queries are optimized.

  • Handle HTTP config locations (6571bae)

  • Improve tracing (#1169) (64dc85e)

  • Rename to Ory Network (#1081) (3fe1d68)

  • Return bad request on DELETE body (#1219) (195182c)

  • Support Array<> syntax in type decl (#1152) (c4c456b):

    You can now use Array<T> as an alternative to T[] when declaring
    types for relations in the Ory Permission Language.

  • Support semicolons in types (#1151) (a06eda7), closes #1135

Tests

Unclassified

Changelog

  • 137fe6b ci: authenticate nancy action (#1239)
  • 5b239e5 autogen(docs): generate and bump docs
  • 837093b autogen(docs): regenerate and update changelog
  • 8f5134c autogen(docs): regenerate and update changelog
  • 0118850 autogen(docs): regenerate and update changelog
  • 026fc87 autogen(docs): regenerate and update changelog
  • c1f45e3 autogen(docs): regenerate and update changelog
  • 2e8d633 autogen(docs): regenerate and update changelog
  • ce1caaf...
Read more

v0.10.0-alpha.0

27 Sep 13:28
Compare
Choose a tag to compare
v0.10.0-alpha.0 Pre-release
Pre-release

This release ships the long-awaited Ory Permission Language (a.k.a. userset-rewrites) 🎉. You can now define global 🌍 rules for permissions, like "every user who is an owner also has read access", and many more. Best of all, you don't have to learn a new language to express these rules, but instead just use a subset of TypeScript. Therefore syntax highlighting, formatting tools, linters, unit test frameworks, ... work out of the box 📦! We will give a talk 🗣️ about how we ended up with this solution at the Ory Summit, so make sure to sign up or watch the recoding on YouTube later.
Start exploring the Ory Permission Language by following our guide 📖.
This is only the most shiny ✨ feature we packed into this release, see the full changelog for all the other fixes and features we included.

Bug Fixes

  • Concurrency-safe graph utils (ea9dda9)

  • Correct paths in TypeScript SDK (#1025) (8b30508)

  • Do not setup /etc/nsswitch.conf on alpine (1f9fa96):

    Go fixed the initial issue and does not rely on that file anymore, see golang/go#35305

  • Race in serve metrics init (5f4c19b)

  • Remove check constraint (54c00c3):

    Tests now use the new httpclient to properly handle empty strings vs
    strings (where the value is omitted in the JSON request).

  • Request metrics (#1007) (96ff767):

    httprequest* metrics contain data related only to /metrics/prometheus endpoint.
    This commit adds endpoints from non-monitoring routers.

  • Sdk generation (acc1546):

  • Use TLS in gRPC client (#988) (b1ffd6b):

    Enable TLS and certificate checking in the gRPC client when communicating with remote hosts.

  • Uuid mapping migration paginates (3a5fb2c)

  • Validate tuples for non-nil subject (a22dd19)

Build System

Code Generation

  • Pin v0.10.0-alpha.0 release commit (52259a3):

    Bumps from v0.10.0-alpha.0.pre.0

Code Refactoring

  • Generalize tree structure (6a0b2fe):

    This will allow reusing the tree to provide debug info on how a check decision was reached.

Documentation

  • Add initial documentation example for rewrites (065ce46)
  • Fix version meta schema (b054b24)

Features

  • Add bearer token auth (5110f63)

  • Configure subject-set rewrites (0ce1519):

    The subject-set rewrites can now be configured through the Ory Permission
    Language (OPL), which is a subset of TypeScript. The OPL config is
    referenced in the central configuration under namespaces as such:

    [...]
    namespaces:
      location: <location>
    [...]
    

    The can be any valid file, directory or URI.

  • Fine-grained control over transport security (5f056b7):

    This adds two new flags to the Keto CLI:

    • --insecure-disable-transport-security: Use plaintext instead of TLS
    • --insecure-skip-hostname-verification: Use TLS, but do not verify the
      certificate

    By default, the Keto CLI now connects to the remote via TLS and verifies
    the hostname.

