Added

• Bounded concurrency limiter for Check and ListObjects queries (#860, #887)

  New server configurations can be provided to limit/bound the amount of concurrency that is allowed during query evaluation. These settings can help reduce the impact/burden that a single query (e.g. Check, ListObjects, etc..) can have on the underlying database and OpenFGA server.

  • --maxConcurrentReadsForListObjects - The maximum allowed number of concurrent reads in a single ListObjects query.

  • --maxConcurrentReadsForCheck - The maximum allowed number of concurrent reads in a single Check query.

  • --resolveNodeBreadthLimit - Defines how many nodes on a given level can be evaluated concurrently in a Check resolution tree.

• Jaeger persistent storage for traces in docker-compose.yaml (#888) - thanks @Azanul

Fixed

• Disable default debug level-logging in retryablehttp client (#882) - thanks @KlausVii

Changed

• [BREAKING] Imports for OpenFGA protobuf API dependencies (#898)

  • Problem - Previously we depended on Buf remote generated packages, but they recently deprecated protobuf imports served from the go.buf.build domain (see Migrate from remote generation alpha). OpenFGA builds are currently broken as a result of this.

  • Change - We switched our protobuf API dependency from go.buf.build/openfga/go/openfga/api/openfga/v1 to github.com/openfga/api/proto/openfga/v1. So we no longer use Buf remote generated packages in favor of packages we manage in the openfga/api repository. This fixes existing build issues.

  • Impact - Developers using the OpenFGA as a library or the gRPC API must change their protobuf dependency from go.buf.build/openfga/go/openfga/api/openfga/v1 to github.com/openfga/api/proto/openfga/v1. A global find/replace and package depedency update should fix it. Here's a diff demonstrating the changes for a Go app, for example:

    import (
      ...
    - openfgav1 "go.buf.build/openfga/go/openfga/api/openfga/v1"
    + openfgav1 "github.com/openfga/api/proto/openfga/v1"
    )
    

• Refactor the Server constructor to use the options builder pattern (#833)

  import (
    openfga "github.com/openfga/openfga/pkg/server"
  )
  
  s := openfga.New(
    &server.Dependencies{...},
    &server.Config{...},
  )
  

  becomes

  import (
    openfga "github.com/openfga/openfga/pkg/server"
  )
  
  var opts []openfga.OpenFGAServiceV1Option
  s := openfga.MustNewServerWithOpts(opts...)
  

Added

• Optimizations for ListObjects and StreamedListObjects for models involving intersection (and) and exclusion (but not) (#797)

Changed

• Cache model validation results on first model load (#831)
• Cache inflight requests when looking up any authorization model (#831)
• Update postgres max connections in docker compose file (#829)

This is the third release candidate that improves ListObjects performance for models involving intersection and/or exclusion (and or but not). (https://github.com/openfga/openfga/pull/797). The changes herein include the security patch fix that was introduced for CVE-2023-35933, so if you're using v1.2.0-rc1 or v1.2.0-rc2, then please upgrade.

To test out the new experimental support for optimized ListObjects you can run OpenFGA with --experimentals optimized-list-objects. A docker image of this release candidate is available openfga/openfga:v1.2.0-rc3.

Added

• Official Homebrew installation instructions (#781) - thanks @chenrui333
• The --verbose flag has been added to the openfga migrate command (#776)
• The openfga validate-models CLI command has been introduced to validate all models across all stores (#817)

Changed

• Updated the version of the grpc-health-probe binary included in OpenFGA builds (#784)
• Cache inflight requests when looking up the latest authorization model (#820)

Fixed

• Validation of models with non-zero entrypoints (#802)
• Remove unintended newlines in model validation error messages (#816) - thanks @Galzzly

Security

• Patches CVE-2023-35933 - additional model validations are now applied to models that can lead to the vulnerability. See the CVE report for more details, and don't hesitate to reach out if you have questions.

This is the second release candidate that improves ListObjects performance for models involving intersection and/or exclusion (and or but not). (https://github.com/openfga/openfga/pull/797)

To test out the new experimental support for optimized ListObjects you can run OpenFGA with --experimentals optimized-list-objects. A docker image of this release candidate is available openfga/openfga:v1.2.0-rc2.

Changed

• Concurrently evaluate objects that require further evaluation instead of serially.

Added

• optimized-list-objects experimental flag to improve ListObjects performance for models involving intersection and/or exclusion (and or but not). (#797)

  To test out the new experimental support for optimized ListObjects you can run OpenFGA with --experimentals optimized-list-objects. A docker image of this release candidate is available openfga/openfga:v1.2.0-rc1.

Fixed

• Correct permission and location for gRPC health probe in Docker image (#697)

Ready for Production with Postgres

OpenFGA with Postgres is now considered stable and ready for production usage.

Fixed

• MySQL migration script errors during downgrade (#664)

Added

• Support for MySQL storage backend (#210). Thank you @MidasLamb!
• Allow specification of type restrictions in authorization models (#223). Note: Type restriction is not enforced yet, this just allows storing them.
• Tuple validation against type restrictions in Write API (#232)
• Upgraded the Postgres storage backend to use pgx v5 (#225)

Fixed

• Close database connections after migration (#252)
• Race condition in streaming ListObjects (#255, #256)

Fixed

• Reject direct writes if only indirect relationship allowed (#114). Thanks @dblclik!
• Log internal errors at the grpc layer (#222)
• Authorization model validation (#224)
• Bug in migrate command (#236)
• Skip malformed tuples involving tuple to userset definitions (#234)