⚠️ Important Notice ⚠️
Due to a bug in the migrations, this version should be skipped. Greed-field deployments are not affected, but migrating to this release from previous versions might result in data loss! For details, head over to #997.
This release ships a few changes in the API paths. Requests and responses were not changed. However, we did A LOT of internal refactoring and improvements on the persistence layer. Some naming in the SDKs changed, it is a lot cleaner now. One important change is that we removed the single table migrator. From now on to migrate from v0.6.0-alpha.1, please first migrate the legacy namespaces using v0.8.0-alpha.2
We also overhauled the whole persistence structure to ensure high scalability. This means that the migration might take a bit longer than usual, so please test the process first on a backup or staging environment.
For all the details, check out the full changelog.
Breaking Changes
keto namespace migrate ...
commands were removed. To migrate from v0.6.0-alpha.1, please first migrate the legacy namespaces using v0.8.0-alpha.2
The protobuf API was bumped to v1alpha2
. Please upgrade your client dependency to that version. v1alpha1
is still supported for now, but might be dropped soon.
Some payload keys are now (not) required anymore. The generated SDKs will likely have breaking changes.
Co-authored-by: Patrik zepatrik@users.noreply.github.com
Co-authored-by: hperl 34397+hperl@users.noreply.github.com
/check
is now /relation-tupes/check
/expand
is now /relation-tuples/expand
/relation-tuples
is now /admin/relation-tuples
for write APIs
gRPC package is now called ory.keto.relation_tuples.v1alpha2
gRPC relation-tuple-delta action enum names are prefixed with ACTION_
Bug Fixes
- cli: Make flag registration non-racy (8415ced)
- Enable telemetry by default (9dc8c7c)
- Hide relation tuples with deleted namespace (cb1a2dd)
Code Generation
- Pin v0.9.0-alpha.0 release commit (6a13898)
Code Refactoring
-
This change refactors the API paths to be consistent with the rest of the Ory ecosystem. This step is required for the unified Ory SDK. Additionally, as we plan to add high level APIs, e.g. for RBAC. The check and expand API paths changed to allow adding those.
-
Change pagination to use keyset pagination (7b861c9):
The page token now is the last ID of the previous page. This enables faster queries and more stable pagination.
NOTE: in case an integration modified page tokens to control pagination, this change will break the integration. Page tokens are opaque strings and should never be messed with.
Documentation
- Expose embedded OpenAPI spec (f9d20e3)
- Fix docker compose demo setup (#872) (e89fbb0)
- Improve wording in README (#881) (fd6af60)
- Shorten CI status badge (#928) (81d880d)
- version schema: Require version or fall back to latest (#863) (5306c93)
Features
-
Add check endpoints that do not mirror status code (#853) (07d0fbd)
-
Add spec for namespace configs (3d61b1c):
Co-authored-by: hackerman 3372410+aeneasr@users.noreply.github.com
-
Make sensitive log value redaction text configurable (#860) (b8b1d81)
-
Map strings to UUIDs (#809) (#840) (add6577):
With this change Keto now maps strings to UUIDv5 on the storage layer. This change allows unlimited strings to be used while maintaining good performance. Further, it reduces the likeliness of database hot-spots.
The migration that applies this mapping might take some time, so please confirm that your migration strategy works for you. -
Metric names same as for Kratos (315ff41)
-
tracing: Improved tracing for persisters and requests (#878) (eb62c50)
Tests
- Remove double dockertest cleanup (0bfb10e)
- Use isolated databases to parallelize all tests (bc09032)
Changelog
- 57b5d8f autogen(docs): generate and bump docs
- ac346cc autogen(docs): regenerate and update changelog
- 227e044 autogen(docs): regenerate and update changelog
- 4d0361b autogen(docs): regenerate and update changelog
- 5b69f12 autogen(docs): regenerate and update changelog
- 2324c4c autogen(docs): regenerate and update changelog
- 08d87f2 autogen(docs): regenerate and update changelog
- ef103eb autogen(docs): regenerate and update changelog
- cf60181 autogen(docs): regenerate and update changelog
- ffab5c0 autogen(docs): regenerate and update changelog
- ab23038 autogen(docs): regenerate and update changelog
