Here's our product update for February:
By popular demand, Warrant now supports login with Google & GitHub! New users can simply click on the 'Continue with Google' or 'Continue with GitHub' buttons to create their Warrant accounts.
Existing users can also login with Google & GitHub provided that the email address associated with Google and GitHub is the same as the one they used to register with Warrant.
It's a new year and we have lots of updates to share:
We've revamped object types, making them more succinct and easier to work with. Additionally, object types now support type restrictions. For example, teams could previously specify in an object type that a user is an owner of report:A if that user is a member of another object that is an owner of report:A. However, it wasn't possible to specify that the user must be a member of a particular type of object (i.e. a tenant) in order to this inheritance to occur. This is now possible via the revamped object type schema. Check out an example below or read more in our docs.
{
"type": "report",
"relations": {
"owner": {
"inheritIf": "member",
"ofType": "tenant",
"withRelation": "owner"
},
"editor": {
"inheritIf": "anyOf",
"rules": [
{
"inheritIf": "owner"
},
{
"inheritIf": "member",
"ofType": "tenant",
"withRelation": "editor"
}
]
},
"viewer": {
"inheritIf": "anyOf",
"rules": [
{
"inheritIf": "editor"
},
{
"inheritIf": "member",
"ofType": "tenant",
"withRelation": "viewer"
}
]
}
}
}
Happy holidays! This is our last product update of 2022 and we're excited to share more about what we've been up to leading into 2023:
We've made some major updates to our Java and Ruby SDKs, bringing them up to par with all functionality supported by the Warrant APIs. This includes:
2022 is quickly coming to a close! This is our penultimate product update of the year and it's a big one:
By default, all Warrant accounts have shipped with 2 environments: test and prod. These environments are completely isolated and designed to make testing and deploying changes to your access models safe and easy.
One piece of feedback we've continuously received from teams is the desire for custom environments. For example, some developers want their own individual development environment for local testing that's separate from the shared test environment. Others want the ability to define their own test environments like qa or staging. Some even want separate environments for each of the different applications in their stack/product suite.
To solve all of these different use-cases, we're excited to officially introduce dynamic environments! Now, you can create your own environments directly from the Warrant dashboard. Similar to the existing test and prod environments, dynamic environments are isolated from each other and accessible via their own separate API keys. You can create environments to match your different apps, test environments, and/or development teams. Visit your account page to create your first custom environment.
Lots of usability enhancements within the dashboard this month including:
userId or name on the Users page
Lots of exciting updates to share for September! 🍂
Earlier this month, we shipped native support for feature flags & pricing tiers in Warrant. You can now create and manage features and pricing tiers (ex. free, pro, enterprise) for your app directly in the Warrant admin dashboard or via API. Once configured, access to these features and tiers is enforced at runtime in your app using the existing front-end and server-side Warrant SDKs.
Features and tiers are completely dynamic and can easily be changed and overridden as needed. Check out more info in our launch post and if you'd like to get started with Pricing Tiers & Feature Flags, just sign-in to your Warrant account and follow the onboarding guide.
We're excited to launch our official Angular SDK! Similar to our Vue and React SDKs, the Angular SDK ships with components and other primitives to help you implement authz checks in Angular web apps.
We've built Warrant to be easy to integrate with any 3rd party authn provider or home-grown authn solution. One of the more popular authn providers we've seen companies using is Firebase. To make it even easier for Firebase users to start using Warrant, we've created a repo of common cloud/serverless functions that you can deploy to Firebase to get your users hooked up to Warrant in < 10 minutes. The repo has functions to create and delete users and sessions (triggered on Firebase auth events). Check it out here.
It's hot outside but the team is staying cool and shipping. Here's what we've been up to in the past month:
We launched on Hacker News earlier this month, check out the discussion here.
We've created a new demo app to showcase Warrant running within a live web application - managing roles, permissions and access checks. The demo app lets you preview a sample e-commerce store as different users (with different permissions) and see a live access log of all permissions checks as they happen in the app.
Here's what we've been up to in July:
The Edge Agent is a lightweight Go service that customers can deploy in their own infrastructure which functions as an in-network, local cache capable of responding to access check requests with single millisecond response times. You can read more about Edge here and check out the source code on GitHub.
Here's what we've been up to in June:
We’re excited to officially launch Warrant Sync into beta today! Sync connects with your existing database and automatically creates, updates and deletes warrants for common use-cases like managing users, tenants and RBAC. We built Sync to make integrating with Warrant significantly easier and cut down on a lot of the boilerplate API integration. Check out more in our Sync launch post and get in touch if you'd like to try it out.
Here's what we've been up to in May:
First up, Warrant now supports the 'allOf' (intersection) and 'noneOf' (not) set rules for object type relations, in addition to the already supported 'anyOf' (union) rule. This brings the Warrant authz service closer to the Google Zanzibar specification. Using these rules, you can create more powerful authz policies including those based on exclusion rules to prevent common issues like 'role explosion.' You can read more about the new rule types here.