feat: GitHub Actions auto-commit

.github/workflows/deploy.yml

@@ -15,6 +15,10 @@ jobs:
   deploy:
     name: Deploy to GitHub Pages
     runs-on: ubuntu-latest
+    permissions:
+      contents: write # Commit docs changes to the repository
+      pages: write # for GitHub pages deployment
+      id-token: write # for GitHub Actions deployment
     steps:
       - name: Cached LFS checkout
         uses: nschloe/action-cached-lfs-checkout@f46300cd8952454b9f0a21a3d133d4bd5684cfc2
@@ -34,6 +38,15 @@ jobs:
         env:
           HUBSPOT_TRACKING_ID: ${{ secrets.HUBSPOT_TRACKING_ID }}
 
+      - name: Commit updated config documentation
+        uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 #v6.0.1
+        with:
+          commit_message: 'docs: auto-update OpenFGA configuration documentation'
+          file_pattern: '*.mdx'
+          commit_user_name: 'github-actions[bot]'
+          commit_user_email: '41898282+github-actions[bot]@users.noreply.github.com'
+          commit_author: 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
+
       # Popular action to deploy to GitHub Pages:
       # Docs: https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-docusaurus
       - name: Deploy to GitHub Pages

.github/workflows/preview.yml

@@ -35,6 +35,6 @@ jobs:
           BASE_URL: /pr-preview/pr-${{ github.event.number }}
 
       - name: Deploy preview
-        uses: rossjrw/pr-preview-action@2fb559e4766555e23d07b73d313fe97c4f8c3cfe
+        uses: rossjrw/pr-preview-action@9f77b1d057b494e662c50b8ca40ecc63f21e0887
         with:
           source-dir: ./build/

docs/content/getting-started/setup-openfga/configuration.mdx

@@ -101,7 +101,7 @@ docker run docker.io/openfga/openfga:latest run \
 
 ## List of options
 
-The following table lists the configuration options for the OpenFGA server [v1.8.9](https://github.com/openfga/openfga/releases/tag/v1.8.9), based on the [config-schema.json](https://raw.githubusercontent.com/openfga/openfga/refs/tags/v1.8.9/.config-schema.json).
+The following table lists the configuration options for the OpenFGA server [v1.8.15](https://github.com/openfga/openfga/releases/tag/v1.8.15), based on the [config-schema.json](https://raw.githubusercontent.com/openfga/openfga/refs/tags/v1.8.15/.config-schema.json).
 