  • OPL typescript library on npm (446fe7d)

  • Simpler notation for subjects w/o relation (ec979df)

  • Subject-set rewrites (6f61af8)

  • Support subject sets in check (1760459)

Tests

  • Add cases for checking subject sets (93aee83), closes #985

Changelog

  • 3fbb424 autogen(docs): generate and bump docs
  • 32a2ada autogen(docs): regenerate and update changelog
  • 81638c5 autogen(docs): regenerate and update changelog
  • 83b1595 autogen(docs): regenerate and update changelog
  • 04dfa42 autogen(docs): regenerate and update changelog
  • 25e97f5 autogen(docs): regenerate and update changelog
  • c35683d autogen(docs): regenerate and update changelog
  • b17417a autogen(docs): regenerate and update changelog
  • 5a258a0 autogen(docs): regenerate and update changelog
  • f30efed autogen(docs): regenerate and update changelog
  • de164ac autogen(docs): regenerate and update changelog
  • 6512489 autogen(docs): regenerate and update changelog
  • 3498dac autogen(docs): regenerate and update changelog
  • 231c9b1 autogen(docs): regenerate and update changelog
  • d007bae autogen(docs): regenerate and update changelog
  • 52259a3 autogen: pin v0.10.0-alpha.0 release commit
  • 1786dc5 autogen: pin v0.10.0-alpha.0.pre.0 release commit
  • 2a63481 autogen: pin v0.10.0-alpha.0.pre.1 release commit
  • 46a659f autogen: regenerate SDK
  • 97f638d build: do not include VCS info (#990)
  • 63cc034 chore(deps): bump @grpc/grpc-js from 1.6.12 to 1.7.1 in /proto
  • 0a93f24 chore(deps): bump @grpc/grpc-js from 1.6.8 to 1.6.12 in /proto (#998)
  • 065c2bb chore(deps): bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 (#996)
  • 1e430f5 chore(deps): bump github.com/gofrs/uuid
  • 3fadc8f chore(deps): bump github.com/ory/x from 0.0.469 to 0.0.473 (#1027)
  • 1328bdb chore(deps): bump github.com/tidwall/gjson from 1.14.1 to 1.14.3 (#987)
  • a3e3be1 chore(deps): bump go-swagger dev tool
  • f101060 chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  • a18b5cf chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#978)
  • 9f983e6 chore(deps): bump go.opentelemetry.io/otel from 1.9.0 to 1.10.0 (#1018)
  • b3eb645 chore(deps): bump golang in /.docker (#979)
  • e41ef26 chore(deps): update some more minor versions
  • adfcfd6 chore: bump deps (#1021)
  • 772ab00 chore: bump go to 1.19
  • ea27ba4 chore: cleanup and test improvements
  • 1daec0d chore: code cleanup
  • b6c93ba chore: deprecate namespace validate command
  • 30e75b9 chore: export CLI commands (#1030)
  • d92884e chore: export more CLI commands (#1031)
  • e235520 chore: fix linter warnings
  • c110e1f chore: fix linter warnings
  • 8ad039f chore: format using Make (#1022)
  • ff11a33 chore: ignore false-positive CVE detection
  • 46d39c1 chore: improve option passing (#995)
  • 6f291f8 chore: remove deprecated command placeholders
  • 7a5e681 chore: remove double-tabs in Makefile
  • 1094347 chore: remove unused yq dependency
  • c614e91 chore: retract pre tag proto/v0.9.0-alpha.0.pre.0 (#993)
  • 03d2e8f chore: sort package.json (#1006)
  • b312324 chore: update Prettier and ory-prettier-style and format everything (#1004)
  • 3d1cd99 chore: update repository templates
  • 5b3e731 chore: update repository templates
  • db7c21f chore: update repository templates
  • f8eb8c5 chore: update repository templates to ory/meta@19eed81
  • fa69fb3 chore: update repository templates to ory/meta@4ef1342
  • 11ead73 chore: update repository templates to ory/meta@935cc04
  • 5212e64 ci: test namespace type lib
  • 1d87908 ci: use go1.19
  • 065ce46 docs: add initial documentation example for rewrites
  • b054b24 docs: fix version meta schema
  • 446fe7d feat: OPL typescript library on npm
  • 5110f63 feat: add bearer token auth
  • 0ce1519 feat: configure subject-set rewrites
  • 5f056b7 feat: fine-grained control over transport security
  • ec979df feat: simpler notation for subjects w/o relation
  • 6f61af8 feat: subject-set rewrites
  • 1760459 feat: support subject sets in check
  • ea9dda9 fix: concurrency-safe graph utils
  • 8b30508 fix: correct paths in TypeScript SDK (#1025)
  • 1f9fa96 fix: do not setup /etc/nsswitch.conf on alpine Go fixed the initial issue and does not rely on that file anymore, see golang/go#35305
  • 5f4c19b fix: race in serve metrics init
  • 54c00c3 fix: remove check constraint
  • 96ff767 fix: request metrics (#1007)
  • acc1546 fix: sdk generation
  • b1ffd6b fix: use TLS in gRPC client (#988)
  • 3a5fb2c fix: uuid mapping migration paginates
  • a22dd19 fix: validate tuples for non-nil subject
  • 6a0b2fe r...
Read more

