From 0a1d3b9803a77218fe5927a9e1fdd92514acfae0 Mon Sep 17 00:00:00 2001 From: Mickael Guesnon Date: Wed, 18 May 2022 12:55:47 -0400 Subject: [PATCH 1/3] docs: Add basic document on matching rules support for header fields --- docs/oathkeeper/api-access-rules.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/oathkeeper/api-access-rules.md b/docs/oathkeeper/api-access-rules.md index 92c708828..b496195a0 100644 --- a/docs/oathkeeper/api-access-rules.md +++ b/docs/oathkeeper/api-access-rules.md @@ -82,6 +82,9 @@ Access Rules have four principal keys: - `match` (object): Defines the URL(s) this Access Rule should match. - `methods` (string[]): Array of HTTP methods (for example GET, POST, PUT, DELETE, ...). + - `headers` (map[string]string): Map of HTTP headers to match. If the header you are matching against is of array type + (like a User-Agent header), the value you define must match any of the element of the array. The match is an equality and + does not support regular expressions. - `url` (string): The URL that should be matched. You can use regular expressions or glob patterns in this field to match more than one url. The matching strategy (glob or regexp) is defined in the global configuration file as `access_rules.matching_strategy`. This matcher ignores query parameters. Regular expressions (or glob patterns) are @@ -133,6 +136,9 @@ Rule in JSON format: "strip_path": "/api/v1" }, "match": { + "headers": { + "Content-Type": "application+v2.json" + } "url": "http://my-app/some-route/<.*>", "methods": ["GET", "POST"] }, @@ -153,6 +159,8 @@ upstream: preserve_host: true strip_path: /api/v1 match: + headers: + Content-Type: application+v2.json url: http://my-app/some-route/<.*> methods: - GET @@ -193,6 +201,7 @@ authenticators: "strip_path": "/api/v1" }, "match": { + "headers": {}, "url": "http://my-app/some-route/<.*>", "methods": ["GET", "POST"] }, From c843e468217536b1d3043c6f499d4e8e1709f930 Mon Sep 17 00:00:00 2001 From: Mickael Guesnon Date: Wed, 18 May 2022 13:03:05 -0400 Subject: [PATCH 2/3] Fix invalid json --- docs/oathkeeper/api-access-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/oathkeeper/api-access-rules.md b/docs/oathkeeper/api-access-rules.md index b496195a0..1bcec2af1 100644 --- a/docs/oathkeeper/api-access-rules.md +++ b/docs/oathkeeper/api-access-rules.md @@ -138,7 +138,7 @@ Rule in JSON format: "match": { "headers": { "Content-Type": "application+v2.json" - } + }, "url": "http://my-app/some-route/<.*>", "methods": ["GET", "POST"] }, From dd3833b38c79b4dddb3fee36852844161c3699d7 Mon Sep 17 00:00:00 2001 From: Mickael Guesnon Date: Wed, 18 May 2022 13:31:13 -0400 Subject: [PATCH 3/3] Run npm format --- docs/hydra/cli/hydra-clients-create.md | 20 ++++---- docs/hydra/cli/hydra-clients-delete.md | 7 ++- docs/hydra/cli/hydra-clients-get.md | 7 ++- docs/hydra/cli/hydra-clients-import.md | 14 +++--- docs/hydra/cli/hydra-clients-list.md | 7 ++- docs/hydra/cli/hydra-clients-update.md | 16 +++---- docs/hydra/cli/hydra-clients.md | 22 ++++----- docs/hydra/cli/hydra-janitor.md | 46 +++++++++---------- docs/hydra/cli/hydra-keys-create.md | 4 +- docs/hydra/cli/hydra-keys-delete.md | 4 +- docs/hydra/cli/hydra-keys-get.md | 4 +- docs/hydra/cli/hydra-keys-import.md | 14 +++--- docs/hydra/cli/hydra-keys.md | 12 ++--- docs/hydra/cli/hydra-migrate-sql.md | 19 ++++---- docs/hydra/cli/hydra-migrate.md | 6 +-- docs/hydra/cli/hydra-serve-admin.md | 17 ++++--- docs/hydra/cli/hydra-serve-all.md | 23 +++++----- docs/hydra/cli/hydra-serve-public.md | 19 ++++---- docs/hydra/cli/hydra-serve.md | 26 +++++------ docs/hydra/cli/hydra-token-client.md | 11 ++--- docs/hydra/cli/hydra-token-delete.md | 4 +- docs/hydra/cli/hydra-token-flush.md | 4 +- docs/hydra/cli/hydra-token-introspect.md | 4 +- docs/hydra/cli/hydra-token-revoke.md | 4 +- docs/hydra/cli/hydra-token-user.md | 12 ++--- docs/hydra/cli/hydra-token.md | 16 +++---- docs/hydra/cli/hydra-version.md | 4 +- docs/hydra/cli/hydra.md | 16 +++---- docs/keto/cli/keto-check.md | 4 +- docs/keto/cli/keto-expand.md | 4 +- docs/keto/cli/keto-migrate-down.md | 7 ++- docs/keto/cli/keto-migrate-status.md | 7 ++- docs/keto/cli/keto-migrate-up.md | 11 ++--- docs/keto/cli/keto-migrate.md | 13 +++--- .../keto/cli/keto-namespace-migrate-legacy.md | 11 ++--- docs/keto/cli/keto-namespace-migrate.md | 6 +-- docs/keto/cli/keto-namespace-validate.md | 10 ++-- docs/keto/cli/keto-namespace.md | 8 ++-- docs/keto/cli/keto-relation-tuple-create.md | 9 ++-- .../cli/keto-relation-tuple-delete-all.md | 8 ++-- docs/keto/cli/keto-relation-tuple-delete.md | 7 ++- docs/keto/cli/keto-relation-tuple-get.md | 7 ++- docs/keto/cli/keto-relation-tuple-parse.md | 9 ++-- docs/keto/cli/keto-relation-tuple.md | 14 +++--- docs/keto/cli/keto-serve.md | 8 ++-- docs/keto/cli/keto-status.md | 4 +- docs/keto/cli/keto-version.md | 4 +- docs/keto/cli/keto.md | 18 ++++---- docs/oathkeeper/api-access-rules.md | 6 +-- package-lock.json | 6 ++- package.json | 2 +- 51 files changed, 258 insertions(+), 287 deletions(-) diff --git a/docs/hydra/cli/hydra-clients-create.md b/docs/hydra/cli/hydra-clients-create.md index 8fbca9d6c..c8dd813fe 100644 --- a/docs/hydra/cli/hydra-clients-create.md +++ b/docs/hydra/cli/hydra-clients-create.md @@ -9,24 +9,23 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra clients create Create a new OAuth 2.0 Client ### Synopsis -This command creates an OAuth 2.0 Client which can be used to perform various OAuth 2.0 Flows like -the Authorize Code, Implicit, Refresh flow. - -Ory Hydra implements the OpenID Connect Dynamic Client registration specification. Most flags are supported by this command -as well. +This command creates an OAuth 2.0 Client which can be used to perform various OAuth 2.0 Flows like the Authorize Code, Implicit, +Refresh flow. -Example: - hydra clients create -n "my app" -c http://localhost/cb -g authorization_code -r code -a core,foobar +Ory Hydra implements the OpenID Connect Dynamic Client registration specification. Most flags are supported by this command as +well. -To encrypt auto generated client secret, use "--pgp-key", "--pgp-key-url" or "--keybase" flag, for example: - hydra clients create -n "my app" -g client_credentials -r token -a core,foobar --keybase keybase_username +Example: hydra clients create -n "my app" -c http://localhost/cb -g authorization_code -r code -a core,foobar +To encrypt auto generated client secret, use "--pgp-key", "--pgp-key-url" or "--keybase" flag, for +example: hydra clients create -n "my app" -g client_credentials -r token -a core,foobar --keybase keybase_username ``` hydra clients create [flags] @@ -74,5 +73,4 @@ hydra clients create [flags] ### SEE ALSO -* [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients - +- [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients diff --git a/docs/hydra/cli/hydra-clients-delete.md b/docs/hydra/cli/hydra-clients-delete.md index 7e45e1c56..e88a2dfac 100644 --- a/docs/hydra/cli/hydra-clients-delete.md +++ b/docs/hydra/cli/hydra-clients-delete.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra clients delete Delete an OAuth 2.0 Client @@ -17,8 +18,7 @@ Delete an OAuth 2.0 Client This command deletes one or more OAuth 2.0 Clients by their respective IDs. -Example: - hydra clients delete client-1 client-2 client-3 +Example: hydra clients delete client-1 client-2 client-3 ``` hydra clients delete [...] [flags] @@ -42,5 +42,4 @@ hydra clients delete [...] [flags] ### SEE ALSO -* [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients - +- [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients diff --git a/docs/hydra/cli/hydra-clients-get.md b/docs/hydra/cli/hydra-clients-get.md index 54e50c29c..dc813e0f9 100644 --- a/docs/hydra/cli/hydra-clients-get.md +++ b/docs/hydra/cli/hydra-clients-get.