https://www.ory.sh/ logo
Join Slack
Powered by
Question, Can you not load a OPL ts file in Keto? ...
# talk-keto
w
Question, Can you not load a OPL ts file in Keto? I thought it was the namespace definition.
s
w
Thanks Patrik
I originally received an error that my file wasn't the correct file extension (.ts was not an option). I must have done something wrong with the keto config because it loaded without complaint now. Perhaps I did something silly like try to load it instead of the keto service config. 🤷
@steep-lamp-91158 The documentation does not show that 
namespace.location
is a config option: https://www.ory.sh/docs/keto/reference/configuration I'm not sure where an issue would go for that. It looks like docs need to be regenerated as the source config.schema.json is up-to-date and includes 
namespace.location
.
s
Hm I think that is an edge case that is hard to fix... Because of the oneof, only one case can be shown in the example config
Maybe we could add the others as comments
w
Oh I see. That is troublesome. Perhaps find a way to add it to the guides? There's no example of editing the config to accommodate the OPL file that I could find.
I also cannot find any description of what I should expect to happen when I load the OPL file. It adds namespaces. Does it prevent relationships from being created that aren't in the model?
w
@steep-lamp-91158 Hey Patrik, link you mentioned above is expired. Could you guide me how to set namespaces in self hosted Ory Keto? I'm using helm and seeing this kind of value in values.yaml, I don't understand what should i pass to this params:
Copy code
keto:
  ...
  config:
    ...
    namespaces:
      - id: 0
        name: sample
s
w
@steep-lamp-91158 I'm just passing base64 encoded string to 
namespaces.location
but then 
automigrate
service fails and here's an errors:
s
the key has to be 
keto.config.namespaces.location
without the array index
and delete the namespace name
w
@steep-lamp-91158 Nah, it won't work.
Copy code
failed parsing key "keto.config.namespaces.location" with value base64://.., unable to parse key: interface conversion: interface {} is []interface {}, not map[string]interface {}
s
did you remove the name?
w
Yeh. I found the problem - this lines should be removed from helm: https://github.com/ory/k8s/blob/master/helm/charts/keto/values.yaml#L238-L240 after removing namespaces from values.yaml your suggestion worked. e.g. 
keto.config.namespaces.location
Do you want me to rise PR?
successfully deployed and migrated.
s
not sure what your setup is, but isn't the values.yml just a reference that you adjust to your needs?
w
I'm using Terraform and overriding values.yaml from Terraform to do not touch Ory's helm chart, keep clean and sync with upstream repo.
s
so you should override the whole namespaces key instead, i.e. 
keto.config.namespaces
with the value 
{location: base64://...}
w
Oh, i see. That makes sense! Let me try...
Not working, it requires string.
Copy code
{
  name  = "keto.config.namespaces[0].location"
  value = "base64://..."
}
This works
s
hm I don't know terraform too much...
w
Okay, i'll figure out thank you for helping! Just a quick question - is namespaces.ts stored in the db during migration?
s
no, it is only read from the config
w
Gotcha, then why migration fails if it's not related to namespaces? 🤔 I mean it's weird..
s
well config validation fails
not the migration itself
the server would also fail with the same error
some migrations require the namespace config
w
gotcha
Copy code
I[#/namespaces/0] S[#/definitions/namespace/additionalProperties] additionalProperties "location" not allowed
what does it mean
Copy code
I[#/namespaces] S[#/properties/namespaces/oneOf/2/type] expected object, but got array
s
these are validation errors from the config file, basically everything under 
config
in the values
w
Okay thanks Patrik, is there any other way to pass namespaces ?
s
all config values can be passed as env vars as well
w
Okay, i'll try that. 2 more questions: 1. how to pass this nested config to env; 2. and what is the proper way to check if config has been deployed (except pod status).
s
There is not really a way to check the loaded config. If the service is live, it probably has the correct config. E2E tests are the only reliable way I guess
w
There are a 3 places to pass extraEnvs in the helm: 1. job 2. deployment 3. autoMigration should i pass envs to all of them?
13 Views
Open in Slack
PreviousNext
Powered by