v0.9.0-alpha.0

01 Aug 17:21
Compare
Choose a tag to compare
v0.9.0-alpha.0 Pre-release
Pre-release

⚠️ Important Notice ⚠️

Due to a bug in the migrations, this version should be skipped. Greed-field deployments are not affected, but migrating to this release from previous versions might result in data loss! For details, head over to #997.


This release ships a few changes in the API paths. Requests and responses were not changed. However, we did A LOT of internal refactoring and improvements on the persistence layer. Some naming in the SDKs changed, it is a lot cleaner now. One important change is that we removed the single table migrator. From now on to migrate from v0.6.0-alpha.1, please first migrate the legacy namespaces using v0.8.0-alpha.2
We also overhauled the whole persistence structure to ensure high scalability. This means that the migration might take a bit longer than usual, so please test the process first on a backup or staging environment.
For all the details, check out the full changelog.

Breaking Changes

keto namespace migrate ... commands were removed. To migrate from v0.6.0-alpha.1, please first migrate the legacy namespaces using v0.8.0-alpha.2

The protobuf API was bumped to v1alpha2. Please upgrade your client dependency to that version. v1alpha1 is still supported for now, but might be dropped soon.

Some payload keys are now (not) required anymore. The generated SDKs will likely have breaking changes.

Co-authored-by: Patrik [email protected]
Co-authored-by: hperl [email protected]

/check is now /relation-tupes/check

/expand is now /relation-tuples/expand

/relation-tuples is now /admin/relation-tuples for write APIs

gRPC package is now called ory.keto.relation_tuples.v1alpha2

gRPC relation-tuple-delta action enum names are prefixed with ACTION_

Bug Fixes

  • cli: Make flag registration non-racy (8415ced)
  • Enable telemetry by default (9dc8c7c)
  • Hide relation tuples with deleted namespace (cb1a2dd)

Code Generation

  • Pin v0.9.0-alpha.0 release commit (6a13898)

Code Refactoring

  • API paths (#862) (d29d42c):

    This change refactors the API paths to be consistent with the rest of the Ory ecosystem. This step is required for the unified Ory SDK. Additionally, as we plan to add high level APIs, e.g. for RBAC. The check and expand API paths changed to allow adding those.

  • Change pagination to use keyset pagination (7b861c9):

    The page token now is the last ID of the previous page. This enables faster queries and more stable pagination.
    NOTE: in case an integration modified page tokens to control pagination, this change will break the integration. Page tokens are opaque strings and should never be messed with.

Documentation

Features

  • Add check endpoints that do not mirror status code (#853) (07d0fbd)

  • Add reverse lookup indices (#875) (25af263)

  • Add spec for namespace configs (3d61b1c):

    Co-authored-by: hackerman [email protected]

  • Make sensitive log value redaction text configurable (#860) (b8b1d81)

  • Map strings to UUIDs (#809) (#840) (add6577):

    With this change Keto now maps strings to UUIDv5 on the storage layer. This change allows unlimited strings to be used while maintaining good performance. Further, it reduces the likeliness of database hot-spots.
    The migration that applies this mapping might take some time, so please confirm that your migration strategy works for you.

