Skip to content

Latest commit

 

History

History
1646 lines (1366 loc) · 80.7 KB

CHANGELOG.md

File metadata and controls

1646 lines (1366 loc) · 80.7 KB
Raw

Table of Contents

0.0.0 (2021-10-25)

Bug Fixes

  • Panic on macOS (059a6f9)

  • Slow keto start up time (b7c620c):

    Found a deeply nested dependency which was importing https://github.com/markbates/pkger, causing unreasonable CPU consumption and significant delay at start up time. With this patch, start up time was reduced from almost 1.7s to 0.02s.

    $ time keto
keto  1.65s user 2.02s system 734% cpu 0.499 total

$ time ./keto-patch
./keto-patch  0.02s user 0.01s system 6% cpu 0.425 total

0.7.0-alpha.1 (2021-10-19)

This release provides small docs fixes especially for SDK clients.

Code Generation

  • Pin v0.7.0-alpha.1 release commit (0d1e33a)

Documentation

  • Adjust details missed for v0.7 (#762) (caa18c0)
  • Correct required annotation for List API parameters (#760) (ba1bec9)
  • Make max-depth expand parameter required (#755) (6d51422)

0.7.0-alpha.0 (2021-10-06)

We are proud to present you a new release of Ory Keto! It has been a while, but we have been working hard not only on code, but also concepts and discussing many upcoming features. To join us on this exciting journey, watch 👀 and start ⭐ the repository.

At a first glance the release might not look too exciting from the outside, but we had 376 changed files with 47,578 additions and 25,418 deletions. In total, 12 contributors worked on the 192 commits. The most changes were bug fixes, internal refactoring, and improving API consistency. Expect a more reliable Keto, that is also prepared to receive many new exciting features.

Because the database schema changed significantly, and it is not possible to have SQL-only migrations, there is a special migration procedure needed to upgrade from Ory Keto v0.6. Please follow the migration guide and, as always, read the changelog before upgrading.

Breaking Changes

This patch changes the payload of the REST API. The gRPC API is not affected. The parameter subject was previously an encoded string. With this change clients have to explicitly use either subject_id or (subject_set.namespace and subject_set.object and subject_set.relation). The same is true for REST responses returned by Keto. An error with a hint will be returned if subject is still used.

Bug Fixes

  • make sdk dependency on the Ory CLI (#710) (0cb5706)

  • Add missing tracers (#600) (aa263be), closes #593

  • cli: Panic when printing empty expand trees (#686) (7956dec)

  • Dockerfiles (#737) (f10dec1)

  • Exclude /health endpoints from logs (#716) (7c27f92)

  • Handle relation tuple cycles in expand and check engine (#623) (8e30119)

  • Log all database connection errors (#588) (2b0fad8)

  • Move gRPC client module root up (#620) (3b881f6):

    BREAKING: The npm package @ory/keto-grpc-client from now on includes all API versions. Because of that, the import paths changed. For migrating to the new client package, change the import path according to the following example:

    - import acl from '@ory/keto-grpc-client/acl_pb.js'
+ // from the latest version
+ import { acl } from '@ory/keto-grpc-client'
+ // or a specific one
+ import acl from '@ory/keto-grpc-client/ory/keto/acl/v1alpha1/acl_pb.js'

  • Partially reference upstream schemas (#674) (e49e16c), closes #662:

    This change significantly improves and the config schema. Parts will now be taken from upstream to ensure a more up-to-date schema.

  • Patch REST API input validation and SDK generation (#717) (d49e098)

  • Run a whole namespace migration as one transaction (#739) (142bd47)

  • Set version during release build and register version handler (#714) (8091475)

  • Update docker-compose.yml version (#595) (7fa4dca), closes #549

Chores

  • Update repository templates (f53d3eb)

Code Generation

  • Pin v0.7.0-alpha.0 release commit (7962e77)

Code Refactoring

  • Ensure namespace manager reload is resource contained (#735) (5696fc6)

  • Make subject sets and subject IDs unambiguous (#729) (5a1b0ba)

  • Persistence table structure (#638) (d02b818):

    This big refactoring greatly reduces operation complexity and paves the way for upcoming performance improvements. From now on the relation tuples from all namespaces are stored in the same table, instead of having tables per namespace. A migration path will be provided separately.

