Warrant Changelog - November 2022
2022 is quickly coming to a close! This is our penultimate product update of the year and it's a big one:
Introducing Dynamic Environments
By default, all Warrant accounts have shipped with 2 environments: test
and prod
. These environments are completely isolated and designed to make testing and deploying changes to your access models safe and easy.
One piece of feedback we've continuously received from teams is the desire for custom environments. For example, some developers want their own individual development environment for local testing that's separate from the shared test
environment. Others want the ability to define their own test environments like qa
or staging
. Some even want separate environments for each of the different applications in their stack/product suite.
To solve all of these different use-cases, we're excited to officially introduce dynamic environments! Now, you can create your own environments directly from the Warrant dashboard. Similar to the existing test
and prod
environments, dynamic environments are isolated from each other and accessible via their own separate API keys. You can create environments to match your different apps, test environments, and/or development teams. Visit your account page to create your first custom environment.
Manage fine grained access control directly in the dashboard
You can now create and assign fine grained access rules for arbitrary objects directly from the Warrant dashboard. Previously, this could only be done via API. This makes it easy for operations/non-engineering teams to quickly assign or revoke access to objects in your access model without having to make an API call or change code.
For example, if you're building an access control model to manage access to stores
, you can now create specific stores directly in the Warrant dashboard and manage which users have access to each store. Check out the new Objects tab under the Fine Grained Access Control section of the dashboard to get started.
Batch APIs for faster data imports
The create /users
and /tenants
APIs now support batch creation of multiple objects in one http request. Simply pass a list of user
or tenant
objects in a POST request to the respective endpoint (note: max batch size of 100 objects) to create all objects at once. Batch creation makes it easier and much faster to import your existing users
and tenants
into Warrant (100x less API calls!).
Check out the Batch API Reference for Users and Tenants for more details.
API Runner
As an API-first company, we do a lot of automated testing on our own APIs. To help facilitate this testing, we built our own lightweight api test harness that makes it easy to define and execute api tests.
Written in Go, API Runner makes it easy to define test cases in json and execute them against any server environment (local, ci, production). It also supports:
- All major http verbs (GET, POST, PUT, DELETE etc)
- Deep comparison of json responses (including objects and arrays)
- Attribute memoization to enable request chaining (i.e. create an object → save its id → update object by that id)
We recently open sourced API Runner so check it out, give it a star, and let us know what you think. We welcome contributions from the community, so PRs are welcome!
Learn about authz & access control
From RBAC to ABAC and everything in between, there are a lot of technical concepts and topics that developers need to be aware of and understand when dealing with authz and access control. To help bridge this knowledge gap, we've created a new 'Learn' section on our website consisting of articles and deep-dives on authz and access control topics written by the Warrant engineering team.
We'll continue adding articles so make sure to bookmark the page and let us know if there's a particular topic you'd like us to cover.