Permify Changelog
Get the latest updates from our Discord community!
SDK Client Updates 🛠️
August 7, 2024We've released Java & Typescript SDK clients and made some changes in the existing clients as well.
- Fixed the
Invalid imports
issue in the Python client https://github.com/Permify/permify-python/issues/1 - The permify-node package is now generated using the official buf gRPC client generator. With this new generator, dictionary-typed data bodies have transitioned to requiring objects to be created and set. Also, all objects and clients are accessible through grpc.payload, grpc.base, or simply grpc in the new package.
- Implemented REST clients for Typescript and Javascript and accessible through npm.
- Implemented Java REST clients, accessible through Maven or Gradle.
- Created a new SDK repository to provide examples and best practices for using each client. It's super new right now and doesn't have many examples, but will be improved along the way: https://github.com/Permify/permify/tree/master/sdk
For those who want to contribute to this repo, you're more than welcome as always.
With the new generation flow, all these clients will stay up to date. Any release in the main Permify project will automatically trigger their update and publication.
Here is the link to the current official Permify clients - each client is available in both gRPC and REST:
APRIL, 2024 🌸
With April behind us, we've been primarily focused on enhancements in infrastructure and observability this month. Specifically, improving the caching mechanism we operate to enhance performance is our top priority, followed by enhancing observability.
Here are some highlights from April:
Added Cache Hit Span
We’ve implement cache hit span to ease tracing of cache hits to facilitate performance monitoring and debugging.The addition of this feature allows developers and systems administrators to monitor the efficiency of cache utilization and troubleshoot performance-related issues more effectively.
Implemented Cache Mode Configuration Based On Connection String
Allows dynamic setting of the plan cache mode for PostgreSQL based on the provided connection string.The newly added setting aims to provide developers with control over the caching strategy of SQL execution plans based on their specific needs and the operational characteristics of their applications.
This can potentially improve query execution times and overall application performance by optimizing the use of the plan cache based on the operational context.
Refreshed Our Landing Page
We've updated our landing page. Its now featuring use cases, enterprise features, the playground, and more!Now, you can ask your questions about Permify and receive instant answers!See the newest version of our documentation
Added gRPC Server Stats Handler
Added support for GRPC exporters in OpenTelemetry, previously only HTTP exporters were supported.This feature enables tracing of server root spans to improve observability and diagnostics of gRPC servers.
Replace Database/SQL With Native PGX Usage
Replaced the generic database/sql with native pgx usage, for better performance, as database/sql was less efficient in comparison.MARCH, 2024 🍀
We embraced the spring with a bunch of new improvements 🚀 In March, we shipped two SDKs, refreshed our documents, added an AI assistant to ease the modeling process, implemented a new feature to enhance schema changes, and much more!
Here are some highlights from March:
Released New Rest Clients
We've released new Python and Javascript SDKs that are automatically generated by the OpenAPI Generator.- Python Client: https://github.com/Permify/permify-python
- Javascript Client: https://github.com/Permify/permify-javascript
Launched Permify AI
We’ve build a AI assistant powered by Groq to generate authorization models/policies and further streamlined the modeling Permify Schema processes 🤖With Permify AI you can simply describe your authorization logic or your use case, and it will automatically generate the corresponding authorization schema and semantics that you can directly use in Permify
Refreshed Document Interface with Permify AI Assistant
We've refreshed our documentation and added a comprehensive search powered by the Permify AI AssistantNow, you can ask your questions about Permify and receive instant answers!See the newest version of our documentation
Released Partial Schema Update
We have published an endpoint allows authorized users to make partial updates to the schema by adding or modifying actions within individual entities.See more details in the following documentation.Implement Backoff Policy for JWKs Retrieval and Validation
This enhancements focuses on improving how JSON Web Keys (JWKs) are fetched and managed.Previously, the system fetches JWKs at scheduled intervals, which falls short in urgent token rotation scenarios and in preventing abuse from invalid tokens.
Now we propose dynamically fetching JWKs from the PERMIFY server as needed, enhancing security by verifying tokens with absent KIDs through immediate JWK retrieval, and introducing a backoff policy to avoid overwhelming the server.
https://github.com/Permify/permify/issues/1135.
