We are extremely happy to announce next-gen Ory Keto which implements
Zanzibar: Google’s Consistent, Global Authorization System:
Zanzibar provides a uniform data model and configuration language for expressing
a wide range of access control policies from hundreds of client services at Google,
including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization
decisions respect causal ordering of user actions and thus provide external consistency
amid changes to access control lists and object contents. Zanzibar scales to trillions
of access control lists and millions of authorization requests per second to support
services used by billions of people. It has maintained 95th-percentile latency of
less than 10 milliseconds and availability of greater than 99.999% over 3 years of
production use.
Ory Keto is the first open source planet-scale authorization system
built with cloud native technologies (Go, gRPC, newSQL) and architecture.
It is also the first open source implementation of Google Zanzibar 🎉!
Many concepts developed by Google Zanzibar are implemented in Ory Keto already.
Let's take a look!
ACLs
As of this release, Ory Keto knows how to interpret and operate on the
basic access control lists known as relation tuples. They encode
relations between objects and subjects. One simple example of such a relation
tuple could encode "user1
has access to file /foo
", a more complex one
could encode "everyone who has write access on /foo
has read access on /foo
".
gRPC & REST APIs
Ory Keto comes with all the basic APIs as described in the Zanzibar paper.
All of them are available over gRPC and REST.
- List: query relation tuples
- Check: determine whether a subject has a relation on an object
- Expand: get a tree of all subjects who have a relation on an object
- Change: create, update, and delete relation tuples
For all details, head over to the
documentation.
State of the "Old" Keto
With this release we officially move the "old" Keto to the
legacy-0.5 branch.
We will only provide security fixes from now on. A migration path
to v0.6 is planned but not yet implemented, as the architectures
are vastly different. Please refer to
the issue.
Up Next
We are keen to bring more features and performance improvements.
The next features we will tackle are:
- Subject Set rewrites
- Native ABAC & RBAC Support
- Integration with other policy servers
- Latency reduction through aggressive caching
- Cluster mode that fans out requests over all Keto instances
So stay tuned, ⭐ this repo, 👀 releases, and
subscribe to our newsletter 📧.
0.6.0-alpha.1 (2021-04-07)
Bug Fixes
-
Add description attribute to access control policy role (#215) (831eba5)
-
Add leak_sensitive_values to config schema (2b21d2b)
-
Bump CLI (80c82d0)
-
Check engine overwrote result in some cases (#412) (3404492)
-
Check health status in status command (21c64d4)
-
Check REST API returns JSON object (#460) (501dcff), closes #406
-
Ensure nil subject is not allowed (#449) (7a0fcfc):
The nodejs gRPC client was a great fuzzer and pointed me to some nil pointer dereference panics.
This adds some input validation to prevent panics. -
Ensure persister errors are handled by sqlcon (#473) (4343c4a)
-
Handle pagination and errors in the check/expand engines (#398) (5eb1a7d)
-
Ignore dist (ba816ea)
-
Ignore x/net false positives (d8b36cb)
-
Move dockerfile to where it belongs (f087843)
-
Rename /relationtuple endpoint to /relation-tuples (#519) (8eb55f6)
-
Resolve gitignore build (6f04bbb)
-
Resolve goreleaser issues (d32767f)
-
Resolve windows build issues (8bcdfbf)
-
Rewrite check engine to search starting at the object (#310) (7d99694), closes #302
-
Strict version enforcement in docker (e45b28f)
-
Update dd-trace to fix build issues (2ad489f)
-
Update docker to go 1.16 and alpine (c63096c)
-
Use errors.WithStack everywhere (#462) (5f25bce), closes #437:
Fixed all occurrences found using the search pattern
return .*, err\n
. -
Use package name in pkger (6435939)
-
schema: Add trace level to logger (a5a1402)
-
Use make() to initialize slices (#250) (84f028d), closes #217
Build System
Code Refactoring
Documentation
-
Add namespace and relation naming conventions (#510) (dd31865)
-
Add performance page (#413) (6fe0639):
This also refactored the server startup. Functionality did not change.
