ory/keto v0.14.0

on GitHub

We're excited to announce the release of ORY Keto v0.14.0! This update builds on our commitment to providing a robust, flexible, and high-performance authorization server by introducing new features, important fixes, and several improvements that enhance both user and developer experiences.

• New Features & Enhancements
  • Batched and Chunked Operations: Improve performance with batched and chunked insertion and deletion of relation tuples and UUID mappings by @alnr.
  • GRPC Server Options: Configure your gRPC server with additional options for more fine-tuned control, thanks to @Demonsthere’s contribution.
  • Listen Files Update: The server now writes listen files with the actual address, allowing for better test setups by using port 0, contributed by @zepatrik.
  • Inspect Option: Easily inspect registry details with the new Inspect option added by @alnr.
• Fixes & Corrections
  • Fixed HTTP request metrics and various smaller bugs to ensure smoother operations.
  • Resolved issues with persister initialization when operating without a network, courtesy of @alnr.
• Quality Improvements & Automation
  • Introduced new dependency updates and security fixes, including upgrades to critical libraries like Cobra, gRPC, and OpenTelemetry.
  • Integrated a kubescape image scanner to enhance security checks, contributed by @Demonsthere.

A warm welcome to our new contributors:

• @BenjaminNolan – for their first contribution in fixing a typo in our validation module.
• @patrickduffy95 – for their inaugural contribution in introducing batch checks for relations.
• @eroznik – for their first contribution, enhancing HTTP request metrics.

We appreciate your contributions and the fresh perspectives you bring to ORY Keto!

For a complete list of changes, please see the full changelog.

Thank you for being part of the ORY community. We’re excited to see how these updates help you build even more secure and scalable solutions.

Happy coding!

Bug Fixes

• Add not to docs (#1530) (3b3b768)

• Http request metrics(#1611) (#1612) (b2e6d34)

• Missing persister when initializing without network (#1525) (e675d5b):

  • fix: missing persister when initializing without network
  • chore: ignore CVE-2024-3154

• Typo in error message (#1520) (4a35588)

• Unused order (#1590) (47548c0):

  We filter for nid = ? so there is no point in ordering by nid.

  Column shard_id is the prefix (CONSTRAINT keto_relation_tuples_uuid_pkey PRIMARY KEY (shard_id ASC, nid ASC)) so it should not impact the query planner.

Code Generation

• Pin v0.14.0 release commit (613779b)

Features

• Add ContextKeyDialFunc (#1534) (567ceb9)

• Add grpc server opts config (#1524) (7278e44):

  • feat: add grpc server opts config
  • chore: bump base image
  • chore: temp ignore cve

• Add Inspect option to registry (#1523) (213cfa5):

  • chore: add alnr to codeowners
  • feat: add Inspect option

• Batch check relations (#1521) (d670d50):

  • batch check relations
  • rename path
  • shared parallelized function. batch size and parallelization configurable
  • move check to engine
  • fail individual requests
  • move parallelization factor to be request parameter
  • document and update configurable max batch size
  • end to end tests
  • unit tests
  • cleanup
  • run make format
  • fix pipeline failures
  • PR Feedback: move parallelization factor to config. Use err group

• Batched and chunked insertion+deletion of relation tuples (#1631) (c01b9c3)

• Check migration status in readiness probes (#1643) (e270279)

• Deduplicate UUID mappings before database insert (#1654) (ac812ee)

• Write listen files with actual address (#1607) (0ba58c7):

  This change improves spinning up test Keto servers that use port 0. A new config value enables to set a file path where the server writes the actual address it listens on after it was assigned a random free port by the OS.