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra clients get Get an OAuth 2.0 Client @@ -17,8 +18,7 @@ Get an OAuth 2.0 Client This command retrieves an OAuth 2.0 Clients by its ID. -Example: - hydra clients get client-1 +Example: hydra clients get client-1 ``` hydra clients get [flags] @@ -42,5 +42,4 @@ hydra clients get [flags] ### SEE ALSO -* [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients - +- [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients diff --git a/docs/hydra/cli/hydra-clients-import.md b/docs/hydra/cli/hydra-clients-import.md index 3d65e3783..90b63da03 100644 --- a/docs/hydra/cli/hydra-clients-import.md +++ b/docs/hydra/cli/hydra-clients-import.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra clients import Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store @@ -17,15 +18,13 @@ Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store This command allows you to import OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store. -Currently supported formats are raw JSON Web Keys or PEM/DER encoded data. If the JSON Web Key Set exists already, -the imported keys will be added to that set. Otherwise, a new set will be created. +Currently supported formats are raw JSON Web Keys or PEM/DER encoded data. If the JSON Web Key Set exists already, the imported +keys will be added to that set. Otherwise, a new set will be created. Please be aware that importing a private key does not automatically import its public key as well. -Examples: - hydra keys import my-set ./path/to/jwk.json ./path/to/jwk-2.json - hydra keys import my-set ./path/to/rsa.key ./path/to/rsa.pub --default-key-id cae6b214-fb1e-4ebc-9019-95286a62eabc - +Examples: hydra keys import my-set ./path/to/jwk.json ./path/to/jwk-2.json hydra keys import my-set ./path/to/rsa.key +./path/to/rsa.pub --default-key-id cae6b214-fb1e-4ebc-9019-95286a62eabc ``` hydra clients import [ []]] [flags] @@ -51,5 +50,4 @@ hydra clients import [ []]] [flags] ### SEE ALSO -* [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients - +- [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients diff --git a/docs/hydra/cli/hydra-clients-list.md b/docs/hydra/cli/hydra-clients-list.md index 95a49cb13..59d48c545 100644 --- a/docs/hydra/cli/hydra-clients-list.md +++ b/docs/hydra/cli/hydra-clients-list.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra clients list List OAuth 2.0 Clients @@ -17,8 +18,7 @@ List OAuth 2.0 Clients This command list an OAuth 2.0 Clients. -Example: - hydra clients list +Example: hydra clients list ``` hydra clients list [flags] @@ -44,5 +44,4 @@ hydra clients list [flags] ### SEE ALSO -* [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients - +- [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients diff --git a/docs/hydra/cli/hydra-clients-update.md b/docs/hydra/cli/hydra-clients-update.md index d3af3930e..389fcbbf4 100644 --- a/docs/hydra/cli/hydra-clients-update.md +++ b/docs/hydra/cli/hydra-clients-update.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra clients update Update an entire OAuth 2.0 Client @@ -17,15 +18,15 @@ Update an entire OAuth 2.0 Client This command replaces an OAuth 2.0 Client by its ID. -Please be aware that this command replaces the entire client. -To update only the name, a full client should be provided, for example: - hydra clients update client-1 -n "my updated app" -c http://localhost/cb -g authorization_code -r code -a core,foobar +Please be aware that this command replaces the entire client. To update only the name, a full client should be provided, for +example: hydra clients update client-1 -n "my updated app" -c http://localhost/cb -g authorization_code -r code -a +core,foobar If only the name flag (-n "my updated app") is provided, the all other fields are updated to their default values. -To encrypt auto generated client secret, use "--pgp-key", "--pgp-key-url" or "--keybase" flag, for example: - hydra clients update client-1 -n "my updated app" -g client_credentials -r token -a core,foobar --keybase keybase_username - +To encrypt auto generated client secret, use "--pgp-key", "--pgp-key-url" or "--keybase" flag, for +example: hydra clients update client-1 -n "my updated app" -g client_credentials -r token -a core,foobar --keybase +keybase_username ``` hydra clients update [flags] @@ -72,5 +73,4 @@ hydra clients update [flags] ### SEE ALSO -* [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients - +- [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients diff --git a/docs/hydra/cli/hydra-clients.md b/docs/hydra/cli/hydra-clients.md index 0b2878409..f0cb49f5b 100644 --- a/docs/hydra/cli/hydra-clients.md +++ b/docs/hydra/cli/hydra-clients.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra clients Manage OAuth 2.0 Clients @@ -26,14 +27,13 @@ Manage OAuth 2.0 Clients ### SEE ALSO -* [hydra](hydra) - Run and manage Ory Hydra -* [hydra clients create](hydra-clients-create) - Create a new OAuth 2.0 Client -* [hydra clients delete](hydra-clients-delete) - Delete an OAuth 2.0 Client -* [hydra clients get](hydra-clients-get) - Get an OAuth 2.0 Client -* [hydra clients import](hydra-clients-import) - Import OAuth 2.0 Clients from one or more JSON files -* [hydra clients import](hydra-clients-import) - Import OAuth 2.0 Clients from one or more JSON files -* [hydra clients import](hydra-clients-import) - Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store -* [hydra clients import](hydra-clients-import) - Import OAuth 2.0 Clients from one or more JSON files -* [hydra clients list](hydra-clients-list) - List OAuth 2.0 Clients -* [hydra clients update](hydra-clients-update) - Update an entire OAuth 2.0 Client - +- [hydra](hydra) - Run and manage Ory Hydra +- [hydra clients create](hydra-clients-create) - Create a new OAuth 2.0 Client +- [hydra clients delete](hydra-clients-delete) - Delete an OAuth 2.0 Client +- [hydra clients get](hydra-clients-get) - Get an OAuth 2.0 Client +- [hydra clients import](hydra-clients-import) - Import OAuth 2.0 Clients from one or more JSON files +- [hydra clients import](hydra-clients-import) - Import OAuth 2.0 Clients from one or more JSON files +- [hydra clients import](hydra-clients-import) - Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store +- [hydra clients import](hydra-clients-import) - Import OAuth 2.0 Clients from one or more JSON files +- [hydra clients list](hydra-clients-list) - List OAuth 2.0 Clients +- [hydra clients update](hydra-clients-update) - Update an entire OAuth 2.0 Client diff --git a/docs/hydra/cli/hydra-janitor.md b/docs/hydra/cli/hydra-janitor.md index 25ea11d03..6fbd73fdc 100644 --- a/docs/hydra/cli/hydra-janitor.md +++ b/docs/hydra/cli/hydra-janitor.md @@ -9,55 +9,54 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra janitor Clean the database of old tokens, login/consent requests and jwt grant issuers ### Synopsis -This command will cleanup any expired oauth2 tokens as well as login/consent requests. -This will select records to delete with a limit and delete records in batch to ensure that no table locking issues arise in big production databases. +This command will cleanup any expired oauth2 tokens as well as login/consent requests. This will select records to delete with a +limit and delete records in batch to ensure that no table locking issues arise in big production databases. -### Warning ### +### Warning This command is in beta. Proceed with caution! -This is a destructive command and will purge data directly from the database. -Please