diff --git a/pages/spicedb/getting-started/installing-zed.mdx b/pages/spicedb/getting-started/installing-zed.mdx index f140145..2db2b10 100644 --- a/pages/spicedb/getting-started/installing-zed.mdx +++ b/pages/spicedb/getting-started/installing-zed.mdx @@ -1,16 +1,18 @@ -import { Callout } from 'nextra/components' +# zed -# Installing Zed +## Getting Started -Zed is built as a standalone executable file which simplifies installation. +### Installing the binary -However, one should prefer one of the recommended installation methods detailed below. +Binary releases are available for Linux, macOS, and Windows on AMD64 and ARM64 architectures. -## Recommended methods +[Homebrew] users for both macOS and Linux can install the latest binary releases of zed using the official tap: -### Debian packages +```sh +brew install authzed/tap/zed +``` -[Debian-based Linux] users can install SpiceDB packages by adding an additional apt source. +[Debian-based Linux] users can install zed packages by adding a new APT source: First, download the public signing key for the repository: @@ -26,11 +28,12 @@ Then add the list file for the repository: ```sh echo "deb [signed-by=/etc/apt/keyrings/authzed.gpg] https://pkg.authzed.com/apt/ * *" | sudo tee /etc/apt/sources.list.d/authzed.list sudo chmod 644 /etc/apt/sources.list.d/authzed.list # helps tools such as command-not-found to work correctly + ``` Alternatively, if you want to use the new `deb822`-style `authzed.sources` format, put the following in `/etc/apt/sources.list.d/authzed.sources`: -``` +```yaml Types: deb URIs: https://pkg.authzed.com/apt/ Suites: * @@ -38,50 +41,33 @@ Components: * Signed-By: /etc/apt/keyrings/authzed.gpg ``` -Once the you've defined the sources and updated your apt cache, it can be installed just like any other package: +Once you've defined the sources and updated your apt cache, it can be installed just like any other package: ```sh sudo apt update sudo apt install -y zed ``` -[Debian-based Linux]: https://en.wikipedia.org/wiki/List_of_Linux_distributions#Debian-based - -### RPM packages - -[RPM-based Linux] users can install packages by adding a new yum repository: +[RPM-based Linux] users can install zed packages by adding a new YUM repository: ```sh sudo cat << EOF >> /etc/yum.repos.d/Authzed-Fury.repo [authzed-fury] name=AuthZed Fury Repository -baseurl=https://pkg.authzed.com/yum/ +baseurl=https://yum.fury.io/authzed/ enabled=1 gpgcheck=0 EOF -``` - -Install as usual: - -```sh sudo dnf install -y zed ``` +[homebrew]: https://docs.authzed.com/spicedb/installing#brew +[Debian-based Linux]: https://en.wikipedia.org/wiki/List_of_Linux_distributions#Debian-based [RPM-based Linux]: https://en.wikipedia.org/wiki/List_of_Linux_distributions#RPM-based -### Homebrew (macOS) - -macOS users can install packages by adding a [Homebrew tap]: - -```sh -brew install authzed/tap/zed -``` - -[Homebrew tap]: https://docs.brew.sh/Taps - -## Other methods +### Other methods -### Docker +#### Docker Container images are available for AMD64 and ARM64 architectures on the following registries: @@ -95,32 +81,1390 @@ You can pull down the latest stable release: docker pull authzed/zed ``` -Afterwards, you can run it with `docker run`: +Afterward, you can run it with `docker run`: ```sh docker run --rm authzed/zed version ``` -### Downloading the binary -Visit the GitHub release page for the [latest release](https://github.com/authzed/zed/releases/latest). -Scroll down to the `Assets` section and download the appropriate artifact. +## Reference: `zed` -### Source +A command-line client for managing SpiceDB clusters. -Clone the GitHub repository: +### Examples -```sh -git clone git@github.com:authzed/zed.git ``` -Enter the directory and build the binary using mage: +zed context list +zed context set dev localhost:80 testpresharedkey --insecure +zed context set prod grpc.authzed.com:443 tc_zed_my_laptop_deadbeefdeadbeefdeadbeefdeadbeef +zed context use dev +zed permission check --explain document:firstdoc writer user:emilia + +``` + +### Options + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + +### Children commands + +* [zed backup](#zed-backup) - Create, restore, and inspect permissions system backups +* [zed context](#zed-context) - Manage configurations for connecting to SpiceDB deployments +* [zed import](#zed-import) - Imports schema and relationships from a file or url +* [zed permission](#zed-permission) - Query the permissions in a permissions system +* [zed relationship](#zed-relationship) - Query and mutate the relationships in a permissions system +* [zed schema](#zed-schema) - Manage schema for a permissions system +* [zed use](#zed-use) - Alias for `zed context use` +* [zed validate](#zed-validate) - Validates the given validation file (.yaml, .zaml) or schema file (.zed) +* [zed version](#zed-version) - Display zed and SpiceDB