February, 2024 🌨️
This month, we mainly focused on enhancing Permify devEX by working on auxiliary tools and libraries, introducing new endpoints to enhance visibility, fixing errors as usual, working on OpenTelemetry and observability.
Here are some notable changes from February:
Added Air Support For Hot Reloading
Updated docker configs and added an air config for faster development.Air is a watches all the go files and rebuilds whenever there is any change in the code to reflect in the API immediately.
Released New Schema Endpoints
We have released Read and List schema endpoints to increase context awareness and visibility across schema usage.- Read Schema is responsible for returning the specified schema version.
- List Schema allows you to retrieve schemas along with the timestamps of their creation.
Introducing the permify config
Command
The permify config command has been introduced to streamline the debugging of environments and configurations in containers and runtimes, with a focus on security.It allows for the inspection of environment variables, flags, and configuration files, while sensitive values are automatically obfuscated (e.g., secrets in connection strings).
cache_check_count
Added for Improved Caching Insights
cache_check_count, has been implemented to enhance monitoring and observability within Permify's caching mechanisms. This metric counts the number of permission checks performed with cached results, offering deeper insights into cache usage and efficiency.By integrating with OpenTelemetry metrics, it facilitates real-time monitoring of cached permission checks, aiding in performance optimization and debugging efforts.
OIDC Configuration and Validation Enhancements
We've made significant improvements to our OIDC configuration and validation mechanisms. The process has been simplified to require just the issuer and audience parameters, enhancing ease of use and setup efficiency.We've also improved JWKS handling for better public key management and shifted focus to audience validation, removing the ambiguity around the azp claim.
This update streamlines token validation, particularly where multiple audiences are involved, and adjusts our approach to signing methods by primarily supporting RS256.
JANUARY, 2024 ❄️
At the beginning of 2024, we primarily focused on enhancing our core by working on logging, fixing and enhancing error codes in several services, improving query performance through PostgreSQL index optimization, and more.
Here are some notable changes from January:
Improvements on Logging
- Context relation errors will now only be logged in debug mode.
- Added unary and stream server interceptors to the logging configuration, enabling detailed start-end logs for GRPC calls, including timestamps, method details, and execution times
Fix & Enhancement in Error Codes
We have fixed an issue with 4xx and 5xx errors. Now, errors like schema not found should result in: 400-level errorsEnhanced Request Deduplication
Implemented a singleflight proxy to improve request deduplication, enhancing efficiency by reducing redundant processing. Currently working on the detailed benchmark for this.Performance Optimization: PostgreSQL Index Enhancements
We've just optimized indexes in our Postgres database and significantly improved the query speeds.A notable query execution time saw a decrease from 2.9 ms to just 0.060 ms in 10k rows 🚀
Added Helm Charts for Kubernetes Deployment
We’ve added Helm Charts for deploying and managing Permify in Kubernetes environments. Now you can seamlessly manage and deploy Permify in your Kubernetes environment with pre-configured resources.See installation guideline on our docs.
Refactor on Circuit Breaker
Refactored circuit breaking functionality by switching from Hystrix package to Gobreaker.NOVEMBER, 2023 🍂
We've introduced several improvements and new features this month, including streamlined authorization data synchronization, enhanced security for distributed cache usage, improved Yaml Validation files, and more!
Here are some highlights from November:
Data Bundles - Streamline Data Sync
Ensuring that authorization data remains in sync with the business model is an important practice when using Permify.Prior to Data Bundles, it was the responsibility of the services (such as WriteData API) to model how relations are created and deleted when actions occur on resources.
With the Data Bundles, you be able to bundle and model the creation and deletion of relations and attributes when specific actions occur on resources in your applications.We believe this functionality will streamline managing authorization data as well as managing this in a central place increase visibility around certain actions/triggers that end up with data creation.
See how Data Bundles work in our docs: Bundle Service
Flexible Input Formats for Schema in Testing Validation File
Expand the schema field to accept input as a simple string text representing either a URL or a file path load external schema.With this improvement you can define the schema in the YAML file in one of two ways:See the details on: Defining Schema in Validation File
Authentication for Consistent Hashring
We’ve implemented our existing authentication methods (Pre Shared Keys & OIDC) for consistent hashing, thereby enhancing security in the permify instances’s interpolation.Check out the Github Pull Request for details
Implement slog Logging in Postgres
Enhance our logging mechanism within internal/storage/postgres by utilizing 'slog,' a feature in the new version of Go.- If you're new to slog, check out the post Structured Logging published on the Go blog.