 | Config File | Env Var | Flag Name | Type | Description | Default Value |
 |-------------|---------|-----------|------|-------------|---------------|
@@ -116,7 +116,7 @@ The following table lists the configuration options for the OpenFGA server [v1.8
 | `maxConditionEvaluationCost` | <div id="OPENFGA_MAX_CONDITION_EVALUATION_COST"><code>OPENFGA_MAX_CONDITION_EVALUATION_COST</code></div> | `max-condition-evaluation-cost` | integer | The maximum cost for CEL condition evaluation before a request returns an error (default is 100). | `100` |
 | `changelogHorizonOffset` | <div id="OPENFGA_CHANGELOG_HORIZON_OFFSET"><code>OPENFGA_CHANGELOG_HORIZON_OFFSET</code></div> | `changelog-horizon-offset` | integer | The offset (in minutes) from the current time. Changes that occur after this offset will not be included in the response of ReadChanges. |  |
 | `resolveNodeLimit` | <div id="OPENFGA_RESOLVE_NODE_LIMIT"><code>OPENFGA_RESOLVE_NODE_LIMIT</code></div> | `resolve-node-limit` | integer | Maximum resolution depth to attempt before throwing an error (defines how deeply nested an authorization model can be before a query errors out). | `25` |
-| `resolveNodeBreadthLimit` | <div id="OPENFGA_RESOLVE_NODE_BREADTH_LIMIT"><code>OPENFGA_RESOLVE_NODE_BREADTH_LIMIT</code></div> | `resolve-node-breadth-limit` | integer | Defines how many nodes on a given level can be evaluated concurrently in a Check resolution tree. | `100` |
+| `resolveNodeBreadthLimit` | <div id="OPENFGA_RESOLVE_NODE_BREADTH_LIMIT"><code>OPENFGA_RESOLVE_NODE_BREADTH_LIMIT</code></div> | `resolve-node-breadth-limit` | integer | Defines how many nodes on a given level can be evaluated concurrently in a Check resolution tree. | `10` |
 | `listObjectsDeadline` | <div id="OPENFGA_LIST_OBJECTS_DEADLINE"><code>OPENFGA_LIST_OBJECTS_DEADLINE</code></div> | `list-objects-deadline` | string (duration) | The timeout deadline for serving ListObjects requests | `3s` |
 | `listObjectsMaxResults` | <div id="OPENFGA_LIST_OBJECTS_MAX_RESULTS"><code>OPENFGA_LIST_OBJECTS_MAX_RESULTS</code></div> | `list-objects-max-results` | integer | The maximum results to return in the non-streaming ListObjects API response. If 0, all results can be returned | `1000` |
 | `listUsersDeadline` | <div id="OPENFGA_LIST_USERS_DEADLINE"><code>OPENFGA_LIST_USERS_DEADLINE</code></div> | `list-users-deadline` | string (duration) | The timeout deadline for serving ListUsers requests. If 0s, there is no deadline | `3s` |
@@ -134,8 +134,11 @@ The following table lists the configuration options for the OpenFGA server [v1.8
 | `profiler.addr` | <div id="OPENFGA_PROFILER_ADDR"><code>OPENFGA_PROFILER_ADDR</code></div> | `profiler-addr` | string | The host:port address to serve the pprof profiler server on. | `:3001` |
 | `datastore.engine` | <div id="OPENFGA_DATASTORE_ENGINE"><code>OPENFGA_DATASTORE_ENGINE</code></div> | `datastore-engine` | string (enum=[`memory`, `postgres`, `mysql`, `sqlite`]) | The datastore engine that will be used for persistence. | `memory` |
 | `datastore.uri` | <div id="OPENFGA_DATASTORE_URI"><code>OPENFGA_DATASTORE_URI</code></div> | `datastore-uri` | string | The connection uri to use to connect to the datastore (for any engine other than 'memory'). |  |
+| `datastore.secondaryUri` | <div id="OPENFGA_DATASTORE_SECONDARY_URI"><code>OPENFGA_DATASTORE_SECONDARY_URI</code></div> | `datastore-secondary-uri` | string | The connection uri to use to connect to the secondary datastore (for postgres only). |  |
 | `datastore.username` | <div id="OPENFGA_DATASTORE_USERNAME"><code>OPENFGA_DATASTORE_USERNAME</code></div> | `datastore-username` | string | The connection username to connect to the datastore (overwrites any username provided in the connection uri). |  |
+| `datastore.secondaryUsername` | <div id="OPENFGA_DATASTORE_SECONDARY_USERNAME"><code>OPENFGA_DATASTORE_SECONDARY_USERNAME</code></div> | `datastore-secondary-username` | string | The connection username to connect to the secondary datastore (overwrites any username provided in the connection uri). |  |
 | `datastore.password` | <div id="OPENFGA_DATASTORE_PASSWORD"><code>OPENFGA_DATASTORE_PASSWORD</code></div> | `datastore-password` | string | The connection password to connect to the datastore (overwrites any password provided in the connection uri). |  |
