Skip to content

v0.10.0-alpha.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@ory-bot ory-bot released this 27 Sep 13:28
· 342 commits to master since this release

This release ships the long-awaited Ory Permission Language (a.k.a. userset-rewrites) 🎉. You can now define global 🌍 rules for permissions, like "every user who is an owner also has read access", and many more. Best of all, you don't have to learn a new language to express these rules, but instead just use a subset of TypeScript. Therefore syntax highlighting, formatting tools, linters, unit test frameworks, ... work out of the box 📦! We will give a talk 🗣️ about how we ended up with this solution at the Ory Summit, so make sure to sign up or watch the recoding on YouTube later.
Start exploring the Ory Permission Language by following our guide 📖.
This is only the most shiny ✨ feature we packed into this release, see the full changelog for all the other fixes and features we included.

Bug Fixes

  • Concurrency-safe graph utils (ea9dda9)

  • Correct paths in TypeScript SDK (#1025) (8b30508)

  • Do not setup /etc/nsswitch.conf on alpine (1f9fa96):

    Go fixed the initial issue and does not rely on that file anymore, see golang/go#35305

  • Race in serve metrics init (5f4c19b)

  • Remove check constraint (54c00c3):

    Tests now use the new httpclient to properly handle empty strings vs
    strings (where the value is omitted in the JSON request).

  • Request metrics (#1007) (96ff767):

    httprequest* metrics contain data related only to /metrics/prometheus endpoint.
    This commit adds endpoints from non-monitoring routers.

  • Sdk generation (acc1546):

  • Use TLS in gRPC client (#988) (b1ffd6b):

    Enable TLS and certificate checking in the gRPC client when communicating with remote hosts.

  • Uuid mapping migration paginates (3a5fb2c)

  • Validate tuples for non-nil subject (a22dd19)

Build System

Code Generation

  • Pin v0.10.0-alpha.0 release commit (52259a3):

    Bumps from v0.10.0-alpha.0.pre.0

Code Refactoring

  • Generalize tree structure (6a0b2fe):

    This will allow reusing the tree to provide debug info on how a check decision was reached.

Documentation

  • Add initial documentation example for rewrites (065ce46)
  • Fix version meta schema (b054b24)

Features

  • Add bearer token auth (5110f63)

  • Configure subject-set rewrites (0ce1519):

    The subject-set rewrites can now be configured through the Ory Permission
    Language (OPL), which is a subset of TypeScript. The OPL config is
    referenced in the central configuration under namespaces as such:

    [...]
    namespaces:
      location: <location>
    [...]
    

    The can be any valid file, directory or URI.

  • Fine-grained control over transport security (5f056b7):

    This adds two new flags to the Keto CLI:

    • --insecure-disable-transport-security: Use plaintext instead of TLS
    • --insecure-skip-hostname-verification: Use TLS, but do not verify the
      certificate

    By default, the Keto CLI now connects to the remote via TLS and verifies
    the hostname.

  • OPL typescript library on npm (446fe7d)

  • Simpler notation for subjects w/o relation (ec979df)

  • Subject-set rewrites (6f61af8)

  • Support subject sets in check (1760459)