- For details of this development see the respected Github Pull Request
Playground Improvement
We have changed our playground interface and returned to the bird's-eye view.- Visualization of the schema now can be accessed from the tab above the schema.
- Improve the editor on the enforcement section in order to make scenario creation smother.
- Separate the relation and attribute creation. You can easily create relations and attributes using an analog click-and-fill form.
OCTOBER, 2023 🎃
This month, we made some improvements to Regex patterns in api endpoints, worked on a consistent hashring to enhance the current Distributed Cache Mechanism, included an AST converter in the schema, and fixed some bugs while making enhancements to the core.
Here are some notable changes from October:
Improvements on Distributed Cache Mechanism
- Updated Consistent Hashring configuration and usage. Here is an example configuration option for it from our configuration YAML file,
- Implement consistent hashring balancer with go-grpc. This gives ability to create a load balancer policy when providing DNS or Kubernetes addresses. This enhancement not only boosts performance but also eliminates the need for a separate service for user-specific service discovery.
Regex Enhancements in APIs' Validation
String Validation: ^[a-zA-Z_]{1,64}$"
- Contain only uppercase letters
(A-Z)
, lowercase letters(a-z)
, and underscores(_)
. - Have a length between 1 and 128 characters.
- Alternatively, the ID can be a single asterisk ().
ID Validation: ^([a-zA-Z0-9_\\\\-@\\\\.:+]{1,128}|\\\\*)$
- Contain only uppercase letters
(A-Z)
, lowercase letters(a-z)
, and underscores(_)
. - Have a length between 1 and 128 characters.
- Alternatively, the ID can be a single asterisk ().
Added Permify Schema to JSON converter
By utilizing the command: permify ast {path of your schema validation file}
, you can effortlessly convert your model into an Abstract Syntax Tree (AST) representation.
The conversion to AST provides a structured representation of your model, making it easier to navigate, modify, and analyze. This process ensures that your model is syntactically correct and can be processed by other tools without issues.
General Enhancements on Logging
- Migrated to Go’s slog structured logger, for improved logging capabilities.
- Introduced slog logger configuration and level resolver, allowing for more flexible and customizable logging.
- Changed distributed mode failure log to use Error level.
- Redundant logger instantiation has been removed, streamlining the codebase and potentially improving efficiency.
SEPTEMBER, 2023
This month, we released ABAC (Attribute-Based Access Control) support, added examples of use cases, updated docs and tools accordingly, and continued to work on the infrastructure and dev experience.
Here is a brief overview of the updates in September:
Released ABAC (Attribute-Based Access Control) Support
We have released ABAC (Attribute-Based Access Control) support for our open-source, introducing several new features, including:
- The ability to define attributes and rules (functions that allow you to check specific mostly dynamic conditions) when creating a schema.
- Addition of new datastore interfaces designed specifically to store attributes.
- Re-designed the check engine algorithm for attribute computation.
- Implementation of mass filters for attributes and improved error handling mechanisms to enhance visibility and user experience.
UI & Functionality Improvements on Playground
- Added ABAC variables; rules and attributes to Visualizer.
- Adjusted the height of it for better visibility and user experience.
- Introduced a new schema reader for defining cache keys type. Rule calls now always initiate from the invoker (that's for caching rule calls with specific entity).
Added Coverage Configuration (coverage.yml)
Introduced a GitHub Action that activates on push
and pull_request
events. Utilizes ubuntu-latest runner with Go 1.20 setup. Checks out the project code and manages dependencies. Executes unit tests and gathers code coverage. Reports coverage metrics to Coveralls.
Improvements on Lookup Services
- Unified lookup services to read the schema only once per request for efficiency.
- Introduced a new cache mechanism within the lookup: Schema Map. It serves as a cache to store and keep track of schema versions, ensuring efficient and speedy retrievals.
Notable Enhancements On Core
- Renamed conflicting proto messages to avoid clashes with native types.
- Implemented
checkDirectCall
for recursive invokes. Rule calls now always initiate from the invoker (that's for caching rule calls with specific entity). - Enhanced array data type handling, with the addition of array types to engines and new attribute helpers.