20 posts tagged with "updates"

Hey Everyone! It's been a while since our last product update. The team has been hard at work this summer with some major improvements to Warrant. We decided to take a quick break to tell you about some of the things we've been working on!

New CLI commands​

The Warrant CLI is now the quickest way to get started with Warrant. We've added new commands for listing object types, making assertions on check requests (for testing), and managing objects (create, get, update, delete). The CLI now also supports multiple environments via the env command.

Check out these instructions to install and get started with the CLI.

Here's what's new with Warrant this month:

Support for ABAC policies (including time-based warrants)​

We're excited to announce that the Warrant authorization engine now supports expression and evaluation of ABAC policies in addition to its native ReBAC capabilities. Although most application authorization scenarios can be modeled via ReBAC (e.g. RBAC, fine-grained access control), there are certain scenarios where access depends on an object or environment's attributes.

For example, we might want to express a rule that states that [user:1] is a [member] of [role:admin] but only if that user's requests are originating from [ip-address:192.192.0.1]. Although Warrant's existing ReBAC engine allows us to represent the member relation between user:1 and role:admin, we must also check for the user's IP context at runtime for the full check to pass.

To enable such scenarios, Warrant now supports definition of policies directly within warrants and evaluation of those policies at runtime using 'contextual data' provided by the client. For the example above, we can define a warrant with an IP equality check as follows:

{
    "objectType": "role",
    "objectId": "admin",
    "relation": "member",
    "subject": {
        "objectType": "user",
        "objectId": "1"
    }
    "policy": "user.client_ip == \"192.168.1.1\""
}

This warrant states that [user:1] is a [member] of [role:admin] if [user.client_ip == 192.168.1.1]. At check time, a request with the following context would result in an access allowed response:

{
    "objectType": "role",
    "objectId": "admin",
    "relation": "member",
    "subject": {
        "objectType": "user",
        "objectId": "1"
    }
    "context": {
        "user": {
            "client_ip": "192.168.1.1"
        }
    }
}

In addition to strict equality (==), Warrant policies also support a variety of operands including comparators, regex and time (expiration) expressions. For more details, check out the docs.

Dashboard updates​

We've also made a few significant improvements to the Warrant admin dashboard this month to make finding, viewing and editing your access control data much easier. More specifically:

Dynamic table views & sorting​

All table views (e.g. tenants, users, roles, permissions etc.) now support sorting by column (e.g. by 'created_at' date) and dynamic, in-place data fetching via a 'load more' button to make it even easier for users to traverse and search through their data.

We missed sending out a product update for April but we're back for an even bigger May update! Lots to share including a new milestone for the Warrant open source service as well as some exciting updates to Warrant Cloud!

Warrant open source crosses 350 ⭐s​

The Warrant open source service has hit a milestone of 350+ stars! The latest version (0.17.0) ships with MySQL, PostgreSQL and SQLite support along with enhanced debugging for access checks and a revamped events architecture. Check us out and give the repo a ⭐!

Here's our (short but sweet!) product update for March:

Warrant open source​

It's been 2 weeks since we officially open sourced Warrant. It's been exciting to see the feedback from users. If you haven't checked it out yet, check out the repo here, give us a ⭐ and help us drive the roadmap!

Here's our product update for February:

Login with Google & GitHub​

By popular demand, Warrant now supports login with Google & GitHub! New users can simply click on the 'Continue with Google' or 'Continue with GitHub' buttons to create their Warrant accounts.

Existing users can also login with Google & GitHub provided that the email address associated with Google and GitHub is the same as the one they used to register with Warrant.

It's a new year and we have lots of updates to share:

Revamped object types, now with type restrictions​

We've revamped object types, making them more succinct and easier to work with. Additionally, object types now support type restrictions. For example, teams could previously specify in an object type that a user is an owner of report:A if that user is a member of another object that is an owner of report:A. However, it wasn't possible to specify that the user must be a member of a particular type of object (i.e. a tenant) in order to this inheritance to occur. This is now possible via the revamped object type schema. Check out an example below or read more in our docs.

{
  "type": "report",
  "relations": {
    "owner": {
      "inheritIf": "member",
      "ofType": "tenant",
      "withRelation": "owner"
    },
    "editor": {
      "inheritIf": "anyOf",
      "rules": [
        {
          "inheritIf": "owner"
        },
        {
          "inheritIf": "member",
          "ofType": "tenant",
          "withRelation": "editor"
        }
      ]
    },
    "viewer": {
      "inheritIf": "anyOf",
      "rules": [
        {
          "inheritIf": "editor"
        },
        {
          "inheritIf": "member",
          "ofType": "tenant",
          "withRelation": "viewer"
        }
      ]
    }
  }
}

Happy holidays! This is our last product update of 2022 and we're excited to share more about what we've been up to leading into 2023:

Major updates to Java & Ruby SDKs​

We've made some major updates to our Java and Ruby SDKs, bringing them up to par with all functionality supported by the Warrant APIs. This includes:

• All RBAC operations including role, permission, user assignment, removal and authz checks
• Pricing tiers (CRUD operations and authz checks)
• Features (CRUD operations and authz checks)
• New Java and Ruby types for Warrant objects and subjects to make creating, deleting and checking warrants easier and safer

2022 is quickly coming to a close! This is our penultimate product update of the year and it's a big one:

Introducing Dynamic Environments​

By default, all Warrant accounts have shipped with 2 environments: test and prod. These environments are completely isolated and designed to make testing and deploying changes to your access models safe and easy.

One piece of feedback we've continuously received from teams is the desire for custom environments. For example, some developers want their own individual development environment for local testing that's separate from the shared test environment. Others want the ability to define their own test environments like qa or staging. Some even want separate environments for each of the different applications in their stack/product suite.

To solve all of these different use-cases, we're excited to officially introduce dynamic environments! Now, you can create your own environments directly from the Warrant dashboard. Similar to the existing test and prod environments, dynamic environments are isolated from each other and accessible via their own separate API keys. You can create environments to match your different apps, test environments, and/or development teams. Visit your account page to create your first custom environment.

Dashboard Updates​

Lots of usability enhancements within the dashboard this month including:

• Search for users by userId or name on the Users page
• View all of a user's assigned tenants on the Users page
• A new UI to manage teammates on the Account page

Lots of exciting updates to share for September! 🍂

Pricing Tiers & Feature Flags​

Earlier this month, we shipped native support for feature flags & pricing tiers in Warrant. You can now create and manage features and pricing tiers (ex. free, pro, enterprise) for your app directly in the Warrant admin dashboard or via API. Once configured, access to these features and tiers is enforced at runtime in your app using the existing front-end and server-side Warrant SDKs.

Features and tiers are completely dynamic and can easily be changed and overridden as needed. Check out more info in our launch post and if you'd like to get started with Pricing Tiers & Feature Flags, just sign-in to your Warrant account and follow the onboarding guide.

Angular SDK​

We're excited to launch our official Angular SDK! Similar to our Vue and React SDKs, the Angular SDK ships with components and other primitives to help you implement authz checks in Angular web apps.

Firebase Cloud Functions​

We've built Warrant to be easy to integrate with any 3rd party authn provider or home-grown authn solution. One of the more popular authn providers we've seen companies using is Firebase. To make it even easier for Firebase users to start using Warrant, we've created a repo of common cloud/serverless functions that you can deploy to Firebase to get your users hooked up to Warrant in < 10 minutes. The repo has functions to create and delete users and sessions (triggered on Firebase auth events). Check it out here.