From 5c20984b81f3cf8fc12ad6b6cca27cb4ed53dfb0 Mon Sep 17 00:00:00 2001
From: aeneasr <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 29 Jun 2022 16:05:51 +0000
Subject: [PATCH] chore: update repository templates
[skip ci] - updated repository templates to https://github.com/ory/meta/commit/81cbfd3d9e49770d8701731420ef32045e1ce796
---
.github/ISSUE_TEMPLATE/BUG-REPORT.yml | 50 ++--
.github/ISSUE_TEMPLATE/DESIGN-DOC.yml | 32 +--
.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml | 30 +--
.github/config.yml | 2 +-
.github/dependabot.yml | 28 +--
.github/pull_request_template.md | 17 +-
.github/workflows/ci.yaml | 14 +-
.github/workflows/closed_references.yml | 8 +-
.github/workflows/codeql-analysis.yml | 6 +-
.github/workflows/conventional_commits.yml | 75 ++++++
.github/workflows/cve-scan.yaml | 14 +-
.github/workflows/labels.yml | 2 +-
.github/workflows/milestone.yml | 8 +-
.github/workflows/npm_publish_grpc_client.yml | 4 +-
.github/workflows/release-go-grpc-client.yml | 2 +-
.../workflows/single-table-migration-e2e.yml | 2 +-
.github/workflows/stale.yml | 10 +-
.goreleaser.yml | 10 +-
.schema/README.md | 5 +-
.schema/openapi/gen.typescript.yml | 2 +-
CODE_OF_CONDUCT.md | 114 ++++++----
CONTRIBUTING.md | 214 +++++++++++-------
README.md | 82 ++++---
SECURITY.md | 11 +-
UPGRADE.md | 162 +++++++------
contrib/cat-videos-example/docker-compose.yml | 6 +-
.../00-create-tuples/index.js | 42 ++--
.../01-expand-beach/index.js | 26 +--
.../99-cleanup/index.js | 18 +-
.../00-create-tuples/index.js | 22 +-
.../01-list-PM/index.js | 18 +-
.../02-list-coffee-break/index.js | 18 +-
.../99-cleanup/index.js | 16 +-
.../00-write-direct-access/index.js | 20 +-
.../01-check-direct-access/index.js | 20 +-
.../99-cleanup/index.js | 18 +-
docker-compose-build.yaml | 16 +-
docker-compose-mysql.yml | 10 +-
docker-compose-postgres.yml | 8 +-
docker-compose-tracing.yml | 16 +-
docker-compose.yml | 6 +-
docs/README.md | 3 +-
package-lock.json | 8 +-
proto/README.md | 10 +-
proto/ory/keto/README.md | 12 +-
45 files changed, 721 insertions(+), 496 deletions(-)
create mode 100644 .github/workflows/conventional_commits.yml
diff --git a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
index 5bf3e0045..18cbb882c 100644
--- a/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
+++ b/.github/ISSUE_TEMPLATE/BUG-REPORT.yml
@@ -1,17 +1,17 @@
-description: 'Create a bug report'
+description: "Create a bug report"
labels:
- bug
-name: 'Bug Report'
+name: "Bug Report"
body:
- attributes:
value: "Thank you for taking the time to fill out this bug report!\n"
type: markdown
- attributes:
- label: 'Preflight checklist'
+ label: "Preflight checklist"
options:
- label:
- 'I could not find a solution in the existing issues, docs, nor
- discussions.'
+ "I could not find a solution in the existing issues, docs, nor
+ discussions."
required: true
- label:
"I agree to follow this project's [Code of
@@ -22,18 +22,18 @@ body:
Guidelines](https://github.com/ory/keto/blob/master/CONTRIBUTING.md)."
required: true
- label:
- 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.'
+ "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
- label:
- 'I have joined the [Ory Community Slack](https://slack.ory.sh).'
+ "I have joined the [Ory Community Slack](https://slack.ory.sh)."
- label:
- 'I am signed up to the [Ory Security Patch
- Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).'
+ "I am signed up to the [Ory Security Patch
+ Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
id: checklist
type: checkboxes
- attributes:
- description: 'A clear and concise description of what the bug is.'
- label: 'Describe the bug'
- placeholder: 'Tell us what you see!'
+ description: "A clear and concise description of what the bug is."
+ label: "Describe the bug"
+ placeholder: "Tell us what you see!"
id: describe-bug
type: textarea
validations:
@@ -47,17 +47,17 @@ body:
1. Run `docker run ....`
2. Make API Request to with `curl ...`
3. Request fails with response: `{"some": "error"}`
- label: 'Reproducing the bug'
+ label: "Reproducing the bug"
id: reproduce-bug
type: textarea
validations:
required: true
- attributes:
description:
- 'Please copy and paste any relevant log output. This will be
+ "Please copy and paste any relevant log output. This will be
automatically formatted into code, so no need for backticks. Please
- redact any sensitive information'
- label: 'Relevant log output'
+ redact any sensitive information"
+ label: "Relevant log output"
render: shell
placeholder: |
log=error ....
@@ -65,10 +65,10 @@ body:
type: textarea
- attributes:
description:
- 'Please copy and paste any relevant configuration. This will be
+ "Please copy and paste any relevant configuration. This will be
automatically formatted into code, so no need for backticks. Please
- redact any sensitive information!'
- label: 'Relevant configuration'
+ redact any sensitive information!"
+ label: "Relevant configuration"
render: yml
placeholder: |
server:
@@ -77,14 +77,14 @@ body:
id: config
type: textarea
- attributes:
- description: 'What version of our software are you running?'
+ description: "What version of our software are you running?"
label: Version
id: version
type: input
validations:
required: true
- attributes:
- label: 'On which operating system are you observing this issue?'
+ label: "On which operating system are you observing this issue?"
options:
- Ory Cloud
- macOS
@@ -95,19 +95,19 @@ body:
id: operating-system
type: dropdown
- attributes:
- label: 'In which environment are you deploying?'
+ label: "In which environment are you deploying?"
options:
- Ory Cloud
- Docker
- - 'Docker Compose'
- - 'Kubernetes with Helm'
+ - "Docker Compose"
+ - "Kubernetes with Helm"
- Kubernetes
- Binary
- Other
id: deployment
type: dropdown
- attributes:
- description: 'Add any other context about the problem here.'
+ description: "Add any other context about the problem here."
label: Additional Context
id: additional
type: textarea
diff --git a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
index 8e9410ab6..a9531a29d 100644
--- a/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
+++ b/.github/ISSUE_TEMPLATE/DESIGN-DOC.yml
@@ -1,8 +1,8 @@
description:
- 'A design document is needed for non-trivial changes to the code base.'
+ "A design document is needed for non-trivial changes to the code base."
labels:
- rfc
-name: 'Design Document'
+name: "Design Document"
body:
- attributes:
value: |
@@ -18,11 +18,11 @@ body:
after code reviews, and your pull requests will be merged faster.
type: markdown
- attributes:
- label: 'Preflight checklist'
+ label: "Preflight checklist"
options:
- label:
- 'I could not find a solution in the existing issues, docs, nor
- discussions.'
+ "I could not find a solution in the existing issues, docs, nor
+ discussions."
required: true
- label:
"I agree to follow this project's [Code of
@@ -33,18 +33,18 @@ body:
Guidelines](https://github.com/ory/keto/blob/master/CONTRIBUTING.md)."
required: true
- label:
- 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.'
+ "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
- label:
- 'I have joined the [Ory Community Slack](https://slack.ory.sh).'
+ "I have joined the [Ory Community Slack](https://slack.ory.sh)."
- label:
- 'I am signed up to the [Ory Security Patch
- Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).'
+ "I am signed up to the [Ory Security Patch
+ Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
id: checklist
type: checkboxes
- attributes:
description: |
This section gives the reader a very rough overview of the landscape in which the new system is being built and what is actually being built. This isn’t a requirements doc. Keep it succinct! The goal is that readers are brought up to speed but some previous knowledge can be assumed and detailed info can be linked to. This section should be entirely focused on objective background facts.
- label: 'Context and scope'
+ label: "Context and scope"
id: scope
type: textarea
validations:
@@ -53,7 +53,7 @@ body:
- attributes:
description: |
A short list of bullet points of what the goals of the system are, and, sometimes more importantly, what non-goals are. Note, that non-goals aren’t negated goals like “The system shouldn’t crash”, but rather things that could reasonably be goals, but are explicitly chosen not to be goals. A good example would be “ACID compliance”; when designing a database, you’d certainly want to know whether that is a goal or non-goal. And if it is a non-goal you might still select a solution that provides it, if it doesn’t introduce trade-offs that prevent achieving the goals.
- label: 'Goals and non-goals'
+ label: "Goals and non-goals"
id: goals
type: textarea
validations:
@@ -65,7 +65,7 @@ body:
The design doc is the place to write down the trade-offs you made in designing your software. Focus on those trade-offs to produce a useful document with long-term value. That is, given the context (facts), goals and non-goals (requirements), the design doc is the place to suggest solutions and show why a particular solution best satisfies those goals.
The point of writing a document over a more formal medium is to provide the flexibility to express the problem set at hand in an appropriate manner. Because of this, there is no explicit guidance for how to actually describe the design.
- label: 'The design'
+ label: "The design"
id: design
type: textarea
validations:
@@ -74,21 +74,21 @@ body:
- attributes:
description: |
If the system under design exposes an API, then sketching out that API is usually a good idea. In most cases, however, one should withstand the temptation to copy-paste formal interface or data definitions into the doc as these are often verbose, contain unnecessary detail and quickly get out of date. Instead focus on the parts that are relevant to the design and its trade-offs.
- label: 'APIs'
+ label: "APIs"
id: apis
type: textarea
- attributes:
description: |
Systems that store data should likely discuss how and in what rough form this happens. Similar to the advice on APIs, and for the same reasons, copy-pasting complete schema definitions should be avoided. Instead focus on the parts that are relevant to the design and its trade-offs.
- label: 'Data storage'
+ label: "Data storage"
id: persistence
type: textarea
- attributes:
description: |
Design docs should rarely contain code, or pseudo-code except in situations where novel algorithms are described. As appropriate, link to prototypes that show the implementability of the design.
- label: 'Code and pseudo-code'
+ label: "Code and pseudo-code"
id: pseudocode
type: textarea
@@ -101,7 +101,7 @@ body:
On the other end are systems where the possible solutions are very well defined, but it isn’t at all obvious how they could even be combined to achieve the goals. This may be a legacy system that is difficult to change and wasn’t designed to do what you want it to do or a library design that needs to operate within the constraints of the host programming language.
In this situation you may be able to enumerate all the things you can do relatively easily, but you need to creatively put those things together to achieve the goals. There may be multiple solutions, and none of them are really great, and hence such a document should focus on selecting the best way given all identified trade-offs.
- label: 'Degree of constraint'
+ label: "Degree of constraint"
id: constrait
type: textarea
diff --git a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
index 91aee9baa..d981af7e1 100644
--- a/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
+++ b/.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml
@@ -1,8 +1,8 @@
description:
- 'Suggest an idea for this project without a plan for implementation'
+ "Suggest an idea for this project without a plan for implementation"
labels:
- feat
-name: 'Feature Request'
+name: "Feature Request"
body:
- attributes:
value: |
@@ -11,11 +11,11 @@ body:
If you already have a plan to implement a feature or a change, please create a [design document](https://github.com/aeneasr/gh-template-test/issues/new?assignees=&labels=rfc&template=DESIGN-DOC.yml) instead if the change is non-trivial!
type: markdown
- attributes:
- label: 'Preflight checklist'
+ label: "Preflight checklist"
options:
- label:
- 'I could not find a solution in the existing issues, docs, nor
- discussions.'