  • Metric names same as for Kratos (315ff41)

  • tracing: Improved tracing for persisters and requests (#878) (eb62c50)

  • tracing: Switch to opentelemetry (#861) (31f38ed)

Tests

  • Remove double dockertest cleanup (0bfb10e)
  • Use isolated databases to parallelize all tests (bc09032)

Changelog

  • 57b5d8f autogen(docs): generate and bump docs
  • ac346cc autogen(docs): regenerate and update changelog
  • 227e044 autogen(docs): regenerate and update changelog
  • 4d0361b autogen(docs): regenerate and update changelog
  • 5b69f12 autogen(docs): regenerate and update changelog
  • 2324c4c autogen(docs): regenerate and update changelog
  • 08d87f2 autogen(docs): regenerate and update changelog
  • ef103eb autogen(docs): regenerate and update changelog
  • cf60181 autogen(docs): regenerate and update changelog
  • ffab5c0 autogen(docs): regenerate and update changelog
  • ab23038 autogen(docs): regenerate and update changelog
  • d64ae29 autogen(docs): regenerate and update changelog
  • 3453d47 autogen(docs): regenerate and update changelog
  • 273b3ea autogen(docs): regenerate and update changelog
  • ea1aafe autogen(docs): regenerate and update changelog
  • 8c5eb9d autogen(docs): regenerate and update changelog
  • 3b7525d autogen(docs): regenerate and update changelog
  • 9d47369 autogen(docs): regenerate and update changelog
  • e8e98da autogen(docs): regenerate and update changelog
  • 3d905fa autogen(docs): regenerate and update changelog
  • 8254df5 autogen(docs): regenerate and update changelog
  • e137676 autogen(docs): regenerate and update changelog
  • 2b3da8a autogen(docs): regenerate and update changelog
  • 00201cd autogen(docs): regenerate and update changelog
  • 6b40914 autogen(docs): regenerate and update changelog
  • 3129087 autogen(docs): regenerate and update changelog
  • 85ce144 autogen(docs): regenerate and update changelog
  • d038afa autogen(docs): regenerate and update changelog
  • f431256 autogen(docs): regenerate and update changelog
  • f4970c5 autogen(docs): regenerate and update changelog
  • f43f00a autogen(docs): regenerate and update changelog
  • d9e6b08 autogen(docs): regenerate and update changelog
  • e031c82 autogen(docs): regenerate and update changelog
  • 357ab6b autogen(docs): regenerate and update changelog
  • d3010f5 autogen(docs): regenerate and update changelog
  • 29d335b autogen(docs): regenerate and update changelog
  • fdeb32d autogen(docs): regenerate and update changelog
  • b00a850 autogen(docs): regenerate and update changelog
  • e87dca6 autogen(docs): regenerate and update changelog
  • 83ba718 autogen(docs): regenerate and update changelog
  • ee35a3b autogen(openapi): regenerate swagger spec and internal client
  • 9969667 autogen: add v0.8.0-alpha.2 to version.schema.json
  • 490cce8 autogen: pin v0.9.0-alpha.0 release commit
  • 6a13898 autogen: pin v0.9.0-alpha.0 release commit
  • c54e15a autogen: pin v0.9.0-alpha.0.pre.0 release commit
  • 6e2005a chore(ci): fix dockle
  • 139daa2 chore(ci): ignore unpatched vulnerability
  • 846d54d chore(ci): remove deprecated key in golangci-lint
  • 6aa84c6 chore(deps): always update all packages in docker images
  • db72a2f chore(deps): bump @grpc/grpc-js from 1.2.6 to 1.6.8 in /proto (#961)
  • 4aa7217 chore(deps): bump EndBug/add-and-commit from 4.4.0 to 9.0.1
  • 8c549df chore(deps): bump actions/checkout from 2 to 3
  • e6823e9 chore(deps): bump actions/checkout from 2 to 3
  • d55a25c chore(deps): bump actions/checkout from 2 to 3
  • 6d64207 chore(deps): bump actions/setup-go from 2 to 3 (#918)
  • 964cda6 chore(deps): bump actions/setup-node from 2 to 3 (#915)
  • a5ab26e chore(deps): bump actions/stale from 4 to 5
  • 787b6b9 chore(deps): bump actions/stale from 4 to 5
  • fd439bd chore(deps): bump actions/upload-artifact from 2 to 3
  • d5e0986 chore(deps): bump alpine base image to 3.15.4
  • af35f55 chore(deps): bump alpine from 3.15.4 to 3.16.0 in /.docker (#929)
  • 269990b chore(deps): bump docker/setup-buildx-action from 1 to 2
  • 9d6...
Read more