-
Add production guide (a9163c7)
-
Delete old redirect homepage (c0a3784)
-
Document gRPC SKDs (7583fe8)
-
Fix regression issues (9697bb4)
-
Move development section (9ff393f)
-
Move to json sidebar (257bf96)
-
Remove duplicate "is" (ca3277d)
-
Remove duplicate template (1d3b38e)
-
Resolve broken links (0d0a50b)
-
Simple access check guide (#451) (e0485af):
This also enables gRPC go, gRPC nodejs, cURL, and Keto CLI code samples to be tested.
-
Update install instructions (d2e4123)
-
Update introduction (5f71d73)
-
Update README (#515) (18d3cd6):
Also format all markdown files in the root.
-
Update repository templates (db505f9)
-
Update repository templates (6c056bb)
-
Update swagger documentation for REST endpoints (c363de6)
-
Use mdx for api reference (340f3a3)
Features
-
Add .dockerignore (8b0ff06)
-
Add and automate version schema (b01eef8)
-
Add POST REST handler for policy check (7d89860)
-
Allow to apply namespace migrations together with regular migrations (#441) (57e2bbc)
-
GRPC status codes and improved error messages (#467) (4a4f8c6)
-
Namespace migrate status CLI (#508) (e3f7ad9):
This also refactors the current
migrate
andnamespace migrate
commands. -
Nodejs gRPC definitions (#447) (3b5c313):
Includes Typescript definitions.
-
This is a first draft of the read API. It is reachable by REST and gRPC calls. The main purpose of this PR is to establish the basic repository structure and define the API.
-
Relationtuple parse command (#490) (91a3cf4):
This command parses the relation tuple format used in the docs. It greatly improves the experience when copying something from the documentation. It can especially be used to pipe relation tuples into other commands, e.g.:
echo "messages:02y_15_4w350m3#decypher@john" | \ keto relation-tuple parse - --format json | \ keto relation-tuple create -
-
REST patch relation tuples (#491) (d38618a):
The new PATCH handler allows transactional changes similar to the already existing gRPC service.
-
Separate and multiplex ports based on read/write privilege (#397) (6918ac3)
Tests
- Add command tests (#487) (61c28e4)
- Add dedicated persistence tests (#416) (4e98906)
- Add handler tests (#478) (9315a77)
- Add initial e2e test (#380) (dc5d3c9)
- Add relationtuple definition tests (#415) (2e3dcb2)
- Enable GRPC client in e2e test (#382) (4e5c6ae)
- Improve docs sample tests (#461) (6e0e5e6)
Changelog
f07df49 autogen(docs): generate and format documentation
6cd2415 autogen(docs): generate and format documentation
767a875 autogen(docs): generate and format documentation
8d7988a autogen(docs): generate and format documentation
8dec867 autogen(docs): generate and format documentation
b12ae7b autogen(docs): generate and format documentation
9262f7c autogen(docs): generate and format documentation
5cec71f autogen(docs): generate and format documentation
54c3b37 autogen(docs): generate and format documentation
52a68fb autogen(docs): generate and format documentation
577cb54 autogen(docs): generate and format documentation
3f1364a autogen(docs): generate and format documentation
8cf4ca4 autogen(docs): generate cli docs
f85a734 autogen(docs): generate cli docs
4f9ea89 autogen(docs): regenerate and update changelog
23763ee autogen(docs): regenerate and update changelog
638267b autogen(docs): regenerate and update changelog
4f62d13 autogen(docs): regenerate and update changelog
eff304f autogen(docs): regenerate and update changelog
d3894f2 autogen(docs): regenerate and update changelog
6f3e05d autogen(docs): regenerate and update changelog