+| `datastore.secondaryPassword` | <div id="OPENFGA_DATASTORE_SECONDARY_PASSWORD"><code>OPENFGA_DATASTORE_SECONDARY_PASSWORD</code></div> | `datastore-secondary-password` | string | The connection password to connect to the secondary datastore (overwrites any password provided in the connection uri). |  |
 | `datastore.maxCacheSize` | <div id="OPENFGA_DATASTORE_MAX_CACHE_SIZE"><code>OPENFGA_DATASTORE_MAX_CACHE_SIZE</code></div> | `datastore-max-cache-size` | integer | The maximum number of authorization models that will be cached in memory | `100000` |
 | `datastore.maxOpenConns` | <div id="OPENFGA_DATASTORE_MAX_OPEN_CONNS"><code>OPENFGA_DATASTORE_MAX_OPEN_CONNS</code></div> | `datastore-max-open-conns` | integer | The maximum number of open connections to the datastore. | `30` |
 | `datastore.maxIdleConns` | <div id="OPENFGA_DATASTORE_MAX_IDLE_CONNS"><code>OPENFGA_DATASTORE_MAX_IDLE_CONNS</code></div> | `datastore-max-idle-conns` | integer | the maximum number of connections to the datastore in the idle connection pool. | `10` |
@@ -185,14 +188,18 @@ The following table lists the configuration options for the OpenFGA server [v1.8
 | `checkDispatchThrottling.frequency` | <div id="OPENFGA_CHECK_DISPATCH_THROTTLING_FREQUENCY"><code>OPENFGA_CHECK_DISPATCH_THROTTLING_FREQUENCY</code></div> | `check-dispatch-throttling-frequency` | string (duration) | the frequency period that the deprioritized throttling queue is evaluated for a check request. A higher value will result in more aggressive throttling | `10µs` |
 | `checkDispatchThrottling.threshold` | <div id="OPENFGA_CHECK_DISPATCH_THROTTLING_THRESHOLD"><code>OPENFGA_CHECK_DISPATCH_THROTTLING_THRESHOLD</code></div> | `check-dispatch-throttling-threshold` | integer | define the number of recursive operations to occur before getting throttled for a check request | `100` |
 | `checkDispatchThrottling.maxThreshold` | <div id="OPENFGA_CHECK_DISPATCH_THROTTLING_MAX_THRESHOLD"><code>OPENFGA_CHECK_DISPATCH_THROTTLING_MAX_THRESHOLD</code></div> | `check-dispatch-throttling-max-threshold` | integer | define the maximum dispatch threshold beyond above which requests will be throttled. 0 will use the 'dispatchThrottling.threshold' value as maximum | `0` |
-| `listObjectsDispatchThrottling.enabled` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_ENABLED"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_ENABLED</code></div> | `list-objects-dispatch-throttling-enabled` | boolean | enable throttling when list objects request's number of dispatches is high | `false` |
-| `listObjectsDispatchThrottling.frequency` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_FREQUENCY"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_FREQUENCY</code></div> | `list-objects-dispatch-throttling-frequency` | string (duration) | the frequency period that the deprioritized throttling queue is evaluated for a list objects request. A higher value will result in more aggressive throttling | `10µs` |
-| `listObjectsDispatchThrottling.threshold` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_THRESHOLD"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_THRESHOLD</code></div> | `list-objects-dispatch-throttling-threshold` | integer | define the number of recursive operations to occur before getting throttled for a list objects request | `100` |
-| `listObjectsDispatchThrottling.maxThreshold` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_MAX_THRESHOLD"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_MAX_THRESHOLD</code></div> | `list-objects-dispatch-throttling-max-threshold` | integer | define the maximum dispatch threshold beyond above which requests will be throttled for a list objects request. 0 will use the 'dispatchThrottling.threshold' value as maximum | `0` |
+| `listObjectsIteratorCache.enabled` | <div id="OPENFGA_LIST_OBJECTS_ITERATOR_CACHE_ENABLED"><code>OPENFGA_LIST_OBJECTS_ITERATOR_CACHE_ENABLED</code></div> | `list-objects-iterator-cache-enabled` | boolean | enable caching of datastore iterators in ListObjects. The key is a string representing a database query, and the value is a list of tuples. Each iterator is the result of a database query, for example usersets related to a specific object, or objects related to a specific user, up to a certain number of tuples per iterator. If the request's consistency is HIGHER_CONSISTENCY, this cache is not used. | `false` |
