Open
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
The REST API allows us to delete relation tuples in bulk when the Subject is not specified. However, the gRPC API does not - it expects a Subject to be provided at all times and raises and error if it is missing.
Reproducing the bug
gRPC example in Ruby:
require 'ory/keto/relation_tuples/v1alpha2/write_service_services_pb'
relation_tuple =
Ory::Keto::RelationTuples::V1alpha2::RelationTuple.new(
namespace: 'Namespace_A',
object: '123',
relation: 'members'
)
request = Ory::Keto::RelationTuples::V1alpha2::TransactRelationTuplesRequest.new(
relation_tuple_deltas: [
Ory::Keto::RelationTuples::V1alpha2::RelationTupleDelta.new(
action: Ory::Keto::RelationTuples::V1alpha2::RelationTupleDelta::Action::ACTION_DELETE,
relation_tuple:
)
]
)
Ory::Keto::RelationTuples::V1alpha2::WriteService::Stub.new(
OryKetoApiClient.base_write_api_url,
:this_channel_is_insecure,
).transact_relation_tuples(request)
# GRPC::InvalidArgument: 3:subject is not allowed to be nil. debug_error_string:{UNKNOWN:Error received from peer {created_time:"2024-10-30T09:28:01.470304+00:00", grpc_status:3, grpc_message:"subject is not allowed to be nil"}}REST example in Ruby:
require 'http'
HTTP.headers(
'Accept' => 'application/json',
'Content-Type' => 'application/json'
).delete('http://localhost:4467/admin/relation-tuples?namespace=Namespace_A&object=123&relation=members')Relevant log output
No response
Relevant configuration
No response
Version
v0.13.0-alpha.0
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response
Activity