+ "I could not find a solution in the existing issues, docs, nor
+ discussions."
required: true
- label:
"I agree to follow this project's [Code of
@@ -26,18 +26,18 @@ body:
Guidelines](https://github.com/ory/keto/blob/master/CONTRIBUTING.md)."
required: true
- label:
- 'This issue affects my [Ory Cloud](https://www.ory.sh/) project.'
+ "This issue affects my [Ory Cloud](https://www.ory.sh/) project."
- label:
- 'I have joined the [Ory Community Slack](https://slack.ory.sh).'
+ "I have joined the [Ory Community Slack](https://slack.ory.sh)."
- label:
- 'I am signed up to the [Ory Security Patch
- Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53).'
+ "I am signed up to the [Ory Security Patch
+ Newsletter](https://ory.us10.list-manage.com/subscribe?u=ffb1a878e4ec6c0ed312a3480&id=f605a41b53)."
id: checklist
type: checkboxes
- attributes:
description:
- 'Is your feature request related to a problem? Please describe.'
- label: 'Describe your problem'
+ "Is your feature request related to a problem? Please describe."
+ label: "Describe your problem"
placeholder:
"A clear and concise description of what the problem is. Ex. I'm always
frustrated when [...]"
@@ -50,20 +50,20 @@ body:
Describe the solution you'd like
placeholder: |
A clear and concise description of what you want to happen.
- label: 'Describe your ideal solution'
+ label: "Describe your ideal solution"
id: solution
type: textarea
validations:
required: true
- attributes:
description: "Describe alternatives you've considered"
- label: 'Workarounds or alternatives'
+ label: "Workarounds or alternatives"
id: alternatives
type: textarea
validations:
required: true
- attributes:
- description: 'What version of our software are you running?'
+ description: "What version of our software are you running?"
label: Version
id: version
type: input
@@ -71,7 +71,7 @@ body:
required: true
- attributes:
description:
- 'Add any other context or screenshots about the feature request here.'
+ "Add any other context or screenshots about the feature request here."
label: Additional Context
id: additional
type: textarea
diff --git a/.github/config.yml b/.github/config.yml
index 0d121fe18..ea3356979 100644
--- a/.github/config.yml
+++ b/.github/config.yml
@@ -1,3 +1,3 @@
todo:
- keyword: '@todo'
+ keyword: "@todo"
label: todo
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 498f96333..8fa58e19e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,22 +1,22 @@
version: 2
updates:
- - package-ecosystem: 'gomod'
- directory: '/'
+ - package-ecosystem: "gomod"
+ directory: "/"
schedule:
- interval: 'daily'
- - package-ecosystem: 'gomod'
- directory: '/proto'
+ interval: "daily"
+ - package-ecosystem: "gomod"
+ directory: "/proto"
schedule:
- interval: 'daily'
- - package-ecosystem: 'npm'
- directory: '/'
+ interval: "daily"
+ - package-ecosystem: "npm"
+ directory: "/"
schedule:
- interval: 'daily'
- - package-ecosystem: 'npm'
- directory: '/proto'
+ interval: "daily"
+ - package-ecosystem: "npm"
+ directory: "/proto"
schedule:
- interval: 'daily'
- - package-ecosystem: 'github-actions'
- directory: '/'
+ interval: "daily"
+ - package-ecosystem: "github-actions"
+ directory: "/"
schedule:
interval: "daily"
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index d8bcb167f..8125a1915 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -38,13 +38,18 @@ If you're unsure about any of them, don't hesitate to ask. We're here to help!
-->
- [ ] I have read the [contributing guidelines](../blob/master/CONTRIBUTING.md).
-- [ ] I have referenced an issue containing the design document if my change introduces a new feature.
-- [ ] I am following the [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code).
+- [ ] I have referenced an issue containing the design document if my change
+ introduces a new feature.
+- [ ] I am following the
+ [contributing code guidelines](../blob/master/CONTRIBUTING.md#contributing-code).
- [ ] I have read the [security policy](../security/policy).
-- [ ] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security.
- vulnerability, I confirm that I got green light (please contact [security@ory.sh](mailto:security@ory.sh)) from the
- maintainers to push the changes.
-- [ ] I have added tests that prove my fix is effective or that my feature works.
+- [ ] I confirm that this pull request does not address a security
+ vulnerability. If this pull request addresses a security. vulnerability, I
+ confirm that I got green light (please contact
+ [security@ory.sh](mailto:security@ory.sh)) from the maintainers to push
+ the changes.
+- [ ] I have added tests that prove my fix is effective or that my feature
+ works.
- [ ] I have added or changed [the documentation](https://github.com/ory/docs).
## Further Comments
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ab4e555a8..25eec8976 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -4,7 +4,7 @@ on:
branches:
- master
tags:
- - '*'
+ - "*"
pull_request:
# Cancel in-progress runs in current workflow.
@@ -79,7 +79,9 @@ jobs:
go mod tidy
go test ./...
- name: Test Keto
- run: .bin/go-acc --ignore "internal/httpclient,internal/httpclient-next" -o coverage.txt ./... -- -tags sqlite
+ run:
+ .bin/go-acc --ignore "internal/httpclient,internal/httpclient-next" -o
+ coverage.txt ./... -- -tags sqlite
- run: |
.bin/goveralls -service=github -coverprofile=coverage.txt
env:
@@ -200,7 +202,7 @@ jobs:
mailchimp_list_id: f605a41b53
mailchmip_segment_id: 6479489
mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }}
- draft: 'true'
+ draft: "true"
ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }}
slack-approval-notification:
@@ -227,7 +229,7 @@ jobs:
mailchimp_list_id: f605a41b53
mailchmip_segment_id: 6479489
mailchimp_api_key: ${{ secrets.MAILCHIMP_API_KEY }}
- draft: 'false'
+ draft: "false"
ssh_key: ${{ secrets.ORY_BOT_SSH_KEY }}
buf:
@@ -242,10 +244,10 @@ jobs:
go-version: 1.18
- uses: actions/setup-node@v2
with:
- node-version: '15'
+ node-version: "15"
- uses: arduino/setup-protoc@v1
with:
- version: '3.12.x'
+ version: "3.12.x"
- name: Lint and Build
run: make buf
working-directory: current-repo
diff --git a/.github/workflows/closed_references.yml b/.github/workflows/closed_references.yml
index 83eadb32f..2789ac42c 100644
--- a/.github/workflows/closed_references.yml
+++ b/.github/workflows/closed_references.yml
@@ -2,13 +2,13 @@ name: Closed Reference Notifier
on:
schedule:
- - cron: '0 0 * * *'
+ - cron: "0 0 * * *"
workflow_dispatch:
inputs:
issueLimit:
description: Max. number of issues to create
required: true
- default: '5'
+ default: "5"
jobs:
find_closed_references:
@@ -16,10 +16,10 @@ jobs:
runs-on: ubuntu-latest
name: Find closed references
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v2
- uses: actions/setup-node@v2-beta
with:
- node-version: '14'
+ node-version: "14"
- uses: ory/closed-reference-notifier@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 6c09d8061..e610d2377 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -9,7 +9,7 @@
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
-name: 'CodeQL'
+name: "CodeQL"
on:
push:
@@ -18,7 +18,7 @@ on:
# The branches below must be a subset of the branches above
branches: [master]
schedule:
- - cron: '39 6 * * 0'
+ - cron: "39 6 * * 0"
jobs:
analyze:
@@ -32,7 +32,7 @@ jobs:
strategy:
fail-fast: false
matrix:
- language: ['go', 'javascript']
+ language: ["go", "javascript"]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
diff --git a/.github/workflows/conventional_commits.yml b/.github/workflows/conventional_commits.yml
new file mode 100644
index 000000000..9d92dcb88
--- /dev/null
+++ b/.github/workflows/conventional_commits.yml
@@ -0,0 +1,75 @@
+name: Conventional commits
+
+on:
+ pull_request_target: # enable Pull Requests from forks, uses config from master branch
+ types: [opened, edited, reopened, ready_for_review]
+ # pull_request: # for debugging, uses config in local branch but supports only Pull Requests from this repo
+
+jobs:
+ main:
+ name: Validate PR title
+ runs-on: ubuntu-latest
+ steps:
+ - uses: amannn/action-semantic-pull-request@v4
+ id: check-title
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ types: |
+ feat
+ fix
+ revert
+ docs
+ style
+ refactor
+ test
+ build
+ autogen
+ security
+ ci
+ chore
+
+ scopes: |
+ blog
+ cms
+ deps
+ docs
+ home
+ hydra
+ keto
+ kratos
+ stats
+
+ requireScope: false
+
+ # Configure which scopes are disallowed in PR titles. For instance by setting
+ # the value below, `chore(release): ...` and `ci(e2e,release): ...` will be rejected.
+ # disallowScopes: |
+ # release
+
+ # Configure additional validation for the subject based on a regex.
+ # This example ensures the subject doesn't start with an uppercase character.
+ subjectPattern: ^(?![A-Z]).+$
+
+ # If `subjectPattern` is configured, you can use this property to override
+ # the default error message that is shown when the pattern doesn't match.
+ # The variables `subject` and `title` can be used within the message.
+ subjectPatternError: |
+ The subject should start with a lowercase letter, yours is uppercase:
+ "{subject}"
+
+ # If the PR contains one of these labels, the validation is skipped.
+ # Multiple labels can be separated by newlines.
+ # If you want to rerun the validation when labels change, you might want
+ # to use the `labeled` and `unlabeled` event triggers in your workflow.
+ # ignoreLabels: |
+ # bot
+ # ignore-semantic-pull-request
+
+ # For work-in-progress PRs you can typically use draft pull requests
+ # from GitHub. However, private repositories on the free plan don't have
+ # this option and therefore this action allows you to opt-in to using the
+ # special "[WIP]" prefix to indicate this state. This will avoid the
+ # validation of the PR title and the pull request checks remain pending.
+ # Note that a second check will be reported if this is enabled.