version information + + +## Reference: `zed backup` + +Create, restore, and inspect permissions system backups + +``` +zed backup [flags] +``` + +### Options + +``` + --page-limit uint32 defines the number of relationships to be read by requested page during backup + --prefix-filter string include only schema and relationships with a given prefix + --rewrite-legacy potentially modify the schema to exclude legacy/broken syntax +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + +### Children commands + +* [zed backup create](#zed-backup-create) - Backup a permission system to a file +* [zed backup parse-relationships](#zed-backup-parse-relationships) - Extract the relationships from a backup file +* [zed backup parse-revision](#zed-backup-parse-revision) - Extract the revision from a backup file +* [zed backup parse-schema](#zed-backup-parse-schema) - Extract the schema from a backup file +* [zed backup redact](#zed-backup-redact) - Redact a backup file to remove sensitive information +* [zed backup restore](#zed-backup-restore) - Restore a permission system from a file + + +## Reference: `zed backup create` + +Backup a permission system to a file + +``` +zed backup create [flags] +``` + +### Options + +``` + --page-limit uint32 defines the number of relationships to be read by requested page during backup + --prefix-filter string include only schema and relationships with a given prefix + --rewrite-legacy potentially modify the schema to exclude legacy/broken syntax +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed backup parse-relationships` + +Extract the relationships from a backup file + +``` +zed backup parse-relationships [flags] +``` + +### Options + +``` + --prefix-filter string Include only relationships with a given prefix +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed backup parse-revision` + +Extract the revision from a backup file + +``` +zed backup parse-revision +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed backup parse-schema` + +Extract the schema from a backup file + +``` +zed backup parse-schema [flags] +``` + +### Options + +``` + --prefix-filter string include only schema and relationships with a given prefix + --rewrite-legacy potentially modify the schema to exclude legacy/broken syntax +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed backup redact` + +Redact a backup file to remove sensitive information + +``` +zed backup redact [flags] +``` + +### Options + +``` + --print-redacted-object-ids prints the redacted object IDs + --redact-definitions redact definitions (default true) + --redact-object-ids redact object IDs (default true) + --redact-relations redact relations (default true) +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed backup restore` + +Restore a permission system from a file + +``` +zed backup restore [flags] +``` + +### Options + +``` + --batch-size uint restore relationship write batch size (default 1000) + --batches-per-transaction uint number of batches per transaction (default 10) + --conflict-strategy string strategy used when a conflicting relationship is found. Possible values: fail, skip, touch (default "fail") + --disable-retries retries when an errors is determined to be retryable (e.g. serialization errors) + --prefix-filter string include only schema and relationships with a given prefix + --request-timeout duration timeout for each request performed during restore (default 30s) + --rewrite-legacy potentially modify the schema to exclude legacy/broken syntax +``` + +### Options Inherited From Parent Flags -```sh -cd zed -go build ./cmd/zed ``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed context` + +Manage configurations for connecting to SpiceDB deployments + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + +### Children commands + +* [zed context list](#zed-context-list) - Lists all available contexts +* [zed context remove](#zed-context-remove) - Removes a context +* [zed context set](#zed-context-set) - Creates or overwrite a context +* [zed context use](#zed-context-use) - Sets a context as the current context + + +## Reference: `zed context list` + +Lists all available contexts + +``` +zed context list [flags] +``` + +### Options + +``` + --reveal-tokens display secrets in results +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed context remove` + +Removes a context + +``` +zed context remove +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed context set` + +Creates or overwrite a context + +``` +zed context set +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed context use` + +Sets a context as the current context + +``` +zed context use +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed import` + +Imports schema and relationships from a file or url + +``` +zed import [flags] +``` + +### Examples + +``` + + From a gist: + zed import