keto v0.6.0-alpha.1 Release Notes
Release Date: 2021-04-07 // about 3 years ago-
We are extremely happy to announce next-gen Ory Keto which implements Zanzibar: Googleβs Consistent, Global Authorization System:
π§ > Zanzibar provides a uniform data model and configuration language for
expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and π > millions of authorization requests per second to support services used by π€ > billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.
Ory Keto is the first open source planet-scale authorization system built with cloud native technologies (Go, gRPC, newSQL) and architecture. It is also the first open source implementation of Google Zanzibar :tada:!
Many concepts developer by Google Zanzibar are implemented in Ory Keto already. Let's take a look!
π As of this release, Ory Keto knows how to interpret and operate on the basic access control lists known as relation tuples. They encode relations between objects and subjects. One simple example of such a relation tuple could encode "
user1
has access to file/foo
", a more complex one could encode "everyone who has write access on/foo
has read access on/foo
".Ory Keto comes with all the basic APIs as described in the Zanzibar paper. All of them are available over gRPC and REST.
- List: query relation tuples
- Check: determine whether a subject has a relation on an object
- Expand: get a tree of all subjects who have a relation on an object β‘οΈ 4. Change: create, update, and delete relation tuples
For all details, head over to the π documentation.
π With this release we officially move the "old" Keto to the legacy-0.5 branch. We will only π provide security fixes from now on. A migration path to v0.6 is planned but not yet implemented, as the architectures are vastly different. Please refer to the issue.
π We are keen to bring more features and performance improvements. The next π features we will tackle are:
- Subject Set rewrites
- π Native ABAC & RBAC Support
- Integration with other policy servers
- π€ Latency reduction through aggressive caching
- Cluster mode that fans out requests over all Keto instances
π So stay tuned, :star: this repo, :eyes: releases, and π subscribe to our newsletter :email:.
π Bug Fixes
- β Add description attribute to access control policy role (#215) (831eba5)
- Add leak_sensitive_values to config schema (2b21d2b)
- β¬οΈ Bump CLI (80c82d0)
- β¬οΈ Bump deps and replace swagutil (#212) (904258d)
- Check engine overwrote result in some cases (#412) (3404492)
- Check health status in status command (21c64d4)
- Check REST API returns JSON object (#460) (501dcff), closes #406
- Empty relationtuple list should not error (#440) (fbcb3e1)
- Ensure nil subject is not allowed (#449) (7a0fcfc):
The nodejs gRPC client was a great fuzzer and pointed me to some nil pointer dereference panics. This adds some input validation to prevent panics.
- Ensure persister errors are handled by sqlcon (#473) (4343c4a)
- π Handle pagination and errors in the check/expand engines (#398) (5eb1a7d)
- Ignore dist (ba816ea)
- Ignore x/net false positives (d8b36cb)
- π Improve CLI remote sourcing (#474) (a85f4d7)
- π Improve handlers and add tests (#470) (ca5ccb9)
- π¨ Insert relation tuples without fmt.Sprintf (#443) (fe507bb)
- π Minor bugfixes (#371) (185ee1e)
- π³ Move dockerfile to where it belongs (f087843)
- Namespace migrator (#417) (ea79300), closes #404
- β Remove SQL logging (#455) (d8e2a86)
- π Rename /relationtuple endpoint to /relation-tuples (#519) (8eb55f6)
- π Resolve gitignore build (6f04bbb)
- π Resolve goreleaser issues (d32767f)
- π Resolve windows build issues (8bcdfbf)
- Rewrite check engine to search starting at the object (#310) (7d99694), closes #302
- π Secure query building (#442) (c7d2770)
- π³ Strict version enforcement in docker (e45b28f)
- β‘οΈ Update dd-trace to fix build issues (2ad489f)
- β‘οΈ Update docker to go 1.16 and alpine (c63096c)
- π Use errors.WithStack everywhere (#462) (5f25bce), closes #437:
Fixed all occurrences found using the search pattern
return .*, err\n
.- π¦ Use package name in pkger (6435939)
- schema: Add trace level to logger (a5a1402)
- π Use make() to initialize slices (#250) (84f028d), closes #217
π· Build System
Code Generation
- π Pin v0.6.0-alpha.1 release commit (875af25)
π¨ Code Refactoring
π Documentation
- β Add check- and expand-API guides (#493) (09a25b4)
- β Add current features overview (#505) (605afa0)
- β Add missing pages (#518) (43cbaa9)
- β Add namespace and relation naming conventions (#510) (dd31865)
- β Add performance page (#413) (6fe0639):
This also refactored the server startup. Functionality did not change.
