permify VS terraform

However, in this piece we're focusing on the PBAC model also known as Policy-Based Access Control and how it differentiates itself these from traditional access control models in terms of scalability, flexibility and security.

Hi I'm Karan, one of the maintainers of Permify (https://github.com/Permify/permify), an open source authorization service to build scalable authorization systems.

I want to share with you that we've built an AI assistant to help modeling your desired authorization logic! You can basically describe your authorization logic in Permify AI and it will generate the respective model and semantics accordingly. Think of it like ChatGPT for authorization modeling/policy generation.

Here's the project if you would like to play with it: https://ai.permify.co/.

Brief backstory:

Since authorization is generally a domain specific issue use cases vary widely - roles, relationships, attributes, hierarchies between business units, contextual permissions, etc.

To address this, we're offering a domain specific language that we built purely using golang to help model authorization logic programmatically. You can see what it looks like with sample examples in our playground: https://play.permify.co/

Although our domain specific language helps our users significantly, the general idea of policy generation is hard challenging if you have complex authorization logic and versatile permission requirements. Additionally, the flexibility of our modeling language allows for achieving the same policy/permissions through various approaches. But creating the best possible policy is crucial for several reasons including the performance of access checks, the readability of the authorization logic, visibility, and achieving least privilege, etc.

When we tallied up all those reasons, it hit us: using AI could really smooth out the policy generation process. It could not only reduce the engineering effort but also yield the best possible results. That's why we integrated Groq to make to create Permify AI!

Would love to get your feedback on this!

At that point consider exploring our solution, Permify. It's a Google Zanzibar-based open-source authorization service that helps to build scalable authorization systems.

Additional to shifts from large tech companies, ReBAC based solutions increased over the time. We're also one of them, building an open source authorization service that builds its core on top of ReBAC and Google Zanzibar.

Permify is an open-source service for creating and managing complex permissions in applications, inspired by Google Zanzibar. It offers a flexible authorization language compatible with various models like RBAC, ReBAC, and ABAC, and allows for efficient authorization data management in preferred databases. Permify's API facilitates access checks, resource filtering, and bulk permission analyses. It also includes comprehensive testing tools for authorization logic, including scenario-based testing and policy coverage analysis. Additionally, Permify supports multi-tenancy, enabling distinct authorization models for different applications within a single instance.

As Permify we're building open source authorization infrastructure to build fine grained authorization systems at scale. Would love to learn your use case and help you to build robust authorization systems. Don't hesitate to reach us from our Discord Channel!

I’m one of the maintainers of the OSS project Permify (https://github.com/Permify/permify), an open-source authorization service inspired by Google Zanzibar, which is the global authorization system used at Google to handle authorization for hundreds of its services and products, including YouTube, Drive, Calendar, Cloud, and Maps.

Hi folks,

I’m one of the maintainers and co-founder of the Go OSS project Permify (https://github.com/Permify/permify), an open-source authorization infrastructure inspired by Google Zanzibar.

I would like to share a post where we aimed to provide a brief overview of how we integrated WASM with Golang to provide a richer user experience in our open-source playground. You can use the playground to create and test any authorization logic in a browser.

The playground has three main sections:

Schema: to model your authorization logic through our domanin specific language we built.

Data: to create sample authorization data according to the model for use in tests.

Enforcement: to test your authorization structure bt access check scenarios.

Here's the post if you're interested: https://www.permify.co/post/wasm-go/

And here's the playground: https://play.permify.co/

Appreciate your time!

I am not only a big fan of hashicorp terraform. I'm also one of the early adopters of it. So this is my main go-to Infrastructure as a Code tool. However all the resources I use are supported by other IaaC solutions such as AWS CloudFormation and AWS CDK. You definitely got to use one to avoid loosing the track of resources you create.

State Encryption was one of those long requested features[0] (I had it on my ideas list for years[1]) that Hashicorp didn't have much incentive to build. I don't think it has to with distancing opentofu as such, but the opentofu team prioritizing the right things that customers actually need.

[0]: https://github.com/hashicorp/terraform/issues/9556

[1]: https://github.com/captn3m0/ideas#-mars-terraform-remote-htt...

https://github.com/hashicorp/terraform/issues/34402

I’m not a lawyer and have no idea who is right or wrong but I understand why Hashicorp is scrutinizing this.

Just to give an example of the power of Go for CLI builds, you may have already used or at least heard of Docker, Kubernetes, Prometheus, Terraform, but what do they all have in common? They all have a large part of their usability via CLI and are developed in Go 🐿.

Each app’s front end is built with Qwik and uses Tailwind for styling. The server-side is powered by Qwik City (Qwik’s official meta-framework) and runs on Node.js hosted on a shared Linode VPS. The apps also use PM2 for process management and Caddy as a reverse proxy and SSL provisioner. The data is stored in a PostgreSQL database that also runs on a shared Linode VPS. The apps interact with the database using Drizzle, an Object-Relational Mapper (ORM) for JavaScript. The entire infrastructure for both apps is managed with Terraform using the Terraform Linode provider, which was new to me, but made provisioning and destroying infrastructure really fast and easy (once I learned how it all worked).

For example, integrating Terraform for infrastructure as code (IaC) into the IDP can streamline updates and rollbacks.

In this project, you will understand and get hands on experience around the entire concept around CI/CD from applications perspective. To fully gain real expertise around this idea, it is best to see it in action across different programming languages and from the platform perspective too. From the application perspective, we will be focusing on PHP here; there are more projects ahead that are based on Java, Node.js, .Net and Python. By the time you start working on Terraform, Docker and Kubernetes projects, you will get to see the platform perspective of CI/CD in action.

Infrastructure as Code (IaC) is an important part of any true hosting operation in the public cloud. Each of these platforms has their own IaC solution, e.g. AWS CloudFormation. But they also support popular open-source IaC tools like Pulumi or Terraform. A category of tools that also needs to be discussed is API gateways and other app-specific load balancers. There are applications for internal consumption, which can be called microservices if you have a lot of them. And often microservices use advanced networking options such as a service mesh instead of just the native private network offered by a VPC.