use this command with caution if you need to keep historic data for any reason. +This is a destructive command and will purge data directly from the database. Please use this command with caution if you need to +keep historic data for any reason. ############### Janitor can be used in several ways. -1. By passing the database connection string (DSN) as an argument - Pass the database url (dsn) as an argument to janitor. E.g. janitor <database-url> -2. By passing the DSN as an environment variable +1. By passing the database connection string (DSN) as an argument Pass the database url (dsn) as an argument to janitor. E.g. + janitor <database-url> +2. By passing the DSN as an environment variable - export DSN=... - janitor -e + export DSN=... + janitor -e -3. By passing a configuration file containing the DSN - janitor -c /path/to/conf.yml -4. Extra *optional* parameters can also be added such as +3. By passing a configuration file containing the DSN janitor -c /path/to/conf.yml +4. Extra _optional_ parameters can also be added such as - janitor --keep-if-younger 23h --access-lifespan 1h --refresh-lifespan 40h --consent-request-lifespan 10m <database-url> + janitor --keep-if-younger 23h --access-lifespan 1h --refresh-lifespan 40h --consent-request-lifespan 10m <database-url> -5. Running only a certain cleanup +5. Running only a certain cleanup - janitor --tokens <database-url> + janitor --tokens <database-url> - or + or - janitor --requests <database-url> + janitor --requests <database-url> or - janitor --grants <database-url> + janitor --grants <database-url> - or any combination of them - - janitor --tokens --requests --grants <database-url> + or any combination of them + janitor --tokens --requests --grants <database-url> ``` hydra janitor [] [flags] @@ -82,5 +81,4 @@ hydra janitor [] [flags] ### SEE ALSO -* [hydra](hydra) - Run and manage Ory Hydra - +- [hydra](hydra) - Run and manage Ory Hydra diff --git a/docs/hydra/cli/hydra-keys-create.md b/docs/hydra/cli/hydra-keys-create.md index dcfb668d3..d5a720ded 100644 --- a/docs/hydra/cli/hydra-keys-create.md +++ b/docs/hydra/cli/hydra-keys-create.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra keys create Create a new JSON Web Key Set @@ -37,5 +38,4 @@ hydra keys create [flags] ### SEE ALSO -* [hydra keys](hydra-keys) - Manage JSON Web Keys - +- [hydra keys](hydra-keys) - Manage JSON Web Keys diff --git a/docs/hydra/cli/hydra-keys-delete.md b/docs/hydra/cli/hydra-keys-delete.md index 102df4dd8..edc761921 100644 --- a/docs/hydra/cli/hydra-keys-delete.md +++ b/docs/hydra/cli/hydra-keys-delete.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra keys delete Delete a new JSON Web Key Set @@ -35,5 +36,4 @@ hydra keys delete [flags] ### SEE ALSO -* [hydra keys](hydra-keys) - Manage JSON Web Keys - +- [hydra keys](hydra-keys) - Manage JSON Web Keys diff --git a/docs/hydra/cli/hydra-keys-get.md b/docs/hydra/cli/hydra-keys-get.md index 1b6723c53..a7dac53a8 100644 --- a/docs/hydra/cli/hydra-keys-get.md +++ b/docs/hydra/cli/hydra-keys-get.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra keys get Get a new JSON Web Key Set @@ -35,5 +36,4 @@ hydra keys get [flags] ### SEE ALSO -* [hydra keys](hydra-keys) - Manage JSON Web Keys - +- [hydra keys](hydra-keys) - Manage JSON Web Keys diff --git a/docs/hydra/cli/hydra-keys-import.md b/docs/hydra/cli/hydra-keys-import.md index 9748b0b59..3600fe1e2 100644 --- a/docs/hydra/cli/hydra-keys-import.md +++ b/docs/hydra/cli/hydra-keys-import.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra keys import Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store @@ -17,15 +18,13 @@ Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store This command allows you to import OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store. -Currently supported formats are raw JSON Web Keys or PEM/DER encoded data. If the JSON Web Key Set exists already, -the imported keys will be added to that set. Otherwise, a new set will be created. +Currently supported formats are raw JSON Web Keys or PEM/DER encoded data. If the JSON Web Key Set exists already, the imported +keys will be added to that set. Otherwise, a new set will be created. Please be aware that importing a private key does not automatically import its public key as well. -Examples: - hydra keys import my-set ./path/to/jwk.json ./path/to/jwk-2.json - hydra keys import my-set ./path/to/rsa.key ./path/to/rsa.pub --default-key-id cae6b214-fb1e-4ebc-9019-95286a62eabc - +Examples: hydra keys import my-set ./path/to/jwk.json ./path/to/jwk-2.json hydra keys import my-set ./path/to/rsa.key +./path/to/rsa.pub --default-key-id cae6b214-fb1e-4ebc-9019-95286a62eabc ``` hydra keys import [ []]] [flags] @@ -51,5 +50,4 @@ hydra keys import [ []]] [flags] ### SEE ALSO -* [hydra keys](hydra-keys) - Manage JSON Web Keys - +- [hydra keys](hydra-keys) - Manage JSON Web Keys diff --git a/docs/hydra/cli/hydra-keys.md b/docs/hydra/cli/hydra-keys.md index 43cdfbbe4..142daf721 100644 --- a/docs/hydra/cli/hydra-keys.md +++ b/docs/hydra/cli/hydra-keys.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra keys Manage JSON Web Keys @@ -26,9 +27,8 @@ Manage JSON Web Keys ### SEE ALSO -* [hydra](hydra) - Run and manage Ory Hydra -* [hydra keys create](hydra-keys-create) - Create a new JSON Web Key Set -* [hydra keys delete](hydra-keys-delete) - Delete a new JSON Web Key Set -* [hydra keys get](hydra-keys-get) - Get a new JSON Web Key Set -* [hydra keys import](hydra-keys-import) - Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store - +- [hydra](hydra) - Run and manage Ory Hydra +- [hydra keys create](hydra-keys-create) - Create a new JSON Web Key Set +- [hydra keys delete](hydra-keys-delete) - Delete a new JSON Web Key Set +- [hydra keys get](hydra-keys-get) - Get a new JSON Web Key Set +- [hydra keys import](hydra-keys-import) - Imports OAuth 2.0 Clients from one or more JSON files to the JSON Web Key Store diff --git a/docs/hydra/cli/hydra-migrate-sql.md b/docs/hydra/cli/hydra-migrate-sql.md index a5e5a5053..f5ff16ab8 100644 --- a/docs/hydra/cli/hydra-migrate-sql.md +++ b/docs/hydra/cli/hydra-migrate-sql.md @@ -9,27 +9,25 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra migrate sql Create SQL schemas and apply migration plans ### Synopsis -Run this command on a fresh SQL installation and when you upgrade Hydra to a new minor version. For example, -upgrading Hydra 0.7.0 to 0.8.0 requires running this command. +Run this command on a fresh SQL installation and when you upgrade Hydra to a new minor version. For example, upgrading Hydra 0.7.0 +to 0.8.0 requires running this command. -It is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet. -This decreases risk of failure and decreases time required. +It is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet. This +decreases risk of failure and decreases time required. -You can read in the database URL using the -e flag, for example: - export DSN=... - hydra migrate sql -e +You can read in the database URL using the -e flag, for example: export DSN=... hydra migrate sql -e -### WARNING ### +### WARNING Before running this command on an existing database, create a back up! - ``` hydra migrate sql [flags] ``` @@ -50,5 +48,4 @@ hydra migrate sql [flags] ### SEE ALSO -* [hydra migrate](hydra-migrate) - Various migration helpers - +- [hydra migrate](hydra-migrate) - Various migration helpers diff --git a/docs/hydra/cli/hydra-migrate.md b/docs/hydra/cli/hydra-migrate.md index d822f4110..a41b2d36a 100644 --- a/docs/hydra/cli/hydra-migrate.md +++ b/docs/hydra/cli/hydra-migrate.