Changelog

• 349191f autogen(docs): regenerate and update changelog
• 3660002 autogen(docs): regenerate and update changelog
• 1238e56 autogen(docs): regenerate and update changelog
• 2ff2c14 autogen(docs): regenerate and update changelog
• 5a102a4 autogen(docs): regenerate and update changelog
• 98939f2 autogen(docs): regenerate and update changelog
• 8ba85ad autogen(docs): regenerate and update changelog
• 0980607 autogen(docs): regenerate and update changelog
• df4e60a autogen(docs): regenerate and update changelog
• 9455714 autogen(docs): regenerate and update changelog
• bf4f6c0 autogen(docs): regenerate and update changelog
• 897baaf autogen(docs): regenerate and update changelog
• a67586f autogen(docs): regenerate and update changelog
• 4d06291 autogen(docs): regenerate and update changelog
• 613779b autogen: pin v0.14.0 release commit
• bb61839 autogen: update license overview
• 3cb8edf autogen: update license overview
• caac552 autogen: update license overview
• 66f2ffa autogen: update license overview
• 45b1bda autogen: update license overview
• 0773f08 autogen: update license overview
• e53175e autogen: update license overview
• 32b2211 chore(deps): bump @grpc/grpc-js from 1.9.6 to 1.12.4 in /proto (#1649)
• 4c80034 chore(deps): bump @openapitools/openapi-generator-cli (#1618)
• 6f5ee2e chore(deps): bump alpine from 3.20.0 to 3.20.2 in /.docker (#1557)
• 19ce3dd chore(deps): bump alpine from 3.20.2 to 3.21.0 in /.docker (#1653)
• 3e6319f chore(deps): bump github.com/grpc-ecosystem/go-grpc-middleware/v2 (#1656)
• dd4953a chore(deps): bump github.com/prometheus/common from 0.60.0 to 0.61.0 (#1648)
• 3e3193c chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#1463)
• 97b2c1a chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#1647)
• 84974bd chore(deps): bump github.com/stretchr/testify in /proto (#1675)
• 9a3e862 chore(deps): bump go to 1.23.2 and other dependencies (#1608)
• 5470bd6 chore(deps): bump go.opentelemetry.io/otel from 1.32.0 to 1.33.0 (#1666)
• 7c9ca0c chore(deps): bump go.opentelemetry.io/otel/trace from 1.32.0 to 1.33.0 (#1663)
• 8578756 chore(deps): bump go.uber.org/goleak from 1.2.1 to 1.3.0 (#1459)
• 1e7a146 chore(deps): bump golang in /.docker (#1642)
• a72dc58 chore(deps): bump golang.org/x/crypto from 0.18.0 to 0.31.0 in /.bin (#1661)
• 9a40fdf chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#1660)
• 94db9df chore(deps): bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#1623)
• 1b82fa0 chore(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 (#1644)
• 0170898 chore(deps): bump google.golang.org/grpc from 1.67.1 to 1.68.1 (#1646)
• c77ca6b chore(deps): bump google.golang.org/grpc from 1.68.1 to 1.69.0 (#1658)
• f1a2ebf chore(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2 (#1665)
• f6b1d91 chore(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 (#1652)
• 08b9e4a chore: add aeneasr to codeowners
• e452ae2 chore: add kubescape image scanner (#1532)
• 8609d96 chore: adjust project automation (#1597)
• 70968e4 chore: bump dependencies
• 24c4d06 chore: bump dependencies (#1559)
• c50326f chore: bump golang.org/x/net (#1667)
• 6013a96 chore: pin GHA PM action version (#1629)
• 2048f85 chore: remove .releaser/LICENSE.txt
• bb05f53 chore: update codeowners (#1671)
• 03b4e2b chore: update dependency - dockertest (#1565)
• 592eb52 chore: update goreleaser config version
• 7de62ad chore: update newsletter link (#1558)
• d10f9bc chore: update repository templates to ory/meta@000f213
• f7cb9da chore: update repository templates to ory/meta@1af2225
• 5d0c1b7 chore: update repository templates to ory/meta@297c8a5
• c365069 chore: update repository templates to ory/meta@3cf0f00
• e20d759 chore: update repository templates to ory/meta@4132def
• e9f26ae chore: update repository templates to ory/meta@44efd83
• 7361205 chore: update repository templates to ory/meta@6dd5819
• b176d9f chore: update repository templates to ory/meta@7ba4064
• 2bd6e13 chore: update repository templates to ory/meta@83e71e6
• a950586 chore: update repository templates to ory/meta@939b80f
• d5bd520 chore: update repository templates to ory/meta@b1eed88
• 899439e chore: update repository templates to ory/meta@c091d79
• 9066b8a chore: update repository templates to ory/meta@cb2a20f
• 10fdc09 chore: update repository templates to ory/meta@cbb120b
• 9683d2f chore: update repository templates to ory/meta@e54ac5d
• 9c2ff04 chore: update repository templates to ory/meta@e838bee
• 6f7bbe2 chore: update repository templates to ory/meta@fe4ffe0
• f01efd6 chore: update ristretto and ory/x (#1617)
• f92008c chore: update ristretto and ory/x (#1619)
• 48312e3 ci: disable faulty scanner (#1562)
• 0ab1478 ci: skip validate PR titles in merge queue (#1650)
• 567ceb9 feat: add ContextKeyDialFunc (#1534)
• 213cfa5 feat: add Inspect option to registry (#1523)
• 7278e44 feat: add grpc server opts config (#1524)
• d670d50 feat: batch check relations (#1521)
• c01b9c3 feat: batched and chunked insertion+deletion of relation tuples (#1631)
• e270279 feat: check migration status in readiness probes (#1643)
• ac812ee feat: deduplicate UUID mappings before database insert (#1654)
• 0ba58c7 feat: write listen files with actual address (#1607)
• 3b3b768 fix: add not to docs (#1530)
• b2e6d34 fix: http request metrics(#1611) (#1612)
• e675d5b fix: missing persister when initializing without network (#1525)
• 4a35588 fix: typo in error message (#1520)
• 47548c0 fix: unused order (#1590)

Artifacts can be verified with cosign using this public key.