Documentation

Features

  • Add gRPC client utils helpers (#657) (8b18802):

    Behold! The Keto gRPC client library now has useful helpers that allow you to replace:

    - deltas := make([]*acl.RelationTupleDelta, len(tuples))
- for i := range rts {
- 	deltas[i] = &acl.RelationTupleDelta{
- 		Action:        acl.RelationTupleDelta_INSERT,
- 		RelationTuple: rts[i],
- 	}
- }
+ deltas := acl.RelationTupleToDeltas(tuples, acl.RelationTupleDelta_INSERT)

    and

    - &acl.Subject{Ref: &acl.Subject_Set{Set: &acl.SubjectSet{
- 	Namespace: "directories",
- 	Object:    "/photos",
- 	Relation:  "access",
- }}}
+ acl.NewSubjectSet("directories", "/photos", "access")

    and

    - &acl.Subject{Ref: &acl.Subject_Id{
- 	Id: "user1",
- }}
+ acl.NewSubjectID("user1")

    Enjoy these new treats 🍫 🍭 🍦

  • Enable telemetry collection for gRPC (#738) (5ac8b0c)

  • Make generated gRPC client its own module (#583) (f0fbb64)

  • Max_idle_conn_time (#605) (50a8623), closes #523

  • Migration to single table SQL schema (#707) (00713bc):

    This change adds a migration path from Keto version v0.6.x to the new persistence structure introduced by ory#638. Every namespace has to be migrated separately, or you can use the CLI to detect and migrate all namespaces at once. Have a look at keto help namespace migrate legacy for all details. Please make sure that you backup the database before running the migration command. Please note that this migration might be a bit slower than usual, as we have to pull the data from the database, transcode it in Keto, and then write it to the new table structure. Versions of Keto >v0.7 will not include this migration script, so you will first have to migrate to v0.7 and move on from there.

  • Support namespace validation from config files (#596) (f4253b8):

    The keto namespace validate command now additionally supports:

    • validation of namespaces in config files
    • validation of a directory specified in config files

Tests

  • Add migration tests (#749) (3b946d0)

  • De-flake status command test (#629) (3bcd0e3):

    Confirmed that the fix works because

    $ go test -tags sqlite -run TestStatusCmd/server_type=read/case=block -count 1000 ./cmd/status

    passed.

  • Ensure problematic chars are not creatable over REST (#709) (12b7954)

  • Single table migration as transaction (#736) (9eda48c)

0.6.0-alpha.3 (2021-04-29)

Resolves CRDB and build issues.

Code Generation

  • Pin v0.6.0-alpha.3 release commit (d766968)

0.6.0-alpha.2 (2021-04-29)

This release improves stability and documentation.

Bug Fixes

Code Generation

  • Pin v0.6.0-alpha.2 release commit (470b2c6)

Documentation

Features

  • Global docs sidebar and added cloud pages (c631c82)
  • Support retryable CRDB transactions (833147d)

0.6.0-alpha.1 (2021-04-07)

We are extremely happy to announce next-gen Ory Keto which implements Zanzibar: Google’s Consistent, Global Authorization System:

Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.

Ory Keto is the first open source planet-scale authorization system built with cloud native technologies (Go, gRPC, newSQL) and architecture. It is also the first open source implementation of Google Zanzibar 🎉!

Many concepts developer by Google Zanzibar are implemented in Ory Keto already. Let's take a look!

As of this release, Ory Keto knows how to interpret and operate on the basic access control lists known as relation tuples. They encode relations between objects and subjects. One simple example of such a relation tuple could encode "user1 has access to file /foo", a more complex one could encode "everyone who has write access on /foo has read access on /foo".

Ory Keto comes with all the basic APIs as described in the Zanzibar paper. All of them are available over gRPC and REST.

  1. List: query relation tuples
  2. Check: determine whether a subject has a relation on an object
  3. Expand: get a tree of all subjects who have a relation on an object
  4. Change: create, update, and delete relation tuples

For all details, head over to the documentation.

With this release we officially move the "old" Keto to the legacy-0.5 branch. We will only provide security fixes from now on. A migration path to v0.6 is planned but not yet implemented, as the architectures are vastly different. Please refer to the issue.

We are keen to bring more features and performance improvements. The next features we will tackle are:

  • Subject Set rewrites
  • Native ABAC & RBAC Support
  • Integration with other policy servers
  • Latency reduction through aggressive caching
  • Cluster mode that fans out requests over all Keto instances

So stay tuned, ⭐ this repo, 👀 releases, and subscribe to our newsletter 📧.