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra migrate Various migration helpers @@ -22,6 +23,5 @@ Various migration helpers ### SEE ALSO -* [hydra](hydra) - Run and manage Ory Hydra -* [hydra migrate sql](hydra-migrate-sql) - Create SQL schemas and apply migration plans - +- [hydra](hydra) - Run and manage Ory Hydra +- [hydra migrate sql](hydra-migrate-sql) - Create SQL schemas and apply migration plans diff --git a/docs/hydra/cli/hydra-serve-admin.md b/docs/hydra/cli/hydra-serve-admin.md index b8aa38a2b..cab305469 100644 --- a/docs/hydra/cli/hydra-serve-admin.md +++ b/docs/hydra/cli/hydra-serve-admin.md @@ -9,31 +9,31 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra serve admin Serves Administrative HTTP/2 APIs ### Synopsis -This command opens one port and listens to HTTP/2 API requests. The exposed API handles administrative -requests like managing OAuth 2.0 Clients, JSON Web Keys, login and consent sessions, and others. +This command opens one port and listens to HTTP/2 API requests. The exposed API handles administrative requests like managing +OAuth 2.0 Clients, JSON Web Keys, login and consent sessions, and others. This command is configurable using the same options available to "serve public" and "serve all". -It is generally recommended to use this command only if you require granular control over the administrative and public APIs. -For example, you might want to run different TLS certificates or CORS settings on the public and administrative API. +It is generally recommended to use this command only if you require granular control over the administrative and public APIs. For +example, you might want to run different TLS certificates or CORS settings on the public and administrative API. This command does not work with the "memory" database. Both services (administrative, public) MUST use the same database connection to be able to synchronize. ## Configuration -Ory Hydra can be configured using environment variables as well as a configuration file. For more information -on configuration options, open the configuration documentation: +Ory Hydra can be configured using environment variables as well as a configuration file. For more information on configuration +options, open the configuration documentation: >> https://www.ory.sh/hydra/docs/reference/configuration << - ``` hydra serve admin [flags] ``` @@ -55,5 +55,4 @@ hydra serve admin [flags] ### SEE ALSO -* [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs - +- [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs diff --git a/docs/hydra/cli/hydra-serve-all.md b/docs/hydra/cli/hydra-serve-all.md index 0abf36cd9..50d28d06c 100644 --- a/docs/hydra/cli/hydra-serve-all.md +++ b/docs/hydra/cli/hydra-serve-all.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra serve all Serves both public and administrative HTTP/2 APIs @@ -17,24 +18,23 @@ Serves both public and administrative HTTP/2 APIs Starts a process which listens on two ports for public and administrative HTTP/2 API requests. -If you want more granular control (e.g. different TLS settings) over each API group (administrative, public) you -can run "serve admin" and "serve public" separately. +If you want more granular control (e.g. different TLS settings) over each API group (administrative, public) you can run +"serve admin" and "serve public" separately. -This command exposes a variety of controls via environment variables. You can -set environments using "export KEY=VALUE" (Linux/macOS) or "set KEY=VALUE" (Windows). On Linux, -you can also set environments by prepending key value pairs: "KEY=VALUE KEY2=VALUE2 hydra" +This command exposes a variety of controls via environment variables. You can set environments using "export KEY=VALUE" +(Linux/macOS) or "set KEY=VALUE" (Windows). On Linux, you can also set environments by prepending key value pairs: +"KEY=VALUE KEY2=VALUE2 hydra" -All possible controls are listed below. This command exposes exposes command line flags, which are listed below -the controls section. +All possible controls are listed below. This command exposes exposes command line flags, which are listed below the controls +section. ## Configuration -Ory Hydra can be configured using environment variables as well as a configuration file. For more information -on configuration options, open the configuration documentation: +Ory Hydra can be configured using environment variables as well as a configuration file. For more information on configuration +options, open the configuration documentation: >> https://www.ory.sh/hydra/docs/reference/configuration << - ``` hydra serve all [flags] ``` @@ -56,5 +56,4 @@ hydra serve all [flags] ### SEE ALSO -* [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs - +- [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs diff --git a/docs/hydra/cli/hydra-serve-public.md b/docs/hydra/cli/hydra-serve-public.md index 3875b111d..4b85644c4 100644 --- a/docs/hydra/cli/hydra-serve-public.md +++ b/docs/hydra/cli/hydra-serve-public.md @@ -9,32 +9,32 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra serve public Serves Public HTTP/2 APIs ### Synopsis -This command opens one port and listens to HTTP/2 API requests. The exposed API handles requests coming from -the public internet, like OAuth 2.0 Authorization and Token requests, OpenID Connect UserInfo, OAuth 2.0 Token Revokation, -and OpenID Connect Discovery. +This command opens one port and listens to HTTP/2 API requests. The exposed API handles requests coming from the public internet, +like OAuth 2.0 Authorization and Token requests, OpenID Connect UserInfo, OAuth 2.0 Token Revokation, and OpenID Connect +Discovery. This command is configurable using the same options available to "serve admin" and "serve all". -It is generally recommended to use this command only if you require granular control over the privileged and public APIs. -For example, you might want to run different TLS certificates or CORS settings on the public and privileged API. +It is generally recommended to use this command only if you require granular control over the privileged and public APIs. For +example, you might want to run different TLS certificates or CORS settings on the public and privileged API. This command does not work with the "memory" database. Both services (privileged, public) MUST use the same database connection to be able to synchronize. ## Configuration -Ory Hydra can be configured using environment variables as well as a configuration file. For more information -on configuration options, open the configuration documentation: +Ory Hydra can be configured using environment variables as well as a configuration file. For more information on configuration +options, open the configuration documentation: >> https://www.ory.sh/hydra/docs/reference/configuration << - ``` hydra serve public [flags] ``` @@ -56,5 +56,4 @@ hydra serve public [flags] ### SEE ALSO -* [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs - +- [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs diff --git a/docs/hydra/cli/hydra-serve.md b/docs/hydra/cli/hydra-serve.md index aa9b8acfe..82cc3fb98 100644 --- a/docs/hydra/cli/hydra-serve.md +++ b/docs/hydra/cli/hydra-serve.md @@ -9,19 +9,19 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra serve Parent command for starting public and administrative HTTP/2 APIs ### Synopsis -Ory Hydra exposes two ports, a public and an administrative port. The public port is responsible -for handling requests from the public internet, such as the OAuth 2.0 Authorize and Token URLs. The administrative -port handles administrative requests like creating OAuth 2.0 Clients, managing JSON Web Keys, and managing User Login -and Consent