- d64ae29 autogen(docs): regenerate and update changelog
- 3453d47 autogen(docs): regenerate and update changelog
- 273b3ea autogen(docs): regenerate and update changelog
- ea1aafe autogen(docs): regenerate and update changelog
- 8c5eb9d autogen(docs): regenerate and update changelog
- 3b7525d autogen(docs): regenerate and update changelog
- 9d47369 autogen(docs): regenerate and update changelog
- e8e98da autogen(docs): regenerate and update changelog
- 3d905fa autogen(docs): regenerate and update changelog
- 8254df5 autogen(docs): regenerate and update changelog
- e137676 autogen(docs): regenerate and update changelog
- 2b3da8a autogen(docs): regenerate and update changelog
- 00201cd autogen(docs): regenerate and update changelog
- 6b40914 autogen(docs): regenerate and update changelog
- 3129087 autogen(docs): regenerate and update changelog
- 85ce144 autogen(docs): regenerate and update changelog
- d038afa autogen(docs): regenerate and update changelog
- f431256 autogen(docs): regenerate and update changelog
- f4970c5 autogen(docs): regenerate and update changelog
- f43f00a autogen(docs): regenerate and update changelog
- d9e6b08 autogen(docs): regenerate and update changelog
- e031c82 autogen(docs): regenerate and update changelog
- 357ab6b autogen(docs): regenerate and update changelog
- d3010f5 autogen(docs): regenerate and update changelog
- 29d335b autogen(docs): regenerate and update changelog
- fdeb32d autogen(docs): regenerate and update changelog
- b00a850 autogen(docs): regenerate and update changelog
- e87dca6 autogen(docs): regenerate and update changelog
- 83ba718 autogen(docs): regenerate and update changelog
- ee35a3b autogen(openapi): regenerate swagger spec and internal client
- 9969667 autogen: add v0.8.0-alpha.2 to version.schema.json
- 490cce8 autogen: pin v0.9.0-alpha.0 release commit
- 6a13898 autogen: pin v0.9.0-alpha.0 release commit
- c54e15a autogen: pin v0.9.0-alpha.0.pre.0 release commit
- 6e2005a chore(ci): fix dockle
- 139daa2 chore(ci): ignore unpatched vulnerability
- 846d54d chore(ci): remove deprecated key in golangci-lint
- 6aa84c6 chore(deps): always update all packages in docker images
- db72a2f chore(deps): bump @grpc/grpc-js from 1.2.6 to 1.6.8 in /proto (#961)
- 4aa7217 chore(deps): bump EndBug/add-and-commit from 4.4.0 to 9.0.1
- 8c549df chore(deps): bump actions/checkout from 2 to 3
- e6823e9 chore(deps): bump actions/checkout from 2 to 3
- d55a25c chore(deps): bump actions/checkout from 2 to 3
- 6d64207 chore(deps): bump actions/setup-go from 2 to 3 (#918)
- 964cda6 chore(deps): bump actions/setup-node from 2 to 3 (#915)
- a5ab26e chore(deps): bump actions/stale from 4 to 5
- 787b6b9 chore(deps): bump actions/stale from 4 to 5
- fd439bd chore(deps): bump actions/upload-artifact from 2 to 3
- d5e0986 chore(deps): bump alpine base image to 3.15.4
- af35f55 chore(deps): bump alpine from 3.15.4 to 3.16.0 in /.docker (#929)
- 269990b chore(deps): bump docker/setup-buildx-action from 1 to 2
- 9d6b4ca chore(deps): bump docker/setup-qemu-action from 1 to 2
- e7b2cd6 chore(deps): bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3
- 474680b chore(deps): bump github.com/mikefarah/yq/v4 from 4.25.2 to 4.25.3
- 56e0c8e chore(deps): bump github.com/mikefarah/yq/v4 from 4.25.3 to 4.26.1
- e7b10e3 chore(deps): bump github.com/mikefarah/yq/v4 from 4.26.1 to 4.27.2 (#974)
- 6f8e61f chore(deps): bump github.com/ory/graceful from 0.1.2 to 0.1.3 (#956)
- ebb77b4 chore(deps): bump github.com/ory/x from 0.0.422 to 0.0.423
- 3a9926e chore(deps): bump github.com/ory/x from 0.0.423 to 0.0.445
- 6ee8e42 chore(deps): bump github.com/ory/x from 0.0.445 to 0.0.446
- 51a4be3 chore(deps): bump github.com/ory/x from 0.0.446 to 0.0.451
- ca2b3de chore(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#957)
- 52e451f chore(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (#912)
- bf24fa2 chore(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#938)
- c93b259 chore(deps): bump github.com/stretchr/testify in /proto (#927)
- e8b058c chore(deps): bump github.com/tidwall/gjson from 1.14.0 to 1.14.1 (#900)
- 45150a1 chore(deps): bump github/codeql-action from 1 to 2
- 8243d49 chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
- 4083dc0 chore(deps): bump golang in /.docker (#930)
- baaef8a chore(deps): bump golang.org/x/crypto
