Table of Contents
- 0.0.0 (2025-01-10)
- 0.13.0-alpha.0 (2024-02-27)
- 0.12.0-alpha.0 (2024-02-01)
- 0.11.1-alpha.0 (2023-03-09)
- 0.11.0-alpha.0 (2023-02-23)
- 0.11.0-alpha.0.pre.1 (2023-02-23)
- 0.10.0-alpha.0 (2022-09-27)
- 0.9.0-alpha.0 (2022-08-01)
- 0.8.0-alpha.2 (2022-03-04)
- 0.8.0-alpha.1 (2022-02-22)
- 0.8.0-alpha.0 (2022-02-10)
- 0.7.0-alpha.1 (2021-10-19)
- 0.7.0-alpha.0 (2021-10-06)
- 0.6.0-alpha.3 (2021-04-29)
- 0.6.0-alpha.2 (2021-04-29)
- 0.6.0-alpha.1 (2021-04-07)
- 0.5.6-alpha.1 (2020-05-28)
- 0.5.5-alpha.1 (2020-05-28)
- 0.5.4-alpha.1 (2020-04-07)
- 0.5.3-alpha.3 (2020-04-06)
- 0.5.3-alpha.1 (2020-04-03)
- 0.5.2 (2020-04-02)
- 0.5.0 (2020-04-02)
- 0.4.5-alpha.1 (2020-02-29)
- 0.4.4-alpha.1 (2020-02-14)
- 0.4.3-alpha.2 (2020-01-31)
- 0.4.3-alpha.1 (2020-01-23)
- 0.4.2-alpha.1 (2020-01-14)
- 0.4.1-beta.1 (2020-01-13)
- 0.4.0-alpha.1 (2020-01-13)
- 0.3.9-sandbox (2019-12-16)
- 0.3.7-sandbox (2019-12-11)
- 0.3.6-sandbox (2019-10-16)
- 0.3.5-sandbox (2019-08-21)
- 0.3.3-sandbox (2019-05-18)
- 0.3.1-sandbox (2019-04-29)
- 0.3.0-sandbox (2019-04-29)
- 0.2.3-sandbox+oryOS.10 (2019-02-05)
- 0.2.2-sandbox+oryOS.10 (2018-12-13)
- 0.2.1-sandbox+oryOS.10 (2018-12-13)
- 0.2.0-sandbox+oryOS.10 (2018-12-13)
- 0.0.1 (2018-05-20)
0.0.0 (2025-01-10)
-
Missing persister when initializing without network (#1525) (e675d5b):
- fix: missing persister when initializing without network
- chore: ignore CVE-2024-3154
-
Unused order (#1590) (47548c0):
We filter for
nid = ?
so there is no point in ordering by nid.Column
shard_id
is the prefix (CONSTRAINT keto_relation_tuples_uuid_pkey PRIMARY KEY (shard_id ASC, nid ASC)
) so it should not impact the query planner.
-
Add grpc server opts config (#1524) (7278e44):
- feat: add grpc server opts config
- chore: bump base image
- chore: temp ignore cve
-
Add Inspect option to registry (#1523) (213cfa5):
- chore: add alnr to codeowners
- feat: add Inspect option
-
Batch check relations (#1521) (d670d50):
- batch check relations
- rename path
- shared parallelized function. batch size and parallelization configurable
- move check to engine
- fail individual requests
- move parallelization factor to be request parameter
- document and update configurable max batch size
- end to end tests
- unit tests
- cleanup
- run make format
- fix pipeline failures
- PR Feedback: move parallelization factor to config. Use err group
-
Batched and chunked insertion+deletion of relation tuples (#1631) (c01b9c3)
-
Check migration status in readiness probes (#1643) (e270279)
-
Deduplicate UUID mappings before database insert (#1654) (ac812ee)
-
Write listen files with actual address (#1607) (0ba58c7):
This change improves spinning up test Keto servers that use port
0
. A new config value enables to set a file path where the server writes the actual address it listens on after it was assigned a random free port by the OS.
0.13.0-alpha.0 (2024-02-27)
autogen(docs): regenerate and update changelog
[skip ci]
-
docs: Regenerate and update changelog (c756958):
[skip ci]
0.12.0-alpha.0 (2024-02-01)
Improves performance, SDKs, and resolves minor issues.
-
Add width limit when expanding subject-sets in checks (#1433) (f1317da):
This change limits the max width that can be expanded during checks. An integration that runs into this limit would previously likely have timed out. A correct integration should not run into this limit.
-
Postgres docker-compose startup (#1295) (a4218d7):
- Fix starting docker-compose-postgres.yml
- bump docker image version
- make format
- Pin v0.12.0-alpha.0 release commit (4b40e18)
-
Fix multiline comments from proto files breaking tables (#1431) (ef9132d):
- Add markdown.tmpl file for bufbuild
- fix typo
Signed-off-by: Cléo Rebert [email protected]
- docs: add issue reference
-
Add distroless (#1348) (f0839ee):
- feat: add distroless
- Update Dockerfile-build
- Update Dockerfile-distroless-static
-
Add flag to block until migrations are done (#1380) (129902b)
-
Add tracing to fetcher (#1294) (4ffb7bc):
- feat: add tracing to fetcher
- rerun CI
-
Clearer error messages when not using block (#1393) (a3b5494):
- feat: clearer error messages when not using block
- dont timeout if block is used
- consolidate block flag into grpc client package
- respect timeout context key
- remove flake test by changing port manipulation in test
- fix case=timeout,noblock status test
- remove flakyness by reducing timeout to micro
-
Enable GRPC metrics (#1302) (91c12c9):
- feat: enable GRPC metrics
- fix: test and server registration
- fix: GRPC metrics
- fix: clean up for PR
-
Improve emitting of events (#1314) (5028c75):
- feat: improve emitting of events
- rename event constants
- move events package
- refactor event emitting
-
Write to UUID mapper and relation tuples in one SQL transaction (#1340) (eeeecf6):
- fix: lint
- feat: wrap an SQL transaction around the UUID mapper's and the relation tuple manager's write operations
0.11.1-alpha.0 (2023-03-09)
This release includes small fixes and improvements.