sessions. +Ory Hydra exposes two ports, a public and an administrative port. The public port is responsible for handling requests from the +public internet, such as the OAuth 2.0 Authorize and Token URLs. The administrative port handles administrative requests like +creating OAuth 2.0 Clients, managing JSON Web Keys, and managing User Login and Consent sessions. -It is recommended to run "hydra serve all". If you need granular control over CORS settings or similar, you may -want to run "hydra serve admin" and "hydra serve public" separately. +It is recommended to run "hydra serve all". If you need granular control over CORS settings or similar, you may want to +run "hydra serve admin" and "hydra serve public" separately. To learn more about each individual command, run: @@ -33,12 +33,11 @@ All sub-commands share command line flags and configuration options. ## Configuration -Ory Hydra can be configured using environment variables as well as a configuration file. For more information -on configuration options, open the configuration documentation: +Ory Hydra can be configured using environment variables as well as a configuration file. For more information on configuration +options, open the configuration documentation: >> https://www.ory.sh/hydra/docs/reference/configuration << - ### Options ``` @@ -51,8 +50,7 @@ on configuration options, open the configuration documentation: ### SEE ALSO -* [hydra](hydra) - Run and manage Ory Hydra -* [hydra serve admin](hydra-serve-admin) - Serves Administrative HTTP/2 APIs -* [hydra serve all](hydra-serve-all) - Serves both public and administrative HTTP/2 APIs -* [hydra serve public](hydra-serve-public) - Serves Public HTTP/2 APIs - +- [hydra](hydra) - Run and manage Ory Hydra +- [hydra serve admin](hydra-serve-admin) - Serves Administrative HTTP/2 APIs +- [hydra serve all](hydra-serve-all) - Serves both public and administrative HTTP/2 APIs +- [hydra serve public](hydra-serve-public) - Serves Public HTTP/2 APIs diff --git a/docs/hydra/cli/hydra-token-client.md b/docs/hydra/cli/hydra-token-client.md index 7074bea85..c6fd5e363 100644 --- a/docs/hydra/cli/hydra-token-client.md +++ b/docs/hydra/cli/hydra-token-client.md @@ -9,17 +9,17 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra token client An exemplary OAuth 2.0 Client performing the OAuth 2.0 Client Credentials Flow ### Synopsis -Performs the OAuth 2.0 Client Credentials Flow. This command will help you to see if Ory Hydra has -been configured properly. +Performs the OAuth 2.0 Client Credentials Flow. This command will help you to see if Ory Hydra has been configured properly. -This command should not be used for anything else than manual testing or demo purposes. The server will terminate on error -and success. +This command should not be used for anything else than manual testing or demo purposes. The server will terminate on error and +success. ``` hydra token client [flags] @@ -47,5 +47,4 @@ hydra token client [flags] ### SEE ALSO -* [hydra token](hydra-token) - Issue and Manage OAuth2 tokens - +- [hydra token](hydra-token) - Issue and Manage OAuth2 tokens diff --git a/docs/hydra/cli/hydra-token-delete.md b/docs/hydra/cli/hydra-token-delete.md index d4b838d84..23e821b47 100644 --- a/docs/hydra/cli/hydra-token-delete.md +++ b/docs/hydra/cli/hydra-token-delete.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra token delete Deletes access tokens of a client @@ -36,5 +37,4 @@ hydra token delete [flags] ### SEE ALSO -* [hydra token](hydra-token) - Issue and Manage OAuth2 tokens - +- [hydra token](hydra-token) - Issue and Manage OAuth2 tokens diff --git a/docs/hydra/cli/hydra-token-flush.md b/docs/hydra/cli/hydra-token-flush.md index 5eeb5df86..5c0cc7d9e 100644 --- a/docs/hydra/cli/hydra-token-flush.md +++ b/docs/hydra/cli/hydra-token-flush.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra token flush Removes inactive access tokens from the database @@ -36,5 +37,4 @@ hydra token flush [flags] ### SEE ALSO -* [hydra token](hydra-token) - Issue and Manage OAuth2 tokens - +- [hydra token](hydra-token) - Issue and Manage OAuth2 tokens diff --git a/docs/hydra/cli/hydra-token-introspect.md b/docs/hydra/cli/hydra-token-introspect.md index d735e56ca..b10370f78 100644 --- a/docs/hydra/cli/hydra-token-introspect.md +++ b/docs/hydra/cli/hydra-token-introspect.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra token introspect Introspect an access or refresh token @@ -38,5 +39,4 @@ hydra token introspect [flags] ### SEE ALSO -* [hydra token](hydra-token) - Issue and Manage OAuth2 tokens - +- [hydra token](hydra-token) - Issue and Manage OAuth2 tokens diff --git a/docs/hydra/cli/hydra-token-revoke.md b/docs/hydra/cli/hydra-token-revoke.md index ac3da1113..6be9b9efa 100644 --- a/docs/hydra/cli/hydra-token-revoke.md +++ b/docs/hydra/cli/hydra-token-revoke.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra token revoke Revoke an access or refresh token @@ -36,5 +37,4 @@ hydra token revoke [flags] ### SEE ALSO -* [hydra token](hydra-token) - Issue and Manage OAuth2 tokens - +- [hydra token](hydra-token) - Issue and Manage OAuth2 tokens diff --git a/docs/hydra/cli/hydra-token-user.md b/docs/hydra/cli/hydra-token-user.md index 7fbedd348..2f9b9dc20 100644 --- a/docs/hydra/cli/hydra-token-user.md +++ b/docs/hydra/cli/hydra-token-user.md @@ -9,17 +9,18 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra token user An exemplary OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow ### Synopsis -Starts an exemplary web server that acts as an OAuth 2.0 Client performing the Authorize Code Flow. -This command will help you to see if Ory Hydra has been configured properly. +Starts an exemplary web server that acts as an OAuth 2.0 Client performing the Authorize Code Flow. This command will help you to +see if Ory Hydra has been configured properly. -This command must not be used for anything else than manual testing or demo purposes. The server will terminate on error -and success, unless if the --no-shutdown flag is provided. +This command must not be used for anything else than manual testing or demo purposes. The server will terminate on error and +success, unless if the --no-shutdown flag is provided. ``` hydra token user [flags] @@ -55,5 +56,4 @@ hydra token user [flags] ### SEE ALSO -* [hydra token](hydra-token) - Issue and Manage OAuth2 tokens - +- [hydra token](hydra-token) - Issue and Manage OAuth2 tokens diff --git a/docs/hydra/cli/hydra-token.md b/docs/hydra/cli/hydra-token.md index 0621f5f11..227803662 100644 --- a/docs/hydra/cli/hydra-token.md +++ b/docs/hydra/cli/hydra-token.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra token Issue and Manage OAuth2 tokens @@ -24,11 +25,10 @@ Issue and Manage OAuth2 tokens ### SEE ALSO -* [hydra](hydra) - Run and manage Ory Hydra -* [hydra token client](hydra-token-client) - An exemplary OAuth 2.0 Client performing the OAuth 2.0 Client Credentials Flow -* [hydra token delete](hydra-token-delete) - Deletes access tokens of a client -* [hydra token flush](hydra-token-flush) - Removes inactive access tokens from the database -* [hydra token introspect](hydra-token-introspect) - Introspect an access or refresh token -* [hydra token revoke](hydra-token-revoke) - Revoke an access or refresh token -* [hydra token user](hydra-token-user) - An exemplary OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow - +- [hydra](hydra) - Run and manage Ory Hydra +- [hydra token client](hydra-token-client) - An exemplary OAuth 2.0 Client performing the OAuth 2.0 Client Credentials Flow +- [hydra token delete](hydra-token-delete) - Deletes access tokens of a client +- [hydra token flush](hydra-token-flush) - Removes inactive access tokens from the database +- [hydra token introspect](hydra-token-introspect) - Introspect an access or refresh token +- [hydra token revoke](hydra-token-revoke) - Revoke an access or refresh token +- [hydra token user](hydra-token-user) - An exemplary OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow diff --git a/docs/hydra/cli/hydra-version.md b/docs/hydra/cli/hydra-version.md index 07ddc969a..f1a8b2734 100644 --- a/docs/hydra/cli/hydra-version.md +++ b/docs/hydra/cli/hydra-version.