Bug Fixes

  • Add description attribute to access control policy role (#215) (831eba5)

  • Add leak_sensitive_values to config schema (2b21d2b)

  • Bump CLI (80c82d0)

  • Bump deps and replace swagutil (#212) (904258d)

  • Check engine overwrote result in some cases (#412) (3404492)

  • Check health status in status command (21c64d4)

  • Check REST API returns JSON object (#460) (501dcff), closes #406

  • Empty relationtuple list should not error (#440) (fbcb3e1)

  • Ensure nil subject is not allowed (#449) (7a0fcfc):

    The nodejs gRPC client was a great fuzzer and pointed me to some nil pointer dereference panics. This adds some input validation to prevent panics.

  • Ensure persister errors are handled by sqlcon (#473) (4343c4a)

  • Handle pagination and errors in the check/expand engines (#398) (5eb1a7d)

  • Ignore dist (ba816ea)

  • Ignore x/net false positives (d8b36cb)

  • Improve CLI remote sourcing (#474) (a85f4d7)

  • Improve handlers and add tests (#470) (ca5ccb9)

  • Insert relation tuples without fmt.Sprintf (#443) (fe507bb)

  • Minor bugfixes (#371) (185ee1e)

  • Move dockerfile to where it belongs (f087843)

  • Namespace migrator (#417) (ea79300), closes #404

  • Remove SQL logging (#455) (d8e2a86)

  • Rename /relationtuple endpoint to /relation-tuples (#519) (8eb55f6)

  • Resolve gitignore build (6f04bbb)

  • Resolve goreleaser issues (d32767f)

  • Resolve windows build issues (8bcdfbf)

  • Rewrite check engine to search starting at the object (#310) (7d99694), closes #302

  • schema: Add trace level to logger (a5a1402)

  • Secure query building (#442) (c7d2770)

  • Strict version enforcement in docker (e45b28f)

  • Update dd-trace to fix build issues (2ad489f)

  • Update docker to go 1.16 and alpine (c63096c)

  • Use errors.WithStack everywhere (#462) (5f25bce), closes #437:

    Fixed all occurrences found using the search pattern return .*, err\n.

  • Use make() to initialize slices (#250) (84f028d), closes #217

  • Use package name in pkger (6435939)

Build System

  • Pin dependency versions of buf and protoc plugins (#338) (5a2fd1c)

Code Generation

  • Pin v0.6.0-alpha.1 release commit (875af25)

Code Refactoring

Documentation

Features

  • Add .dockerignore (8b0ff06)

  • Add and automate version schema (b01eef8)

  • Add check engine (#277) (396c1ae)

  • Add gRPC health status (#427) (51c4223)

  • Add is_last_page to list response (#425) (b73d91f)

  • Add POST REST handler for policy check (7d89860)

  • Add relation write API (#275) (f2ddb9d)

  • Add REST and gRPC logger middlewares (#436) (615eb0b)

  • Add SQA telemetry (#535) (9f6472b)

  • Add sql persister (#350) (d595d52)

  • Add tracing (#536) (b57a144)

  • Allow to apply namespace migrations together with regular migrations (#441) (57e2bbc)

  • Delete relation tuples (#457) (3ec8afa), closes #452

  • Dockerfile and docker compose example (#390) (10cd0b3)

  • Expand API (#285) (a3ca0b8)

  • Expand GPRC service and CLI (#383) (acf2154)

  • First API draft and generation (#315) (bda5d8b)

  • GRPC status codes and improved error messages (#467) (4a4f8c6)

  • GRPC version API (#475) (89cc46f)

  • Implement goreleaser pipeline (888ac43), closes #410

  • Incorporate new GRPC API structure (#331) (e0916ad)

  • Koanf and namespace configuration (#367) (3ad32bc)

  • Namespace configuration (#324) (b94f50d)

  • Namespace migrate status CLI (#508) (e3f7ad9):

    This also refactors the current migrate and namespace migrate commands.

  • Nodejs gRPC definitions (#447) (3b5c313):

    Includes Typescript definitions.

  • Read API (#269) (de5119a):

    This is a first draft of the read API. It is reachable by REST and gRPC calls. The main purpose of this PR is to establish the basic repository structure and define the API.

