4 مستودعات
Managing authorization policies and resources as version-controlled code using Terraform, Pulumi, and Helm.
Distinct from Infrastructure as Code: Distinct from Infrastructure as Code: focuses on applying IaC principles specifically to authorization policies and resources.
Explore 4 awesome GitHub repositories matching devops & infrastructure · Policy-as-Code Definitions. Refine with filters or upvote what's useful.
Ory Keto is an open-source authorization server that implements Google Zanzibar’s relationship-based access control model. It stores every access relationship as a tuple in a SQL database and exposes a declarative TypeScript-like namespace language for defining object types, relations, and permissions. The service provides bidirectional permission resolution, configurable consistency levels for checks, and dual gRPC and REST APIs for broad integration. Keto extends the Zanzibar model with edge enforcement of access policies, structured compliance auditing of permission decisions, and infrastr
Manages authorization resources and policies declaratively using Terraform, Pulumi, and Helm configurations.
OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t
Implements authorization logic as version-controlled code to enable automated testing and safe deployments via CI/CD pipelines.
Cerbos is an open-source authorization service that provides a centralized, language-agnostic engine for managing access control. It functions as a policy-as-code platform, allowing teams to define, test, and distribute authorization rules using declarative YAML or JSON configurations. By decoupling access logic from application code, it enables consistent permission enforcement across diverse service stacks. The project distinguishes itself through its ability to translate high-level authorization policies into native database query filters. This capability allows applications to enforce sec
Manages authorization rules in versioned, human-readable files that support automated testing, validation, and GitOps-based deployment pipelines.
DNSControl is an infrastructure-as-code tool designed to manage DNS records and zones across multiple providers through a unified, programmable configuration language. By treating DNS as code, it enables teams to maintain consistent infrastructure state, automate record updates, and perform version-controlled management of network settings across diverse cloud, registrar, and network DNS services. The system functions as a multi-provider orchestrator that uses a declarative reconciliation engine to compare local configurations against live remote states. It employs a provider-agnostic abstrac
Enables managing DNS zones and records as version-controlled code using a domain-specific language.