+ # wip: true
diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml
index b57521718..f31aa9400 100644
--- a/.github/workflows/cve-scan.yaml
+++ b/.github/workflows/cve-scan.yaml
@@ -2,12 +2,12 @@ name: Docker Image Scanners
on:
push:
branches:
- - 'master'
+ - "master"
tags:
- - 'v*.*.*'
+ - "v*.*.*"
pull_request:
branches:
- - 'master'
+ - "master"
jobs:
scanners:
@@ -51,11 +51,11 @@ jobs:
if: ${{ always() }}
with:
image-ref: oryd/keto:${{ steps.vars.outputs.sha_short }}
- format: 'table'
- exit-code: '42'
+ format: "table"
+ exit-code: "42"
ignore-unfixed: true
- vuln-type: 'os,library'
- severity: 'CRITICAL,HIGH'
+ vuln-type: "os,library"
+ severity: "CRITICAL,HIGH"
- name: Dockle Linter
uses: erzz/dockle-action@v1.1.1
if: ${{ always() }}
diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index d82e86eb4..c470ddc82 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v2
- name: Synchronize Issue Labels
uses: ory/label-sync-action@v0
with:
diff --git a/.github/workflows/milestone.yml b/.github/workflows/milestone.yml
index 7dc232e95..fb47e4a78 100644
--- a/.github/workflows/milestone.yml
+++ b/.github/workflows/milestone.yml
@@ -3,7 +3,7 @@ name: Generate and Publish Milestone Document
on:
workflow_dispatch:
schedule:
- - cron: '0 0 * * *'
+ - cron: "0 0 * * *"
jobs:
milestone:
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v2
with:
token: ${{ secrets.TOKEN_PRIVILEGED }}
- name: Milestone Documentation Generator
@@ -23,8 +23,8 @@ jobs:
- name: Commit Milestone Documentation
uses: EndBug/add-and-commit@v4.4.0
with:
- message: 'autogen(docs): update milestone document'
+ message: "autogen(docs): update milestone document"
author_name: aeneasr
- author_email: '3372410+aeneasr@users.noreply.github.com'
+ author_email: "3372410+aeneasr@users.noreply.github.com"
env:
GITHUB_TOKEN: ${{ secrets.TOKEN_PRIVILEGED }}
diff --git a/.github/workflows/npm_publish_grpc_client.yml b/.github/workflows/npm_publish_grpc_client.yml
index 4cfd537ff..fb854616d 100644
--- a/.github/workflows/npm_publish_grpc_client.yml
+++ b/.github/workflows/npm_publish_grpc_client.yml
@@ -18,8 +18,8 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-node@v1
with:
- node-version: '14'
- registry-url: 'https://registry.npmjs.org'
+ node-version: "14"
+ registry-url: "https://registry.npmjs.org"
- run: sudo npm i -g npm@7
- name: Bump version
run: |-
diff --git a/.github/workflows/release-go-grpc-client.yml b/.github/workflows/release-go-grpc-client.yml
index 3be3b351f..6cf18ab3f 100644
--- a/.github/workflows/release-go-grpc-client.yml
+++ b/.github/workflows/release-go-grpc-client.yml
@@ -21,7 +21,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
- go-version: '1.17'
+ go-version: "1.17"
- name: Download dependencies
run: cd proto; go mod tidy
- name: Test
diff --git a/.github/workflows/single-table-migration-e2e.yml b/.github/workflows/single-table-migration-e2e.yml
index bfe0dc111..f6f85f845 100644
--- a/.github/workflows/single-table-migration-e2e.yml
+++ b/.github/workflows/single-table-migration-e2e.yml
@@ -16,7 +16,7 @@ jobs:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
- go-version: '1.16'
+ go-version: "1.16"
- name: Run test script
run: ./scripts/single-table-migration-e2e.sh
- uses: actions/upload-artifact@v3
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 395cb6920..eb36db174 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -1,8 +1,8 @@
-name: 'Close Stale Issues'
+name: "Close Stale Issues"
on:
workflow_dispatch:
schedule:
- - cron: '0 0 * * *'
+ - cron: "0 0 * * *"
jobs:
stale:
@@ -35,10 +35,10 @@ jobs:
Thank you for your understanding and to anyone who participated in the conversation! And as written above, please do participate in the conversation if this topic is important to you!
Thank you 🙏✌️
- stale-issue-label: 'stale'
- exempt-issue-labels: 'bug,blocking,docs,backlog'
+ stale-issue-label: "stale"
+ exempt-issue-labels: "bug,blocking,docs,backlog"
days-before-stale: 365
days-before-close: 30
exempt-milestones: true
exempt-assignees: true
- only-pr-labels: 'stale'
+ only-pr-labels: "stale"
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 6e0d316f8..a2c8facf8 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -6,8 +6,8 @@ includes:
variables:
brew_name: keto
- brew_description: 'The Ory Authorization Server (Ory Keto)'
- buildinfo_hash: 'github.com/ory/keto/internal/driver/config.Commit'
- buildinfo_tag: 'github.com/ory/keto/internal/driver/config.Version'
- buildinfo_date: 'github.com/ory/keto/internal/driver/config.Date'
- dockerfile: '.docker/Dockerfile-alpine'
+ brew_description: "The Ory Authorization Server (Ory Keto)"
+ buildinfo_hash: "github.com/ory/keto/internal/driver/config.Commit"
+ buildinfo_tag: "github.com/ory/keto/internal/driver/config.Version"
+ buildinfo_date: "github.com/ory/keto/internal/driver/config.Date"
+ dockerfile: ".docker/Dockerfile-alpine"
diff --git a/.schema/README.md b/.schema/README.md
index 245091ef8..2de087297 100644
--- a/.schema/README.md
+++ b/.schema/README.md
@@ -1,4 +1,5 @@
The schemas in this directory are meant for external and public use.
-The config schema is generated from the internal one at `internal/driver/config/config.schema.json`, so in case of changes to the
-config schema, please edit that internal schema instead.
+The config schema is generated from the internal one at
+`internal/driver/config/config.schema.json`, so in case of changes to the config
+schema, please edit that internal schema instead.
diff --git a/.schema/openapi/gen.typescript.yml b/.schema/openapi/gen.typescript.yml
index 5b640545f..8030dff4e 100644
--- a/.schema/openapi/gen.typescript.yml
+++ b/.schema/openapi/gen.typescript.yml
@@ -1,4 +1,4 @@
-npmName: '@ory/kratos-client'
+npmName: "@ory/kratos-client"
npmVersion: 0.0.0
# typescriptThreePlus: true
#npmRepository: https://github.com/ory/sdk.git
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index e067a0441..da4b27661 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -2,98 +2,128 @@
## Our Pledge
-We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone,
-regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
identity and orientation.
-We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
## Our Standards
-Examples of behavior that contributes to a positive environment for our community include:
+Examples of behavior that contributes to a positive environment for our
+community include:
- Demonstrating empathy and kindness toward other people
- Being respectful of differing opinions, viewpoints, and experiences
- Giving and gracefully accepting constructive feedback
-- Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
-- Focusing on what is best not just for us as individuals, but for the overall community
+- Accepting responsibility and apologizing to those affected by our mistakes,
+ and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the overall
+ community
Examples of unacceptable behavior include:
-- The use of sexualized language or imagery, and sexual attention or advances of any kind
+- The use of sexualized language or imagery, and sexual attention or advances of
+ any kind
- Trolling, insulting or derogatory comments, and personal or political attacks
- Public or private harassment
-- Publishing others' private information, such as a physical or email address, without their explicit permission
-- Other conduct which could reasonably be considered inappropriate in a professional setting
+- Publishing others' private information, such as a physical or email address,
+ without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+ professional setting
## Enforcement Responsibilities
-Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and
-fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
-Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and
-other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when
-appropriate.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
## Scope
-This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the
-community in public spaces. Examples of representing our community include using an official e-mail address, posting via an
-official social media account, or acting as an appointed representative at an online or offline event.
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
## Enforcement
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for
-enforcement at [office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and investigated promptly and fairly.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[office@ory.sh](mailto:office@ory.sh). All complaints will be reviewed and
+investigated promptly and fairly.
-All community leaders are obligated to respect the privacy and security of the reporter of any incident.
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
## Enforcement Guidelines
-Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in
-violation of this Code of Conduct:
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
-**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
-**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an
-explanation of why the behavior was inappropriate. A public apology may be requested.
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
### 2. Warning
-**Community Impact**: A violation through a single incident or series of actions.
+**Community Impact**: A violation through a single incident or series of
+actions.
-**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including
-unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding
-interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or
-permanent ban.
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
### 3. Temporary Ban
-**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
-**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of
-time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code
-of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
-**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior,
-harassment of an individual, or aggression toward or disparagement of classes of individuals.
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
-**Consequence**: A permanent ban from any sort of public interaction within the community.
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
## Attribution
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
-Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][mozilla coc].
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder][mozilla coc].
-For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][faq].
-Translations are available at [https://www.contributor-covenant.org/translations][translations].
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][faq]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
[homepage]: https://www.contributor-covenant.org
[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index e55ed367f..f1721fd5d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -29,36 +29,45 @@ https://github.com/ory/meta/blob/master/templates/repository/common/CONTRIBUTING
## Introduction
-_Please note_: We take Ory Keto's security and our users' trust very seriously. If you believe you have found a security issue in
-Ory Keto, please disclose by contacting us at security@ory.sh.
+_Please note_: We take Ory Keto's security and our users' trust very seriously.
+If you believe you have found a security issue in Ory Keto, please disclose by
+contacting us at security@ory.sh.
-There are many ways in which you can contribute. The goal of this document is to provide a high-level overview of how you can get
-involved in Ory.
+There are many ways in which you can contribute. The goal of this document is to
+provide a high-level overview of how you can get involved in Ory.
-As a potential contributor, your changes and ideas are welcome at any hour of the day or night, weekdays, weekends, and holidays.
-Please do not ever hesitate to ask a question or send a pull request.
+As a potential contributor, your changes and ideas are welcome at any hour of
+the day or night, weekdays, weekends, and holidays. Please do not ever hesitate
+to ask a question or send a pull request.
-If you are unsure, just ask or submit the issue or pull request anyways. You won't be yelled at for giving it your best effort.
-The worst that can happen is that you'll be politely asked to change something. We appreciate any sort of contributions, and don't
-want a wall of rules to get in the way of that.
+If you are unsure, just ask or submit the issue or pull request anyways. You
+won't be yelled at for giving it your best effort. The worst that can happen is
+that you'll be politely asked to change something. We appreciate any sort of
+contributions, and don't want a wall of rules to get in the way of that.
-That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts and ensure
-that your contribution won't clash with Ory Keto's direction. A great way to do this is via
-[Ory Keto Discussions](https://github.com/ory/keto/discussions) or the [Ory Chat](https://www.ory.sh/chat).
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash with Ory Keto's direction. A great way to do this is via
+[Ory Keto Discussions](https://github.com/ory/keto/discussions) or the
+[Ory Chat](https://www.ory.sh/chat).
## FAQ
- I am new to the community. Where can I find the
[Ory Community Code of Conduct?](https://github.com/ory/keto/blob/master/CODE_OF_CONDUCT.md)
-- I have a question. Where can I get [answers to questions regarding Ory Keto?](#communication)
+- I have a question. Where can I get
+ [answers to questions regarding Ory Keto?](#communication)
-- I would like to contribute but I am not sure how. Are there [easy ways to contribute?](#how-can-i-contribute)
+- I would like to contribute but I am not sure how. Are there
+ [easy ways to contribute?](#how-can-i-contribute)
[Or good first issues?](https://github.com/search?l=&o=desc&q=label%3A%22help+wanted%22+label%3A%22good+first+issue%22+is%3Aopen+user%3Aory+user%3Aory-corp&s=updated&type=Issues)
-- I want to talk to other Ory Keto users. [How can I become a part of the community?](#communication)
+- I want to talk to other Ory Keto users.
+ [How can I become a part of the community?](#communication)
-- I would like to know what I am agreeing to when I contribute to Ory Keto. Does Ory have
+- I would like to know what I am agreeing to when I contribute to Ory Keto. Does
+ Ory have
[a Contributors License Agreement?](https://cla-assistant.io/ory/keto)
- I would like updates about new versions of Ory Keto.
@@ -69,131 +78,169 @@ that your contribution won't clash with Ory Keto's direction. A great way to do
If you want to start to contribute code right away, take a look at the
[list of good first issues](https://github.com/ory/keto/labels/good%20first%20issue).
-There are many other ways you can contribute. Here are a few things you can do to help out:
+There are many other ways you can contribute. Here are a few things you can do
+to help out:
-- **Give us a star.** It may not seem like much, but it really makes a difference. This is something that everyone can do to help
- out Ory Keto. Github stars help the project gain visibility and stand out.
+- **Give us a star.** It may not seem like much, but it really makes a
+ difference. This is something that everyone can do to help out Ory Keto.
+ Github stars help the project gain visibility and stand out.
-- **Join the community.** Sometimes helping people can be as easy as listening to their problems and offering a different
- perspective. Join our Slack, have a look at discussions in the forum and take part in community events. More info on this in
- [Communication](#communication).
+- **Join the community.** Sometimes helping people can be as easy as listening
+ to their problems and offering a different perspective. Join our Slack, have a
+ look at discussions in the forum and take part in community events. More info
+ on this in [Communication](#communication).
