Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
When defining a subject set, both the CLI and base /relation-tuples/check allow for the subject relation to be excluded.
The OpenAPI-produced client (both the outdated 0.11 on maven and I think the one generated from master) refer to /relation-tuples/check/openapi.
This endpoint will return a 400, whereas the CLI and /relation-tuples/check endpoints will return true or false where expected.
Reproducing the bug
Make API request from the OpenAPI client (PermissionApi.checkPermission)
permissionApi.checkPermission(
MY_NAMESPACE,
_object.toString(),
MY_RELATION,
null, // subject_id
ENTITY, // namespace
"$requestingEntity", // subject set object
null, // subject set relation
DEFAULT_MAX_DEPTH)
This will return 400.
Override this function to use the non-openAPI POST endpoint, and alter it to add the parameters to the POST body instead of the query parameters.
This will succeed.
Relevant log output
INFO[2024-10-07T15:16:23+02:00] started handling request http_request=map[headers:map[accept:application/json accept-encoding:gzip connection:Keep-Alive user-agent:OpenAPI-Generator/v0.11.0-alpha.0/java] host:localhost:4466 method:GET path:/relation-tuples/check/openapi query:namespace=Entity&object=1234&relation=read&subject_set.namespace=Entity&subject_set.object=5678&max-depth=10 remote:127.0.0.1:50412 scheme:http]
INFO[2024-10-07T15:16:23+02:00] An error occurred while handling a request audience=application error=map[debug: message:incomplete subject, provide "subject_id" or a complete "subject_set.*" reason: stack_trace: status:Bad Request status_code:400] http_request=map[headers:map[accept:application/json accept-encoding:gzip connection:Keep-Alive user-agent:OpenAPI-Generator/v0.11.0-alpha.0/java] host:localhost:4466 method:GET path:/relation-tuples/check/openapi query:namespace=Entity&object=2234&relation=read&subject_set.namespace=Entity&subject_set.object=74090&max-depth=10 remote:127.0.0.1:50412 scheme:http] http_response=map[status_code:400] service_name=Ory Keto service_version=v0.12.0-alpha.0Relevant configuration
No response
Version
v0.12.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Binary
Additional Context
No response