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra version Display this binary's version, build time and git hash of this build @@ -25,5 +26,4 @@ hydra version [flags] ### SEE ALSO -* [hydra](hydra) - Run and manage Ory Hydra - +- [hydra](hydra) - Run and manage Ory Hydra diff --git a/docs/hydra/cli/hydra.md b/docs/hydra/cli/hydra.md index d89ab8df7..1ab5f395b 100644 --- a/docs/hydra/cli/hydra.md +++ b/docs/hydra/cli/hydra.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## hydra Run and manage Ory Hydra @@ -21,11 +22,10 @@ Run and manage Ory Hydra ### SEE ALSO -* [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients -* [hydra janitor](hydra-janitor) - Clean the database of old tokens, login/consent requests and jwt grant issuers -* [hydra keys](hydra-keys) - Manage JSON Web Keys -* [hydra migrate](hydra-migrate) - Various migration helpers -* [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs -* [hydra token](hydra-token) - Issue and Manage OAuth2 tokens -* [hydra version](hydra-version) - Display this binary's version, build time and git hash of this build - +- [hydra clients](hydra-clients) - Manage OAuth 2.0 Clients +- [hydra janitor](hydra-janitor) - Clean the database of old tokens, login/consent requests and jwt grant issuers +- [hydra keys](hydra-keys) - Manage JSON Web Keys +- [hydra migrate](hydra-migrate) - Various migration helpers +- [hydra serve](hydra-serve) - Parent command for starting public and administrative HTTP/2 APIs +- [hydra token](hydra-token) - Issue and Manage OAuth2 tokens +- [hydra version](hydra-version) - Display this binary's version, build time and git hash of this build diff --git a/docs/keto/cli/keto-check.md b/docs/keto/cli/keto-check.md index ab432b988..ead796f54 100644 --- a/docs/keto/cli/keto-check.md +++ b/docs/keto/cli/keto-check.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto check Check whether a subject has a relation on an object @@ -40,5 +41,4 @@ keto check [flags] ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server - +- [keto](keto) - Global and consistent permission and authorization server diff --git a/docs/keto/cli/keto-expand.md b/docs/keto/cli/keto-expand.md index 032e454c6..cfa28375b 100644 --- a/docs/keto/cli/keto-expand.md +++ b/docs/keto/cli/keto-expand.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto expand Expand a subject set @@ -40,5 +41,4 @@ keto expand [flags] ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server - +- [keto](keto) - Global and consistent permission and authorization server diff --git a/docs/keto/cli/keto-migrate-down.md b/docs/keto/cli/keto-migrate-down.md index a5c3098c5..f088f6e93 100644 --- a/docs/keto/cli/keto-migrate-down.md +++ b/docs/keto/cli/keto-migrate-down.md @@ -9,14 +9,14 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto migrate down Migrate the database down ### Synopsis -Migrate the database down a specific amount of steps. -Pass 0 steps to fully migrate down. +Migrate the database down a specific amount of steps. Pass 0 steps to fully migrate down. ``` keto migrate down [flags] @@ -39,5 +39,4 @@ keto migrate down [flags] ### SEE ALSO -* [keto migrate](keto-migrate) - Commands to migrate the database - +- [keto migrate](keto-migrate) - Commands to migrate the database diff --git a/docs/keto/cli/keto-migrate-status.md b/docs/keto/cli/keto-migrate-status.md index 5738f4021..04ec33dff 100644 --- a/docs/keto/cli/keto-migrate-status.md +++ b/docs/keto/cli/keto-migrate-status.md @@ -9,14 +9,14 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto migrate status Get the current migration status ### Synopsis -Get the current migration status. -This does not affect namespaces. Use `keto namespace migrate status` for migrating namespaces. +Get the current migration status. This does not affect namespaces. Use `keto namespace migrate status` for migrating namespaces. ``` keto migrate status [flags] @@ -38,5 +38,4 @@ keto migrate status [flags] ### SEE ALSO -* [keto migrate](keto-migrate) - Commands to migrate the database - +- [keto migrate](keto-migrate) - Commands to migrate the database diff --git a/docs/keto/cli/keto-migrate-up.md b/docs/keto/cli/keto-migrate-up.md index b6b4b4d7c..6b927a18a 100644 --- a/docs/keto/cli/keto-migrate-up.md +++ b/docs/keto/cli/keto-migrate-up.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto migrate up Migrate the database up @@ -17,14 +18,13 @@ Migrate the database up Run this command on a fresh SQL installation and when you upgrade Ory Keto from version v0.7.x and later. -It is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet. -This decreases risk of failure and decreases time required. +It is recommended to run this command close to the SQL instance (e.g. same subnet) instead of over the public internet. This +decreases risk of failure and decreases time required. -### WARNING ### +### WARNING Before running this command on an existing database, create a back up! - ``` keto migrate up [flags] ``` @@ -46,5 +46,4 @@ keto migrate up [flags] ### SEE ALSO -* [keto migrate](keto-migrate) - Commands to migrate the database - +- [keto migrate](keto-migrate) - Commands to migrate the database diff --git a/docs/keto/cli/keto-migrate.md b/docs/keto/cli/keto-migrate.md index 066a576fc..31826c596 100644 --- a/docs/keto/cli/keto-migrate.md +++ b/docs/keto/cli/keto-migrate.md @@ -9,14 +9,14 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto migrate Commands to migrate the database ### Synopsis -Commands to migrate the database. -This does not affect namespaces. Use `keto namespace migrate` for migrating namespaces. +Commands to migrate the database. This does not affect namespaces. Use `keto namespace migrate` for migrating namespaces. ### Options @@ -32,8 +32,7 @@ This does not affect namespaces. Use `keto namespace migrate` for migrating name ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server -* [keto migrate down](keto-migrate-down) - Migrate the database down -* [keto migrate status](keto-migrate-status) - Get the current migration status -* [keto migrate up](keto-migrate-up) - Migrate the database up - +- [keto](keto) - Global and consistent permission and authorization server +- [keto migrate down](keto-migrate-down) - Migrate the database down +- [keto migrate status](keto-migrate-status) - Get the current migration status +- [keto migrate up](keto-migrate-up) - Migrate the database up diff --git a/docs/keto/cli/keto-namespace-migrate-legacy.md b/docs/keto/cli/keto-namespace-migrate-legacy.md index 18ee88de0..f60af2ced 100644 --- a/docs/keto/cli/keto-namespace-migrate-legacy.md +++ b/docs/keto/cli/keto-namespace-migrate-legacy.md @@ -9,16 +9,16 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto namespace migrate legacy Migrate a namespace from v0.6.x to v0.7.x and later. ### Synopsis -Migrate a legacy namespaces from v0.6.x to the v0.7.x and later. -This step only has to be executed once. -If no namespace is specified, all legacy namespaces will be migrated. -Please ensure that namespace IDs did not change in the config file and you have a backup in case something goes wrong! +Migrate a legacy namespaces from v0.6.x to the v0.7.x and later. This step only has to be executed once. If no namespace is +specified, all legacy namespaces will be migrated. Please ensure that namespace IDs did not change in the config file and you have +a backup in case something goes wrong! ``` keto namespace migrate legacy [] [flags] @@ -44,5 +44,4 @@ keto namespace migrate legacy [] [flags] ### SEE ALSO -* [keto namespace migrate](keto-namespace-migrate) - Migrate a namespace - +- [keto namespace migrate](keto-namespace-migrate) - Migrate a namespace diff --git a/docs/keto/cli/keto-namespace-migrate.md b/docs/keto/cli/keto-namespace-migrate.md index 2343a2b23..5eaba0368 100644 --- a/docs/keto/cli/keto-namespace-migrate.md +++ b/docs/keto/cli/keto-namespace-migrate.