warrant
Pulumi
warrant | Pulumi | |
---|---|---|
39 | 178 | |
1,012 | 19,976 | |
4.6% | 2.9% | |
8.9 | 9.9 | |
3 days ago | 5 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
warrant
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Warrant ā Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
-
How Open ID Connect Works
The specific challenge with authz in the app layer is that different apps can have different access models with varying complexity, especially the more granular you get (e.g. implementing fine grained access to specific objects/resources - like Google Docs).
Personally, I think a rebac (relationship/graph based) approach works best for apps because permissions in applications are mostly relational and/or hierarchical (levels of groups). There are authz systems out there such as Warrant https://warrant.dev/ (I'm a founder) in which you can define a custom access model as a schema and enforce it in your app.
-
How to Do Authorization - A Decision Framework: Part 1
Let's use warrant.dev as an example. The system provides a set of REST APIs for you to define object types and access policies (called warrants). The general process is first to create object types using HTTP POST:
- Warrant ā open-source Access Control Service
-
A guide to Auth & Access Control in web apps š
https://warrant.dev/ (Provider) Relatively new authZ provider, they have a dashboard where you can manage your rules in a central location and then use them from multiple languages via their SDKs, even on the client to perform UI checks. Rules can also be managed programmatically via SDK.
- Warrant v1.0 - Highly scalable, centralized authorization service based on Google Zanzibar, now v1.0 and production-ready
-
warrant VS openfga - a user suggested alternative
2 projects | 15 Aug 2023
-
Policy as Code vs. Policy as Graph Comparison
I would describe this debate more as Policy-as-Data (Zanzibar) vs Policy-as-Code (OPA et al).
In Zanzibar, all of the information required to make an authorization decision (namespaces, relationship tuples, etc.) is stored in Zanzibar, and the decision engine resolves access checks based on this data. This data can be scaled horizontally (and consistently) as needed for an applicationās needs. This makes Zanzibar a centralized, unified solution for all of an applicationās authorization needs. Iāve found this approach more purpose built / well suited for application authorization.
With OPA and other policy engines, the data required for performing access checks lives somewhere else (maybe the applicationās database) and must be separately queried and included as part of the authorization check because OPA et al. are stateless decision engines. This makes it such that you need to piece together data from different sources in order to get your final decision, which IMO is something most developers donāt want to deal with.
On the flip side, Zanzibarās ānamespacesā are a very simple policy layer not well suited to querying against data outside of Zanzibarās scope (e.g. geolocation, time, etc). For scenarios like this, a full fledged policy-as-code solution is great. However, it should be noted that some open source Zanzibar implementations like Warrant[1] and SpiceDB[2] (mentioned in the article) also offer a policy-as-code layer on top of Zanzibarās graph-based/ReBAC approach to tackle these scenarios.
Disclaimer, Iām one of the founders of Warrant.
[1] https://github.com/warrant-dev/warrant
[2] https://github.com/authzed/spicedb
-
Show HN: Open-Source, Google Zanzibar Inspired Authorization Service
Hey HN, I recently shared my thoughts on why Google Zanzibar is a great solution for implementing authorization[1] and why we decided to build Warrantās core authz service using key concepts from the Zanzibar paper. As I mentioned in the post, we recently open sourced the authz service powering our managed cloud service, Warrant Cloud[2], so I thought Iād share it with everyone here. Cheers!
[1] https://news.ycombinator.com/item?id=36470943
[2] https://warrant.dev/
-
Why Google Zanzibar Shines at Building Authorization
More than two years after choosing to build Warrant atop Zanzibarās core principles, weāre extremely happy with our decision. Doing so gave us a solid technical foundation on which to tackle the various complex authorization challenges companies face today. As we continue to encounter new scenarios and use cases, weāll keep iterating on Warrant to ensure itās the most capable authorization service. To share what we learn and what we build with the developer community, we recently open-sourced the core authorization engine that powers our fully managed authorization platform, Warrant Cloud. If youāre interested in authorization (or Zanzibar), check it out and give it a star!
Pulumi
-
How To Implement AWS SSB Controls in Terraform - Part 4
If you are following this blog series, you should already know the benefits of using Terraform to define and deploy your AWS resources and configuration. Other IaC solutions such as AWS CloudFormation, AWS CDK, and Pulumi work the same way but differs in the programming or configuration language.
-
The 2024 Web Hosting Report
Infrastructure as Code (IaC) is an important part of any true hosting operation in the public cloud. Each of these platforms has their own IaC solution, e.g. AWS CloudFormation. But they also support popular open-source IaC tools like Pulumi or Terraform. A category of tools that also needs to be discussed is API gateways and other app-specific load balancers. There are applications for internal consumption, which can be called microservices if you have a lot of them. And often microservices use advanced networking options such as a service mesh instead of just the native private network offered by a VPC.
-
systemd by example (2021)
funny, to me systemd == no docker, no containers, just a VM.
it's my goto way to keep my programming running and have it be restarted if the vm reboots. I use VMs like "pods". I deploy code directly to the VM and run it there along with other programs. I scale up an scale down with: https://www.pulumi.com/
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Pulumi ā Modern infrastructure as a code platform that allows you to use familiar programming languages and tools to build, deploy, and manage cloud infrastructure.
-
Playing devil's advocate with Terraform
A move like this may have an impact in other open source projects. Take Pulumi, for instance, people might avoid choosing it now that the Linux Foundation have its own IaC tool, and for newer, smaller projects it will probably be impossible to compete with a project under the Linux name.
- Pulumi ā open-source Infrastructure as Code in any language
-
Best way to deploy K8s to single VPS for dev environment
Another alternative to writing an operator would be to rely on kustomize or https://www.pulumi.com/.
-
ā”ā” Level Up Your Cloud Experience with These 7 Open Source Projects š©ļø
Pulumi
-
Show HN: Togomak ā declarative pipeline orchestrator based on HCL and Terraform
Would it make sense to say Dagger is to Pulumi [1], as Terraform is to Togomak?
[1]: https://www.pulumi.com/
-
The Complete Microservices Guide
Infrastructure as Code (IaC): Define your infrastructure using code (IaC) to automate the provisioning of resources such as virtual machines, load balancers, and databases. Tools like Terraform, Pulumi, and AWS CloudFormation can help.
What are some alternatives?
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
terraform-cdk - Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform
OPAL - Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
cdk8s - Define Kubernetes native apps and abstractions using object-oriented programming
Ory Hydra - OpenID Certifiedā¢ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
terragrunt - Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules.
sablier - Start your containers on demand, shut them down automatically when there's no activity. Docker, Docker Swarm Mode and Kubernetes compatible.
crossplane - The Cloud Native Control Plane
yai - Your AI powered terminal assistant.
bicep - Bicep is a declarative language for describing and deploying Azure resources
whisper - Pass secrets as environment variables to a process [Moved to: https://github.com/busser/murmur]
Ansible - Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.