I made a post about an "[infrastructure as code](https://www.terraform.io/)" tool but it uses [RDF Triplets](https://www.w3.org/TR/turtle/) as the configuration format. This seems cursed... but maybe not.
Infrastructure as code tools basically:
- Represent the current world state as a graph.
- Read the desired world state as a graph.
- Find the difference between world states and write a change tape.
- Transform or hand edit the tape <- most don't let you do this part.
- Evaluate the tape to commit the changes.
In Hashicorp's config language the computer cannot really detect you moving a user from Auth0 to Octa--it interprets this as the Octa user being destroyed and another object being created at Auth0. The syntax is nice to type and look at but it lacks certain tags that simplify computing differences. Also Terraform doesn't let you edit the tape.
RDF triplets do have unique names for individuals. So we always have an anchor for graph nodes and we can easily tell if they still exist in both ontologies. We only need to look for the edges where attributes live. So it would actually register to tape as `change: provider octa -> auth0` which could then be processed with a special migration step or degenerate to something else like `register: auth0` followed by `deregister: octa`.
That's still not necessarily simple. If you change a password and also migrate to a new service the tape would register a new password to a service that you then immediately delete the account on. So there's still derpiness.
Manually editing an ontology is not a lot of fun though. There are tools for it but you could argue there can be tools made for anything.
So maybe what we would be doing is embracing the Unix philosophy a bit. Having a tool that's whole job is just diffing two ontologies and giving you the change tape. And then other tools that process the tape just like old Unix typesetters like roff were used. Admins can also edit the tapes by hand or write their own scripts to modify it. That lets them enforce rules like creating all new service accounts, then waiting for manual approval, then refactoring the blue group, waiting for approval, then refactoring the rest, than deleting the old accounts, etc.
You'd probably have to bring your own ontology editor though. Nobody wants to write this crap by hand:
:iceworks rdf:type owl:NamedIndividual , :VPS ; :HostedAt :Datacenter01 . [ rdf:type owl:Axiom ; owl:annotatedSource :iceworks ; owl:annotatedTarget :Datacenter01 ; owl:annotatedTarget :HotedAt ; rdfs:comment "screaming inside" ] .