v0.8.0-alpha.2

04 Mar 10:48
v0.8.0-alpha.2
be5cffd
Compare
Choose a tag to compare
v0.8.0-alpha.2 Pre-release
Pre-release

Mainly fixes the SDKs.

Code Generation

  • Pin v0.8.0-alpha.2 release commit (be5cffd)

Changelog

  • be5cffd autogen: pin v0.8.0-alpha.2 release commit

Artifacts can be verified with cosign using this public key.

v0.8.0-alpha.1

22 Feb 13:57
v0.8.0-alpha.1
6daf88b
Compare
Choose a tag to compare
v0.8.0-alpha.1 Pre-release
Pre-release

This is merly a cleanup release to fix automation issues.

Code Generation

  • Pin v0.8.0-alpha.1 release commit (6daf88b)

Changelog

  • 6daf88b autogen: pin v0.8.0-alpha.1 release commit

Artifacts can be verified with cosign using this public key.

v0.8.0-alpha.0

10 Feb 15:06
85d59ec
Compare
Choose a tag to compare
v0.8.0-alpha.0 Pre-release
Pre-release

autogen: pin v0.8.0-alpha.0 release commit

Bug Fixes

  • Add dummy sidebar (555ffca)

  • Add hiring notice to README (#798) (2a6ddae)

  • CORS config values are ignored (#789) (ffeb5e3)

  • Docker compose migrate (#800) (f1599a4)

  • Docker-compose-postgres.yml SQL migration service (#779) (8f041bc)

  • Namespace should not be required in List API (#796) (07be82e):

    The namespace parameter is now not required anymore in the list REST API.

  • Openapi spec and internal SDK (#819) (a1b20c7)

  • Panic on macOS (059a6f9)

  • Slow keto start up time (b7c620c):

    Found a deeply nested dependency which was importing https://github.com/markbates/pkger, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 1.7s to 0.02s.

    $ time keto
    keto  1.65s user 2.02s system 734% cpu 0.499 total
    
    $ time ./keto-patch
    ./keto-patch  0.02s user 0.01s system 6% cpu 0.425 total
    
  • Update golang.org/x/sys to fix macOS binary execution (#794) (ad8df58), closes #793

Code Generation

  • Pin v0.8.0-alpha.0 release commit (85d59ec)

Code Refactoring

  • Configuration structure for limits (ffa99ec)
  • Move documentation to ory/docs and move to OAS3.0 generator (#833) (55d9d4e)

Documentation

Features

  • Add max-depth parameter for check and global max-depth (#791) (1e3b63f):

    The parameter max-depth for the check command limits the depth of the search, a safeguard against particularly expensive queries. This allows users more fine-grain control.

    Furthermore, there is now a global max-depth configuration value that limits the overall max-depth of check and expand operations. It defaults to 5, which is considered a very safe value.