+| `listObjectsIteratorCache.maxResults` | <div id="OPENFGA_LIST_OBJECTS_ITERATOR_CACHE_MAX_RESULTS"><code>OPENFGA_LIST_OBJECTS_ITERATOR_CACHE_MAX_RESULTS</code></div> | `list-objects-iterator-cache-max-results` | integer | if caching of datastore iterators of ListObjects requests is enabled, this is the limit of tuples to cache per key | `10000` |
+| `listObjectsIteratorCache.ttl` | <div id="OPENFGA_LIST_OBJECTS_ITERATOR_CACHE_TTL"><code>OPENFGA_LIST_OBJECTS_ITERATOR_CACHE_TTL</code></div> | `list-objects-iterator-cache-ttl` | string (duration) | if caching of datastore iterators of ListObjects requests is enabled, this is the TTL of each value | `10s` |
+| `listObjectsDispatchThrottling.enabled` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_ENABLED"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_ENABLED</code></div> | `list-objects-dispatch-throttling-enabled` | boolean | enable throttling when ListObjects request's number of dispatches is high | `false` |
+| `listObjectsDispatchThrottling.frequency` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_FREQUENCY"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_FREQUENCY</code></div> | `list-objects-dispatch-throttling-frequency` | string (duration) | the frequency period that the deprioritized throttling queue is evaluated for a ListObjects request. A higher value will result in more aggressive throttling | `10µs` |
+| `listObjectsDispatchThrottling.threshold` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_THRESHOLD"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_THRESHOLD</code></div> | `list-objects-dispatch-throttling-threshold` | integer | define the number of recursive operations to occur before getting throttled for a ListObjects request | `100` |
+| `listObjectsDispatchThrottling.maxThreshold` | <div id="OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_MAX_THRESHOLD"><code>OPENFGA_LIST_OBJECTS_DISPATCH_THROTTLING_MAX_THRESHOLD</code></div> | `list-objects-dispatch-throttling-max-threshold` | integer | define the maximum dispatch threshold beyond above which requests will be throttled for a ListObjects request. 0 will use the 'dispatchThrottling.threshold' value as maximum | `0` |
 | `listUsersDispatchThrottling.enabled` | <div id="OPENFGA_LIST_USERS_DISPATCH_THROTTLING_ENABLED"><code>OPENFGA_LIST_USERS_DISPATCH_THROTTLING_ENABLED</code></div> | `list-users-dispatch-throttling-enabled` | boolean | enable throttling when list users request's number of dispatches is high | `false` |
 | `listUsersDispatchThrottling.frequency` | <div id="OPENFGA_LIST_USERS_DISPATCH_THROTTLING_FREQUENCY"><code>OPENFGA_LIST_USERS_DISPATCH_THROTTLING_FREQUENCY</code></div> | `list-users-dispatch-throttling-frequency` | string (duration) | the frequency period that the deprioritized throttling queue is evaluated for a list users request. A higher value will result in more aggressive throttling | `10µs` |
 | `listUsersDispatchThrottling.threshold` | <div id="OPENFGA_LIST_USERS_DISPATCH_THROTTLING_THRESHOLD"><code>OPENFGA_LIST_USERS_DISPATCH_THROTTLING_THRESHOLD</code></div> | `list-users-dispatch-throttling-threshold` | integer | define the number of recursive operations to occur before getting throttled for a list users request | `100` |
 | `listUsersDispatchThrottling.maxThreshold` | <div id="OPENFGA_LIST_USERS_DISPATCH_THROTTLING_MAX_THRESHOLD"><code>OPENFGA_LIST_USERS_DISPATCH_THROTTLING_MAX_THRESHOLD</code></div> | `list-users-dispatch-throttling-max-threshold` | integer | define the maximum dispatch threshold beyond above which requests will be throttled for a list users request. 0 will use the 'dispatchThrottling.threshold' value as maximum | `0` |
+| `sharedIterator` |  | `` |  |  |  |
 | `requestTimeout` | <div id="OPENFGA_REQUEST_TIMEOUT"><code>OPENFGA_REQUEST_TIMEOUT</code></div> | `request-timeout` | string (duration) | The timeout duration for a request. | `3s` |
 
 ## Related Sections