- 3b15d33 chore(deps): bump golangci/golangci-lint-action from 2 to 3
- be1f3be chore(deps): bump google-protobuf from 3.15.0-rc.1 to 3.21.0 in /proto (#964)
- 5d8860d chore(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0
- a34e91c chore(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0 in /proto (#945)
- 4a76dca chore(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#969)
- 411300e chore(deps): bump google.golang.org/protobuf in /proto (#970)
- a32593b chore(deps): enable dependabot for github actions
- 3ad46e7 chore(deps): install some dev tools using brew
- 3d4b1f5 chore(deps): pin brew tool versions
- f3b7afa chore(deps): update action args
- 423827b chore(deps): update alpine and dependency versions (#858)
- 077f0cd chore(deps): upgrade libssl in Dockerfiles
- d89431c chore(format): add prettier rc
- 0e08caa chore: add dependabot labels (#931)
- e71d191 chore: add trivy dev tool
- 87a1b0a chore: bump deps
- 46e485a chore: bump npm deps
- 6a3f0b3 chore: compare JSON docs samples using
jd
- aef1e00 chore: delete semantic.yml (#925)
- 45207c7 chore: deprecate coupon (#951)
- 28beda7 chore: enable Dependabot for Docker
- a23e673 chore: fix linter warnings
- f83da1a chore: fix typo in README (#852)
- 85db534 chore: format
- 01a7564 chore: format (#882)
- 4bb3381 chore: format
/ketoapi
- 007c160 chore: ignore coverage for generated code
- 05d944d chore: improve trace logging
- cfee334 chore: make hperl codeowner
- ad66e61 chore: mark .bin/formula-pins as generated
- 8aefcc1 chore: re-use error handling for registry creation across CLI commands
- 543b988 chore: remove docs/cli target
- eb961dc chore: replace circleci with gh actions badge (#911)
- 77d99c7 chore: silence false positive G112 (#952)
- 1975f5d chore: update README (#859)
- 3d3418a chore: update go.mod deps
- 8971c01 chore: update repository templates
- 5c20984 chore: update repository templates
- 0172edc chore: update repository templates
- 62b2ad2 chore: update repository templates
- d5353d8 chore: update repository templates
- 2381394 chore: update repository templates
- a81f18b chore: update repository templates
- 2f7f9a9 chore: update repository templates
- 26afa82 chore: update repository templates
- d1cb2ae chore: update repository templates
- 2036790 chore: update repository templates
- 10c434f chore: update repository templates
- 5c5392e chore: update subdir go.mod deps
- 6b8c050 chore: use .bin/clidoc instead of tools/clidoc
- 38900da chore: use proper dependency name
- 5e228ce ci: add dependabot updates
- a6d7a64 ci: add yq tool
- 9a612cd ci: check formatting using prettier
- a102cee ci: dependabot ignores GitHub actions (#973)
- 7502bf2 ci: enable parallel tests
- ca0169f ci: fix buf linting and building
- ff1c292 ci: fix buf linting and building (#935)
- 65bc24e ci: fix yaml string format
- 4b5c639 ci: use new tool targets and locations
- 5306c93 docs(version schema): require version or fall back to latest (#863)
- f9d20e3 docs: expose embedded OpenAPI spec
- e89fbb0 docs: fix docker compose demo setup (#872)
- fd6af60 docs: improve wording in README (#881)
- 81d880d docs: shorten CI status badge (#928)
- eb62c50 feat(tracing): improved tracing for persisters and requests (#878)
- 31f38ed feat(tracing): switch to opentelemetry (#861)
- 07d0fbd feat: add check endpoints that do not mirror status code (#853)
- 25af263 feat: add reverse lookup indices (#875)
- 3d61b1c feat: add spec for namespace configs
- b8b1d81 feat: make sensitive log value redaction text configurable (#860)
- add6577 feat: map strings to UUIDs (#809) (#840)
- 315ff41 feat: metric names same as for Kratos
- 8415ced fix(cli): make flag registration non-racy
- 9dc8c7c fix: enable telemetry by default
- cb1a2dd fix: hide relation tuples with deleted namespace
- d29d42c refactor: API paths (#862)
- 7b861c9 refactor: change pagination to use keyset pagination The page token now is the last ID of the previous page. This enables faster queries and more stable pagination. NOTE: in case an integration modified page tokens to control pagination, this change will break the integration. Page tokens are opaque strings and should never be messed with.
- 0bfb10e test: remove double dockertest cleanup
- bc09032 test: use isolated databases to parallelize all tests
Artifacts can be verified with cosign using this public key.