e435d9c autogen(docs): regenerate and update changelog
b7845ae autogen(docs): regenerate and update changelog
b1d55d1 autogen(docs): regenerate and update changelog
c468c14 autogen(docs): regenerate and update changelog
ed6e660 autogen(docs): regenerate and update changelog
0eef2bf autogen(docs): regenerate and update changelog
a9017a0 autogen(docs): regenerate and update changelog
95730f3 autogen(docs): regenerate and update changelog
d49e02a autogen(docs): regenerate and update changelog
18f4c50 autogen(docs): regenerate and update changelog
eef6ad9 autogen(docs): regenerate and update changelog
acd5b75 autogen(docs): regenerate and update changelog
b62eb2e autogen(docs): regenerate and update changelog
3da1a49 autogen(docs): regenerate and update changelog
a7f62a8 autogen(docs): regenerate and update changelog
74048d9 autogen(docs): regenerate and update changelog
0a9f941 autogen(docs): regenerate and update changelog
d6745dd autogen(docs): regenerate and update changelog
a0af7ad autogen(docs): regenerate and update changelog
ce095e4 autogen(docs): regenerate and update changelog
7bc9412 autogen(docs): regenerate and update changelog
c671f73 autogen(docs): update milestone document
ff8d593 autogen(docs): update milestone document
303c154 autogen(docs): update milestone document
6ea239d autogen(docs): update milestone document
0075899 autogen(docs): update milestone document
68b28ea autogen(docs): update milestone document
49cfa13 autogen(docs): update milestone document
a1d63b8 autogen(docs): update milestone document
0864c85 autogen(docs): update milestone document
d27a489 autogen(openapi): Regenerate swagger spec and internal client
db303ae autogen: build buf
a12787e autogen: build buf
875af25 autogen: pin v0.6.0-alpha.1 release commit
be40704 autogen: pin v0.6.0-alpha.1.pre.0 release commit
5acf37f autogen: pin v0.6.0-alpha.1.pre.1 release commit
946212a autogen: pin v0.6.0-alpha.1.pre.2 release commit
d0ff87a autogen: pin v0.6.0-alpha.1.pre.3 release commit
fb1a777 autogen: pin v0.6.0-alpha.1.pre.4 release commit
861e871 autogen: pin v0.6.0-alpha.1.pre.5 release commit
df9b647 autogen: pin v0.6.0-alpha.1.pre.6 release commit
0af06f8 autogen: pin v0.6.0-alpha.1.pre.7 release commit
5a2fd1c build: pin dependency versions of buf and protoc plugins (#338)
41980ba chore: (re)move protos and config.Provider (#414)
ce6ae6b chore: add newline at the end of config schema
92faa34 chore: bump dependencies
f0929e7 chore: bump deps (#513)
c323dd6 chore: bump toolchain and CI (#214)
19f88a2 chore: cleanup old code and move some files (#305)
b336d6b chore: cleanup repo (#268)
8e6f50a chore: do not format generated protobuf code (#337)
3a9d00e chore: docs gen command and generate docs pages (#500)
a7a64e3 chore: ensure consistent spelling
3797331 chore: format and linter settings (#274)
d33afea chore: go mod tidy
4334366 chore: make all go packages internal (#313)
bcba55d chore: move to go1.16 embed (#469)
3ed89bc chore: pin 0.6.0 release commit
db948c9 chore: pin 0.6.0 release commit
6935f79 chore: pin 0.6.0 release commit
e800afd chore: prepare node gRPC client package
8671c1b chore: remove artifact
99b7244 chore: remove is_last_page response field (#531)
8d3ab23 chore: remove support for multiple queries in GetRelationTuples (#304)
b6b36ce chore: rename gRPC data types to proto data types (#395)
ffea160 chore: replace "zanzibar" with "master" (#520)
af9512d chore: simplify and clean up the check engine (#484)
b521ad4 chore: update docusaurus template
a0ef614 chore: update docusaurus template
