ory · zepatrik · Aug 24, 2022 · Aug 24, 2022 · Aug 25, 2022
@@ -0,0 +1,22 @@
+import { Namespace, SubjectSet, Context } from '@ory/keto-namespace-types'
+
+// Declare new namespaces as classes that implement `Namespace`{{ range .Namespaces }}
+class {{ . }} implements Namespace {
+  related: {
+    // Define relations to other objects here.
+    // Examples:
+    //
+    // parents: (File | Folder)[]
+    // viewers: SubjectSet<Group, "members">[]
+  }
+
+  permits = {
+    // Define permissions here. These can be derived from the relations above.
+    // Examples:
+    //
+    // view: (ctx: Context): boolean =>
+    //  this.related.viewers.includes(ctx.subject) ||
+    //  this.related.parents.traverse((p) => p.permits.view(ctx)),
+  }
+}
+{{ end }}
@@ -0,0 +1,7 @@
+{
+  "private": true,
+  "devDependencies": {
+    "@ory/keto-namespace-types": "{{ .Version }}",
+    "typescript": "latest"
+  }
+}
@@ -0,0 +1,7 @@
+{
+  "compilerOptions": {
+    "noLib": true,
+    "noEmit": true,
+    "types": []
+  }
+}
@@ -0,0 +1,20 @@
+package namespace
+
+import (
+	"github.com/ory/x/cmdx"
+	"github.com/spf13/cobra"
+)
+
+func NewFromLegacy() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "from-legacy",
+		Short: "Convert legacy namespace configs to OPL configs",
+		Long:  `This command converts legacy namespace configs to OPL configs.`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			cmdx.RegisterFormatFlags()
+			return nil
+		},
+	}
+
+	return cmd
+}
@@ -0,0 +1,26 @@
+package namespace
+
+import (
+	"github.com/spf13/cobra"
+)
+
+func NewInitCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "init [<namespace-name> ...]",
+		Short: "Initialize the namespace config",
+		Long: `This command initializes the namespace config for the given namespaces.
+A "default" namespace is created if none is specified.`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				args = []string{"default"}
+			}
+			if err := generateConfigFiles(args, cmd.Flag(FlagOut).Value.String()); err != nil {
+				return err
+			}
+			return nil
+		},
+	}
+	registerOutputFlag(cmd)
+
+	return cmd
+}
@@ -0,0 +1,68 @@
+package namespace
+
+import (
+	"embed"
+	"github.com/ory/keto/internal/driver/config"
+	"github.com/pkg/errors"
+	"github.com/spf13/cobra"
+	"io"
+	"io/fs"
+	"os"
+	"path/filepath"
+	"strings"
+	"text/template"
+)
+
+const FlagOut = "out"
+
+func registerOutputFlag(cmd *cobra.Command) {
+	cmd.Flags().StringP(FlagOut, "o", ".", "output directory, will be created if it does not exist")
+}
+
+//go:embed config_template/*
+var configTemplate embed.FS
+var version string
+
+func init() {
+	version = config.Version
+	if version == "master" || version == "" {
+		version = "latest"
+	}
+}
+
+func generateConfigFiles(nspaces []string, out string) error {
+	t, err := template.New("config_template").ParseFS(configTemplate, "config_template/*")
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	return fs.WalkDir(configTemplate, ".", func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return errors.WithStack(err)
+		}
+		if d.IsDir() {
+			return nil
+		}
+		orig, _ := configTemplate.Open(path)
+		defer orig.Close()
+		other, err := os.Create(filepath.Join(out, strings.TrimSuffix(d.Name(), ".tmpl")))
+		if err != nil {
+			return err
+		}
+		defer other.Close()
+		if !strings.HasSuffix(path, ".tmpl") {
+			_, err := io.Copy(other, orig)
+			if err != nil {
+				return errors.WithStack(err)
+			}
+			return nil
+		}
+
+		return errors.WithStack(t.ExecuteTemplate(other, d.Name(), struct {
+			Namespaces []string
+			Version    string
+		}{
+			Namespaces: nspaces,
+			Version:    version,
+		}))
+	})
+}
@@ -1,13 +1,8 @@
 package namespace
 
 import (
-	"github.com/ory/x/cmdx"
-	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-
 	"github.com/ory/keto/ketoctx"
-
-	"github.com/ory/keto/cmd/client"
+	"github.com/spf13/cobra"
 )
 
 func NewNamespaceCmd() *cobra.Command {
@@ -17,24 +12,9 @@ func NewNamespaceCmd() *cobra.Command {
 	}
 }
 
-func NewMigrateCmd() *cobra.Command {
-	return &cobra.Command{
-		Use:   "migrate",
-		Short: "Migrate a namespace",
-	}
-}
-
 func RegisterCommandsRecursive(parent *cobra.Command, _ []ketoctx.Option) {
 	rootCmd := NewNamespaceCmd()
-	migrateCmd := NewMigrateCmd()
-	migrateCmd.AddCommand(NewMigrateUpCmd(), NewMigrateDownCmd(), NewMigrateStatusCmd())
-
-	rootCmd.AddCommand(migrateCmd, NewValidateCmd())
+	rootCmd.AddCommand(NewValidateCmd(), NewInitCmd())
 
 	parent.AddCommand(rootCmd)
 }
-
-func registerPackageFlags(flags *pflag.FlagSet) {
-	client.RegisterRemoteURLFlags(flags)
-	cmdx.RegisterFormatFlags(flags)
-}
@@ -21,9 +21,11 @@ import (
 
 func NewValidateCmd() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "validate <namespace.yml> [<namespace2.yml> ...] | validate -c <config.yaml>",
-		Short: "Validate namespace definitions",
-		Long: `validate
+		Deprecated: "The legacy namespaces are deprecated. Please use the new Ory Permission Language instead.",
+		Aliases:    []string{"validate"},
+		Use:        "validate-legacy <namespace.yml> [<namespace2.yml> ...] | validate -c <config.yaml>",
+		Short:      "Validate legacy namespace definitions",
+		Long: `validate-legacy
 Validates namespace definitions. Parses namespace yaml files or configuration
 files passed via the configuration flag. Returns human readable errors. Useful for
 debugging.`,

@@ -0,0 +1,33 @@
+/// <reference no-default-lib="true"/>
+
+declare interface Boolean {}
+declare interface String {}
+declare interface Number {}
+declare interface Function {}
+declare interface Object {}
+declare interface IArguments {}
+declare interface RegExp {}
+
+declare interface Array<T extends namespace> {
+  includes(element: T): boolean
+  traverse(iteratorfn: (element: T) => boolean): boolean
+}
+
+interface context {
+  subject: never
+}
+
+interface namespace {
+  related?: { [relation: string]: namespace[] }
+  permits?: { [method: string]: (ctx: context) => boolean }
+}
+
+declare module "@ory/keto-namespace-types" {
+  export type Context = context
+
+  export type Namespace = namespace
+
+  export type SubjectSet<A extends Namespace,
+    R extends keyof A["related"],
+    > = A["related"][R] extends Array<infer T> ? T : never
+}