  • Relationtuple parse command (#490) (91a3cf4):

    This command parses the relation tuple format used in the docs. It greatly improves the experience when copying something from the documentation. It can especially be used to pipe relation tuples into other commands, e.g.:

    echo "messages:02y_15_4w350m3#decypher@john" | \
  keto relation-tuple parse - --format json | \
  keto relation-tuple create -

  • REST patch relation tuples (#491) (d38618a):

    The new PATCH handler allows transactional changes similar to the already existing gRPC service.

  • Separate and multiplex ports based on read/write privilege (#397) (6918ac3)

  • Swagger SDK (#476) (011888c)

Tests

0.5.6-alpha.1 (2020-05-28)

This release bumps vulnerable transient dependencies (those are not actually used in ORY Keto) and updates several documentation pages and improves structured logging output. Additionally, ORY Keto now uses the updated release pipeline!

Bug Fixes

Chores

  • Pin v0.5.6-alpha.1 release commit (ed0da08)

0.5.5-alpha.1 (2020-05-28)

This release bumps vulnerable transient dependencies (those are not actually used in ORY Keto) and updates several documentation pages and improves structured logging output. Additionally, ORY Keto now uses the updated release pipeline!

Bug Fixes

  • Move deps to go_mod_indirect_pins (dd3e971)
  • Resolve test issues (9bd9956)
  • Update install.sh script (f64d320)
  • Use semver-regex replacer func (2cc3bbb)

Chores

  • Pin v0.5.5-alpha.1 release commit (4666a0f)

Documentation

0.5.4-alpha.1 (2020-04-07)

fix: resolve panic when executing migrations (#178)

Closes #177

Bug Fixes

0.5.3-alpha.3 (2020-04-06)

autogen(docs): regenerate and update changelog

Code Generation

  • docs: Regenerate and update changelog (769cef9)

Code Refactoring

Documentation

  • Regenerate and update changelog (dda79b1)
  • Regenerate and update changelog (9048dd8)
  • Regenerate and update changelog (806f68c)
  • Regenerate and update changelog (8905ee7)
  • Regenerate and update changelog (203c1cc)
  • Regenerate and update changelog (8875a95)
  • Regenerate and update changelog (28ddd3e)
  • Regenerate and update changelog (927c4ed)
  • Updates issue and pull request templates (#168) (29a38a8)
  • Updates issue and pull request templates (#169) (99b7d5d)
  • Updates issue and pull request templates (#171) (7a9876b)

0.5.3-alpha.1 (2020-04-03)

chore: move to ory analytics fork (#167)

Chores

0.5.2 (2020-04-02)

docs: Regenerate and update changelog

Documentation

  • Regenerate and update changelog (1e52100)
  • Regenerate and update changelog (e4d32a6)

0.5.0 (2020-04-02)

docs: use real json bool type in swagger (#162)

Closes #160

Bug Fixes

  • Move to ory sqa service (#159) (c3bf1b1)
  • Use correct response mode for removeOryAccessControlPolicyRoleMe… (#161) (17543cf)

Documentation

  • Regenerate and update changelog (6a77f75)
  • Regenerate and update changelog (c8c9d29)
  • Regenerate and update changelog (fe8327d)
  • Regenerate and update changelog (b5b1d66)
  • Update forum and chat links (e96d7ba)
  • Updates issue and pull request templates (#158) (ab14cfa)
  • Use real json bool type in swagger (#162) (5349e7f), closes #160

0.4.5-alpha.1 (2020-02-29)

docs: Regenerate and update changelog

Bug Fixes

  • driver: Extract scheme from DSN using sqlcon.GetDriverName (#156) (187e289), closes #145

Documentation

  • Regenerate and update changelog (41513da)

0.4.4-alpha.1 (2020-02-14)

docs: Regenerate and update changelog

Bug Fixes

  • goreleaser: Update brew section (0918ff3)

Documentation

  • Prepare ecosystem automation (2e39be7)
  • Regenerate and update changelog (009c4c4)
  • Regenerate and update changelog (49f3c4b)
  • Updates issue and pull request templates (#153) (7fb7521)

Features

Unclassified

  • Update CHANGELOG [ci skip] (63fe513)
  • Update CHANGELOG [ci skip] (7b7c3ac)
  • Update CHANGELOG [ci skip] (8886392)
  • Update CHANGELOG [ci skip] (5bbc284)

