Cerbos v0.20.0
Highlights
Writing policy tests for policies that have time-based conditions is now easier because the value returned by the now function can be fixed for the entire test suite or individual tests. This also influences the timeSince calculations and gives you the ability to write deterministic tests to ensure that your logic is sound. See the policy testing documentation to learn more.
Examples
now for the entire test suitename: TestSuite
description: Tests for verifying something
options:
now: "2022-08-02T15:00:00Z"
tests:
...now for a single testtests:
- name: With local now
options:
now: "2022-08-03T15:00:00Z"
...The security warnings for default Admin API credentials are now smarter.
An overly strict validation rule that prevented single wildcards from being used for resource names in principal policies has been relaxed.
Changelog
Features
-
Allow policy tests to use deterministic time functions (#1169)
Chores
-
Add 0.19.1 release notes (#1153)
-
Add Go report card and Codecov badges (#1060)
-
Add docs preview (#1128)
-
Add function to run policy tests (#1107)
-
Add metadata field to bundle manifest (#1082)
-
Add schema list field to manifest (#1066)
-
Add template for CheckResources request (#1108)
-
Bump azure/setup-helm from 2.1 to 3.0 (#1061)
-
Bump azure/setup-helm from 3.0 to 3.1 (#1085)
-
Bump azure/setup-helm from 3.1 to 3.3 (#1110)
-
Bump bufbuild/buf-setup-action from 1.6.0 to 1.7.0 (#1109)
-
Bump github.com/alecthomas/participle/v2 from 2.0.0-beta.2 to 2.0.0-beta.4 (#1064)
-
Bump github.com/alecthomas/participle/v2 from 2.0.0-beta.4 to 2.0.0-beta.5 (#1135)
-
Bump github.com/bufbuild/buf from 1.6.0 to 1.7.0 in /tools (#1118)
-
Bump github.com/fullstorydev/grpcurl from 1.8.6 to 1.8.7 in /tools (#1165)
-
Bump github.com/gdamore/tcell/v2 from 2.5.1 to 2.5.2 (#1122)
-
Bump github.com/google/cel-go from 0.12.2 to 0.12.3 (#1084)
-
Bump github.com/google/cel-go from 0.12.3 to 0.12.4 (#1086)
-
Bump github.com/google/gops from 0.3.24 to 0.3.25 (#1080)
-
Bump github.com/goreleaser/goreleaser from 1.10.2 to 1.10.3 in /tools (#1117)
-
Bump github.com/goreleaser/goreleaser from 1.9.2 to 1.10.2 in /tools (#1074)
-
Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.3 to 2.11.0 (#1099)
-
Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.3 to 2.11.0 in /tools (#1102)
-
Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.1 (#1115)
-
Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.1 in /tools (#1116)
-
Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.1 to 2.11.2 (#1134)
-
Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.1 to 2.11.2 in /tools (#1139)
-
Bump github.com/jackc/pgtype from 1.11.0 to 1.12.0 (#1142)
-
Bump github.com/jackc/pgx/v4 from 4.16.1 to 4.17.0 (#1148)
-
Bump github.com/lestrrat-go/jwx/v2 from 2.0.3 to 2.0.4 (#1098)
-
Bump github.com/lestrrat-go/jwx/v2 from 2.0.4 to 2.0.5 (#1162)
-
Bump github.com/mattn/go-isatty from 0.0.14 to 0.0.16 (#1163)
-
Bump github.com/minio/minio-go/v7 from 7.0.29 to 7.0.30 (#1062)
-
Bump github.com/minio/minio-go/v7 from 7.0.30 to 7.0.31 (#1071)
-
Bump github.com/minio/minio-go/v7 from 7.0.31 to 7.0.32 (#1104)
-
Bump github.com/minio/minio-go/v7 from 7.0.32 to 7.0.34 (#1146)
-
Bump github.com/oklog/ulid/v2 from 2.0.2 to 2.1.0 (#1089)
-
Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 (#1141)
-
Bump github.com/pterm/pterm from 0.12.42 to 0.12.44 (#1103)
-
Bump github.com/pterm/pterm from 0.12.44 to 0.12.45 (#1112)
-
Bump github.com/spf13/afero from 1.8.2 to 1.9.0 (#1088)
-
Bump github.com/spf13/afero from 1.9.0 to 1.9.2 (#1101)
-
Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#1063)
-
Bump github.com/tidwall/sjson from 1.2.4 to 1.2.5 (#1143)
-
Bump github.com/vektra/mockery/v2 from 2.13.1 to 2.14.0 in /tools (#1065)
-
Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.32.0 to 0.33.0 (#1078)
-
Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.33.0 to 0.34.0 (#1144)
-
Bump go.opentelemetry.io/contrib/propagators/b3 from 1.7.0 to 1.8.0 (#1075)
-
Bump go.opentelemetry.io/contrib/propagators/b3 from 1.8.0 to 1.9.0 (#1137)
-
Bump go.opentelemetry.io/otel/bridge/opencensus from 0.30.0 to 0.31.0 (#1073)
-
Bump go.opentelemetry.io/otel/exporters/jaeger from 1.7.0 to 1.8.0 (#1070)
-
Bump go.opentelemetry.io/otel/exporters/jaeger from 1.8.0 to 1.9.0 (#1136)
-
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc from 1.7.0 to 1.8.0 (#1079)
-
Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc from 1.8.0 to 1.9.0 (#1138)
-
Bump go.uber.org/zap from 1.21.0 to 1.22.0 (#1160)
-
Bump gocloud.dev from 0.25.0 to 0.26.0 (#1145)
-
Bump golang.org/x/tools from 0.1.11 to 0.1.12 (#1113)
-
Bump golang.org/x/tools from 0.1.11 to 0.1.12 in /hack/tools/testsplit (#1121)
-
Bump google.golang.org/grpc from 1.47.0 to 1.48.0 (#1087)
-
Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 (#1114)
-
Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /hack/tools/protoc-gen-jsonschema (#1120)
-
Bump helm.sh/helm/v3 from 3.9.0 to 3.9.1 (#1090)
-
Bump helm.sh/helm/v3 from 3.9.1 to 3.9.2 (#1097)
-
Bump helm.sh/helm/v3 from 3.9.2 to 3.9.3 (#1161)
-
Bump modernc.org/sqlite from 1.17.3 to 1.18.0 (#1111)
-
Bump modernc.org/sqlite from 1.18.0 to 1.18.1 (#1164)
-
Bump version to 0.20.0
-
Deploy docs previews (#1129)
-
Make PR labels job optional (#1155)
-
Remove docs preview generation (#1158)
-
Replace deprecated CEL options (#1083)
-
Split store interface (#1068)
-
Update E2E setup script (#1150)
-
Update Netlify conf (#1133)
-
Use Go 1.19 in CI (#1127)
-
Use golangci-lint binary distribution (#1067)
-
Use latest otel semconv version (#1149)
-
Use pull request title to apply labels (#1091)