Cerbos v0.15.0

This release is full of new features and enhancements to increase developer productivity while working with Cerbos.

Highlights

Cerbos now ships with a REPL (read-evaluate-print-loop) for developing conditions for policies. It provides an interactive environment where all the Cerbos special variables like request can be set and referenced in CEL expressions to get immediate feedback about the effects of executing those expressions. When developing complex logic, the REPL should help policy authors save a lot of time in the prototyping stage. It’s available as a sub command of the Cerbos executable and can be run from the binary or the container by invoking cerbos repl. See the REPL documentation for more information.

repl

Schemas describing the structure of the Cerbos policies are now publicly available and can be used with editors that support schemas to make the policy editing experience better. Most editors, when configured with the schema URL, can provide context-sensitive hints, validation and other rich editing features for policies. See 0.15.0@policies:authoring_tips.adoc for more information about how to configure your editor.

schema edit

One of the core features of Cerbos is the policy testing framework. This release includes many improvements to the test runner to make the test output easy to consume by both humans and automated tools. The default output produces a summarised view of the test run which is much more compact and easy to read. Failures and other details are rendered in a natural tree structure and the output can be customised in many ways. Engine traces for failed tests are now properly rendered as JSON for consumption by automated tools as well.

test output

The Admin API has a new endpoint to force a reload of some of the disk-based stores such as disk, git and blob. This is useful when policies rarely change and polling the store for updates isn’t necessary. Using the Admin API or the cerbosctl utility, the store can now be manually refreshed to pickup any changes. See Admin API documentation and cerbosctl documentation for details.

The test server provided by the Go SDK can now be configured with all available Cerbos configuration options. This should be particularly useful in integration testing scenarios where the server needs to be configured as close to the actual production server as possible.

Anonymous usage information collection is introduced in this release to help Cerbos developers prioritise new features and improve existing ones. No personal information is ever collected and opting out is easy. See 0.15.0@ROOT:telemetry.adoc for more information about the kind of data collected and how to opt out.

Changelog

Bug Fixes

  • Handle comments at the beginning of YAML files (#803)

  • Validate that test files match schema (#724)

Features

  • Add an API to execute tests from the playground (#775)

  • Add immediate reloading from the store with Admin API (#769)

  • Provide JSON schemas (#727)

  • Publish JSON schemas (#744)

  • REPL for conditions (#799)

Enhancements

  • Add --color flag to cerbos compile (#754)

  • Add protobufs for engine traces and test results (#749)

  • Add telemetry (#743)

  • BREAKING Add tree output functionality to the cerbos compile command (#729)

  • Improve HTTP health check (#771)

  • BREAKING Make the test server fully configurable (#747)

  • Publish JSON schemas for nested messages (#778)

  • Reduce verbosity of test results (#768)

Documentation

  • Add JetBrains and VSCode authoring tips (#801)

  • Add editor configuration docs (#800)

  • Fix photo-share example (#725)

Chores

  • Add buf format (#797)

  • Bump EndBug/add-and-commit from 8.0.2 to 9 (#732)

  • Bump actions/cache from 2 to 3 (#755)

  • Bump bufbuild/buf-setup-action from 1.1.0 to 1.3.0 (#780)

  • Bump contrib.go.opencensus.io/exporter/prometheus (#764)

  • Bump github.com/alecthomas/kong from 0.4.1 to 0.5.0 (#733)

  • Bump github.com/bufbuild/buf from 1.1.0 to 1.3.0 in /tools (#788)

  • Bump github.com/go-cmd/cmd from 1.4.0 to 1.4.1 (#793)

  • Bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 in /tools (#786)

  • Bump github.com/google/cel-go from 0.10.1 to 0.11.2 (#782)

  • Bump github.com/google/cel-go from 0.9.0 to 0.10.1 (#736)

  • Bump github.com/goreleaser/goreleaser in /tools (#738)

  • Bump github.com/goreleaser/goreleaser in /tools (#762)

  • Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.8.0 to 2.9.0 (#757)

  • Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.8.0 to 2.9.0 in /tools (#761)

  • Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.9.0 to 2.10.0 (#783)

  • Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.9.0 to 2.10.0 in /tools (#787)

  • Bump github.com/jwalton/gchalk from 1.2.1 to 1.3.0 (#796)

  • Bump github.com/pterm/pterm from 0.12.38 to 0.12.39 (#763)

  • Bump github.com/spf13/afero from 1.8.1 to 1.8.2 (#739)

  • Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#756)

  • Bump go.opentelemetry.io/otel/bridge/opencensus from 0.27.1 to 0.28.0 (#785)

  • Bump go.opentelemetry.io/otel/exporters/jaeger from 1.4.1 to 1.5.0 (#765)

  • Bump go.opentelemetry.io/otel/exporters/jaeger from 1.5.0 to 1.6.0 (#795)

  • Bump go.opentelemetry.io/otel/sdk from 1.4.1 to 1.5.0 (#758)

  • Bump go.opentelemetry.io/otel/trace from 1.5.0 to 1.6.0 (#784)

  • Bump golang.org/x/tools from 0.1.9 to 0.1.10 (#759)

  • Bump google-github-actions/setup-gcloud from 0.5.1 to 0.6.0 (#731)

  • Bump google.golang.org/grpc from 1.44.0 to 1.45.0 (#734)

  • Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#791)

  • Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 in /tools (#789)

  • Bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 (#735)

  • Bump modernc.org/sqlite from 1.14.8 to 1.15.1 (#740)

  • Bump modernc.org/sqlite from 1.15.1 to 1.15.2 (#760)

  • Bump modernc.org/sqlite from 1.15.2 to 1.15.3 (#781)

  • Bump version to 0.15.0

  • Convert regular expressions to ECMAScript-compatible syntax in JSON schemas (#742)

  • Delete JSON schemas from latest when removed in a release (#779)

  • Disable telemetry in E2E tests (#748)

  • Handle non-deterministic ordering of output directory deletion (#730)

  • Increase playground file limit (#750)

  • Make playground file limit consistent (#772)

  • Only report newly-introduced backwards-compatibility breakage (#777)

  • Remove casts from CEL numeric expressions (#741)

  • Replace CORS handler (#805)

  • Restrict set of JSON schema enums to match validation rule (#767)

  • Set minimum Go version to 1.18 (#802)

  • Tweaks to load test scripts (#728)

  • Upgrade to Go 1.18 on CI (#745)