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto namespace migrate Migrate a namespace @@ -27,6 +28,5 @@ Migrate a namespace ### SEE ALSO -* [keto namespace](keto-namespace) - Read and manipulate namespaces -* [keto namespace migrate legacy](keto-namespace-migrate-legacy) - Migrate a namespace from v0.6.x to v0.7.x and later. - +- [keto namespace](keto-namespace) - Read and manipulate namespaces +- [keto namespace migrate legacy](keto-namespace-migrate-legacy) - Migrate a namespace from v0.6.x to v0.7.x and later. diff --git a/docs/keto/cli/keto-namespace-validate.md b/docs/keto/cli/keto-namespace-validate.md index 1672e101b..1626c850b 100644 --- a/docs/keto/cli/keto-namespace-validate.md +++ b/docs/keto/cli/keto-namespace-validate.md @@ -9,16 +9,15 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto namespace validate Validate namespace definitions ### Synopsis -validate -Validates namespace definitions. Parses namespace yaml files or configuration -files passed via the configuration flag. Returns human readable errors. Useful for -debugging. +validate Validates namespace definitions. Parses namespace yaml files or configuration files passed via the configuration flag. +Returns human readable errors. Useful for debugging. ``` keto namespace validate [ ...] | validate -c [flags] @@ -38,5 +37,4 @@ keto namespace validate [ ...] | validate -c + ## keto namespace Read and manipulate namespaces @@ -27,7 +28,6 @@ Read and manipulate namespaces ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server -* [keto namespace migrate](keto-namespace-migrate) - Migrate a namespace -* [keto namespace validate](keto-namespace-validate) - Validate namespace definitions - +- [keto](keto) - Global and consistent permission and authorization server +- [keto namespace migrate](keto-namespace-migrate) - Migrate a namespace +- [keto namespace validate](keto-namespace-validate) - Validate namespace definitions diff --git a/docs/keto/cli/keto-relation-tuple-create.md b/docs/keto/cli/keto-relation-tuple-create.md index 7fae0d6e1..c500bbae0 100644 --- a/docs/keto/cli/keto-relation-tuple-create.md +++ b/docs/keto/cli/keto-relation-tuple-create.md @@ -9,15 +9,15 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto relation-tuple create Create relation tuples from JSON files ### Synopsis -Create relation tuples from JSON files. -A directory will be traversed and all relation tuples will be created. -Pass the special filename `-` to read from STD_IN. +Create relation tuples from JSON files. A directory will be traversed and all relation tuples will be created. Pass the special +filename `-` to read from STD_IN. ``` keto relation-tuple create [] [flags] @@ -41,5 +41,4 @@ keto relation-tuple create [] [flags] ### SEE ALSO -* [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples - +- [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples diff --git a/docs/keto/cli/keto-relation-tuple-delete-all.md b/docs/keto/cli/keto-relation-tuple-delete-all.md index 627a7e7a1..28cfdc01e 100644 --- a/docs/keto/cli/keto-relation-tuple-delete-all.md +++ b/docs/keto/cli/keto-relation-tuple-delete-all.md @@ -9,14 +9,15 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto relation-tuple delete-all Delete ALL relation tuples matching the relation query. ### Synopsis -Delete all relation tuples matching the relation query. -It is recommended to first run the command without the `--force` flag to verify that the operation is safe. +Delete all relation tuples matching the relation query. It is recommended to first run the command without the `--force` flag to +verify that the operation is safe. ``` keto relation-tuple delete-all [flags] @@ -46,5 +47,4 @@ keto relation-tuple delete-all [flags] ### SEE ALSO -* [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples - +- [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples diff --git a/docs/keto/cli/keto-relation-tuple-delete.md b/docs/keto/cli/keto-relation-tuple-delete.md index 0b27a4c4e..b7c8bf330 100644 --- a/docs/keto/cli/keto-relation-tuple-delete.md +++ b/docs/keto/cli/keto-relation-tuple-delete.md @@ -9,14 +9,14 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto relation-tuple delete Delete relation tuples defined in JSON files ### Synopsis -Delete relation tuples defined in the given JSON files. -A directory will be traversed and all relation tuples will be deleted. +Delete relation tuples defined in the given JSON files. A directory will be traversed and all relation tuples will be deleted. Pass the special filename `-` to read from STD_IN. ``` @@ -41,5 +41,4 @@ keto relation-tuple delete [] [flags] ### SEE ALSO -* [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples - +- [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples diff --git a/docs/keto/cli/keto-relation-tuple-get.md b/docs/keto/cli/keto-relation-tuple-get.md index a46ac4358..fed5d6a97 100644 --- a/docs/keto/cli/keto-relation-tuple-get.md +++ b/docs/keto/cli/keto-relation-tuple-get.md @@ -9,14 +9,14 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto relation-tuple get Get relation tuples ### Synopsis -Get relation tuples matching the given partial tuple. -Returns paginated results. +Get relation tuples matching the given partial tuple. Returns paginated results. ``` keto relation-tuple get [flags] @@ -47,5 +47,4 @@ keto relation-tuple get [flags] ### SEE ALSO -* [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples - +- [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples diff --git a/docs/keto/cli/keto-relation-tuple-parse.md b/docs/keto/cli/keto-relation-tuple-parse.md index efc6baaae..e922ed821 100644 --- a/docs/keto/cli/keto-relation-tuple-parse.md +++ b/docs/keto/cli/keto-relation-tuple-parse.md @@ -9,15 +9,15 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto relation-tuple parse Parse human readable relation tuples ### Synopsis -Parse human readable relation tuples as used in the documentation. -Supports various output formats. Especially useful for piping into other commands by using `--format json`. -Ignores comments (starting with `//`) and blank lines. +Parse human readable relation tuples as used in the documentation. Supports various output formats. Especially useful for piping +into other commands by using `--format json`. Ignores comments (starting with `//`) and blank lines. ``` keto relation-tuple parse [flags] @@ -39,5 +39,4 @@ keto relation-tuple parse [flags] ### SEE ALSO -* [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples - +- [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples diff --git a/docs/keto/cli/keto-relation-tuple.md b/docs/keto/cli/keto-relation-tuple.md index 248526b84..fed4769f3 100644 --- a/docs/keto/cli/keto-relation-tuple.md +++ b/docs/keto/cli/keto-relation-tuple.