0.4.3-alpha.2 (2020-01-31)

Update README.md

Unclassified

0.4.3-alpha.1 (2020-01-23)

Disable access logging for health endpoints (#151)

Closes #150

Unclassified

  • Disable access logging for health endpoints (#151) (6ca0c09), closes #151 #150

0.4.2-alpha.1 (2020-01-14)

Update CHANGELOG [ci skip]

Unclassified

  • Update CHANGELOG [ci skip] (afaabde)

0.4.1-beta.1 (2020-01-13)

Update CHANGELOG [ci skip]

Unclassified

0.4.0-alpha.1 (2020-01-13)

Move to new SDK generators (#146)

Unclassified

  • Move to new SDK generators (#146) (4f51a09), closes #146
  • Fix typos in the README (#144) (85d838c), closes #144

0.3.9-sandbox (2019-12-16)

Update go modules

Unclassified

0.3.7-sandbox (2019-12-11)

Update documentation banner image (#143)

Unclassified

  • Update documentation banner image (#143) (e444755), closes #143
  • Revert incorrect license changes (094c4f3)
  • Fix invalid pseudo version (#138) (79b4457)

0.3.6-sandbox (2019-10-16)

Resolve issues with mysql tests (#137)

Unclassified

  • Resolve issues with mysql tests (#137) (ef5aec8), closes #137

0.3.5-sandbox (2019-08-21)

Implement roles and policies filter (#124)

Documentation

  • Incorporates changes from version v0.3.3-sandbox (57686d2)
  • README grammar fixes (#114) (e592736)
  • Updates issue and pull request templates (#110) (80c8516)
  • Updates issue and pull request templates (#111) (22305d0)
  • Updates issue and pull request templates (#112) (dccada9)
  • Updates issue and pull request templates (#125) (15f373a)
  • Updates issue and pull request templates (#128) (eaf8e33)
  • Updates issue and pull request templates (#130) (a440d14)
  • Updates issue and pull request templates (#131) (dbf2cb2)
  • Updates issue and pull request templates (#132) (e121048)
  • Updates issue and pull request templates (#133) (1b7490a)

Unclassified

0.3.3-sandbox (2019-05-18)

ci: Resolve goreleaser issues (#108)

Continuous Integration

Documentation

  • Incorporates changes from version v0.3.1-sandbox (b8a0029)
  • Updates issue and pull request templates (#106) (54a5a27)

0.3.1-sandbox (2019-04-29)

ci: Use image that includes bash/sh for release docs (#103)

Signed-off-by: aeneasr [email protected]

Continuous Integration

  • Use image that includes bash/sh for release docs (#103) (e9d3027)

Documentation

  • Incorporates changes from version v0.3.0-sandbox (605d2f4)

Unclassified

  • Allow configuration files and update UPGRADE guide. (#102) (3934dc6), closes #102

0.3.0-sandbox (2019-04-29)

docker: Remove full tag from build pipeline (#101)

Signed-off-by: aeneasr [email protected]

Documentation

Unclassified

  • Remove duplicate code in Makefile (#99) (04f5223), closes #99

  • Add tracing support and general improvements (#98) (63b3946), closes #98:

    This patch improves the internal configuration and service management. It adds support for distributed tracing and resolves several issues in the release pipeline and CLI.

    Additionally, composable docker-compose configuration files have been added.

    Several bugs have been fixed in the release management pipeline.

  • storage/memory: Fix upsert with pre-existing key will causes duplicate records (#88) (1cb8a36), closes #88 #80

  • Add content-type in the response of allowed (#90) (39a1486)

  • Fix disable-telemetry check (#85) (38b5383)

  • Fix remove member from role (#87) (698e161), closes #74

  • Fix the type of conditions in the policy (#86) (fc1ced6)

  • Improve naming for ory policies (#100) (b39703d)

  • Move Go SDK generation to go-swagger (#94) (9f48a95), closes #92

  • Remove full tag from build pipeline (#101) (602a273)

  • Send 403 when authorization result is negative (#93) (de806d8), closes #75

  • Update dependencies (#91) (4d44174)

0.2.3-sandbox+oryOS.10 (2019-02-05)

dist: Fix packr build pipeline (#84)

Closes #73 Closes #81

Signed-off-by: aeneasr [email protected]