https://gist.github.com/ecordell/8e3b613a677e3c844742cf24421c08b6 + + From a playground link: + zed import https://play.authzed.com/s/iksdFvCtvnkR/schema + + From pastebin: + zed import https://pastebin.com/8qU45rVK + + From a devtools instance: + zed import https://localhost:8443/download + + From a local file (with prefix): + zed import file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml + + From a local file (no prefix): + zed import authzed-x7izWU8_2Gw3.yaml + + Only schema: + zed import --relationships=false file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml + + Only relationships: + zed import --schema=false file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml + + With schema definition prefix: + zed import --schema-definition-prefix=mypermsystem file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml + +``` + +### Options + +``` + --batch-size int import batch size (default 1000) + --relationships import relationships (default true) + --schema import schema (default true) + --schema-definition-prefix string prefix to add to the schema's definition(s) before importing + --workers int number of concurrent batching workers (default 1) +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed permission` + +Query the permissions in a permissions system + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + +### Children commands + +* [zed permission bulk](#zed-permission-bulk) - Check a permissions in bulk exists for a resource-subject pairs +* [zed permission check](#zed-permission-check) - Check that a permission exists for a subject +* [zed permission expand](#zed-permission-expand) - Expand the structure of a permission +* [zed permission lookup-resources](#zed-permission-lookup-resources) - Enumerates resources of a given type for which the subject has permission +* [zed permission lookup-subjects](#zed-permission-lookup-subjects) - Enumerates the subjects of a given type for which the subject has permission on the resource + + +## Reference: `zed permission bulk` + +Check a permissions in bulk exists for a resource-subject pairs + +``` +zed permission bulk ... [flags] +``` + +### Options + +``` + --consistency-at-exactly string evaluate at the provided zedtoken + --consistency-at-least string evaluate at least as consistent as the provided zedtoken + --consistency-full evaluate at the newest zedtoken in the database + --consistency-min-latency evaluate at the zedtoken preferred by the database + --explain requests debug information from SpiceDB and prints out a trace of the requests + --json output as JSON + --revision string optional revision at which to check + --schema requests debug information from SpiceDB and prints out the schema used +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed permission check` + +Check that a permission exists for a subject + +``` +zed permission check [flags] +``` + +### Options + +``` + --caveat-context string the caveat context to send along with the check, in JSON form + --consistency-at-exactly string evaluate at the provided zedtoken + --consistency-at-least string evaluate at least as consistent as the provided zedtoken + --consistency-full evaluate at the newest zedtoken in the database + --consistency-min-latency evaluate at the zedtoken preferred by the database + --error-on-no-permission if true, zed will return exit code 1 if subject does not have unconditional permission + --explain requests debug information from SpiceDB and prints out a trace of the requests + --json output as JSON + --schema requests debug information from SpiceDB and prints out the schema used +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed permission expand` + +Expand the structure of a permission + +``` +zed permission expand [flags] +``` + +### Options + +``` + --consistency-at-exactly string evaluate at the provided zedtoken + --consistency-at-least string evaluate at least as consistent as the provided zedtoken + --consistency-full evaluate at the newest zedtoken in the database + --consistency-min-latency evaluate at the zedtoken preferred by the database + --json output as JSON + --revision string optional revision at which to check +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed permission lookup-resources` + +Enumerates resources of a given type for which the subject has permission + +``` +zed permission lookup-resources [flags] +``` + +### Options + +``` + --caveat-context string the caveat context to send along with the lookup, in JSON form + --consistency-at-exactly string evaluate at the provided zedtoken + --consistency-at-least string evaluate at least as consistent as the provided zedtoken + --consistency-full evaluate at the newest zedtoken in the database + --consistency-min-latency evaluate at the zedtoken preferred by the database + --cursor string resume pagination from a specific cursor