Cerbos v0.19.0

Highlights

The PlanResources API now validates requests using schemas to flag any invalid or unknown attributes. Similar to the CheckResources API, the schema enforcement level defined in the configuration file determines whether invalid requests are processed with warnings or completely rejected.

This release also includes several fixes to the PlanResources output to simplify the plan produced for expressions that make use of higher-order functions like in and exists. The AST produced for logical operators like and and or is now more consistent regardless of the operator used as well.

Distributed traces can now be exported to collectors that support OTLP by using the new otlp exporter. Thanks to community member @rcrowe for contributing this feature.

Changelog

Bug Fixes

  • Avoid short-circuit when expressions access non-existent attributes (#1056)

  • Handle missing scopes in playground validate API (#1042)

  • Transform &&/|| to and/or in ASTs (#1021)

  • Transform maps to lists for membership test (#1032)

  • Transform maps to lists in comprehension expressions (#1044)

  • Transform membership test in empty list to false (#1059)

Enhancements

  • Export traces via OTLP to a collector (#1017)

  • Output detailed index build errors when the number of errors is low (#1038)

  • Validate schemas when planning queries (#1013)

Documentation

  • Add AWS Cognito integration demo docs (#1037)

  • Add link to AWS Cognito docs in sidebar (#1039)

  • Updating customer logos (#1054)

  • Use analogy to explain derived roles (#1015)

Chores

  • Add function to compile a set of files (#1046)

  • Bump bufbuild/buf-lint-action from 1.0.0 to 1.0.1 (#1047)

  • Bump bufbuild/buf-setup-action from 1.5.0 to 1.6.0 (#1048)

  • Bump github.com/alecthomas/kong from 0.6.0 to 0.6.1 (#1028)

  • Bump github.com/alecthomas/participle/v2 (#1026)

  • Bump github.com/alecthomas/participle/v2 from 2.0.0-alpha11 to 2.0.0-beta.2 (#1051)

  • Bump github.com/bufbuild/buf from 1.5.0 to 1.6.0 in /tools (#1053)

  • Bump github.com/fergusstrange/embedded-postgres (#1029)

  • Bump github.com/google/gops from 0.3.23 to 0.3.24 (#1049)

  • Bump github.com/lestrrat-go/jwx/v2 from 2.0.2 to 2.0.3 (#1025)

  • Bump github.com/minio/minio-go/v7 from 7.0.28 to 7.0.29 (#1033)

  • Bump github.com/pterm/pterm from 0.12.41 to 0.12.42 (#1050)

  • Bump github.com/stretchr/testify from 1.7.2 to 1.7.5 (#1052)

  • Bump github.com/vektra/mockery/v2 from 2.12.3 to 2.13.1 in /tools (#1024)

  • Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc (#1027)

  • Bump google.golang.org/protobuf (#1023)

  • Bump helm/kind-action from 1.2.0 to 1.3.0 (#1022)

  • Bump version to 0.19.0

  • Fix confdocs panic when no struct tag is provided (#1020)

  • Fix flaky query plan test by sorting map keys in deterministic order (#1043)

  • Fix flaky update store test (#1045)

  • Ignore OpenTelemetry error message about sampler (#1031)

  • Split tests across multiple runners (#1019)