- Return meaningful status code when relation is not known (#1275) (1fef45a)
- Subject expansion is terminated unexpectedly (#1256) (f88a479)
- Pin v0.11.1-alpha.0 release commit (db5c007)
0.11.0-alpha.0 (2023-02-23)
This release includes a ton of bugfixes, especially around the Ory Permission Language and language parser.
Also, we started a greater effort to drastically improve latency, currently by introducing an experimental strict mode that reduces the number of SQL queries performed during checks. This is experimental to allow adjusting its behavior in a breaking manner, but it is ready for production usage. Do expect a non-stable behavior over the next releases. Any breaking behavior will be properly documented. Further, we also optimized some of the non-strict queries.
- Pin v0.11.0-alpha.0 release commit (7f1f580)
0.11.0-alpha.0.pre.1 (2023-02-23)
autogen: pin v0.11.0-alpha.0.pre.1 release commit
-
Allow comments in more places in OPL (#1117) (5f89fcf), closes #1116
-
Do not insert UUID mappings on readonly APIs (#1190) (a86db70):
Endpoints that do not mutate the database (such as list or check) now use a read-only version of the UUID mapper that does not write the mapping to the database (as all relevant mapping information is already mapped).
-
Docs broken links (#1254) (e646380):
- fix: docs broken links
- fix: edit proto files to fix links
-
More robust parser (d38e006)
-
Only type-check if there are no parser errors (b4bef07):
Type checks are not particularly useful on partially parsed input.
-
Panic with unknown subject set during expand (#1139) (1f3c568)
-
Race condition (05ec2da)
-
Recover from panics in gRPC server (#1149) (3e38d13):
Panics in the gRPC server now result in
codes.Internal
being returned, instead of killing the server. -
Relax OPL parsing (#1059) (a15c5ad):
- Allow semicolons in more places
- Allow commas in more places
-
- fix: tracing in persistence.sql.TraverseSubjectSetRewrite
- fix: incorrect HTTP return code
-
Tune error message (b51d215)
-
Use resilient HTTP client (e431978)
- Pin v0.11.0-alpha.0.pre.1 release commit (3fb1ca5)
-
Adds JSDoc to the npm package '@ory/keto-namespace-types' (#1136) (b582375)
-
Fix quickstart up.sh (#1158) (30a74c6):
Added
--insecure-disable-transport-security
flag to all client commands. -
Improve rewrites example (d809c76)
-
Add API to list namespaces (a8d8767)
-
Add libfuzzer for parser (05c9a01)
-
Allow loading OPL configs from base64 URLs (640abc1)
-
Allow permits referencing permits (c4d84f6):
You can now use
this.permits.<permission>(ctx)
to reference another permission in a permission declaration.Example:
comment: (ctx: Context) => this.permits.read(ctx)
-
Allow quoting object keys in OPL (081d834)
-
Allow setting the authority header in the CLI (17f10ef)
-
Expose OPL syntax check API (57ff639)
-
Faster SQL queries for checks and strict check mode (#1171) (8e07890):
With this change we introduce an experimental strict mode that drastically reduces the number of SQL queries performed during checks. This is experimental to allow adjusting its behavior in a breaking manner, but it is ready for production usage. Also some of the non-strict queries are optimized.
-
Handle HTTP config locations (6571bae)
-
Support Array<> syntax in type decl (#1152) (c4c456b):
You can now use
Array<T>
as an alternative toT[]
when declaring types for relations in the Ory Permission Language.
0.10.0-alpha.0 (2022-09-27)
This release ships the long-awaited Ory Permission Language (a.k.a. userset-rewrites) 🎉. You can now define global 🌍 rules for permissions, like "every user who is an owner also has read access", and many more. Best of all, you don't have to learn a new language to express these rules, but instead just use a subset of TypeScript. Therefore syntax highlighting, formatting tools, linters, unit test frameworks, ... work out of the box 📦! We will give a talk 🗣️ about how we ended up with this solution at the Ory Summit, so make sure to sign up or watch the recoding on YouTube later. Start exploring the Ory Permission Language by following our guide 📖. This is only the most shiny ✨ feature we packed into this release, see the full changelog for all the other fixes and features we included.
-
Concurrency-safe graph utils (ea9dda9)
-
Do not setup /etc/nsswitch.conf on alpine (1f9fa96):
Go fixed the initial issue and does not rely on that file anymore, see golang/go#35305
-
Race in serve metrics init (5f4c19b)
-
Remove check constraint (54c00c3):
Tests now use the new httpclient to properly handle empty strings vs strings (where the value is omitted in the JSON request).
-
Request metrics (#1007) (96ff767):
httprequest* metrics contain data related only to /metrics/prometheus endpoint. This commit adds endpoints from non-monitoring routers.
- fix: register read and write routers with PrometheusManager
- fix: register read and write routers with PrometheusManager p2
- fix: register read and write routers with PrometheusManager p3
- feat: grpc request metrics
- chore: add test
- chore: revert gRPC metric test
- chore: re-trigger ci
- chore: re-trigger ci
- chore: re-trigger ci
- fix: lint
- fix: cve
-
Sdk generation (acc1546):
- fix: better error handling
- chore: remove old httpclient
-
Use TLS in gRPC client (#988) (b1ffd6b):
Enable TLS and certificate checking in the gRPC client when communicating with remote hosts.