-- **Answer discussions.** There are at all times a number of unanswered discussions on GitHub, you can see an
- [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc). If you think you
- know an answer or can provide some information that might help, please share it! Bonus: You get GitHub achievements for answered
+- **Answer discussions.** There are at all times a number of unanswered
+ discussions on GitHub, you can see an
+ [overview here](https://github.com/discussions?discussions_q=is%3Aunanswered+org%3Aory+sort%3Aupdated-desc).
+ If you think you know an answer or can provide some information that might
+ help, please share it! Bonus: You get GitHub achievements for answered
discussions.
-- **Help with open issues.** We have a lot of open issues for Ory Keto and some of them may lack necessary information, some are
- duplicates of older issues. You can help out by guiding people through the process of filling out the issue template, asking for
- clarifying information, or pointing them to existing issues that match their description of the problem.
+- **Help with open issues.** We have a lot of open issues for Ory Keto and some
+ of them may lack necessary information, some are duplicates of older issues.
+ You can help out by guiding people through the process of filling out the
+ issue template, asking for clarifying information, or pointing them to
+ existing issues that match their description of the problem.
-- **Review documentation changes.** Most documentation just needs a review for proper spelling and grammar. If you think a
- document can be improved in any way, feel free to hit the `edit` button at the top of the page. More info on contributing to
- documentation [here](#contribute-documentation).
+- **Review documentation changes.** Most documentation just needs a review for
+ proper spelling and grammar. If you think a document can be improved in any
+ way, feel free to hit the `edit` button at the top of the page. More info on
+ contributing to documentation [here](#contribute-documentation).
-- **Help with tests.** Pull requests may lack proper tests or test plans. These are needed for the change to be implemented
- safely.
+- **Help with tests.** Pull requests may lack proper tests or test plans. These
+ are needed for the change to be implemented safely.
## Communication
-We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask questions, discuss bugs and feature requests, talk to
-other users of Ory, etc.
+We use [Slack](https://www.ory.sh/chat). You are welcome to drop in and ask
+questions, discuss bugs and feature requests, talk to other users of Ory, etc.
-Check out [Ory Keto Discussions](https://github.com/ory/keto/discussions). This is a great place for in-depth discussions and lots
-of code examples, logs and similar data.
+Check out [Ory Keto Discussions](https://github.com/ory/keto/discussions). This
+is a great place for in-depth discussions and lots of code examples, logs and
+similar data.
-You can also join our community calls, if you want to speak to the Ory team directly or ask some questions. You can find more info
-and participate in [Slack](https://www.ory.sh/chat) in the #community-call channel.
+You can also join our community calls, if you want to speak to the Ory team
+directly or ask some questions. You can find more info and participate in
+[Slack](https://www.ory.sh/chat) in the #community-call channel.
-If you want to receive regular notifications about updates to Ory Keto, consider joining the mailing list. We will _only_ send you
-vital information on the projects that you are interested in.
+If you want to receive regular notifications about updates to Ory Keto, consider
+joining the mailing list. We will _only_ send you vital information on the
+projects that you are interested in.
Also [follow us on twitter](https://twitter.com/orycorp).
## Contribute examples
-One of the most impactful ways to make a contribution is adding examples. You can find an overview of examples using Ory services
-in the [documentation examples page](https://www.ory.sh/docs/examples). Source code for examples can be found in most cases in the
+One of the most impactful ways to make a contribution is adding examples. You
+can find an overview of examples using Ory services in the
+[documentation examples page](https://www.ory.sh/docs/examples). Source code for
+examples can be found in most cases in the
[ory/examples](https://github.com/ory/examples) repository.
_If you would like to contribute a new example, we would love to hear from you!_
-Please [open an issue](https://github.com/ory/examples/issues/new/choose) to describe your example before you start working on it.
-We would love to provide guidance to make for a pleasant contribution experience. Go through this checklist to contribute an
-example:
-
-1. Create a github issue proposing a new example and make sure it's different from an existing one.
-1. Fork the repo and create a feature branch off of `master` so that changes do not get mixed up.
-1. Add a descriptive prefix to commits. This ensures a uniform commit history and helps structure the changelog. Please refer to
- this [list of prefixes for Keto](https://github.com/ory/keto/blob/master/.github/semantic.yml) for an overview.
+Please [open an issue](https://github.com/ory/examples/issues/new/choose) to
+describe your example before you start working on it. We would love to provide
+guidance to make for a pleasant contribution experience. Go through this
+checklist to contribute an example:
+
+1. Create a github issue proposing a new example and make sure it's different
+ from an existing one.
+1. Fork the repo and create a feature branch off of `master` so that changes do
+ not get mixed up.
+1. Add a descriptive prefix to commits. This ensures a uniform commit history
+ and helps structure the changelog. Please refer to this
+ [list of prefixes for Keto](https://github.com/ory/keto/blob/master/.github/semantic.yml)
+ for an overview.
1. Create a `README.md` that explains how to use the example. (Use
[the README template](https://github.com/ory/examples/blob/master/_common/README)).
1. Open a pull request and maintainers will review and merge your example.
## Contribute code
-Unless you are fixing a known bug, we **strongly** recommend discussing it with the core team via a GitHub issue or
-[in our chat](https://www.ory.sh/chat) before getting started to ensure your work is consistent with Ory Keto's roadmap and
-architecture.
+Unless you are fixing a known bug, we **strongly** recommend discussing it with
+the core team via a GitHub issue or [in our chat](https://www.ory.sh/chat)
+before getting started to ensure your work is consistent with Ory Keto's roadmap
+and architecture.
-All contributions are made via pull requests. To make a pull request, you will need a GitHub account; if you are unclear on this
-process, see GitHub's documentation on [forking](https://help.github.com/articles/fork-a-repo) and
-[pull requests](https://help.github.com/articles/using-pull-requests). Pull requests should be targeted at the `master` branch.
-Before creating a pull request, go through this checklist:
+All contributions are made via pull requests. To make a pull request, you will
+need a GitHub account; if you are unclear on this process, see GitHub's
+documentation on [forking](https://help.github.com/articles/fork-a-repo) and
+[pull requests](https://help.github.com/articles/using-pull-requests). Pull
+requests should be targeted at the `master` branch. Before creating a pull
+request, go through this checklist:
1. Create a feature branch off of `master` so that changes do not get mixed up.
-1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local changes against the `master` branch.
-1. Run the full project test suite with the `go test -tags sqlite ./...` (or equivalent) command and confirm that it passes.
-1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is written in Go, `npm run format` if the project is
- written for NodeJS.
-1. Add a descriptive prefix to commits. This ensures a uniform commit history and helps structure the changelog.
- Please refer to this [list of prefixes for Keto](https://github.com/ory/keto/blob/master/.github/semantic.yml) for an overview.
-1. Sign-up with CircleCI so that it has access to your repository with the branch containing your PR. Simply creating a CircleCI
- account is sufficient for the CI jobs to run, you do not need to setup a CircleCI project for the branch.
+1. [Rebase](http://git-scm.com/book/en/Git-Branching-Rebasing) your local
+ changes against the `master` branch.
+1. Run the full project test suite with the `go test -tags sqlite ./...` (or
+ equivalent) command and confirm that it passes.
+1. Run `make format` if a `Makefile` is available, `gofmt -s` if the project is
+ written in Go, `npm run format` if the project is written for NodeJS.
+1. Add a descriptive prefix to commits. This ensures a uniform commit history
+ and helps structure the changelog.
+ Please refer to this
+ [list of prefixes for Keto](https://github.com/ory/keto/blob/master/.github/semantic.yml)
+ for an overview.
+1. Sign-up with CircleCI so that it has access to your repository with the
+ branch containing your PR. Simply creating a CircleCI account is sufficient
+ for the CI jobs to run, you do not need to setup a CircleCI project for the
+ branch.
If a pull request is not ready to be reviewed yet
[it should be marked as a "Draft"](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request).
-Before your contributions can be reviewed you need to sign our [Contributor License Agreement](https://cla-assistant.io/ory/keto).
+Before your contributions can be reviewed you need to sign our
+[Contributor License Agreement](https://cla-assistant.io/ory/keto).
-This agreement defines the terms under which your code is contributed to Ory. More specifically it declares that you have the
-right to, and actually do, grant us the rights to use your contribution. You can see the Apache 2.0 license under which our
-projects are published [here](https://github.com/ory/meta/blob/master/LICENSE).
+This agreement defines the terms under which your code is contributed to Ory.
+More specifically it declares that you have the right to, and actually do, grant
+us the rights to use your contribution. You can see the Apache 2.0 license under
+which our projects are published
+[here](https://github.com/ory/meta/blob/master/LICENSE).
-When pull requests fail testing, authors are expected to update their pull requests to address the failures until the tests pass.
+When pull requests fail testing, authors are expected to update their pull
+requests to address the failures until the tests pass.
Pull requests eligible for review
1. follow the repository's code formatting conventions;
-2. include tests which prove that the change works as intended and does not add regressions;
+2. include tests which prove that the change works as intended and does not add
+ regressions;
3. document the changes in the code and/or the project's documentation;
4. pass the CI pipeline;
-5. have signed our [Contributor License Agreement](https://cla-assistant.io/ory/keto);
+5. have signed our
+ [Contributor License Agreement](https://cla-assistant.io/ory/keto);
6. include a proper git commit message following the
[Conventional Commit Specification](https://www.conventionalcommits.org/en/v1.0.0/).
-If all of these items are checked, the pull request is ready to be reviewed and you should change the status to "Ready for review"
-and
+If all of these items are checked, the pull request is ready to be reviewed and
+you should change the status to "Ready for review" and
[request review from a maintainer](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/requesting-a-pull-request-review).
Reviewers will approve the pull request once they are satisfied with the patch.
## Contribute documentation
-Please provide documentation when changing, removing, or adding features. All Ory Documentation resides in the
-[Ory documentation repository](https://github.com/ory/docs/). For further instructions please head over to the Ory Documentation
+Please provide documentation when changing, removing, or adding features. All
+Ory Documentation resides in the
+[Ory documentation repository](https://github.com/ory/docs/). For further
+instructions please head over to the Ory Documentation
[README.md](https://github.com/ory/docs/blob/master/README.md).
## Disclosing vulnerabilities
-Please disclose vulnerabilities exclusively to [security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues.
+Please disclose vulnerabilities exclusively to
+[security@ory.sh](mailto:security@ory.sh). Do not use GitHub issues.
## Code style
Please follow these guidelines when formatting source code:
- Go code should match the output of `gofmt -s` and pass `golangci-lint run`.
-- NodeJS and JavaScript code should be prettified using `npm run format` where appropriate.
+- NodeJS and JavaScript code should be prettified using `npm run format` where
+ appropriate.
### Working with forks
@@ -224,10 +271,11 @@ Now go to the project's GitHub Pull Request page and click "New pull request"
## Conduct
-Whether you are a regular contributor or a newcomer, we care about making this community a safe place for you and we've got your
-back.
+Whether you are a regular contributor or a newcomer, we care about making this
+community a safe place for you and we've got your back.
[Ory Community Code of Conduct](https://github.com/ory/keto/blob/master/CODE_OF_CONDUCT.md)
-We welcome discussion about creating a welcoming, safe, and productive environment for the community. If you have any questions,
-feedback, or concerns [please let us know](https://www.ory.sh/chat).
+We welcome discussion about creating a welcoming, safe, and productive
+environment for the community. If you have any questions, feedback, or concerns
+[please let us know](https://www.ory.sh/chat).
diff --git a/README.md b/README.md
index 40af716aa..bc46668fd 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,8 @@
-Ory Keto is the first and most popular open source implementation of "Zanzibar: Google's Consistent, Global Authorization System"!
+Ory Keto is the first and most popular open source implementation of "Zanzibar:
+Google's Consistent, Global Authorization System"!