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto relation-tuple Read and manipulate relation tuples @@ -27,10 +28,9 @@ Read and manipulate relation tuples ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server -* [keto relation-tuple create](keto-relation-tuple-create) - Create relation tuples from JSON files -* [keto relation-tuple delete](keto-relation-tuple-delete) - Delete relation tuples defined in JSON files -* [keto relation-tuple delete-all](keto-relation-tuple-delete-all) - Delete ALL relation tuples matching the relation query. -* [keto relation-tuple get](keto-relation-tuple-get) - Get relation tuples -* [keto relation-tuple parse](keto-relation-tuple-parse) - Parse human readable relation tuples - +- [keto](keto) - Global and consistent permission and authorization server +- [keto relation-tuple create](keto-relation-tuple-create) - Create relation tuples from JSON files +- [keto relation-tuple delete](keto-relation-tuple-delete) - Delete relation tuples defined in JSON files +- [keto relation-tuple delete-all](keto-relation-tuple-delete-all) - Delete ALL relation tuples matching the relation query. +- [keto relation-tuple get](keto-relation-tuple-get) - Get relation tuples +- [keto relation-tuple parse](keto-relation-tuple-parse) - Parse human readable relation tuples diff --git a/docs/keto/cli/keto-serve.md b/docs/keto/cli/keto-serve.md index 51b7d112d..c6e1f33ad 100644 --- a/docs/keto/cli/keto-serve.md +++ b/docs/keto/cli/keto-serve.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto serve Starts the server and serves the HTTP REST and gRPC APIs @@ -19,8 +20,8 @@ This command opens the network ports and listens to HTTP and gRPC API requests. ## Configuration -ORY Keto can be configured using environment variables as well as a configuration file. For more information -on configuration options, open the configuration documentation: +ORY Keto can be configured using environment variables as well as a configuration file. For more information on configuration +options, open the configuration documentation: >> https://www.ory.sh/keto/docs/reference/configuration << @@ -44,5 +45,4 @@ keto serve [flags] ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server - +- [keto](keto) - Global and consistent permission and authorization server diff --git a/docs/keto/cli/keto-status.md b/docs/keto/cli/keto-status.md index b36ab1267..12b9ef56b 100644 --- a/docs/keto/cli/keto-status.md +++ b/docs/keto/cli/keto-status.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto status Get the status of the upstream Keto instance @@ -40,5 +41,4 @@ keto status [flags] ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server - +- [keto](keto) - Global and consistent permission and authorization server diff --git a/docs/keto/cli/keto-version.md b/docs/keto/cli/keto-version.md index c7d6f27fb..d126276de 100644 --- a/docs/keto/cli/keto-version.md +++ b/docs/keto/cli/keto-version.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto version Show the build version, build time, and git hash @@ -31,5 +32,4 @@ keto version [flags] ### SEE ALSO -* [keto](keto) - Global and consistent permission and authorization server - +- [keto](keto) - Global and consistent permission and authorization server diff --git a/docs/keto/cli/keto.md b/docs/keto/cli/keto.md index d582696ba..7dec0347e 100644 --- a/docs/keto/cli/keto.md +++ b/docs/keto/cli/keto.md @@ -9,6 +9,7 @@ This file is auto-generated. To improve this file please make your change against the appropriate "./cmd/*.go" file. --> + ## keto Global and consistent permission and authorization server @@ -22,12 +23,11 @@ Global and consistent permission and authorization server ### SEE ALSO -* [keto check](keto-check) - Check whether a subject has a relation on an object -* [keto expand](keto-expand) - Expand a subject set -* [keto migrate](keto-migrate) - Commands to migrate the database -* [keto namespace](keto-namespace) - Read and manipulate namespaces -* [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples -* [keto serve](keto-serve) - Starts the server and serves the HTTP REST and gRPC APIs -* [keto status](keto-status) - Get the status of the upstream Keto instance -* [keto version](keto-version) - Show the build version, build time, and git hash - +- [keto check](keto-check) - Check whether a subject has a relation on an object +- [keto expand](keto-expand) - Expand a subject set +- [keto migrate](keto-migrate) - Commands to migrate the database +- [keto namespace](keto-namespace) - Read and manipulate namespaces +- [keto relation-tuple](keto-relation-tuple) - Read and manipulate relation tuples +- [keto serve](keto-serve) - Starts the server and serves the HTTP REST and gRPC APIs +- [keto status](keto-status) - Get the status of the upstream Keto instance +- [keto version](keto-version) - Show the build version, build time, and git hash diff --git a/docs/oathkeeper/api-access-rules.md b/docs/oathkeeper/api-access-rules.md index 1bcec2af1..bdff7ba05 100644 --- a/docs/oathkeeper/api-access-rules.md +++ b/docs/oathkeeper/api-access-rules.md @@ -82,9 +82,9 @@ Access Rules have four principal keys: - `match` (object): Defines the URL(s) this Access Rule should match. - `methods` (string[]): Array of HTTP methods (for example GET, POST, PUT, DELETE, ...). - - `headers` (map[string]string): Map of HTTP headers to match. If the header you are matching against is of array type - (like a User-Agent header), the value you define must match any of the element of the array. The match is an equality and - does not support regular expressions. + - `headers` (map[string]string): Map of HTTP headers to match. If the header you are matching against is of array type (like a + User-Agent header), the value you define must match any of the element of the array. The match is an equality and does not + support regular expressions. - `url` (string): The URL that should be matched. You can use regular expressions or glob patterns in this field to match more than one url. The matching strategy (glob or regexp) is defined in the global configuration file as `access_rules.matching_strategy`. This matcher ignores query parameters. Regular expressions (or glob patterns) are diff --git a/package-lock.json b/package-lock.json index 1bef14ead..97e0cc3c3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -33,7 +33,6 @@ "node-fetch": "2.6.7", "ory-prettier-styles": "1.2.0", "parser-front-matter": "1.6.4", - "prettier": "2.6.2", "prism-react-renderer": "1.2.1", "prismjs": "1.27.0", "ramda": "^0.27.1", @@ -58,6 +57,7 @@ "jest": "^27.5.1", "npm-run-all": "^4.1.5", "path-to-regexp": "^6.2.0", + "prettier": "2.6.2", "raw-loader": "^4.0.2", "text-runner": "^5.0.0", "wait-on": "^6.0.0", @@ -17169,6 +17169,7 @@ "version": "2.6.2", "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==", + "dev": true, "bin": { "prettier": "bin-prettier.js" }, @@ -34824,7 +34825,8 @@ "prettier": { "version": "2.6.2", "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.6.2.tgz", - "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==" + "integrity": "sha512-PkUpF+qoXTqhOeWL9fu7As8LXsIUZ1WYaJiY/a7McAQzxjk82OF0tibkFXVCDImZtWxbvojFjerkiLb0/q8mew==", + "dev": true }, "pretty-error": { "version": "4.0.0", diff --git a/package.json b/package.json index df75f7697..9f6059138 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,6 @@ "node-fetch": "2.6.7", "ory-prettier-styles": "1.2.0", "parser-front-matter": "1.6.4", - "prettier": "2.6.2", "prism-react-renderer": "1.2.1", "prismjs": "1.27.0", "ramda": "^0.27.1", @@ -86,6 +85,7 @@ "jest": "^27.5.1", "npm-run-all": "^4.1.5", "path-to-regexp": "^6.2.0", + "prettier": "2.6.2", "raw-loader": "^4.0.2", "text-runner": "^5.0.0", "wait-on": "^6.0.0",