-
Uuid mapping migration paginates (3a5fb2c)
-
Validate tuples for non-nil subject (a22dd19)
-
Pin v0.10.0-alpha.0 release commit (52259a3):
Bumps from v0.10.0-alpha.0.pre.0
-
Pin v0.10.0-alpha.0.pre.1 release commit (2a63481)
-
Generalize tree structure (6a0b2fe):
This will allow reusing the tree to provide debug info on how a check decision was reached.
-
Add bearer token auth (5110f63)
-
Configure subject-set rewrites (0ce1519):
The subject-set rewrites can now be configured through the Ory Permission Language (OPL), which is a subset of TypeScript. The OPL config is referenced in the central configuration under namespaces as such:
[...] namespaces: location: <location> [...]
The can be any valid file, directory or URI.
-
Fine-grained control over transport security (5f056b7):
This adds two new flags to the Keto CLI:
- --insecure-disable-transport-security: Use plaintext instead of TLS
- --insecure-skip-hostname-verification: Use TLS, but do not verify the certificate
By default, the Keto CLI now connects to the remote via TLS and verifies the hostname.
-
OPL typescript library on npm (446fe7d)
-
Simpler notation for subjects w/o relation (ec979df)
-
Subject-set rewrites (6f61af8)
-
Support subject sets in check (1760459)
0.9.0-alpha.0 (2022-08-01)
This release ships a few changes in the API paths. Requests and responses were not changed. However, we did A LOT of internal refactoring and improvements on the persistence layer. Some naming in the SDKs changed, it is a lot cleaner now. One important change is that we removed the single table migrator. From now on to migrate from v0.6.0-alpha.1, please first migrate the legacy namespaces using v0.8.0-alpha.2 We also overhauled the whole persistence structure to ensure high scalability. This means that the migration might take a bit longer than usual, so please test the process first on a backup or staging environment. For all the details, check out the full changelog.
keto namespace migrate ...
commands were removed. To migrate from
v0.6.0-alpha.1, please first migrate the legacy namespaces using v0.8.0-alpha.2
The protobuf API was bumped to v1alpha2
. Please upgrade your client dependency
to that version. v1alpha1
is still supported for now, but might be dropped
soon.
Some payload keys are now (not) required anymore. The generated SDKs will likely have breaking changes.
Co-authored-by: Patrik [email protected] Co-authored-by: hperl [email protected]
/check
is now /relation-tupes/check
/expand
is now /relation-tuples/expand
/relation-tuples
is now /admin/relation-tuples
for write APIs
gRPC package is now called ory.keto.relation_tuples.v1alpha2
gRPC relation-tuple-delta action enum names are prefixed with ACTION_
- cli: Make flag registration non-racy (8415ced)
- Enable telemetry by default (9dc8c7c)
- Hide relation tuples with deleted namespace (cb1a2dd)
- Pin v0.9.0-alpha.0 release commit (6a13898)
-
This change refactors the API paths to be consistent with the rest of the Ory ecosystem. This step is required for the unified Ory SDK. Additionally, as we plan to add high level APIs, e.g. for RBAC. The check and expand API paths changed to allow adding those.
-
Change pagination to use keyset pagination (7b861c9):
The page token now is the last ID of the previous page. This enables faster queries and more stable pagination. NOTE: in case an integration modified page tokens to control pagination, this change will break the integration. Page tokens are opaque strings and should never be messed with.
- Expose embedded OpenAPI spec (f9d20e3)
- Fix docker compose demo setup (#872) (e89fbb0)
- Improve wording in README (#881) (fd6af60)
- Shorten CI status badge (#928) (81d880d)
- version schema: Require version or fall back to latest (#863) (5306c93)
-
Add check endpoints that do not mirror status code (#853) (07d0fbd)
-
Add spec for namespace configs (3d61b1c):
Co-authored-by: hackerman [email protected]
-
Make sensitive log value redaction text configurable (#860) (b8b1d81)
-
Map strings to UUIDs (#809) (#840) (add6577):
With this change Keto now maps strings to UUIDv5 on the storage layer. This change allows unlimited strings to be used while maintaining good performance. Further, it reduces the likeliness of database hot-spots. The migration that applies this mapping might take some time, so please confirm that your migration strategy works for you.
-
Metric names same as for Kratos (315ff41)
-
tracing: Improved tracing for persisters and requests (#878) (eb62c50)
- Remove double dockertest cleanup (0bfb10e)
- Use isolated databases to parallelize all tests (bc09032)
0.8.0-alpha.2 (2022-03-04)
Mainly fixes the SDKs.
- Pin v0.8.0-alpha.2 release commit (be5cffd)
- Change oathkeeper to keto in openapi meta (9cb0b98)
0.8.0-alpha.1 (2022-02-22)
This is merly a cleanup release to fix automation issues.
- Add foreign key constraint for network ID (e815cb0)
- Phony (9f5d0aa)
- Resolve post-release steps (#838) (d478567)
- Pin v0.8.0-alpha.1 release commit (6daf88b)
- Fix inconsistencies (dab1b1d)
0.8.0-alpha.0 (2022-02-10)
Ory Keto v0.8.0-alpha.0 mainly ships internal improvements next to one bigger, possibly breaking feature. With PR #799 Keto now supports bulk deletion of relation-tuples. For gRPC clients we added a new rpc, while in the REST world we had to change the behavior of the existing delete handler.
IT NOW DELETES ALL MATCHING TUPLES.
Example:
curl -X DELETE "https://keto.local/relation-tuples?subject_id=foo"
will delete all relation tuples that have the subject ID foo
, even across
namespaces. Passing empty strings is equivalent to not setting a value. Please
test your integrations on a copy of your database before rolling out the update.
If you don't use that REST endpoint, you are on the safe side.