## Ory Cloud
@@ -30,35 +31,46 @@ The easiest way to get started with Ory Software is in Ory Cloud! It is
[**free for developers**](https://console.ory.sh/registration?utm_source=github&utm_medium=banner&utm_campaign=keto-readme),
forever, no credit card required!
-Ory Cloud has easy examples, administrative user interfaces, hosted pages (e.g. for login or registration), support for custom
-domains, collaborative features for your colleagues, and much more!
+Ory Cloud has easy examples, administrative user interfaces, hosted pages (e.g.
+for login or registration), support for custom domains, collaborative features
+for your colleagues, and much more!
### :mega: Community gets Ory Cloud for Free! :mega:
-Ory community members get the Ory Cloud Start Up plan **free for six months**, with all quality-of-life features available, such
-as custom domains and giving your team members access.
+Ory community members get the Ory Cloud Start Up plan **free for six months**,
+with all quality-of-life features available, such as custom domains and giving
+your team members access.
[Sign up with your GitHub account](https://console.ory.sh/registration?preferred_plan=start-up&utm_source=github&utm_medium=banner&utm_campaign=keto-readme-first900)
-and use the coupon code **`FIRST900`** on the _"Start-Up Plan"_ checkout page to claim your free project now! Make sure to be
-signed up to the [Ory Community Slack](https://slack.ory.sh) when using the code!
+and use the coupon code **`FIRST900`** on the _"Start-Up Plan"_ checkout page to
+claim your free project now! Make sure to be signed up to the
+[Ory Community Slack](https://slack.ory.sh) when using the code!
### Google's Zanzibar
-> Determining whether online users are authorized to access digital objects is central to preserving privacy. This paper presents
-> the design, implementation, and deployment of Zanzibar, a global system for storing and evaluating access control lists.
-> Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from
-> hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions
-> respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object
-> contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support
-> services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of
-> greater than 99.999% over 3 years of production use.
+> Determining whether online users are authorized to access digital objects is
+> central to preserving privacy. This paper presents the design, implementation,
+> and deployment of Zanzibar, a global system for storing and evaluating access
+> control lists. Zanzibar provides a uniform data model and configuration
+> language for expressing a wide range of access control policies from hundreds
+> of client services at Google, including Calendar, Cloud, Drive, Maps, Photos,
+> and YouTube. Its authorization decisions respect causal ordering of user
+> actions and thus provide external consistency amid changes to access control
+> lists and object contents. Zanzibar scales to trillions of access control
+> lists and millions of authorization requests per second to support services
+> used by billions of people. It has maintained 95th-percentile latency of less
+> than 10 milliseconds and availability of greater than 99.999% over 3 years of
+> production use.
>
> [Source](https://research.google/pubs/pub48190/)
-If you need to know if a user (or robot, car, service) is allowed to do something - Ory Keto is the right fit for you.
+If you need to know if a user (or robot, car, service) is allowed to do
+something - Ory Keto is the right fit for you.
-Currently, Ory Keto implements the basic API contracts for managing and checking relations ("permissions") with HTTP and gRPC
-APIs. Future versions will include features such as userset rewrites (e.g. RBAC-style role-permission models), Zookies, and more.
-An overview of what is implemented and upcoming can be found at
+Currently, Ory Keto implements the basic API contracts for managing and checking
+relations ("permissions") with HTTP and gRPC APIs. Future versions will include
+features such as userset rewrites (e.g. RBAC-style role-permission models),
+Zookies, and more. An overview of what is implemented and upcoming can be found
+at
[Implemented and Planned Features](https://www.ory.sh/keto/docs/next/implemented-planned-features).
---
@@ -288,7 +300,8 @@ TheCrealm.
### Installation
-Head over to the documentation to learn about ways of [installing ORY Keto](https://www.ory.sh/docs/next/keto/install).
+Head over to the documentation to learn about ways of
+[installing ORY Keto](https://www.ory.sh/docs/next/keto/install).
## Ecosystem
@@ -346,13 +359,14 @@ to perform a certain action on a resource.
### Disclosing Vulnerabilities
-If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub and
-send us an email to [hi@ory.am](mailto:hi@ory.am) instead.
+If you think you found a security vulnerability, please refrain from posting it
+publicly on the forums, the chat, or GitHub and send us an email to
+[hi@ory.am](mailto:hi@ory.am) instead.
## Telemetry
-Our services collect summarized, anonymized data which can optionally be turned off. Click
-[here](https://www.ory.sh/docs/ecosystem/sqa) to learn more.
+Our services collect summarized, anonymized data which can optionally be turned
+off. Click [here](https://www.ory.sh/docs/ecosystem/sqa) to learn more.
### Guide
@@ -364,7 +378,8 @@ The HTTP API is documented [here](https://www.ory.sh/docs/next/keto/sdk/api).
### Upgrading and Changelog
-New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in
+New releases might introduce breaking changes. To help you identify and
+incorporate those changes, we document these changes in
[UPGRADE.md](./UPGRADE.md) and [CHANGELOG.md](./CHANGELOG.md).
### Command Line Documentation
@@ -373,7 +388,8 @@ Run `keto -h` or `keto help`.
### Develop
-We encourage all contributions and recommend you read our [contribution guidelines](./CONTRIBUTING.md).
+We encourage all contributions and recommend you read our
+[contribution guidelines](./CONTRIBUTING.md).
#### Dependencies
@@ -383,7 +399,8 @@ You need Go 1.16+ and (for the test suites):
- GNU Make 4.3
- NodeJS / npm@v7
-It is possible to develop ORY Keto on Windows, but please be aware that all guides assume a Unix shell like bash or zsh.
+It is possible to develop ORY Keto on Windows, but please be aware that all
+guides assume a Unix shell like bash or zsh.
#### Install From Source
@@ -393,7 +410,8 @@ make install
#### Formatting Code
-You can format all code using make format. Our CI checks if your code is properly formatted.
+You can format all code using make format. Our
+CI checks if your code is properly formatted.
#### Running Tests
@@ -418,9 +436,11 @@ go test -tags sqlite -short ./internal/check/...
##### Regular Tests
-Regular tests require a database set up. Our test suite is able to work with docker directly (using
-[ory/dockertest](https://github.com/ory/dockertest)) but we encourage to use the script instead. Using dockertest can bloat the
-number of Docker Images on your system and starting them on each run is quite slow. Instead we recommend doing:
+Regular tests require a database set up. Our test suite is able to work with
+docker directly (using [ory/dockertest](https://github.com/ory/dockertest)) but
+we encourage to use the script instead. Using dockertest can bloat the number of
+Docker Images on your system and starting them on each run is quite slow.
+Instead we recommend doing:
```shell
source ./scripts/test-resetdb.sh
diff --git a/SECURITY.md b/SECURITY.md
index 8152c97a5..70f1ef4dd 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -21,8 +21,8 @@ https://github.com/ory/meta/blob/master/templates/repository/SECURITY.md
## Supported Versions
-We release patches for security vulnerabilities. Which versions are eligible receiving such patches depend on the CVSS v3.0
-Rating:
+We release patches for security vulnerabilities. Which versions are eligible
+receiving such patches depend on the CVSS v3.0 Rating:
| CVSS v3.0 | Supported Versions |
| --------- | ----------------------------------------- |
@@ -31,6 +31,7 @@ Rating:
## Reporting a Vulnerability
-Please report (suspected) security vulnerabilities to **[security@ory.sh](mailto:security@ory.sh)**. You will receive a response
-from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but
-historically within a few days.
+Please report (suspected) security vulnerabilities to
+**[security@ory.sh](mailto:security@ory.sh)**. You will receive a response from
+us within 48 hours. If the issue is confirmed, we will release a patch as soon
+as possible depending on complexity but historically within a few days.
diff --git a/UPGRADE.md b/UPGRADE.md
index 0f31fab89..321a3e57c 100644
--- a/UPGRADE.md
+++ b/UPGRADE.md
@@ -1,8 +1,9 @@
# Upgrading
-The intent of this document is to make migration of breaking changes as easy as possible. Please note that not all breaking
-changes might be included here. Please check the [CHANGELOG.md](./CHANGELOG.md) for a full list of changes before finalizing the
-upgrade process.
+The intent of this document is to make migration of breaking changes as easy as
+possible. Please note that not all breaking changes might be included here.
+Please check the [CHANGELOG.md](./CHANGELOG.md) for a full list of changes
+before finalizing the upgrade process.
@@ -31,8 +32,9 @@ upgrade process.
## 0.4.0-sandbox
-This release focuses on a rework of the SDK pipeline. First of all, we have introduced new SDKs for all popular programming
-languages and published them on their respective package repositories:
+This release focuses on a rework of the SDK pipeline. First of all, we have
+introduced new SDKs for all popular programming languages and published them on
+their respective package repositories:
- [Python](https://pypi.org/project/ory-keto-client/)
- [PHP](https://packagist.org/packages/ory/keto-client)
@@ -41,38 +43,46 @@ languages and published them on their respective package repositories:
- [Java](https://search.maven.org/artifact/sh.ory.keto/keto-client)
- [Ruby](https://rubygems.org/gems/ory-keto-client)
-The SDKs hosted in this repository (under ./sdk/...) have been completely removed. Please use only the SDKs from the above sources
-from now on as it will also remove several issues that were caused by the previous SDK pipeline.
+The SDKs hosted in this repository (under ./sdk/...) have been completely
+removed. Please use only the SDKs from the above sources from now on as it will
+also remove several issues that were caused by the previous SDK pipeline.
Unfortunately, there were breaking changes introduced by the new SDK generation:
-- Several structs and fields have been renamed in the Go SDK. However, nothing else changed so upgrading should be a matter of
- half an hour if you made extensive use of the SDK, or several minutes if just one or two methods are being used.
-- All other SDKs changed to `openapi-generator`, which is a better maintained generator that creates better code than the one
- previously used. This manifests in TypeScript definitions for the NodeJS SDK and several other goodies. We do not have a proper
- migration path for those, unfortunately.
+- Several structs and fields have been renamed in the Go SDK. However, nothing
+ else changed so upgrading should be a matter of half an hour if you made
+ extensive use of the SDK, or several minutes if just one or two methods are
+ being used.
+- All other SDKs changed to `openapi-generator`, which is a better maintained
+ generator that creates better code than the one previously used. This
+ manifests in TypeScript definitions for the NodeJS SDK and several other
+ goodies. We do not have a proper migration path for those, unfortunately.
-If you have issues with upgrading the SDK, please let us know in an issue on this repository!
+If you have issues with upgrading the SDK, please let us know in an issue on
+this repository!
## 0.3.0-sandbox
### Configuration
-The configuration management was updated and now allows configuration via a config file. Environment variables can still be used
-to configure ORY Keto but have been updated. However, old env vars still work but will yield a warning.
+The configuration management was updated and now allows configuration via a
+config file. Environment variables can still be used to configure ORY Keto but
+have been updated. However, old env vars still work but will yield a warning.
An overview of an exemplary configuration file can be found in
[./docs/config.yml](https://github.com/ory/hydra/blob/master/docs/config.yaml).
### ORY Access Control Policies Allowed Endpoint
-Endpoint `/engines/acp/ory/{flavor}/allowed` now returns a 403 error when the request is disallowed.
+Endpoint `/engines/acp/ory/{flavor}/allowed` now returns a 403 error when the
+request is disallowed.
### SDK
-Generation of the Go SDK has moved from [`swagger-codegen`](https://github.com/swagger-api/swagger-codegen) to
-[`go-swagger`](https://github.com/go-swagger/go-swagger). If you wish to migrate your existing SDK integration please open an
-issue.
+Generation of the Go SDK has moved from
+[`swagger-codegen`](https://github.com/swagger-api/swagger-codegen) to
+[`go-swagger`](https://github.com/go-swagger/go-swagger). If you wish to migrate
+your existing SDK integration please open an issue.