token + --json output as JSON + --page-limit uint32 limit of relations returned per page + --revision string optional revision at which to check + --show-cursor display the cursor token after pagination (default true) +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed permission lookup-subjects` + +Enumerates the subjects of a given type for which the subject has permission on the resource + +``` +zed permission lookup-subjects [flags] +``` + +### Options + +``` + --caveat-context string the caveat context to send along with the lookup, in JSON form + --consistency-at-exactly string evaluate at the provided zedtoken + --consistency-at-least string evaluate at least as consistent as the provided zedtoken + --consistency-full evaluate at the newest zedtoken in the database + --consistency-min-latency evaluate at the zedtoken preferred by the database + --json output as JSON + --revision string optional revision at which to check +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed relationship` + +Query and mutate the relationships in a permissions system + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + +### Children commands + +* [zed relationship bulk-delete](#zed-relationship-bulk-delete) - Deletes relationships matching the provided pattern en masse +* [zed relationship create](#zed-relationship-create) - Create a relationship for a subject +* [zed relationship delete](#zed-relationship-delete) - Deletes a relationship +* [zed relationship read](#zed-relationship-read) - Enumerates relationships matching the provided pattern +* [zed relationship touch](#zed-relationship-touch) - Idempotently updates a relationship for a subject +* [zed relationship watch](#zed-relationship-watch) - Watches the stream of relationship updates from the server + + +## Reference: `zed relationship bulk-delete` + +Deletes relationships matching the provided pattern en masse + +``` +zed relationship bulk-delete [flags] +``` + +### Options + +``` + --force force deletion of all elements in batches defined by + --optional-limit uint32 the max amount of elements to delete. If you want to delete all in batches of size , set --force to true (default 1000) + --subject-filter string optional subject filter +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed relationship create` + +Create a relationship for a subject + +``` +zed relationship create [flags] +``` + +### Options + +``` + -b, --batch-size int batch size when writing streams of relationships from stdin (default 100) + --caveat string the caveat for the relationship, with format: 'caveat_name:{"some":"context"}' + --expiration-time string the expiration time of the relationship in RFC 3339 format + --json output as JSON +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed relationship delete` + +Deletes a relationship + +``` +zed relationship delete [flags] +``` + +### Options + +``` + -b, --batch-size int batch size when deleting streams of relationships from stdin (default 100) + --json output as JSON +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed relationship read` + +Enumerates relationships matching the provided pattern. + +To filter returned relationships using a resource ID prefix, append a '%' to the resource ID: + +zed relationship read some-type:some-prefix-% + + +``` +zed relationship read [flags] +``` + +### Options + +``` + --consistency-at-exactly string evaluate at the provided zedtoken + --consistency-at-least string evaluate at least as consistent as the provided zedtoken + --consistency-full evaluate at the newest zedtoken in the database + --consistency-min-latency evaluate at the zedtoken preferred by the database + --json output as JSON + --page-limit uint32 limit of relations returned per page (default 100) + --subject-filter string optional subject filter +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed relationship touch` + +Idempotently updates a relationship for a subject + +``` +zed relationship touch [flags] +``` + +### Options + +``` + -b, --batch-size int batch size when writing streams of relationships from stdin (default 100) + --caveat string the caveat for the relationship, with format: 'caveat_name:{"some":"context"}' + --expiration-time string the expiration time for the relationship in RFC 3339 format + --json output as JSON +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed relationship watch` + +Watches the stream of relationship updates from the server + +``` +zed relationship watch [object_types, ...] [start_cursor] [flags] +``` + +### Options + +``` + --filter optional_resource_type:optional_resource_id_or_prefix#optional_relation@optional_subject_filter optional filter(s) for the watch stream. Example: optional_resource_type:optional_resource_id_or_prefix#optional_relation@optional_subject_filter + --object_types strings optional object types to watch updates