-
Add dummy sidebar (555ffca)
-
Docker-compose-postgres.yml SQL migration service (#779) (8f041bc)
-
Namespace should not be required in List API (#796) (07be82e):
The
namespace
parameter is now not required anymore in the list REST API. -
Panic on macOS (059a6f9)
-
Slow keto start up time (b7c620c):
Found a deeply nested dependency which was importing
https://github.com/markbates/pkger
, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 1.7s to 0.02s.$ time keto keto 1.65s user 2.02s system 734% cpu 0.499 total $ time ./keto-patch ./keto-patch 0.02s user 0.01s system 6% cpu 0.425 total
-
Update golang.org/x/sys to fix macOS binary execution (#794) (ad8df58), closes #793
- Pin v0.8.0-alpha.0 release commit (85d59ec)
- Configuration structure for limits (ffa99ec)
- Move documentation to ory/docs and move to OAS3.0 generator (#833) (55d9d4e)
- Add cloud (5c66087)
- Add link to quickstart in config reference docs (#775) (25bc579)
- Clarify that CLI remotes should be addresses and not URIs (#808) (7ce7973)
- Heading caseing (#785) (563087d)
- Update readme (d9397cc)
-
Add max-depth parameter for check and global max-depth (#791) (1e3b63f):
The parameter
max-depth
for the check command limits the depth of the search, a safeguard against particularly expensive queries. This allows users more fine-grain control.Furthermore, there is now a global max-depth configuration value that limits the overall max-depth of check and expand operations. It defaults to
5
, which is considered a very safe value.
0.7.0-alpha.1 (2021-10-19)
This release provides small docs fixes especially for SDK clients.
- Pin v0.7.0-alpha.1 release commit (0d1e33a)
- Adjust details missed for v0.7 (#762) (caa18c0)
- Correct
required
annotation for List API parameters (#760) (ba1bec9) - Make
max-depth
expand parameter required (#755) (6d51422)
0.7.0-alpha.0 (2021-10-06)
We are proud to present you a new release of Ory Keto! It has been a while, but we have been working hard not only on code, but also concepts and discussing many upcoming features. To join us on this exciting journey, watch 👀 and start ⭐ the repository.
At a first glance the release might not look too exciting from the outside, but we had 376 changed files with 47,578 additions and 25,418 deletions. In total, 12 contributors worked on the 192 commits. The most changes were bug fixes, internal refactoring, and improving API consistency. Expect a more reliable Keto, that is also prepared to receive many new exciting features.
Because the database schema changed significantly, and it is not possible to have SQL-only migrations, there is a special migration procedure needed to upgrade from Ory Keto v0.6. Please follow the migration guide and, as always, read the changelog before upgrading.
This patch changes the payload of the REST API. The gRPC API is not
affected. The parameter subject
was previously an encoded string. With this
change clients have to explicitly use either subject_id
or
(subject_set.namespace
and subject_set.object
and subject_set.relation
).
The same is true for REST responses returned by Keto. An error with a hint will
be returned if subject
is still used.
-
cli: Panic when printing empty expand trees (#686) (7956dec)
-
Handle relation tuple cycles in expand and check engine (#623) (8e30119)
-
Move gRPC client module root up (#620) (3b881f6):
BREAKING: The npm package
@ory/keto-grpc-client
from now on includes all API versions. Because of that, the import paths changed. For migrating to the new client package, change the import path according to the following example:- import acl from '@ory/keto-grpc-client/acl_pb.js' + // from the latest version + import { acl } from '@ory/keto-grpc-client' + // or a specific one + import acl from '@ory/keto-grpc-client/ory/keto/acl/v1alpha1/acl_pb.js'
-
Partially reference upstream schemas (#674) (e49e16c), closes #662:
This change significantly improves and the config schema. Parts will now be taken from upstream to ensure a more up-to-date schema.
-
Patch REST API input validation and SDK generation (#717) (d49e098)
-
Run a whole namespace migration as one transaction (#739) (142bd47)
-
Set version during release build and register version handler (#714) (8091475)
-
Update docker-compose.yml version (#595) (7fa4dca), closes #549
- Update repository templates (f53d3eb)
- Pin v0.7.0-alpha.0 release commit (7962e77)
-
Ensure namespace manager reload is resource contained (#735) (5696fc6)
-
Make subject sets and subject IDs unambiguous (#729) (5a1b0ba)
-
Persistence table structure (#638) (d02b818):
This big refactoring greatly reduces operation complexity and paves the way for upcoming performance improvements. From now on the relation tuples from all namespaces are stored in the same table, instead of having tables per namespace. A migration path will be provided separately.
- Add migration guide to v0.7 (#758) (3335a4b)
- Add new redoc docsc (#651) (435ae00)
- Change npm org scope from @oryd to @ory (#730) (945005f)
- Fix build and gen:config (#676) (f128732)
- Fix erroneous sidebar commit (5cf2b4c)
- Fix example not following best practice (#582) (a015818)
- Fix link in migration guide (e995829)
- Fix REST API reference (#718) (f989b39)
- Update NPM links due to organisation move (#616) (6355bea)
- Update reference to Zanzibar in README (#746) (a0d8caf)
-
Add gRPC client utils helpers (#657) (8b18802):
Behold! The Keto gRPC client library now has useful helpers that allow you to replace:
- deltas := make([]*acl.RelationTupleDelta, len(tuples)) - for i := range rts { - deltas[i] = &acl.RelationTupleDelta{ - Action: acl.RelationTupleDelta_INSERT, - RelationTuple: rts[i], - } - } + deltas := acl.RelationTupleToDeltas(tuples, acl.RelationTupleDelta_INSERT)
and
- &acl.Subject{Ref: &acl.Subject_Set{Set: &acl.SubjectSet{ - Namespace: "directories", - Object: "/photos", - Relation: "access", - }}} + acl.NewSubjectSet("directories", "/photos", "access")
and
- &acl.Subject{Ref: &acl.Subject_Id{ - Id: "user1", - }} + acl.NewSubjectID("user1")
Enjoy these new treats 🍫 🍭 🍦
-
Migration to single table SQL schema (#707) (00713bc):
This change adds a migration path from Keto version v0.6.x to the new persistence structure introduced by #638. Every namespace has to be migrated separately, or you can use the CLI to detect and migrate all namespaces at once. Have a look at
keto help namespace migrate legacy
for all details. Please make sure that you backup the database before running the migration command. Please note that this migration might be a bit slower than usual, as we have to pull the data from the database, transcode it in Keto, and then write it to the new table structure. Versions of Keto >v0.7 will not include this migration script, so you will first have to migrate to v0.7 and move on from there. -
Support namespace validation from config files (#596) (f4253b8):
The
keto namespace validate
command now additionally supports:- validation of namespaces in config files
- validation of a directory specified in config files
-
De-flake status command test (#629) (3bcd0e3):
Confirmed that the fix works because
$ go test -tags sqlite -run TestStatusCmd/server_type=read/case=block -count 1000 ./cmd/status
passed.