## 0.2.0-sandbox
@@ -80,14 +90,18 @@ ORY Keto has been completely reworked. The major goals of this refactoring are:
1. To allow easy extension of existing access control mechanisms.
2. Improve stability and responsiveness.
-3. Support more than one access control mechanism. Future mechanisms include: RBAC, ACL, AWS IAM Policies, ...
+3. Support more than one access control mechanism. Future mechanisms include:
+ RBAC, ACL, AWS IAM Policies, ...
-We know that these changes seem massive. They are, but they will benefit the long-term use of this particular piece of software,
-and they will allow you to build better systems.
+We know that these changes seem massive. They are, but they will benefit the
+long-term use of this particular piece of software, and they will allow you to
+build better systems.
-If you relied on ORY Keto before this release and you are looking for a migration path, don't hesitate to ask in
-[the forums](https://community.ory.sh/) or open a [GitHub issue](https://github.com/ory/keto/issues/new/). Feel free to do the
-same if you want the access control policy feature implemented in ORY Hydra before version `1.0.0`.
+If you relied on ORY Keto before this release and you are looking for a
+migration path, don't hesitate to ask in [the forums](https://community.ory.sh/)
+or open a [GitHub issue](https://github.com/ory/keto/issues/new/). Feel free to
+do the same if you want the access control policy feature implemented in ORY
+Hydra before version `1.0.0`.
### Conceptual changes
@@ -102,10 +116,13 @@ The following things have been completely deprecated:
The following things have changed:
-1. ORY Keto no longer uses ORY Ladon as the engine but instead relies on the [Open Policy Agent](http://openpolicyagent.org/). The
- concept of ORY Ladon Access Policies are working exactly like before, the internal logic however was rewritten in Rego.
+1. ORY Keto no longer uses ORY Ladon as the engine but instead relies on the
+ [Open Policy Agent](http://openpolicyagent.org/). The concept of ORY Ladon
+ Access Policies are working exactly like before, the internal logic however
+ was rewritten in Rego.
2. The "Warden" concept has been deprecated and replaced.
-3. The CLI commands have changed - apart from `serve`, `version`, `migrate sql` - entirely.
+3. The CLI commands have changed - apart from `serve`, `version`,
+ `migrate sql` - entirely.
4. The API has changed (read the next section for information on this).
5. Environment variables changed or have been removed.
@@ -120,66 +137,85 @@ The following things have been added:
The following things remain conceptually untouched:
-1. ORY (Ladon) Access Control Policies with `regex` string `matching-strategy`. This is the logic that ORY Ladon and previous
- versions of ORY Keto implement.
+1. ORY (Ladon) Access Control Policies with `regex` string `matching-strategy`.
+ This is the logic that ORY Ladon and previous versions of ORY Keto implement.
### API Changes
#### Renamed Endpoints
-- `GET,PUT,POST,DELETE /policies[/]` moved to `/engines/acp/ory//policies[/]`.
- - `POST /policies` has been deprecated and merged with `PUT /policies/` which is now available at
- `PUT /engines/acp/ory//policies` and will upsert (insert or update) the policy identified by the `id` field
- in the JSON payload.
- - The request & response payloads **did not change** nor did any of the concepts.
-- `GET,PUT,POST,DELETE /roles[/]` moved to `/engines/acp/ory//roles[/]`.
- - `POST /roles` has been deprecated and merged with `PUT /roles/` which is now available at
- `PUT /engines/acp/ory//policies` and will upsert (insert or update) the role identified by the `id` field
- in the JSON payload.
- - The request & response payloads **did not change** nor did any of the concepts.
-- `POST,GET /roles//members` move to `/engines/acp/ory//roles//members`.
- - `POST /roles` has been moved to `PUT /engines/acp/ory//policies//members` and will upsert (insert or
- update) the role identified by the `id` field in the URL path.
- - The request & response payloads **did not change** nor did any of the concepts.
+- `GET,PUT,POST,DELETE /policies[/]` moved to
+ `/engines/acp/ory//policies[/]`.
+ - `POST /policies` has been deprecated and merged with `PUT /policies/`
+ which is now available at
+ `PUT /engines/acp/ory//policies` and will upsert (insert
+ or update) the policy identified by the `id` field in the JSON payload.
+ - The request & response payloads **did not change** nor did any of the
+ concepts.
+- `GET,PUT,POST,DELETE /roles[/]` moved to
+ `/engines/acp/ory//roles[/]`.
+ - `POST /roles` has been deprecated and merged with `PUT /roles/` which is
+ now available at `PUT /engines/acp/ory//policies` and
+ will upsert (insert or update) the role identified by the `id` field in the
+ JSON payload.
+ - The request & response payloads **did not change** nor did any of the
+ concepts.
+- `POST,GET /roles//members` move to
+ `/engines/acp/ory//roles//members`.
+ - `POST /roles` has been moved to
+ `PUT /engines/acp/ory//policies//members` and will
+ upsert (insert or update) the role identified by the `id` field in the URL
+ path.
+ - The request & response payloads **did not change** nor did any of the
+ concepts.
#### Reworked Endpoints
-The Warden concept has been deprecated. Previously, it was possible to send credentials alongside requests for prior
-authentication. This concept interfered with the clear boundary ORY Keto is focusing on, which is permissioning concepts.
+The Warden concept has been deprecated. Previously, it was possible to send
+credentials alongside requests for prior authentication. This concept interfered
+with the clear boundary ORY Keto is focusing on, which is permissioning
+concepts.
The Warden API featured endpoints such as:
-- `/warden/oauth2/access-tokens/authorize`: Permformed OAuth 2.0 Token Introspection on the `token` field, took the `sub` value of
- the introspection and used that as input to ORY (Ladon) Access Control Policies.
-- `/warden/oauth2/clients/authorize`: Validated the HTTP Basic Authorization Header using the OAuth 2.0 Client Credentials grant
- and took the `username` value of the HTTP Basic Authorization Header and used that as input to ORY (Ladon) Access Control
- Policies.
+- `/warden/oauth2/access-tokens/authorize`: Permformed OAuth 2.0 Token
+ Introspection on the `token` field, took the `sub` value of the introspection
+ and used that as input to ORY (Ladon) Access Control Policies.
+- `/warden/oauth2/clients/authorize`: Validated the HTTP Basic Authorization
+ Header using the OAuth 2.0 Client Credentials grant and took the `username`
+ value of the HTTP Basic Authorization Header and used that as input to ORY
+ (Ladon) Access Control Policies.
-These endpoints have been deprecated without replacement. Another endpoint was `/warden/subjects/authorize` which used the format
-`{ "subject": "peter", "action": "delete", "resource": "something:valuable" }` as syntax. This endpoint is available in the exact
-same format at `/engines/acp/ory//allowed`.
+These endpoints have been deprecated without replacement. Another endpoint was
+`/warden/subjects/authorize` which used the format
+`{ "subject": "peter", "action": "delete", "resource": "something:valuable" }`
+as syntax. This endpoint is available in the exact same format at
+`/engines/acp/ory//allowed`.
#### New Endpoints
- `GET /version`: Returns the running software version.
-- `GET /health/ready`: Returns `{"status": "ok"}` with a 200 HTTP response if the service is ready to accept connections and
- handle data.
-- `GET /health/alive`: Returns `{"status": "ok"}` with a 200 HTTP response if the service is ready to accept connections.
+- `GET /health/ready`: Returns `{"status": "ok"}` with a 200 HTTP response if
+ the service is ready to accept connections and handle data.
+- `GET /health/alive`: Returns `{"status": "ok"}` with a 200 HTTP response if
+ the service is ready to accept connections.
### Migration
-If you relied on ORY Keto before this release and you are looking for a migration path, don't hesitate to
-[contact us](mailto:hi@ory.sh). We will help you migrate and improve this guide as we see more migration use cases.
+If you relied on ORY Keto before this release and you are looking for a
+migration path, don't hesitate to [contact us](mailto:hi@ory.sh). We will help
+you migrate and improve this guide as we see more migration use cases.
#### SQL
-The SQL schema changed completely and it is not possible to migrate from the previous version to this version with just using
-`keto migrate sql`. Please ask in [the forums](https://community.ory.sh/) or open a
+The SQL schema changed completely and it is not possible to migrate from the
+previous version to this version with just using `keto migrate sql`. Please ask
+in [the forums](https://community.ory.sh/) or open a
[GitHub issue](https://github.com/ory/keto/issues/new/) if this affects you.
## 0.0.1
### CORS is disabled by default
-A new environment variable `CORS_ENABLED` was introduced. It sets whether CORS is enabled ("true") or not ("false")". Default is
-disabled.
+A new environment variable `CORS_ENABLED` was introduced. It sets whether CORS
+is enabled ("true") or not ("false")". Default is disabled.
