Passing 🌟 1000 stars 🌟 on GitHub is a rite of passage for open source projects. And in late May, Topaz got there 🎉

To celebrate, here are our top 10 favorite features that we've added to Topaz over the past year. Enjoy!

10. Topaz directory CLI commands

First appearing in Topaz 0.32, you can now use the Topaz CLI to create, read, update, and delete objects and relationships. There’s even a nice editing experience for the payload of each command!

9. Switching between configurations

Introduced in Topaz 0.32, you can create multiple configs for Topaz, each with its own policy and data, and effortlessly switch between them.

8. REST APIs for the directory

Before Topaz 0.30, the directory APIs were only accessible over gRPC and using the SDKs. In Topaz 0.30 we added REST projections of the gRPC contracts.

7. Topaz test

Starting in Topaz 0.30, creating and executing test assertions became a first-class part of the Topaz experience. You can create and execute directory and authorizer assertions and execute them as part of your CI pipeline with the topaz directory test and topaz authorizer test commands.

6. Typescript, Go, Java, .NET, Python, and Ruby SDKs

In Topaz 0.30 we introduced a full complement of language SDKs, as well as Express, Go, Spring, ASP.NET, Flask, and Rails middleware, to make it super-easy to integrate Topaz into your apps!

5. Importers for Auth0, Okta, Azure AD, Cognito, Google

Starting with Topaz 0.30, we introduced the ds-load extract/transform/load (ETL) pipeline for getting identity provider data into Topaz. We’ve since extended this to LDAP and FusionAuth. Getting data into the authorization engine is one of the hardest problems in AuthZ, and ds-load has you covered!

4. Authorization templates for common models

Topaz 0.30 also introduced Authorization templates, so that you have a starting point for your own authorization model. We have templates for simple-rbac, gdrive, slack, github, and two sample apps - todo and peoplefinder. Check them out!

3. Search and filtering capabilities

Topaz 0.31 introduced the ability to answer questions like “which resources does this user have the can_read permission?” and “which resources can this user read?”  Topaz 0.32 makes it very easy to perform searches through the API, CLI, or the UI.

2. Full GUI console

Speaking of UI, in Topaz 0.30 we introduced a fully-featured UI console, which we decided to open source from our commercial product. Simply start topaz and then use the topaz console command to check it out! It’s one of the most generous UI experiences we’ve seen in an open source product.

🥁 Drumroll… and the feature we’re most proud of is… 🥁

1. Support for Zanzibar intersection, exclusion, and arrow operators

Topaz 0.30 introduced a new manifest language, and Topaz 0.31 added support for every operator that was referenced in Google’s Zanzibar paper: union, intersection, exclusion, and the relation navigation (arrow) operators.

This makes it trivial to create authorization models that support hierarchical objects, nested groups, management relationships, and deny-lists.

Try it yourself!

We had fun putting together this retrospective, and if you're not yet a Topaz user, we hope you go give it a try.

Happy hacking!