-
Ensure problematic chars are not creatable over REST (#709) (12b7954)
0.6.0-alpha.3 (2021-04-29)
Resolves CRDB and build issues.
- Pin v0.6.0-alpha.3 release commit (d766968)
0.6.0-alpha.2 (2021-04-29)
This release improves stability and documentation.
- Add npm run format to make format (7d844a8)
- Makefile target (0e6f612)
- Move swagger to spec dir (7f6a061)
- Resolve clidoc issues (ef12b4e)
- Update install.sh (#568) (86ab245)
- Use correct id (5e02902)
- Use correct id for api (32a6b04)
- Use sqlite image versions (#544) (ec6cc5e)
- Pin v0.6.0-alpha.2 release commit (470b2c6)
- Add gRPC client README.md (#559) (9dc3596)
- Change forum to discussions readme (#539) (ea2999d)
- Fix cat videos example docker compose (#549) (b25a711)
- Fix typo (#538) (99a9693)
- Include namespace in olymp library example (#540) (135e814)
- Update install from source steps to actually work (#548) (e662256)
0.6.0-alpha.1 (2021-04-07)
We are extremely happy to announce next-gen Ory Keto which implements Zanzibar: Google’s Consistent, Global Authorization System:
Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.
Ory Keto is the first open source planet-scale authorization system built with cloud native technologies (Go, gRPC, newSQL) and architecture. It is also the first open source implementation of Google Zanzibar 🎉!
Many concepts developer by Google Zanzibar are implemented in Ory Keto already. Let's take a look!
As of this release, Ory Keto knows how to interpret and operate on the basic
access control lists known as relation tuples. They encode relations between
objects and subjects. One simple example of such a relation tuple could encode
"user1
has access to file /foo
", a more complex one could encode "everyone
who has write access on /foo
has read access on /foo
".
Ory Keto comes with all the basic APIs as described in the Zanzibar paper. All of them are available over gRPC and REST.
- List: query relation tuples
- Check: determine whether a subject has a relation on an object
- Expand: get a tree of all subjects who have a relation on an object
- Change: create, update, and delete relation tuples
For all details, head over to the documentation.
With this release we officially move the "old" Keto to the legacy-0.5 branch. We will only provide security fixes from now on. A migration path to v0.6 is planned but not yet implemented, as the architectures are vastly different. Please refer to the issue.
We are keen to bring more features and performance improvements. The next features we will tackle are:
- Subject Set rewrites
- Native ABAC & RBAC Support
- Integration with other policy servers
- Latency reduction through aggressive caching
- Cluster mode that fans out requests over all Keto instances
So stay tuned, ⭐ this repo, 👀 releases, and subscribe to our newsletter 📧.
-
Add description attribute to access control policy role (#215) (831eba5)
-
Add leak_sensitive_values to config schema (2b21d2b)
-
Bump CLI (80c82d0)
-
Check engine overwrote result in some cases (#412) (3404492)
-
Check health status in status command (21c64d4)
-
Check REST API returns JSON object (#460) (501dcff), closes #406
-
Ensure nil subject is not allowed (#449) (7a0fcfc):
The nodejs gRPC client was a great fuzzer and pointed me to some nil pointer dereference panics. This adds some input validation to prevent panics.
-
Ensure persister errors are handled by sqlcon (#473) (4343c4a)
-
Handle pagination and errors in the check/expand engines (#398) (5eb1a7d)
-
Ignore dist (ba816ea)
-
Ignore x/net false positives (d8b36cb)
-
Move dockerfile to where it belongs (f087843)
-
Rename /relationtuple endpoint to /relation-tuples (#519) (8eb55f6)
-
Resolve gitignore build (6f04bbb)
-
Resolve goreleaser issues (d32767f)
-
Resolve windows build issues (8bcdfbf)
-
Rewrite check engine to search starting at the object (#310) (7d99694), closes #302
-
schema: Add trace level to logger (a5a1402)
-
Strict version enforcement in docker (e45b28f)
-
Update dd-trace to fix build issues (2ad489f)
-
Update docker to go 1.16 and alpine (c63096c)
-
Use errors.WithStack everywhere (#462) (5f25bce), closes #437:
Fixed all occurrences found using the search pattern
return .*, err\n
. -
Use make() to initialize slices (#250) (84f028d), closes #217
-
Use package name in pkger (6435939)
- Pin v0.6.0-alpha.1 release commit (875af25)
-
Add namespace and relation naming conventions (#510) (dd31865)
-
Add performance page (#413) (6fe0639):
This also refactored the server startup. Functionality did not change.
