Policy as Code
As a best practice Permit.io encourages you to manage your authorization policy as code; by managing policy as code. There are many benefits to having policy as code, including improved consistency, accuracy, and traceability. Defining policies using code provides you with the ability to ensure policies are consistently enforced across different systems and environments, which can help prevent policy violations and reduce the risk of unauthorized access to sensitive data or systems. Policy as code allows you to more easily manage and update. When managed as code, policies can be managed using the same tools and processes used to manage and deploy software. This makes it easier to track changes to policies over time, roll back changes if necessary, and in general, enjoy the well-thought-through best practices of the code world (e.g., GitOps). In short policy as code saves us from reinventing the wheel.
Policy as Code in Permit.io
While policy-as-code should be managed in a code repository, that doesn't mean it must be authored as pure code. By simplifying policy creation, we can make our work as developers easier, free ourselves from becoming bottlenecks, and empower other critical stakeholders (e.g., product managers, security, compliance, support, professional services, and sales) to participate in the policy creation process. Permit.io's low-code policy-editor generates code for you (primarily OpenPolicyAgent Rego code - see example here)
The policy code generated by the policy-editor is saved into a Git repository before being deployed to your PDP (Aka your microservice for authorization). You can own and manage this Git repository - allowing you full control of the code there, as well as setting a CI process between Permit environments. Adding tests, benchmarks, code-reviews, and adding more manual code - provide you with all the checks and balances you need before merging changes between Git branches (synced into different Permit environments)
Setting up Gitops
The feature is available to all Permit users as a self-service. Please follow the guide here.
Please note that the repository does not have to be the main code repository you use. The policy code can be nested in different folders within the repository. The Rego code you add can both import and refer to the code that is automatically generated.