![topaz passes 1000 stars on github](https://cdn.sanity.io/images/4gqsq44z/production/12986f13cf27f62785e5397e75e36d10ee73f523-2228x1008.png)
Passing 🌟 1000 stars 🌟 on GitHub is a rite of passage for open source projects. And in late May, Topaz got there 🎉
To celebrate, here are our top 10 favorite features that we've added to Topaz over the past year. Enjoy!
10. Topaz directory CLI commands
First appearing in Topaz 0.32, you can now use the Topaz CLI to create, read, update, and delete objects and relationships. There’s even a nice editing experience for the payload of each command!
![directory get object](https://cdn.sanity.io/images/4gqsq44z/production/94a154729560ac7cf46b1cc4b94be431f0a78a12-1468x1052.gif)
9. Switching between configurations
Introduced in Topaz 0.32, you can create multiple configs for Topaz, each with its own policy and data, and effortlessly switch between them.
![topaz config](https://cdn.sanity.io/images/4gqsq44z/production/b59a7295847f5223fc92ac93ebce0baa47179434-1468x1052.gif)
8. REST APIs for the directory
Before Topaz 0.30, the directory APIs were only accessible over gRPC and using the SDKs. In Topaz 0.30 we added REST projections of the gRPC contracts.
![rest apis](https://cdn.sanity.io/images/4gqsq44z/production/9b1d308f84dc78ddc5e1422fdd3d94ed113c982e-2994x1524.png)
7. Topaz test
Starting in Topaz 0.30, creating and executing test assertions became a first-class part of the Topaz experience. You can create and execute directory and authorizer assertions and execute them as part of your CI pipeline with the topaz directory test
and topaz authorizer test
commands.
![topaz test](https://cdn.sanity.io/images/4gqsq44z/production/a56860dec53d5cd4ea53c2e8504d4ac92e1c400b-1420x684.png)
6. Typescript, Go, Java, .NET, Python, and Ruby SDKs
In Topaz 0.30 we introduced a full complement of language SDKs, as well as Express, Go, Spring, ASP.NET, Flask, and Rails middleware, to make it super-easy to integrate Topaz into your apps!
![sdks](https://cdn.sanity.io/images/4gqsq44z/production/c989cd178fe09634f806e73d17ea8b544734e597-798x1342.png)
5. Importers for Auth0, Okta, Azure AD, Cognito, Google
Starting with Topaz 0.30, we introduced the ds-load
extract/transform/load (ETL) pipeline for getting identity provider data into Topaz. We’ve since extended this to LDAP and FusionAuth. Getting data into the authorization engine is one of the hardest problems in AuthZ, and ds-load has you covered!
![ds-load](https://cdn.sanity.io/images/4gqsq44z/production/89eb5c25d48bce576ac000b4425abd8867f52fb3-1468x1052.gif)
4. Authorization templates for common models
Topaz 0.30 also introduced Authorization templates, so that you have a starting point for your own authorization model. We have templates for simple-rbac
, gdrive
, slack
, github
, and two sample apps - todo
and peoplefinder
. Check them out!
![topaz templates](https://cdn.sanity.io/images/4gqsq44z/production/ab45ab465e62eddba641708d00375b2677c64f04-2476x1276.gif)
3. Search and filtering capabilities
Topaz 0.31 introduced the ability to answer questions like “which resources does this user have the can_read permission?” and “which resources can this user read?” Topaz 0.32 makes it very easy to perform searches through the API, CLI, or the UI.
![search](https://cdn.sanity.io/images/4gqsq44z/production/a01687b1a17fc230a4c23a76ff740d9fc9837c59-1468x1052.gif)
2. Full GUI console
Speaking of UI, in Topaz 0.30 we introduced a fully-featured UI console, which we decided to open source from our commercial product. Simply start topaz and then use the topaz console
command to check it out! It’s one of the most generous UI experiences we’ve seen in an open source product.
![topaz console](https://cdn.sanity.io/images/4gqsq44z/production/a0fc24dfbabdf9207db5253a5fdb00e949e5f17d-2838x1592.png)
🥁 Drumroll… and the feature we’re most proud of is… 🥁
1. Support for Zanzibar intersection, exclusion, and arrow operators
Topaz 0.30 introduced a new manifest language, and Topaz 0.31 added support for every operator that was referenced in Google’s Zanzibar paper: union, intersection, exclusion, and the relation navigation (arrow) operators.
This makes it trivial to create authorization models that support hierarchical objects, nested groups, management relationships, and deny-lists.
![google drive manifest](https://cdn.sanity.io/images/4gqsq44z/production/aab51bef2bb58137eadc78b45975cbe53bb7307a-2226x1276.png)
Try it yourself!
We had fun putting together this retrospective, and if you're not yet a Topaz user, we hope you go give it a try.
Happy hacking!
Related Content
![Blog post cover](https://cdn.sanity.io/images/4gqsq44z/production/f6239f261183015c07d1fe3c540aefc1e41c2f4e-2688x1536.jpg)
Implementing Custom Roles in your SaaS Application
Custom roles are tricky to implement. This post offers two approaches for allowing each tenant to add custom roles: one for simple RBAC, and one for fine-grained ReBAC.
Jun 20th, 2024
![Blog post cover](https://cdn.sanity.io/images/4gqsq44z/production/e4c761011714fbd286759299e03246fd2ea71e3a-1213x498.png)
Announcing Topaz 0.32!
Topaz 0.32 adds significant CLI improvements, including better configuration management, easy switching between templates, and new directory and authorizer subcommands.
May 16th, 2024
![Blog post cover](https://cdn.sanity.io/images/4gqsq44z/production/648c480720c12f43e70208c6e08dc229b2bbb805-6000x4000.jpg)
How ReBAC helps solve data filtering
Data filtering based on roles or permissions is an important use-case for application developers. Find out how your authorization system can help!
Apr 12th, 2024