-
Add production guide (a9163c7)
-
Delete old redirect homepage (c0a3784)
-
Document gRPC SKDs (7583fe8)
-
Fix regression issues (9697bb4)
-
Move development section (9ff393f)
-
Move to json sidebar (257bf96)
-
Remove duplicate "is" (ca3277d)
-
Remove duplicate template (1d3b38e)
-
Resolve broken links (0d0a50b)
-
Simple access check guide (#451) (e0485af):
This also enables gRPC go, gRPC nodejs, cURL, and Keto CLI code samples to be tested.
-
Update install instructions (d2e4123)
-
Update introduction (5f71d73)
-
Update README (#515) (18d3cd6):
Also format all markdown files in the root.
-
Update repository templates (db505f9)
-
Update repository templates (6c056bb)
-
Update swagger documentation for REST endpoints (c363de6)
-
Use mdx for api reference (340f3a3)
-
Add .dockerignore (8b0ff06)
-
Add and automate version schema (b01eef8)
-
Add POST REST handler for policy check (7d89860)
-
Allow to apply namespace migrations together with regular migrations (#441) (57e2bbc)
-
GRPC status codes and improved error messages (#467) (4a4f8c6)
-
Namespace migrate status CLI (#508) (e3f7ad9):
This also refactors the current
migrate
andnamespace migrate
commands. -
Nodejs gRPC definitions (#447) (3b5c313):
Includes Typescript definitions.
-
This is a first draft of the read API. It is reachable by REST and gRPC calls. The main purpose of this PR is to establish the basic repository structure and define the API.
-
Relationtuple parse command (#490) (91a3cf4):
This command parses the relation tuple format used in the docs. It greatly improves the experience when copying something from the documentation. It can especially be used to pipe relation tuples into other commands, e.g.:
echo "messages:02y_15_4w350m3#decypher@john" | \ keto relation-tuple parse - --format json | \ keto relation-tuple create -
-
REST patch relation tuples (#491) (d38618a):
The new PATCH handler allows transactional changes similar to the already existing gRPC service.
-
Separate and multiplex ports based on read/write privilege (#397) (6918ac3)
- Add command tests (#487) (61c28e4)
- Add dedicated persistence tests (#416) (4e98906)
- Add handler tests (#478) (9315a77)
- Add initial e2e test (#380) (dc5d3c9)
- Add relationtuple definition tests (#415) (2e3dcb2)
- Enable GRPC client in e2e test (#382) (4e5c6ae)
- Improve docs sample tests (#461) (6e0e5e6)
0.5.6-alpha.1 (2020-05-28)
This release bumps vulnerable transient dependencies (those are not actually used in ORY Keto) and updates several documentation pages and improves structured logging output. Additionally, ORY Keto now uses the updated release pipeline!
- Update install script (21e1bf0)
- Pin v0.5.6-alpha.1 release commit (ed0da08)
0.5.5-alpha.1 (2020-05-28)
This release bumps vulnerable transient dependencies (those are not actually used in ORY Keto) and updates several documentation pages and improves structured logging output. Additionally, ORY Keto now uses the updated release pipeline!
- Move deps to go_mod_indirect_pins (dd3e971)
- Resolve test issues (9bd9956)
- Update install.sh script (f64d320)
- Use semver-regex replacer func (2cc3bbb)
- Pin v0.5.5-alpha.1 release commit (4666a0f)
- Add missing colon in docker run command (#193) (383063d)
- Update github templates (#182) (72ea09b)
- Update github templates (#184) (ed546b7)
- Update github templates (#188) (ebd75b2)
- Update github templates (#189) (fd4c0b1)
- Update github templates (#195) (ba0943c)
- Update linux install guide (#191) (7d8b24b)
- Update repository templates (ea65b5c)
- Use central banner repo for README (0d95d97)
- Use correct banner (c6dfe28)
- Use correct version (5f7030c), closes #200
- Use correct versions in install docs (52e6c34)
0.5.4-alpha.1 (2020-04-07)
fix: resolve panic when executing migrations (#178)
Closes #177
0.5.3-alpha.3 (2020-04-06)
autogen(docs): regenerate and update changelog
- docs: Regenerate and update changelog (769cef9)
- Regenerate and update changelog (dda79b1)
- Regenerate and update changelog (9048dd8)
- Regenerate and update changelog (806f68c)
- Regenerate and update changelog (8905ee7)
- Regenerate and update changelog (203c1cc)
- Regenerate and update changelog (8875a95)
- Regenerate and update changelog (28ddd3e)
- Regenerate and update changelog (927c4ed)
- Updates issue and pull request templates (#168) (29a38a8)
- Updates issue and pull request templates (#169) (99b7d5d)
- Updates issue and pull request templates (#171) (7a9876b)
0.5.3-alpha.1 (2020-04-03)
chore: move to ory analytics fork (#167)
0.5.2 (2020-04-02)
docs: Regenerate and update changelog
0.5.0 (2020-04-02)
docs: use real json bool type in swagger (#162)
Closes #160
- Move to ory sqa service (#159) (c3bf1b1)
- Use correct response mode for removeOryAccessControlPolicyRoleMe… (#161) (17543cf)
- Regenerate and update changelog (6a77f75)
- Regenerate and update changelog (c8c9d29)
- Regenerate and update changelog (fe8327d)
- Regenerate and update changelog (b5b1d66)
- Update forum and chat links (e96d7ba)
- Updates issue and pull request templates (#158) (ab14cfa)
- Use real json bool type in swagger (#162) (5349e7f), closes #160