diff --git a/contrib/cat-videos-example/docker-compose.yml b/contrib/cat-videos-example/docker-compose.yml
index c9ec3aaae..546f75f2c 100644
--- a/contrib/cat-videos-example/docker-compose.yml
+++ b/contrib/cat-videos-example/docker-compose.yml
@@ -1,11 +1,11 @@
-version: '3.2'
+version: "3.2"
services:
keto:
image: oryd/keto:v0.7.0-alpha.1-sqlite
ports:
- - '4466:4466'
- - '4467:4467'
+ - "4466:4466"
+ - "4467:4467"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
diff --git a/contrib/docs-code-samples/expand-api-display-access/00-create-tuples/index.js b/contrib/docs-code-samples/expand-api-display-access/00-create-tuples/index.js
index fdb7189da..524a478c5 100644
--- a/contrib/docs-code-samples/expand-api-display-access/00-create-tuples/index.js
+++ b/contrib/docs-code-samples/expand-api-display-access/00-create-tuples/index.js
@@ -1,9 +1,9 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { relationTuples, write, writeService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { relationTuples, write, writeService } from "@ory/keto-grpc-client"
const writeClient = new writeService.WriteServiceClient(
- '127.0.0.1:4467',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4467",
+ grpc.credentials.createInsecure(),
)
const writeRequest = new write.TransactRelationTuplesRequest()
@@ -30,28 +30,28 @@ const addSimpleTuple = (namespace, object, relation, user) => {
}
// ownership
-addSimpleTuple('directories', '/photos', 'owner', 'maureen')
-addSimpleTuple('files', '/photos/beach.jpg', 'owner', 'maureen')
-addSimpleTuple('files', '/photos/mountains.jpg', 'owner', 'laura')
+addSimpleTuple("directories", "/photos", "owner", "maureen")
+addSimpleTuple("files", "/photos/beach.jpg", "owner", "maureen")
+addSimpleTuple("files", "/photos/mountains.jpg", "owner", "laura")
// granted access
-addSimpleTuple('directories', '/photos', 'access', 'laura')
+addSimpleTuple("directories", "/photos", "access", "laura")
// should be subject set rewrite
// owners have access
;[
- ['files', '/photos/beach.jpg'],
- ['files', '/photos/mountains.jpg'],
- ['directories', '/photos']
+ ["files", "/photos/beach.jpg"],
+ ["files", "/photos/mountains.jpg"],
+ ["directories", "/photos"],
].forEach(([namespace, object]) => {
const relationTuple = new relationTuples.RelationTuple()
relationTuple.setNamespace(namespace)
relationTuple.setObject(object)
- relationTuple.setRelation('access')
+ relationTuple.setRelation("access")
const subjectSet = new relationTuples.SubjectSet()
subjectSet.setNamespace(namespace)
subjectSet.setObject(object)
- subjectSet.setRelation('owner')
+ subjectSet.setRelation("owner")
const sub = new relationTuples.Subject()
sub.setSet(subjectSet)
@@ -62,16 +62,16 @@ addSimpleTuple('directories', '/photos', 'access', 'laura')
// should be subject set rewrite
// access on parent means access on child
-;['/photos/beach.jpg', '/photos/mountains.jpg'].forEach((file) => {
+;["/photos/beach.jpg", "/photos/mountains.jpg"].forEach((file) => {
const relationTuple = new relationTuples.RelationTuple()
- relationTuple.setNamespace('files')
+ relationTuple.setNamespace("files")
relationTuple.setObject(file)
- relationTuple.setRelation('access')
+ relationTuple.setRelation("access")
const subjectSet = new relationTuples.SubjectSet()
- subjectSet.setNamespace('directories')
- subjectSet.setObject('/photos')
- subjectSet.setRelation('access')
+ subjectSet.setNamespace("directories")
+ subjectSet.setObject("/photos")
+ subjectSet.setRelation("access")
const sub = new relationTuples.Subject()
sub.setSet(subjectSet)
@@ -82,8 +82,8 @@ addSimpleTuple('directories', '/photos', 'access', 'laura')
writeClient.transactRelationTuples(writeRequest, (error) => {
if (error) {
- console.log('Encountered error', error)
+ console.log("Encountered error", error)
} else {
- console.log('Successfully created tuples')
+ console.log("Successfully created tuples")
}
})
diff --git a/contrib/docs-code-samples/expand-api-display-access/01-expand-beach/index.js b/contrib/docs-code-samples/expand-api-display-access/01-expand-beach/index.js
index 5d57eccd1..e07066ad1 100644
--- a/contrib/docs-code-samples/expand-api-display-access/01-expand-beach/index.js
+++ b/contrib/docs-code-samples/expand-api-display-access/01-expand-beach/index.js
@@ -1,15 +1,15 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { relationTuples, expand, expandService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { relationTuples, expand, expandService } from "@ory/keto-grpc-client"
const expandClient = new expandService.ExpandServiceClient(
- '127.0.0.1:4466',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4466",
+ grpc.credentials.createInsecure(),
)
const subjectSet = new relationTuples.SubjectSet()
-subjectSet.setNamespace('files')
-subjectSet.setRelation('access')
-subjectSet.setObject('/photos/beach.jpg')
+subjectSet.setNamespace("files")
+subjectSet.setRelation("access")
+subjectSet.setObject("/photos/beach.jpg")
const sub = new relationTuples.Subject()
sub.setSet(subjectSet)
@@ -28,8 +28,8 @@ const subjectJSON = (subject) => {
subject_set: {
namespace: set.getNamespace(),
object: set.getObject(),
- relation: set.getRelation()
- }
+ relation: set.getRelation(),
+ },
}
}
@@ -38,19 +38,19 @@ const prettyTree = (tree) => {
const [nodeType, subject, children] = [
tree.getNodeType(),
subjectJSON(tree.getSubject()),
- tree.getChildrenList()
+ tree.getChildrenList(),
]
switch (nodeType) {
case expand.NodeType.NODE_TYPE_LEAF:
- return { type: 'leaf', ...subject }
+ return { type: "leaf", ...subject }
case expand.NodeType.NODE_TYPE_UNION:
- return { type: 'union', children: children.map(prettyTree), ...subject }
+ return { type: "union", children: children.map(prettyTree), ...subject }
}
}
expandClient.expand(expandRequest, (error, resp) => {
if (error) {
- console.log('Encountered error:', error)
+ console.log("Encountered error:", error)
} else {
console.log(JSON.stringify(prettyTree(resp.getTree()), null, 2))
}
diff --git a/contrib/docs-code-samples/expand-api-display-access/99-cleanup/index.js b/contrib/docs-code-samples/expand-api-display-access/99-cleanup/index.js
index 8479500ab..1b64b3600 100644
--- a/contrib/docs-code-samples/expand-api-display-access/99-cleanup/index.js
+++ b/contrib/docs-code-samples/expand-api-display-access/99-cleanup/index.js
@@ -1,9 +1,9 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { write, writeService, read, readService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { write, writeService, read, readService } from "@ory/keto-grpc-client"
const readClient = new readService.ReadServiceClient(
- '127.0.0.1:4466',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4466",
+ grpc.credentials.createInsecure(),
)
const purgeNamespace = (namespace) => {
@@ -15,8 +15,8 @@ const purgeNamespace = (namespace) => {
readClient.listRelationTuples(readRequest, (err, resp) => {
const writeClient = new writeService.WriteServiceClient(
- '127.0.0.1:4467',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4467",
+ grpc.credentials.createInsecure(),
)
const writeRequest = new write.TransactRelationTuplesRequest()
@@ -30,12 +30,12 @@ const purgeNamespace = (namespace) => {
writeClient.transactRelationTuples(writeRequest, (err) => {
if (err) {
- console.log('Unexpected err', err)
+ console.log("Unexpected err", err)
return 1
}
})
})
}
-purgeNamespace('files')
-purgeNamespace('directories')
+purgeNamespace("files")
+purgeNamespace("directories")
diff --git a/contrib/docs-code-samples/list-api-display-objects/00-create-tuples/index.js b/contrib/docs-code-samples/list-api-display-objects/00-create-tuples/index.js
index 4860b52e6..28202ea36 100644
--- a/contrib/docs-code-samples/list-api-display-objects/00-create-tuples/index.js
+++ b/contrib/docs-code-samples/list-api-display-objects/00-create-tuples/index.js
@@ -1,18 +1,18 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { relationTuples, write, writeService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { relationTuples, write, writeService } from "@ory/keto-grpc-client"
const writeClient = new writeService.WriteServiceClient(
- '127.0.0.1:4467',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4467",
+ grpc.credentials.createInsecure(),
)
const writeRequest = new write.TransactRelationTuplesRequest()
const addToChat = (chatName) => (user) => {
const relationTuple = new relationTuples.RelationTuple()
- relationTuple.setNamespace('chats')
+ relationTuple.setNamespace("chats")
relationTuple.setObject(chatName)
- relationTuple.setRelation('member')
+ relationTuple.setRelation("member")
const sub = new relationTuples.Subject()
sub.setId(user)
@@ -25,14 +25,14 @@ const addToChat = (chatName) => (user) => {
writeRequest.addRelationTupleDeltas(tupleDelta)
}
-;['PM', 'Vincent', 'Julia'].forEach(addToChat('memes'))
-;['PM', 'Julia'].forEach(addToChat('cars'))
-;['PM', 'Vincent', 'Julia', 'Patrik'].forEach(addToChat('coffee-break'))
+;["PM", "Vincent", "Julia"].forEach(addToChat("memes"))
+;["PM", "Julia"].forEach(addToChat("cars"))
+;["PM", "Vincent", "Julia", "Patrik"].forEach(addToChat("coffee-break"))
writeClient.transactRelationTuples(writeRequest, (error) => {
if (error) {
- console.log('Encountered error', error)
+ console.log("Encountered error", error)
} else {
- console.log('Successfully created tuples')
+ console.log("Successfully created tuples")
}
})
diff --git a/contrib/docs-code-samples/list-api-display-objects/01-list-PM/index.js b/contrib/docs-code-samples/list-api-display-objects/01-list-PM/index.js
index 43a687ae6..395c0bf1a 100644
--- a/contrib/docs-code-samples/list-api-display-objects/01-list-PM/index.js
+++ b/contrib/docs-code-samples/list-api-display-objects/01-list-PM/index.js
@@ -1,31 +1,31 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { relationTuples, read, readService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { relationTuples, read, readService } from "@ory/keto-grpc-client"
const readClient = new readService.ReadServiceClient(
- '127.0.0.1:4466',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4466",
+ grpc.credentials.createInsecure(),
)
const readRequest = new read.ListRelationTuplesRequest()
const query = new read.ListRelationTuplesRequest.Query()
-query.setNamespace('chats')
-query.setRelation('member')
+query.setNamespace("chats")
+query.setRelation("member")
const sub = new relationTuples.Subject()
-sub.setId('PM')
+sub.setId("PM")
query.setSubject(sub)
readRequest.setQuery(query)
readClient.listRelationTuples(readRequest, (error, resp) => {
if (error) {
- console.log('Encountered error:', error)
+ console.log("Encountered error:", error)
} else {
console.log(
resp
.getRelationTuplesList()
.map((tuple) => tuple.getObject())
- .join('\n')
+ .join("\n"),
)
}
})
diff --git a/contrib/docs-code-samples/list-api-display-objects/02-list-coffee-break/index.js b/contrib/docs-code-samples/list-api-display-objects/02-list-coffee-break/index.js
index 249d3dcf3..95bdd3d26 100644
--- a/contrib/docs-code-samples/list-api-display-objects/02-list-coffee-break/index.js
+++ b/contrib/docs-code-samples/list-api-display-objects/02-list-coffee-break/index.js
@@ -1,28 +1,28 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { read, readService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { read, readService } from "@ory/keto-grpc-client"
const readClient = new readService.ReadServiceClient(
- '127.0.0.1:4466',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4466",
+ grpc.credentials.createInsecure(),
)
const readRequest = new read.ListRelationTuplesRequest()
const query = new read.ListRelationTuplesRequest.Query()
-query.setNamespace('chats')
-query.setObject('coffee-break')
-query.setRelation('member')
+query.setNamespace("chats")
+query.setObject("coffee-break")
+query.setRelation("member")
readRequest.setQuery(query)
readClient.listRelationTuples(readRequest, (error, resp) => {
if (error) {
- console.log('Encountered error:', error)
+ console.log("Encountered error:", error)
} else {
console.log(
resp
.getRelationTuplesList()
.map((tuple) => tuple.getSubject().getId())
- .join('\n')
+ .join("\n"),
)
}
})
diff --git a/contrib/docs-code-samples/list-api-display-objects/99-cleanup/index.js b/contrib/docs-code-samples/list-api-display-objects/99-cleanup/index.js
index 0a50c6d61..30037ddac 100644
--- a/contrib/docs-code-samples/list-api-display-objects/99-cleanup/index.js
+++ b/contrib/docs-code-samples/list-api-display-objects/99-cleanup/index.js