31e7885 chore: update docusaurus template
e8775d7 chore: update docusaurus template
d38b19c chore: update docusaurus template
31e1c4d chore: update docusaurus template
7d853b4 chore: update docusaurus template
75dda89 chore: update docusaurus template
3bb7f7b chore: update docusaurus template
c3a37f5 chore: update docusaurus template
cc6db92 chore: update docusaurus template
a6aeec4 chore: update docusaurus template
c6c6d08 chore: update docusaurus template
648a2cd chore: update docusaurus template (#206)
8ffb056 chore: update docusaurus template (#218)
5511de6 chore: update docusaurus template (#219)
921c630 chore: update docusaurus template (#392)
57e9d18 chore: update go.sum
b7be83f chore: update repository template to c7a2e1f9 (#526)
fb39abd chore: update repository template to f2365e3d (#527)
c7b69f3 chore: update repository templates
394c644 chore: update repository templates
978a537 chore: update repository templates
66920b2 chore: update repository templates (#261)
87a72cc ci: add buf lint and build workflow (#336)
ce7d015 ci: add labels action
9e6293d ci: add milestone action
f1398a5 ci: add stale bot
4261483 ci: bump milestone-action
9dfcf47 ci: bump milestone-action
44974fe ci: fix docs replacer (#529)
78ca475 ci: fix release pipeline (#528)
140e113 ci: format rendered CHANGELOG.md (#530)
b2d25e0 ci: generate swagger SDK (#489)
a6f97f8 ci: ignore etcd CVEs
65822a4 ci: move goreleaser into validate job (#480)
4484b88 ci: re-add milestone
40563cc ci: removing parallelism from job (#485)
254b72e ci: run docs action as cronjob
1e7afa8 ci: setup for zanzibar branch (#276)
7cfa9be ci: speed things up with restructuring jobs (#479)
d4dd548 ci: update milestone action
b199007 ci: use v0 for milestone
05fe03b docs: API overview (#501)
09a25b4 docs: add check- and expand-API guides (#493)
605afa0 docs: add current features overview (#505)
43cbaa9 docs: add missing pages (#518)
dd31865 docs: add namespace and relation naming conventions (#510)
6fe0639 docs: add performance page (#413)
a9163c7 docs: add production guide
15a95b2 docs: add zanzibar overview to README.md (#265)
2f2c885 docs: concepts (#429)
c0a3784 docs: delete old redirect homepage
7583fe8 docs: document gRPC SKDs
256a0d2 docs: fix grammatical error (#222)
9697bb4 docs: fix regression issues
93ebe6d docs: generate gRPC reference page (#488)
be9327f docs: improve CLI documentation (#503)
638342e docs: minor fixes (#532)
9ff393f docs: move development section
257bf96 docs: move to json sidebar
ca3277d docs: remove duplicate "is"
1d3b38e docs: remove duplicate template
eb76913 docs: remove old documentation (#426)
ad8e20b docs: replace TODO links (#512)
0d0a50b docs: resolve broken links
e0485af docs: simple access check guide (#451)
18d3cd6 docs: update README (#515)
f920fbf docs: update SDK links (#514)
4ca0baf docs: update comment in write response (#329)
d2e4123 docs: update install instructions
5f71d73 docs: update introduction
6c056bb docs: update repository templates
db505f9 docs: update repository templates
c363de6 docs: update swagger documentation for REST endpoints
340f3a3 docs: use mdx for api reference
a812ace docs: various improvements and updates (#486)
d38618a feat: REST patch relation tuples (#491)
8b0ff06 feat: add .dockerignore
7d89860 feat: add POST REST handler for policy check
615eb0b feat: add REST and gRPC logger middlewares (#436)
9f6472b feat: add SQA telemetry (#535)
b01eef8 feat: add and automate version schema
396c1ae feat: add check engine (#277)
51c4223 feat: add gRPC health status (#427)