  • Add new metrics server to keto (#832) (8beba60)

  • Bulk deletion of relation tuples (#799) (c1e8546)

Changelog

  • e3c5cc9 autogen(docs): generate and format documentation
  • a9b79bb autogen(docs): generate and format documentation
  • 03f657c autogen(docs): generate and format documentation
  • e38625c autogen(docs): generate and format documentation
  • 169d63e autogen(docs): generate and format documentation
  • fabf1a0 autogen(docs): generate and format documentation
  • bb3396a autogen(docs): generate and format documentation
  • c605690 autogen(docs): generate and format documentation
  • 87e4d1d autogen(docs): generate and format documentation
  • b2a94ae autogen(docs): generate and format documentation
  • 9b2170b autogen(docs): generate and format documentation
  • 29bb94a autogen(docs): generate cli docs
  • 5129d1a autogen(docs): regenerate and update changelog
  • cbb3a8c autogen(docs): regenerate and update changelog
  • d35fd3e autogen(docs): regenerate and update changelog
  • 0d59f5f autogen(docs): regenerate and update changelog
  • 7f2601e autogen(docs): regenerate and update changelog
  • e81e39e autogen(docs): regenerate and update changelog
  • f9c4123 autogen(docs): regenerate and update changelog
  • f9c2ed8 autogen(docs): regenerate and update changelog
  • 33318a8 autogen(docs): regenerate and update changelog
  • 67c4c60 autogen(docs): regenerate and update changelog
  • e39f954 autogen(docs): regenerate and update changelog
  • e459b2e autogen(docs): regenerate and update changelog
  • c5f52bd autogen(docs): regenerate and update changelog
  • 03d76f1 autogen(docs): regenerate and update changelog
  • 8c7807e autogen(docs): regenerate and update changelog
  • 8b04e2b autogen(docs): regenerate and update changelog
  • 529b105 autogen(docs): regenerate and update changelog
  • c2f60df autogen(docs): regenerate and update changelog
  • 226aea8 autogen(docs): update milestone document
  • aa3d8bb autogen(docs): update milestone document
  • 7ee65b5 autogen(docs): update milestone document
  • 0411beb autogen(docs): update milestone document
  • 6da9f24 autogen(docs): update milestone document
  • 1b0282c autogen(docs): update milestone document
  • d52250d autogen(docs): update milestone document
  • 9836cd8 autogen(openapi): Regenerate swagger spec and internal client
  • 3344f2e autogen(openapi): Regenerate swagger spec and internal client
  • 897d0a7 autogen(openapi): Regenerate swagger spec and internal client
  • ce80599 autogen(openapi): Regenerate swagger spec and internal client
  • fea21bc autogen(openapi): Regenerate swagger spec and internal client
  • 8d8dde0 autogen(openapi): Regenerate swagger spec and internal client
  • 86f4885 autogen(openapi): Regenerate swagger spec and internal client
  • 7e71716 autogen(openapi): Regenerate swagger spec and internal client
  • 209b645 autogen(openapi): regenerate swagger spec and internal client
  • f7e4f3c autogen(openapi): regenerate swagger spec and internal client
  • c9fc740 autogen: add v0.7.0-alpha.1 to version.schema.json
  • 85d59ec autogen: pin v0.8.0-alpha.0 release commit
  • a6e34b2 autogen: pin v0.8.0-alpha.0.pre.0 release commit
  • 0b587b5 autogen: pin v0.8.0-alpha.0.pre.1 release commit
  • 3af469e chore(deps): bump node-fetch from 2.6.1 to 2.6.7 in /proto
  • f99d25a chore(deps): bump node-fetch in /contrib/docs-code-samples
  • 9081c01 chore(deps): update dependencies (#820)
  • 034ca81 chore: add grype to dev dependencies & make cve-scan target
  • fbec41c chore: bump alpine images (#790)
  • d032793 chore: bump ory/cli dev dependency
  • 73ce13a chore: change file permissions in test
  • 331164c chore: fix Ory CLI install script
  • 3229c43 chore: only report fixed CVEs
  • 03e7239 chore: rename definitons to definitions (#784)
  • a5a1a1e chore: update docusaurus template
  • 411ddfe chore: update docusaurus template
  • 09c2e02 chore: update docusaurus template (#786)
  • 23b4673 chore: update docusaurus template (#787)
  • af573d1 chore: update docusaurus template (#802)
  • 0d79906 chore: update docusaurus template (#804)
  • d030947 chore: update docusaurus template (#811)
  • 31cc98a chore: update docusaurus template (#821)
  • 104f58e chore: update repository templates
  • 932035d chore: update repository templates
  • 3ada77e chore: update repository templates
  • bb476bb chore: update repository templates
  • e2ace36 chore: update repository templates
  • 5ae429b chore: update repository templates
  • 0caccb9 chore: update repository templates
  • 1d813fe chore: update repository templates to 8191b78131173cce8788143f6ad95119d9b813c5
  • 8381bf2 chore: update to latest x and json schema (#817)
  • a1ca0ce chore: upgrade to pop/v6 (#795)
  • 9dccea0 ci: add buf lint to static checks job
  • c1ad753 ci: change git commit strategy for npm publish workflow
  • c55d8cc ci: fix token input
  • 8e93e29 ci: ignore false positive (#818)
  • 1effd79 ci: init GitHub Actions CI for Keto (#823)
  • 201ba63 ci: migrate to new goreleaser config (#837)
  • 5ba015e ci: only check used dependencies for CVEs
  • 816bd77 ci: push buf gen to correct branch
  • 2674abd ci: push to master branch when releasing gRPC client to npm (#782)
  • 6c1bbf8 ci: resolve buf docs sync
  • 5c66087 docs: add cloud
  • 25bc579 docs: add link to quickstart in config reference docs (#775)
  • 7ce7973 docs: clarify that CLI remotes should be addresses and not URIs (#808)
  • 563087d docs: heading caseing (#785)
  • d9397cc docs: update readme
  • 1e3b63f feat: add max-depth parameter for check and global max-depth (#791)
  • 8beba60 feat: add new metrics server to keto (#832)
  • c1e8546 feat: bulk deletion of relation tuples (#799)
  • ffeb5e3 fix: CORS config values are ignored (#789)
  • 555ffca fix: add dummy sidebar
  • 2a6ddae fix: add hiring notice to README (#798)
  • f1599a4 fix: docker compose migrate (#800)
  • 8f041bc fix: docker-compose-post...
Read more