- β Add production guide (a9163c7)
- β Add zanzibar overview to README.md (#265) (15a95b2)
- API overview (#501) (05fe03b)
- Concepts (#429) (2f2c885)
- β Delete old redirect homepage (c0a3784)
- Document gRPC SKDs (7583fe8)
- π Fix grammatical error (#222) (256a0d2)
- π Fix regression issues (9697bb4)
- Generate gRPC reference page (#488) (93ebe6d)
- π Improve CLI documentation (#503) (be9327f)
- π Minor fixes (#532) (638342e)
- π Move development section (9ff393f)
- π Move to json sidebar (257bf96)
- β Remove duplicate "is" (ca3277d)
- β Remove duplicate template (1d3b38e)
- β Remove old documentation (#426) (eb76913)
- Replace TODO links (#512) (ad8e20b)
- Resolve broken links (0d0a50b)
- Simple access check guide (#451) (e0485af):
This also enables gRPC go, gRPC nodejs, cURL, and Keto CLI code samples to be tested.
- β‘οΈ Update comment in write response (#329) (4ca0baf)
- β‘οΈ Update install instructions (d2e4123)
- β‘οΈ Update introduction (5f71d73)
- β‘οΈ Update README (#515) (18d3cd6):
Also format all markdown files in the root.
- β‘οΈ Update repository templates (db505f9)
- β‘οΈ Update repository templates (6c056bb)
- β‘οΈ Update SDK links (#514) (f920fbf)
- π Update swagger documentation for REST endpoints (c363de6)
- π Use mdx for api reference (340f3a3)
- β‘οΈ Various improvements and updates (#486) (a812ace)
π Features
- β Add .dockerignore (8b0ff06)
- β Add and automate version schema (b01eef8)
- β Add check engine (#277) (396c1ae)
- β Add gRPC health status (#427) (51c4223)
- Add is_last_page to list response (#425) (b73d91f)
- β Add POST REST handler for policy check (7d89860)
- β Add relation write API (#275) (f2ddb9d)
- β Add REST and gRPC logger middlewares (#436) (615eb0b)
- β Add SQA telemetry (#535) (9f6472b)
- β Add sql persister (#350) (d595d52)
- β Add tracing (#536) (b57a144)
- π Allow to apply namespace migrations together with regular migrations (#441) (57e2bbc)
- β Delete relation tuples (#457) (3ec8afa), closes #452
- π³ Dockerfile and docker compose example (#390) (10cd0b3)
- Expand API (#285) (a3ca0b8)
- Expand GPRC service and CLI (#383) (acf2154)
- First API draft and generation (#315) (bda5d8b)
- GRPC status codes and improved error messages (#467) (4a4f8c6)
- GRPC version API (#475) (89cc46f)
- π Implement goreleaser pipeline (888ac43), closes #410
- Incorporate new GRPC API structure (#331) (e0916ad)
- π§ Koanf and namespace configuration (#367) (3ad32bc)
- π§ Namespace configuration (#324) (b94f50d)
- Namespace migrate status CLI (#508) (e3f7ad9):
This also refactors the current
migrate
andnamespace migrate
commands.Includes Typescript definitions.
This is a first draft of the read API. It is reachable by REST and gRPC calls. The main purpose of this PR is to establish the basic repository structure and define the API.
This command parses the relation tuple format used in the docs. It greatly improves the experience when copying something from the documentation. It can especially be used to pipe relation tuples into other commands, e.g.:
echo "messages:02y_15_4w350m3#decypher@john" | \ keto relation-tuple parse - --format json | \ keto relation-tuple create -
The new PATCH handler allows transactional changes similar to the already existing gRPC service.
- Separate and multiplex ports based on read/write privilege (#397) (6918ac3)
- Swagger SDK (#476) (011888c)
β Tests
- β Add command tests (#487) (61c28e4)
- β Add dedicated persistence tests (#416) (4e98906)
- β Add handler tests (#478) (9315a77)
- β Add initial e2e test (#380) (dc5d3c9)
- β Add relationtuple definition tests (#415) (2e3dcb2)
- β Enable GRPC client in e2e test (#382) (4e5c6ae)
- π Improve docs sample tests (#461) (6e0e5e6)