Tests

  • Add cases for checking subject sets (93aee83), closes #985

Changelog

  • 3fbb424 autogen(docs): generate and bump docs
  • 32a2ada autogen(docs): regenerate and update changelog
  • 81638c5 autogen(docs): regenerate and update changelog
  • 83b1595 autogen(docs): regenerate and update changelog
  • 04dfa42 autogen(docs): regenerate and update changelog
  • 25e97f5 autogen(docs): regenerate and update changelog
  • c35683d autogen(docs): regenerate and update changelog
  • b17417a autogen(docs): regenerate and update changelog
  • 5a258a0 autogen(docs): regenerate and update changelog
  • f30efed autogen(docs): regenerate and update changelog
  • de164ac autogen(docs): regenerate and update changelog
  • 6512489 autogen(docs): regenerate and update changelog
  • 3498dac autogen(docs): regenerate and update changelog
  • 231c9b1 autogen(docs): regenerate and update changelog
  • d007bae autogen(docs): regenerate and update changelog
  • 52259a3 autogen: pin v0.10.0-alpha.0 release commit
  • 1786dc5 autogen: pin v0.10.0-alpha.0.pre.0 release commit
  • 2a63481 autogen: pin v0.10.0-alpha.0.pre.1 release commit
  • 46a659f autogen: regenerate SDK
  • 97f638d build: do not include VCS info (#990)
  • 63cc034 chore(deps): bump @grpc/grpc-js from 1.6.12 to 1.7.1 in /proto
  • 0a93f24 chore(deps): bump @grpc/grpc-js from 1.6.8 to 1.6.12 in /proto (#998)
  • 065c2bb chore(deps): bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 (#996)
  • 1e430f5 chore(deps): bump github.com/gofrs/uuid
  • 3fadc8f chore(deps): bump github.com/ory/x from 0.0.469 to 0.0.473 (#1027)
  • 1328bdb chore(deps): bump github.com/tidwall/gjson from 1.14.1 to 1.14.3 (#987)
  • a3e3be1 chore(deps): bump go-swagger dev tool
  • f101060 chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  • a18b5cf chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#978)
  • 9f983e6 chore(deps): bump go.opentelemetry.io/otel from 1.9.0 to 1.10.0 (#1018)
  • b3eb645 chore(deps): bump golang in /.docker (#979)
  • e41ef26 chore(deps): update some more minor versions
  • adfcfd6 chore: bump deps (#1021)
  • 772ab00 chore: bump go to 1.19
  • ea27ba4 chore: cleanup and test improvements
  • 1daec0d chore: code cleanup
  • b6c93ba chore: deprecate namespace validate command
  • 30e75b9 chore: export CLI commands (#1030)
  • d92884e chore: export more CLI commands (#1031)
  • e235520 chore: fix linter warnings
  • c110e1f chore: fix linter warnings
  • 8ad039f chore: format using Make (#1022)
  • ff11a33 chore: ignore false-positive CVE detection
  • 46d39c1 chore: improve option passing (#995)
  • 6f291f8 chore: remove deprecated command placeholders
  • 7a5e681 chore: remove double-tabs in Makefile
  • 1094347 chore: remove unused yq dependency
  • c614e91 chore: retract pre tag proto/v0.9.0-alpha.0.pre.0 (#993)
  • 03d2e8f chore: sort package.json (#1006)
  • b312324 chore: update Prettier and ory-prettier-style and format everything (#1004)
  • 3d1cd99 chore: update repository templates
  • 5b3e731 chore: update repository templates
  • db7c21f chore: update repository templates
  • f8eb8c5 chore: update repository templates to ory/meta@19eed81
  • fa69fb3 chore: update repository templates to ory/meta@4ef1342
  • 11ead73 chore: update repository templates to ory/meta@935cc04
  • 5212e64 ci: test namespace type lib
  • 1d87908 ci: use go1.19
  • 065ce46 docs: add initial documentation example for rewrites
  • b054b24 docs: fix version meta schema
  • 446fe7d feat: OPL typescript library on npm
  • 5110f63 feat: add bearer token auth
  • 0ce1519 feat: configure subject-set rewrites
  • 5f056b7 feat: fine-grained control over transport security
  • ec979df feat: simpler notation for subjects w/o relation
  • 6f61af8 feat: subject-set rewrites
  • 1760459 feat: support subject sets in check
  • ea9dda9 fix: concurrency-safe graph utils
  • 8b30508 fix: correct paths in TypeScript SDK (#1025)
  • 1f9fa96 fix: do not setup /etc/nsswitch.conf on alpine Go fixed the initial issue and does not rely on that file anymore, see golang/go#35305
  • 5f4c19b fix: race in serve metrics init
  • 54c00c3 fix: remove check constraint
  • 96ff767 fix: request metrics (#1007)
  • acc1546 fix: sdk generation
  • b1ffd6b fix: use TLS in gRPC client (#988)
  • 3a5fb2c fix: uuid mapping migration paginates
  • a22dd19 fix: validate tuples for non-nil subject
  • 6a0b2fe refactor: generalize tree structure This will allow reusing the tree to provide debug info on how a check decision was reached.
  • 93aee83 test: add cases for checking subject sets inspired by and closes #985

Artifacts can be verified with cosign using this public key.