@@ -1,21 +1,21 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { write, writeService, read, readService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { write, writeService, read, readService } from "@ory/keto-grpc-client"
const readClient = new readService.ReadServiceClient(
- '127.0.0.1:4466',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4466",
+ grpc.credentials.createInsecure(),
)
const query = new read.ListRelationTuplesRequest.Query()
-query.setNamespace('chats')
+query.setNamespace("chats")
const readRequest = new read.ListRelationTuplesRequest()
readRequest.setQuery(query)
readClient.listRelationTuples(readRequest, (err, resp) => {
const writeClient = new writeService.WriteServiceClient(
- '127.0.0.1:4467',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4467",
+ grpc.credentials.createInsecure(),
)
const writeRequest = new write.TransactRelationTuplesRequest()
@@ -29,7 +29,7 @@ readClient.listRelationTuples(readRequest, (err, resp) => {
writeClient.transactRelationTuples(writeRequest, (err) => {
if (err) {
- console.log('Unexpected err', err)
+ console.log("Unexpected err", err)
return 1
}
})
diff --git a/contrib/docs-code-samples/simple-access-check-guide/00-write-direct-access/index.js b/contrib/docs-code-samples/simple-access-check-guide/00-write-direct-access/index.js
index 87c53affa..2b46d09ad 100644
--- a/contrib/docs-code-samples/simple-access-check-guide/00-write-direct-access/index.js
+++ b/contrib/docs-code-samples/simple-access-check-guide/00-write-direct-access/index.js
@@ -1,18 +1,18 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { relationTuples, write, writeService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { relationTuples, write, writeService } from "@ory/keto-grpc-client"
const writeClient = new writeService.WriteServiceClient(
- '127.0.0.1:4467',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4467",
+ grpc.credentials.createInsecure(),
)
const relationTuple = new relationTuples.RelationTuple()
-relationTuple.setNamespace('messages')
-relationTuple.setObject('02y_15_4w350m3')
-relationTuple.setRelation('decypher')
+relationTuple.setNamespace("messages")
+relationTuple.setObject("02y_15_4w350m3")
+relationTuple.setRelation("decypher")
const sub = new relationTuples.Subject()
-sub.setId('john')
+sub.setId("john")
relationTuple.setSubject(sub)
const tupleDelta = new write.RelationTupleDelta()
@@ -24,8 +24,8 @@ writeRequest.addRelationTupleDeltas(tupleDelta)
writeClient.transactRelationTuples(writeRequest, (error) => {
if (error) {
- console.log('Encountered error', error)
+ console.log("Encountered error", error)
} else {
- console.log('Successfully created tuple')
+ console.log("Successfully created tuple")
}
})
diff --git a/contrib/docs-code-samples/simple-access-check-guide/01-check-direct-access/index.js b/contrib/docs-code-samples/simple-access-check-guide/01-check-direct-access/index.js
index 2abf232a0..368f75be2 100644
--- a/contrib/docs-code-samples/simple-access-check-guide/01-check-direct-access/index.js
+++ b/contrib/docs-code-samples/simple-access-check-guide/01-check-direct-access/index.js
@@ -1,24 +1,24 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { relationTuples, check, checkService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { relationTuples, check, checkService } from "@ory/keto-grpc-client"
const checkClient = new checkService.CheckServiceClient(
- '127.0.0.1:4466',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4466",
+ grpc.credentials.createInsecure(),
)
const checkRequest = new check.CheckRequest()
-checkRequest.setNamespace('messages')
-checkRequest.setObject('02y_15_4w350m3')
-checkRequest.setRelation('decypher')
+checkRequest.setNamespace("messages")
+checkRequest.setObject("02y_15_4w350m3")
+checkRequest.setRelation("decypher")
const sub = new relationTuples.Subject()
-sub.setId('john')
+sub.setId("john")
checkRequest.setSubject(sub)
checkClient.check(checkRequest, (error, resp) => {
if (error) {
- console.log('Encountered error:', error)
+ console.log("Encountered error:", error)
} else {
- console.log(resp.getAllowed() ? 'Allowed' : 'Denied')
+ console.log(resp.getAllowed() ? "Allowed" : "Denied")
}
})
diff --git a/contrib/docs-code-samples/simple-access-check-guide/99-cleanup/index.js b/contrib/docs-code-samples/simple-access-check-guide/99-cleanup/index.js
index 475a49c2d..3e6310fa4 100644
--- a/contrib/docs-code-samples/simple-access-check-guide/99-cleanup/index.js
+++ b/contrib/docs-code-samples/simple-access-check-guide/99-cleanup/index.js
@@ -1,18 +1,18 @@
-import grpc from '@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js'
-import { relationTuples, write, writeService } from '@ory/keto-grpc-client'
+import grpc from "@ory/keto-grpc-client/node_modules/@grpc/grpc-js/build/src/index.js"
+import { relationTuples, write, writeService } from "@ory/keto-grpc-client"
const writeClient = new writeService.WriteServiceClient(
- '127.0.0.1:4467',
- grpc.credentials.createInsecure()
+ "127.0.0.1:4467",
+ grpc.credentials.createInsecure(),
)
const relationTuple = new relationTuples.RelationTuple()
-relationTuple.setNamespace('messages')
-relationTuple.setObject('02y_15_4w350m3')
-relationTuple.setRelation('decypher')
+relationTuple.setNamespace("messages")
+relationTuple.setObject("02y_15_4w350m3")
+relationTuple.setRelation("decypher")
const sub = new relationTuples.Subject()
-sub.setId('john')
+sub.setId("john")
relationTuple.setSubject(sub)
const tupleDelta = new write.RelationTupleDelta()
@@ -24,7 +24,7 @@ writeRequest.addRelationTupleDeltas(tupleDelta)
writeClient.transactRelationTuples(writeRequest, (err) => {
if (err) {
- console.log('Unexpected err', err)
+ console.log("Unexpected err", err)
return 1
}
})
diff --git a/docker-compose-build.yaml b/docker-compose-build.yaml
index 305be9490..976606bb7 100644
--- a/docker-compose-build.yaml
+++ b/docker-compose-build.yaml
@@ -1,20 +1,20 @@
-version: '3'
+version: "3"
services:
keto:
build:
- context: '.'
- dockerfile: '.docker/Dockerfile-build'
+ context: "."
+ dockerfile: ".docker/Dockerfile-build"
ports:
- - '4466:4466'
- - '4467:4467'
- - '4468:4468'
+ - "4466:4466"
+ - "4467:4467"
+ - "4468:4468"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
- type: bind
- source: './config'
- target: '/home/ory'
+ source: "./config"
+ target: "/home/ory"
environment:
- LOG_LEVEL=debug
- PORT=4466
diff --git a/docker-compose-mysql.yml b/docker-compose-mysql.yml
index b6211ca5f..940c5af6e 100644
--- a/docker-compose-mysql.yml
+++ b/docker-compose-mysql.yml
@@ -1,4 +1,4 @@
-version: '3.2'
+version: "3.2"
services:
keto-migrate:
image: oryd/keto:v0.8.0-alpha.2
@@ -11,7 +11,7 @@ services:
environment:
- LOG_LEVEL=debug
- DSN=mysql://root:secret@mysqld:3306/mysql&max_conns=20&max_idle_conns=4
- command: ['migrate', 'up', '-y']
+ command: ["migrate", "up", "-y"]
restart: on-failure
keto:
links:
@@ -21,8 +21,8 @@ services:
source: ./config
target: /home/ory
ports:
- - '4466:4466'
- - '4467:4467'
+ - "4466:4466"
+ - "4467:4467"
depends_on:
- keto-migrate
environment:
@@ -30,6 +30,6 @@ services:
mysqld:
image: mysql:5.7
ports:
- - '3306:3306'
+ - "3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=secret
diff --git a/docker-compose-postgres.yml b/docker-compose-postgres.yml
index 4fedc9b19..5672a8c1d 100644
--- a/docker-compose-postgres.yml
+++ b/docker-compose-postgres.yml
@@ -1,4 +1,4 @@
-version: '3.2'
+version: "3.2"
services:
keto-migrate:
image: oryd/keto:v0.8.0-alpha.2
@@ -11,7 +11,7 @@ services:
environment:
- LOG_LEVEL=debug
- DSN=postgres://dbuser:secret@postgresd:5432/accesscontroldb?sslmode=disable
- command: ['migrate', 'up', '-y']
+ command: ["migrate", "up", "-y"]
restart: on-failure
keto:
links:
@@ -21,8 +21,8 @@ services:
source: ./config
target: /home/ory
ports:
- - '4466:4466'
- - '4467:4467'
+ - "4466:4466"
+ - "4467:4467"
depends_on:
- keto-migrate
environment:
diff --git a/docker-compose-tracing.yml b/docker-compose-tracing.yml
index 500b1b973..7fb2a5584 100644
--- a/docker-compose-tracing.yml
+++ b/docker-compose-tracing.yml
@@ -9,7 +9,7 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-version: '3'
+version: "3"
services:
keto:
depends_on:
@@ -22,10 +22,10 @@ services:
jaeger:
image: jaegertracing/all-in-one:1.7.0
ports:
- - '5775:5775/udp'
- - '6831:6831/udp'
- - '6832:6832/udp'
- - '5778:5778'
- - '16686:16686'
- - '14268:14268'
- - '9411:9411'
+ - "5775:5775/udp"
+ - "6831:6831/udp"
+ - "6832:6832/udp"
+ - "5778:5778"
+ - "16686:16686"
+ - "14268:14268"
+ - "9411:9411"
diff --git a/docker-compose.yml b/docker-compose.yml
index a60ce9341..4dd55c88b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,10 @@
-version: '3'
+version: "3"
services:
keto:
image: oryd/keto:v0.8.0-alpha.2
ports:
- - '4466:4466'
- - '4467:4467'
+ - "4466:4466"
+ - "4467:4467"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
diff --git a/docs/README.md b/docs/README.md
index 980bdbb06..7da9b86a8 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -1,6 +1,7 @@
# Documentation
-Please find the documentation at [www.ory.sh/docs/keto](https://www.ory.sh/docs/keto).
+Please find the documentation at
+[www.ory.sh/docs/keto](https://www.ory.sh/docs/keto).
To contribute to the documentation, please head over to:
[github.com/ory/docs/tree/master/docs/keto](https://github.com/ory/docs/tree/master/docs/keto)
diff --git a/package-lock.json b/package-lock.json
index 21697ddaa..618bed269 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -782,7 +782,7 @@
"version": "0.1.13",
"resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz",
"integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==",
- "devOptional": true,
+ "dev": true,
"dependencies": {
"iconv-lite": "^0.6.2"
}
@@ -791,7 +791,7 @@
"version": "0.6.3",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
"integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
- "devOptional": true,
+ "dev": true,
"dependencies": {
"safer-buffer": ">= 2.1.2 < 3.0.0"
},
@@ -3305,7 +3305,7 @@
"version": "0.1.13",
"resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz",
"integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==",
- "devOptional": true,
+ "dev": true,
"requires": {
"iconv-lite": "^0.6.2"
},
@@ -3314,7 +3314,7 @@
"version": "0.6.3",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
"integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
- "devOptional": true,
+ "dev": true,
"requires": {
"safer-buffer": ">= 2.1.2 < 3.0.0"
}
diff --git a/proto/README.md b/proto/README.md
index 8d06a576a..88f25c77d 100644
--- a/proto/README.md
+++ b/proto/README.md
@@ -1,8 +1,10 @@
# Ory Keto gRPC Client
-This package provides the generated gRPC client for [Ory Keto](https://ory.sh/keto). Go to
+This package provides the generated gRPC client for
+[Ory Keto](https://ory.sh/keto). Go to
[the documentation](https://ory.sh/keto/docs) to learn more
-The protocol buffer compiler, `protoc`, is used to compile `.proto` files, which contain service and message definitions. Go to
-[the gRPC documentation](https://grpc.io/docs/protoc-installation/#install-pre-compiled-binaries-any-os) for installation
-instructions.
+The protocol buffer compiler, `protoc`, is used to compile `.proto` files, which
+contain service and message definitions. Go to
+[the gRPC documentation](https://grpc.io/docs/protoc-installation/#install-pre-compiled-binaries-any-os)
+for installation instructions.
diff --git a/proto/ory/keto/README.md b/proto/ory/keto/README.md
index 7b8d442e0..ba8b9fd0d 100644
--- a/proto/ory/keto/README.md
+++ b/proto/ory/keto/README.md
@@ -1,12 +1,16 @@
# Notes
-> ORY Keto is still a `sandbox` project and the included APIs are unstable until we reach `v1` and release `v1.0.0` of Keto!
+> ORY Keto is still a `sandbox` project and the included APIs are unstable until
+> we reach `v1` and release `v1.0.0` of Keto!
>
-> Older API versions, such as `v1alpha2`, will still get support for a reasonable amount of time after release of `v1`!
+> Older API versions, such as `v1alpha2`, will still get support for a
+> reasonable amount of time after release of `v1`!
-This directory contains the ProtoBuf & gRPC definitions for the Access Control APIs.
+This directory contains the ProtoBuf & gRPC definitions for the Access Control
+APIs.
-**ACL is the flexible and scalable "base system" all other access control schemes built upon.**
+**ACL is the flexible and scalable "base system" all other access control
+schemes built upon.**
## Directory layout