password policy settings are rejected

[fboerman]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Cloud project.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

I would like to change the password policy as stated here: https://www.ory.sh/kratos/docs/next/guides/password-policy/ but these config options are rejected on startup

Reproducing the bug

set this in config:

  methods:
    password:
      enabled: true
      config:
        haveibeenpwned_enabled: false
        min_password_length: 8
        identifier_similarity_check_enabled: true

and start kratos. observe it doesnt start

Relevant log output

time=2022-01-26T17:01:29Z level=debug msg=Adding config files. func=github.com/ory/x/configx.(*Provider).createProviders file=/go/pkg/mod/github.com/ory/x@v0.0.310/configx/provider.go:154 audience=application files=[/etc/config/kratos/kratos.yml] service_name=Ory Kratos service_version=v0.8.2-alpha.1

The configuration contains values or keys which are invalid:
selfservice.methods.password.config: map[haveibeenpwned_enabled:false haveibeenpwned_host:api.pwnedpasswords.com identifier_similarity_check_enabled:true ignore_network_errors:true max_breaches:0 min_password_length:8]
                                     ^-- additionalProperties "min_password_length", "identifier_similarity_check_enabled" not allowed

time=2022-01-26T17:01:29Z level=fatal msg=Unable to instantiate configuration. func=github.com/ory/kratos/driver.NewWithoutInit file=/home/ory/driver/factory.go:26 audience=application error=map[message:I[#/selfservice/methods/password/config] S[#/properties/selfservice/properties/methods/properties/password/properties/config/additionalProperties] additionalProperties "min_password_length", "identifier_similarity_check_enabled" not allowed trace:stack trace could not be recovered from error type *jsonschema.ValidationError] service_name=Ory Kratos service_version=v0.8.2-alpha.1

### Relevant configuration

```yml

methods:
    password:
      enabled: true
      config:
        haveibeenpwned_enabled: false
        min_password_length: 8
        identifier_similarity_check_enabled: true

Version

v0.8.2-alpha.1

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response

[aeneasr]

I believe the release for this binary failed and it’s not yet available

[fboerman]

I believe the release for this binary failed and it’s not yet available

hi @aeneasr do you mean that the version I pulled is older one then the docs is valid for?

[kszafran]

If I'm not mistaken, these settings have been introduced in v0.8.3-alpha.1, which hasn't been released yet.

[fboerman]

@kszafran ah okay that makes sense. thanks

[aeneasr]

Yeah, there are some problems with the release pipeline at the moment and we didn't have time to fix them yet.

[fboerman]

@aeneasr ah okay that makes sense thank you. I will wait for it to land in the release then

[reify-vinicius-quaiato]

Hi there. I see this hasn't been released yet. Should the docs show this property as something that can actually be configured?

Also should this issue be closed? Would be good for people to track this if it remained open.

[aeneasr]

It is released now