0.4.5-alpha.1 (2020-02-29)
docs: Regenerate and update changelog
- Regenerate and update changelog (41513da)
0.4.4-alpha.1 (2020-02-14)
docs: Regenerate and update changelog
- goreleaser: Update brew section (0918ff3)
- Prepare ecosystem automation (2e39be7)
- Regenerate and update changelog (009c4c4)
- Regenerate and update changelog (49f3c4b)
- Updates issue and pull request templates (#153) (7fb7521)
- Update CHANGELOG [ci skip] (63fe513)
- Update CHANGELOG [ci skip] (7b7c3ac)
- Update CHANGELOG [ci skip] (8886392)
- Update CHANGELOG [ci skip] (5bbc284)
0.4.3-alpha.2 (2020-01-31)
Update README.md
0.4.3-alpha.1 (2020-01-23)
Disable access logging for health endpoints (#151)
Closes #150
0.4.2-alpha.1 (2020-01-14)
Update CHANGELOG [ci skip]
- Update CHANGELOG [ci skip] (afaabde)
0.4.1-beta.1 (2020-01-13)
Update CHANGELOG [ci skip]
0.4.0-alpha.1 (2020-01-13)
Move to new SDK generators (#146)
- Move to new SDK generators (#146) (4f51a09), closes #146
- Fix typos in the README (#144) (85d838c), closes #144
0.3.9-sandbox (2019-12-16)
Update go modules
- Update go modules (1151e07)
0.3.7-sandbox (2019-12-11)
Update documentation banner image (#143)
- Update documentation banner image (#143) (e444755), closes #143
- Revert incorrect license changes (094c4f3)
- Fix invalid pseudo version (#138) (79b4457)
0.3.6-sandbox (2019-10-16)
Resolve issues with mysql tests (#137)
0.3.5-sandbox (2019-08-21)
Implement roles and policies filter (#124)
- Incorporates changes from version v0.3.3-sandbox (57686d2)
- README grammar fixes (#114) (e592736)
- Updates issue and pull request templates (#110) (80c8516)
- Updates issue and pull request templates (#111) (22305d0)
- Updates issue and pull request templates (#112) (dccada9)
- Updates issue and pull request templates (#125) (15f373a)
- Updates issue and pull request templates (#128) (eaf8e33)
- Updates issue and pull request templates (#130) (a440d14)
- Updates issue and pull request templates (#131) (dbf2cb2)
- Updates issue and pull request templates (#132) (e121048)
- Updates issue and pull request templates (#133) (1b7490a)
- Implement roles and policies filter (#124) (db94481), closes #124
- Improve documentation (#126) (aabb04d), closes #126
- Create FUNDING.yml (571b447)
- Remove binary license (#117) (6e85f7c), closes #117
- Add adopters placeholder (#129) (b814838)
- Use non-root user in image (#116) (a493e55)
0.3.3-sandbox (2019-05-18)
ci: Resolve goreleaser issues (#108)
- Incorporates changes from version v0.3.1-sandbox (b8a0029)
- Updates issue and pull request templates (#106) (54a5a27)
0.3.1-sandbox (2019-04-29)
ci: Use image that includes bash/sh for release docs (#103)
Signed-off-by: aeneasr [email protected]
- Incorporates changes from version v0.3.0-sandbox (605d2f4)
0.3.0-sandbox (2019-04-29)
docker: Remove full tag from build pipeline (#101)
Signed-off-by: aeneasr [email protected]
- Update patrons (c8dc7cd)
-
Remove duplicate code in Makefile (#99) (04f5223), closes #99
-
Add tracing support and general improvements (#98) (63b3946), closes #98:
This patch improves the internal configuration and service management. It adds support for distributed tracing and resolves several issues in the release pipeline and CLI.
Additionally, composable docker-compose configuration files have been added.
Several bugs have been fixed in the release management pipeline.
-
storage/memory: Fix upsert with pre-existing key will causes duplicate records (#88) (1cb8a36), closes #88 #80
-
Move Go SDK generation to go-swagger (#94) (9f48a95), closes #92
-
Send 403 when authorization result is negative (#93) (de806d8), closes #75
0.2.3-sandbox+oryOS.10 (2019-02-05)
dist: Fix packr build pipeline (#84)
Closes #73 Closes #81
Signed-off-by: aeneasr [email protected]
- Add documentation for glob matching (5c8babb)
- Incorporates changes from version v0.2.2-sandbox+oryOS.10 (ed7af3f)
- Properly generate api.swagger.json (18e3f84)
- Add placeholder go file for rego inclusion (6a6f64d)
- Add support for glob matching (bb76c6b)
- Ex- and import rego subdirectories for
go get
#77 (59cc053), closes #73 - Fix packr build pipeline (#84) (65a87d5), closes #73 #81
- Import glob in rego/doc.go (7798442)
- Properly handle dbal error (6811607)
- Properly handle TLS certificates if set (36399f0), closes #73
0.2.2-sandbox+oryOS.10 (2018-12-13)
ci: Fix docker push arguments in publish task
Signed-off-by: aeneasr [email protected]
- Fix docker push arguments in publish task (f03c77c)
0.2.1-sandbox+oryOS.10 (2018-12-13)
ci: Fix docker release task
Signed-off-by: aeneasr [email protected]
- Fix docker release task (7a0414f)
0.2.0-sandbox+oryOS.10 (2018-12-13)
all: gofmt
Signed-off-by: aeneasr [email protected]
- Adds banner (0ec1d8f)
- Adds GitHub templates & code of conduct (#31) (a11e898)
- Adds link to examples repository (#32) (7061a2a)
- Adds security console image (fd27fc9)
- Changes hydra to keto in readme (9dab531)
- Deprecate old versions in logs (955d647)
- Incorporates changes from version (85c4d81)
- Incorporates changes from version v0.0.0-testrelease.1 (6062dd4)
- Incorporates changes from version v0.0.1-1-g85c4d81 (f4606fc)