v0.7.0-alpha.1

19 Oct 16:48
Compare
Choose a tag to compare
v0.7.0-alpha.1 Pre-release
Pre-release

This release provides small docs fixes especially for SDK clients.

Code Generation

  • Pin v0.7.0-alpha.1 release commit (0d1e33a)

Documentation

  • Adjust details missed for v0.7 (#762) (caa18c0)
  • Correct required annotation for List API parameters (#760) (ba1bec9)
  • Make max-depth expand parameter required (#755) (6d51422)

Changelog

e5a4c9a autogen(docs): generate and format documentation
bd88a36 autogen(docs): regenerate and update changelog
69cefb9 autogen(docs): regenerate and update changelog
d761627 autogen(docs): regenerate and update changelog
c4f2142 autogen(docs): regenerate and update changelog
0c8ff54 autogen(docs): regenerate and update changelog
cf7cddc autogen(docs): update milestone document
6eb7822 autogen: add v0.7.0-alpha.0 to version.schema.json
0d1e33a autogen: pin v0.7.0-alpha.1 release commit
42de1d2 chore: bump Keto version in quickstart docker-compose (#764)
5794b6e chore: update docusaurus template
b8e9db5 chore: update repository templates (#769)
439d042 chore: update repository templates (#770)
caa18c0 docs: adjust details missed for v0.7 (#762)
ba1bec9 docs: correct required annotation for List API parameters (#760)
6d51422 docs: make max-depth expand parameter required (#755)

Docker images

  • docker pull oryd/keto:v0-sqlite
  • docker pull oryd/keto:v0.7-sqlite
  • docker pull oryd/keto:v0.7.0-sqlite
  • docker pull oryd/keto:v0.7.0-alpha.1-sqlite
  • docker pull oryd/keto:latest-sqlite
  • docker pull oryd/keto:v0
  • docker pull oryd/keto:v0.7
  • docker pull oryd/keto:v0.7.0
  • docker pull oryd/keto:v0.7.0-alpha.1