Documentation

  • Add documentation for glob matching (5c8babb)
  • Incorporates changes from version v0.2.2-sandbox+oryOS.10 (ed7af3f)
  • Properly generate api.swagger.json (18e3f84)

Unclassified

  • Add placeholder go file for rego inclusion (6a6f64d)
  • Add support for glob matching (bb76c6b)
  • Ex- and import rego subdirectories for go get #77 (59cc053), closes #73
  • Fix packr build pipeline (#84) (65a87d5), closes #73 #81
  • Import glob in rego/doc.go (7798442)
  • Properly handle dbal error (6811607)
  • Properly handle TLS certificates if set (36399f0), closes #73

0.2.2-sandbox+oryOS.10 (2018-12-13)

ci: Fix docker push arguments in publish task

Signed-off-by: aeneasr [email protected]

Continuous Integration

  • Fix docker push arguments in publish task (f03c77c)

0.2.1-sandbox+oryOS.10 (2018-12-13)

ci: Fix docker release task

Signed-off-by: aeneasr [email protected]

Continuous Integration

  • Fix docker release task (7a0414f)

0.2.0-sandbox+oryOS.10 (2018-12-13)

all: gofmt

Signed-off-by: aeneasr [email protected]

Documentation

  • Adds banner (0ec1d8f)
  • Adds GitHub templates & code of conduct (#31) (a11e898)
  • Adds link to examples repository (#32) (7061a2a)
  • Adds security console image (fd27fc9)
  • Changes hydra to keto in readme (9dab531)
  • Deprecate old versions in logs (955d647)
  • Incorporates changes from version (85c4d81)
  • Incorporates changes from version v0.0.0-testrelease.1 (6062dd4)
  • Incorporates changes from version v0.0.1-1-g85c4d81 (f4606fc)
  • Incorporates changes from version v0.0.1-11-g114914f (92a4dca)
  • Incorporates changes from version v0.0.1-16-g7d8a8ad (2b76a83)
  • Incorporates changes from version v0.0.1-18-g099e7e0 (70b12ad)
  • Incorporates changes from version v0.0.1-20-g97ccbe6 (b21d56e)
  • Incorporates changes from version v0.0.1-30-gaf2c3b5 (a1d0dcc)
  • Incorporates changes from version v0.0.1-32-gedb5a60 (a5c369a)
  • Incorporates changes from version v0.0.1-6-g570783e (0fcbbcb)
  • Incorporates changes from version v0.0.1-7-g0fcbbcb (c0141a8)
  • Incorporates changes from version v0.1.0-sandbox (9ee0664)
  • Incorporates changes from version v1.0.0-beta.1-1-g162d7b8 (647c5a9)
  • Incorporates changes from version v1.0.0-beta.2-11-g2b280bb (936889d)
  • Incorporates changes from version v1.0.0-beta.2-13-g382e1d3 (883df44)
  • Incorporates changes from version v1.0.0-beta.2-15-g74450da (48dd9f1)
  • Incorporates changes from version v1.0.0-beta.2-3-gf623c52 (b6b90e5)
  • Incorporates changes from version v1.0.0-beta.2-5-g3852be5 (3f09090)
  • Incorporates changes from version v1.0.0-beta.2-9-gc785187 (4c30a3c)
  • Incorporates changes from version v1.0.0-beta.3-1-g06adbf1 (0ba3c06)
  • Incorporates changes from version v1.0.0-beta.3-10-g9994967 (d2345ca)
  • Incorporates changes from version v1.0.0-beta.3-12-gc28b521 (b4d792f)
  • Incorporates changes from version v1.0.0-beta.3-3-g9e16605 (c43bf2b)
  • Incorporates changes from version v1.0.0-beta.3-5-ga11e898 (b9d9b8e)
  • Incorporates changes from version v1.0.0-beta.3-8-g7061a2a (d76ff9d)
  • Incorporates changes from version v1.0.0-beta.5 (0dc314c)
  • Incorporates changes from version v1.0.0-beta.6-1-g5e97104 (f14c8ed)
  • Incorporates changes from version v1.0.0-beta.8 (5045b59)
  • Incorporates changes from version v1.0.0-beta.9 (be2f035)
  • Properly sets up changelog TOC (e0acd67)
  • Puts toc in the right place (114914f)
  • Revert changes from test release (ab3a64d)
  • Update documentation links (#67) (d22d413)
  • Update link to security console (846ce4b)
  • Update migration guide (3c44b58)
  • Update to latest changes (1625123)
  • Updates copyright notice (9dd5578)
  • Updates installation guide (f859645)
  • Updates issue and pull request templates (#52) (941cae6)
  • Updates issue and pull request templates (#53) (7b222d2)
  • Updates issue and pull request templates (#54) (f098639)
  • Updates link to guide and header (437c255)
  • Updates link to open collective (382e1d3)
  • Updates links to docs (d84be3b)
  • Updates newsletter link in README (2dc36b2)