- Incorporates changes from version v0.0.1-11-g114914f (92a4dca)
- Incorporates changes from version v0.0.1-16-g7d8a8ad (2b76a83)
- Incorporates changes from version v0.0.1-18-g099e7e0 (70b12ad)
- Incorporates changes from version v0.0.1-20-g97ccbe6 (b21d56e)
- Incorporates changes from version v0.0.1-30-gaf2c3b5 (a1d0dcc)
- Incorporates changes from version v0.0.1-32-gedb5a60 (a5c369a)
- Incorporates changes from version v0.0.1-6-g570783e (0fcbbcb)
- Incorporates changes from version v0.0.1-7-g0fcbbcb (c0141a8)
- Incorporates changes from version v0.1.0-sandbox (9ee0664)
- Incorporates changes from version v1.0.0-beta.1-1-g162d7b8 (647c5a9)
- Incorporates changes from version v1.0.0-beta.2-11-g2b280bb (936889d)
- Incorporates changes from version v1.0.0-beta.2-13-g382e1d3 (883df44)
- Incorporates changes from version v1.0.0-beta.2-15-g74450da (48dd9f1)
- Incorporates changes from version v1.0.0-beta.2-3-gf623c52 (b6b90e5)
- Incorporates changes from version v1.0.0-beta.2-5-g3852be5 (3f09090)
- Incorporates changes from version v1.0.0-beta.2-9-gc785187 (4c30a3c)
- Incorporates changes from version v1.0.0-beta.3-1-g06adbf1 (0ba3c06)
- Incorporates changes from version v1.0.0-beta.3-10-g9994967 (d2345ca)
- Incorporates changes from version v1.0.0-beta.3-12-gc28b521 (b4d792f)
- Incorporates changes from version v1.0.0-beta.3-3-g9e16605 (c43bf2b)
- Incorporates changes from version v1.0.0-beta.3-5-ga11e898 (b9d9b8e)
- Incorporates changes from version v1.0.0-beta.3-8-g7061a2a (d76ff9d)
- Incorporates changes from version v1.0.0-beta.5 (0dc314c)
- Incorporates changes from version v1.0.0-beta.6-1-g5e97104 (f14c8ed)
- Incorporates changes from version v1.0.0-beta.8 (5045b59)
- Incorporates changes from version v1.0.0-beta.9 (be2f035)
- Properly sets up changelog TOC (e0acd67)
- Puts toc in the right place (114914f)
- Revert changes from test release (ab3a64d)
- Update documentation links (#67) (d22d413)
- Update link to security console (846ce4b)
- Update migration guide (3c44b58)
- Update to latest changes (1625123)
- Updates copyright notice (9dd5578)
- Updates installation guide (f859645)
- Updates issue and pull request templates (#52) (941cae6)
- Updates issue and pull request templates (#53) (7b222d2)
- Updates issue and pull request templates (#54) (f098639)
- Updates link to guide and header (437c255)
- Updates link to open collective (382e1d3)
- Updates links to docs (d84be3b)
- Updates newsletter link in README (2dc36b2)
-
Switch to rego as policy decision engine (#48) (ee9bcf2), closes #48
-
gofmt (777b1be)
-
authn/client: Payload is now prefixed with client (8584d94)
-
Add Go SDK factory (99db7e6)
-
Add go SDK interface (3dd5f7d)
-
Add health handlers (bddb949)
-
Add policy list handler (a290619)
-
Add role iterator in list handler (a3eb696)
-
Add SDK generation to circle ci (9b37165)
-
Adds ability to update a role using PUT (#14) (97ccbe6):
- transfer UpdateRoleMembers from ory/hydra#768 to keto
- fix tests by using right http method & correcting sql request
- Change behavior to overwrite the whole role instead of just the members.
- small sql migration fix
-
Adds log message when telemetry is active (f623c52)
-
Clean up vendor dependencies (9a33c23)
-
Fix typo in help command in env var name (#39) (8a5016c), closes #25
-
Fixes environment variable typos (566d588)
-
Format code (637c78c)
-
Gofmt (a8d7f9f)
-
Improve compose documentation (6870443)
-
Improves usage of metrics middleware (726c4be)
-
Improves usage of metrics middleware (301f386)
-
Introduce docker-compose file for testing (ba857e3)
-
Introduces health and version endpoints (6a9da74)
-
Make introspection authorization optional (e5460ad)
-
Properly names flags (af2c3b5)
-
Properly parses cors options (edb5a60)
-
Removes additional output if no args are passed (703e124)
-
Resolves an issue with the hydra migrate command (2b280bb), closes #23
-
Resolves broken role test (b6c7f9c)
-
Resolves minor typos and updates install guide (3852be5)
-
Update dependencies (663d8b1)
-
Update npm package registry (a53d3d2)
-
Updates to latest sqlcon (2c9f643)
0.0.1 (2018-05-20)
authn: Checks token_type is "access_token", if set
Closes #1
- Incorporates changes from version (b5445a0)
- Incorporates changes from version (295ff99)
- Incorporates changes from version (bd44d41)
- Updates readme and upgrades (0f95dbb)
- Uses keto repo for changelog (14c0b2a)
-
Tells linguist to ignore SDK files (f201eb9)
-
cmd/server: Resolves DBAL not handling postgres properly (dedc32a)
-
cmd/server: Improves error message in migrate command (4b17ce8)
-
Resolves travis and docker issues (6f4779c)
-
Adds OAuth2 Client Credentials authenticator and warden endpoint (c55139b)
-
Adds SDK helpers (a1c2608)
-
Initial project commit (a592e51)
-
Initial commit (4f00bc9)
-
Adds migrate commands to the proper parent command (231c70d)
-
Checks token_type is "access_token", if set (d2b8f5d), closes #1
-
Removes old test (07b733b)
-
Renames subject to sub in response payloads (ca4d540)
-
Retries SQL connection on migrate commands (3d33d73):
This patch also introduces a fatal error if migrations fail