b73d91f feat: add is_last_page to list response (#425)
f2ddb9d feat: add relation write API (#275)
d595d52 feat: add sql persister (#350)
b57a144 feat: add tracing (#536)
57e2bbc feat: allow to apply namespace migrations together with regular migrations (#441)
3ec8afa feat: delete relation tuples (#457)
10cd0b3 feat: dockerfile and docker compose example (#390)
a3ca0b8 feat: expand API (#285)
acf2154 feat: expand GPRC service and CLI (#383)
bda5d8b feat: first API draft and generation (#315)
4a4f8c6 feat: gRPC status codes and improved error messages (#467)
89cc46f feat: gRPC version API (#475)
888ac43 feat: implement goreleaser pipeline
e0916ad feat: incorporate new GRPC API structure (#331)
3ad32bc feat: koanf and namespace configuration (#367)
b94f50d feat: namespace configuration (#324)
e3f7ad9 feat: namespace migrate status CLI (#508)
3b5c313 feat: nodejs gRPC definitions (#447)
de5119a feat: read API (#269)
91a3cf4 feat: relationtuple parse command (#490)
6918ac3 feat: separate and multiplex ports based on read/write privilege (#397)
011888c feat: swagger SDK (#476)
a5a1402 fix(schema): add trace level to logger
831eba5 fix: add description attribute to access control policy role (#215)
2b21d2b fix: add leak_sensitive_values to config schema
80c82d0 fix: bump CLI
904258d fix: bump deps and replace swagutil (#212)
501dcff fix: check REST API returns JSON object (#460)
3404492 fix: check engine overwrote result in some cases (#412)
21c64d4 fix: check health status in status command
2f8119f fix: check health status in status command (#471)
fbcb3e1 fix: empty relationtuple list should not error (#440)
7a0fcfc fix: ensure nil subject is not allowed (#449)
4343c4a fix: ensure persister errors are handled by sqlcon (#473)
5eb1a7d fix: handle pagination and errors in the check/expand engines (#398)
ba816ea fix: ignore dist
d8b36cb fix: ignore x/net false positives
a85f4d7 fix: improve CLI remote sourcing (#474)
ca5ccb9 fix: improve handlers and add tests (#470)
fe507bb fix: insert relation tuples without fmt.Sprintf (#443)
185ee1e fix: minor bugfixes (#371)
f087843 fix: move dockerfile to where it belongs
ea79300 fix: namespace migrator (#417)
d8e2a86 fix: remove SQL logging (#455)
8eb55f6 fix: rename /relationtuple endpoint to /relation-tuples (#519)
6f04bbb fix: resolve gitignore build
d32767f fix: resolve goreleaser issues
8bcdfbf fix: resolve windows build issues
7d99694 fix: rewrite check engine to search starting at the object (#310)
c7d2770 fix: secure query building (#442)
e45b28f fix: strict version enforcement in docker
2ad489f fix: update dd-trace to fix build issues
c63096c fix: update docker to go 1.16 and alpine
5f25bce fix: use errors.WithStack everywhere (#462)
84f028d fix: use make() to initialize slices (#250)
6435939 fix: use package name in pkger
1316077 refactor: data structures (#279)
61c28e4 test: add command tests (#487)
4e98906 test: add dedicated persistence tests (#416)
9315a77 test: add handler tests (#478)
dc5d3c9 test: add initial e2e test (#380)
2e3dcb2 test: add relationtuple definition tests (#415)
4e5c6ae test: enable GRPC client in e2e test (#382)
6e0e5e6 test: improve docs sample tests (#461)
Docker images
docker pull oryd/keto:v0-sqlite
docker pull oryd/keto:v0.6-sqlite
docker pull oryd/keto:v0.6.0-sqlite
docker pull oryd/keto:v0.6.0-alpha.1-sqlite
docker pull oryd/keto:latest-sqlite
docker pull oryd/keto:v0
docker pull oryd/keto:v0.6
docker pull oryd/keto:v0.6.0
docker pull oryd/keto:v0.6.0-alpha.1
docker pull oryd/keto:latest