Cerbos v0.25.0
This release contains improvements to the Admin API to make administrative tasks easier and error-free.
Highlights
When using database-backed policy stores, it’s now possible to disable policies by name using cerbosctl or the Admin API. Previously this required re-submitting the whole policy to the Admin API with its disabled field set to true. The new endpoint detects whether disabling a scoped policy would break the scope chain and warns the user about it. That helps prevent users from making changes that leaves the policy store in an invalid state.
The DeleteSchema Admin API endpoint now returns the number of schemas deleted and does not throw an error if none were deleted.
This release includes a bug fix for the situation whereby if a user edited a policy in-place while Cerbos was running and changed its identifiers (kind, name, version), the old policy definition would still be available in the compiled policy cache and can be used for making decisions. Now Cerbos detects when a policy file has changed its identifiers and evicts the old state from the cache.
Changelog
Chores
-
Add licence file for pjbgf/sha1cd (#1418)
-
Bump helm.sh/helm/v3 from 3.11.0 to 3.11.1 (#1450)
-
Bump version to 0.25.0
-
Improve caching (#1446)
-
Revert update of github.com/jackc/pgx/v4 to v5 (#1425)
-
Update bufbuild/buf-setup-action action to v1.12.0 (#1422)
-
Update gcloud auth (#1420)
-
Update github actions deps (#1429)
-
Update go deps (#1416)
-
Update go deps (#1421)
-
Update go deps (#1424)
-
Update go deps (#1428)
-
Update go deps (#1437)
-
Update go deps to v2 (major) (#1417)
-
Update google-github-actions/setup-gcloud action to v1.1.0 (#1438)
-
Update module github.com/jackc/pgx/v4 to v5 (#1425)
-
Update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.39.0 [security] (#1452)
-
Upgrade Otel semconv version (#1444)
-
Use Go 1.20 in CI (#1440)
Other
-
Fix typo in policy metadata field (#1454)