Cerbos v0.37.0

Highlights

The Cerbos REPL now provides auto-completion for built-in commands and files to make it even easier to use as a development and debugging tool for Cerbos policies.

In addition to variables, the InspectPolicies Admin API response now also includes the derived roles that are referenced in each inspected policy. It also supports restricting the results to one or more policies using their IDs. This enables users to easily target a set of known policies and obtain information about them, which is a common requirement when building custom user interfaces on top of Cerbos.

Kubernetes users can now deploy Cerbos as a DaemonSet using the official Helm chart. Compared to the sidecar model, a DaemonSet deployment would use fewer resources on each node while still providing node-local network connectivity.

The cerbos compile command provides better context information about YAML syntax errors in policies and the cerbosctl inspect command can now produce output in machine-readable formats as well.

Based on user feedback, some Admin API restrictions — such as the limit on number of policies that can be updated in a single AddOrUpdatePolicy request — have been relaxed in this release.

Changelog

Bug Fixes

  • Detect incorrectly indented YAML (#2153)

  • Wildcard action wording (#2178)

  • Work around gRPC-Gateway bug in X-Forwarded-For handling (#2152)

Features

  • Add filtering by policy IDs to InspectPolicies RPC (#2160)

  • Autocomplete for REPL directives, and a small fix for filenames (#2169)

  • List local and imported variables in the policy with InspectPolicies (#2141)

Enhancements

  • Add policy id parameter to inspect command (#2174)

  • Allow deploying as a DaemonSet (#1658)

  • Context for YAML syntax errors (#2151)

  • Ensure git protocol matches the URL (#2163)

  • Formatting options for cerbosctl inspect command (#2179)

  • InspectPolicies lists derived roles in the policy (#2186)

  • Revise API limits (#2161)

Chores

  • Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.1 to 1.6.0 in /tools (#2185)

  • Bump github.com/goreleaser/goreleaser from 1.26.0 to 1.26.1 in /tools (#2154)

  • Bump version to 0.37.0

  • Clear disk space for npm build (#2149)

  • Clear disk space for release workflow (#2145)

  • Increase timeout for npm build stage (#2150)

  • Migrate to Buf configuration v2 (#2180)

  • Redirect old versions with correct status code (#2168)

  • Remove workaround for fixed gRPC-Gateway bug in X-Forwarded-For handling (#2157)

  • Update bufbuild/buf-setup-action action to v1.32.1 (#2164)

  • Update bufbuild/buf-setup-action action to v1.32.2 (#2170)

  • Update bufbuild/buf-setup-action action to v1.33.0 (#2188)

  • Update error message for invalid expression (#2156)

  • Update go deps (#2147)

  • Update go deps (#2165)

  • Update go deps (#2171)

  • Update go deps (#2181)

  • Update go deps (#2187)

  • Update go deps to v2 (major) (#2167)

  • Update golangci/golangci-lint-action action to v6 (#2173)

  • Update node.js deps (#2148)

  • Update node.js deps (#2166)

  • Update node.js deps (#2172)

  • Update node.js deps (#2182)

  • Upgrade to GoReleaser v2 (#2184)