for + --revision string optional revision at which to start watching + --timestamp shows timestamp of incoming update events +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed schema` + +Manage schema for a permissions system + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + +### Children commands + +* [zed schema compile](#zed-schema-compile) - Compile a schema that uses extended syntax into one that can be written to SpiceDB +* [zed schema copy](#zed-schema-copy) - Copy a schema from one context into another +* [zed schema diff](#zed-schema-diff) - Diff two schema files +* [zed schema read](#zed-schema-read) - Read the schema of a permissions system +* [zed schema write](#zed-schema-write) - Write a schema file (.zed or stdin) to the current permissions system + + +## Reference: `zed schema compile` + +Compile a schema that uses extended syntax into one that can be written to SpiceDB + +``` +zed schema compile [flags] +``` + +### Examples + +``` + + Write to stdout: + zed preview schema compile root.zed + Write to an output file: + zed preview schema compile root.zed --out compiled.zed + +``` + +### Options + +``` + --out string output filepath; omitting writes to stdout +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed schema copy` + +Copy a schema from one context into another + +``` +zed schema copy [flags] +``` + +### Options + +``` + --json output as JSON + --schema-definition-prefix string prefix to add to the schema's definition(s) before writing +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed schema diff` + +Diff two schema files + +``` +zed schema diff +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed schema read` + +Read the schema of a permissions system + +``` +zed schema read [flags] +``` + +### Options + +``` + --json output as JSON +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed schema write` + +Write a schema file (.zed or stdin) to the current permissions system + +``` +zed schema write [flags] +``` + +### Options + +``` + --json output as JSON + --schema-definition-prefix string prefix to add to the schema's definition(s) before writing +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed use` + +Alias for `zed context use` + +``` +zed use +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed validate` + +Validates the given validation file (.yaml, .zaml) or schema file (.zed) + +``` +zed validate [flags] +``` + +### Examples + +``` + + From a local file (with prefix): + zed validate file:///Users/zed/Downloads/authzed-x7izWU8_2Gw3.yaml + + From a local file (no prefix): + zed validate authzed-x7izWU8_2Gw3.yaml + + From a gist: + zed validate https://gist.github.com/ecordell/8e3b613a677e3c844742cf24421c08b6 + + From a playground link: + zed validate https://play.authzed.com/s/iksdFvCtvnkR/schema + + From pastebin: + zed validate https://pastebin.com/8qU45rVK + + From a devtools instance: + zed validate https://localhost:8443/download +``` + +### Options + +``` + --force-color force color code output even in non-tty environments + --schema-type string force validation according to specific schema syntax ("", "composable", "standard") +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + + + +## Reference: `zed version` + +Display zed and SpiceDB version information + +``` +zed version [flags] +``` + +### Options + +``` + --include-deps include dependencies' versions + --include-remote-version whether to display the version of Authzed or SpiceDB for the current context (default true) +``` + +### Options Inherited From Parent Flags + +``` + --certificate-path string path to certificate authority used to verify secure connections + --endpoint string spicedb gRPC API endpoint + --hostname-override string override the hostname used in the connection to the endpoint + --insecure connect over a plaintext connection + --log-format string format of logs ("auto", "console", "json") (default "auto") + --log-level string verbosity of logging ("trace", "debug", "info", "warn", "error") (default "info") + --max-message-size int maximum size *in bytes* (defaults to 4_194_304 bytes ~= 4MB) of a gRPC message that can be sent or received by zed + --max-retries uint maximum number of sequential retries to attempt when a request fails (default 10) + --no-verify-ca do not attempt to verify the server's certificate chain and host name + --permissions-system string permissions system to query + --proxy string specify a SOCKS5 proxy address + --request-id string optional id to send along with SpiceDB requests for tracing + --skip-version-check if true, no version check is performed against the server + --token string token used to authenticate to SpiceDB +``` + -You can find more commands for tasks such as testing, linting in the repository's [CONTRIBUTING.md]. -[CONTRIBUTING.md]: https://github.com/authzed/zed/blob/main/CONTRIBUTING.md