Unclassified

  • Switch to rego as policy decision engine (#48) (ee9bcf2), closes #48

  • Enable TLS option to serve API (#46) (2f62063), closes #46

  • gofmt (777b1be)

  • Updates README.md (#34) (c28b521), closes #34

  • authn/client: Payload is now prefixed with client (8584d94)

  • Add Go SDK factory (99db7e6)

  • Add go SDK interface (3dd5f7d)

  • Add health handlers (bddb949)

  • Add policy list handler (a290619)

  • Add role iterator in list handler (a3eb696)

  • Add SDK generation to circle ci (9b37165)

  • Adds ability to update a role using PUT (#14) (97ccbe6):

    • transfer UpdateRoleMembers from ory/hydra#768 to keto

    • fix tests by using right http method & correcting sql request

    • Change behavior to overwrite the whole role instead of just the members.

    • small sql migration fix

  • Adds log message when telemetry is active (f623c52)

  • Clean up vendor dependencies (9a33c23)

  • Do not split empty scope (#45) (b29cf8c)

  • Fix typo in help command in env var name (#39) (8a5016c), closes #25

  • Fixes environment variable typos (566d588)

  • Fixes typo in help command (74450da), closes #25

  • Format code (637c78c)

  • Gofmt (a8d7f9f)

  • Improve compose documentation (6870443)

  • Improves usage of metrics middleware (726c4be)

  • Improves usage of metrics middleware (301f386)

  • Introduce docker-compose file for testing (ba857e3)

  • Introduces health and version endpoints (6a9da74)

  • List roles from keto_role table (#28) (9e16605)

  • Make introspection authorization optional (e5460ad)

  • Properly names flags (af2c3b5)

  • Properly output telemetry information (#33) (9994967)

  • Properly parses cors options (edb5a60)

  • Remove ORY Hydra dependency (#44) (d487344)

  • Removes additional output if no args are passed (703e124)

  • Require explicit CORS enabling (#42) (9a45107)

  • Resolves an issue with the hydra migrate command (2b280bb), closes #23

  • Resolves broken role test (b6c7f9c)

  • Resolves minor typos and updates install guide (3852be5)

  • Update dependencies (663d8b1)

  • Update hydra to v1.0.0-beta.6 (#35) (5e97104)

  • Update npm package registry (a53d3d2)

  • Updates to latest sqlcon (2c9f643)

  • Upgrade superagent version (#41) (9c80dbc)

  • Use roles in warden decision (c785187), closes #21 #19

0.0.1 (2018-05-20)

authn: Checks token_type is "access_token", if set

Closes #1

Documentation

  • Incorporates changes from version (b5445a0)
  • Incorporates changes from version (295ff99)
  • Incorporates changes from version (bd44d41)
  • Updates readme and upgrades (0f95dbb)
  • Uses keto repo for changelog (14c0b2a)

Unclassified

  • Tells linguist to ignore SDK files (f201eb9)

  • cmd/server: Resolves DBAL not handling postgres properly (dedc32a)

  • cmd/server: Improves error message in migrate command (4b17ce8)

  • Resolves travis and docker issues (6f4779c)

  • Adds OAuth2 Client Credentials authenticator and warden endpoint (c55139b)

  • Adds SDK helpers (a1c2608)

  • Resolves SDK and test issues (#4) (2d4cd98), closes #4

  • Initial project commit (a592e51)

  • Initial commit (4f00bc9)

  • Adds migrate commands to the proper parent command (231c70d)

  • Checks token_type is "access_token", if set (d2b8f5d), closes #1

  • Removes old test (07b733b)

  • Renames subject to sub in response payloads (ca4d540)

  • Retries SQL connection on migrate commands (3d33d73):

    This patch also introduces a fatal error if migrations fail