Cerbos v0.52.0

The latest version of the Semantic Conventions includes breaking changes to span and metric attributes that may affect dashboards.

It is now possible to use file path functions basePath, dirPath, extPath, joinPath, pathHasPrefix, pathMatch, pathMatchAnyOf, relPath and volumeName in CEL expressions.

Adds ability to securely store Cerbos Hub credentials to the operating system key ring. Once logged in, any cerbosctl hub commands will use the saved credentials automatically if no credentials are explicitly provided.

Includes a host of optimizations to the internal data structures used by the Cerbos policy engine that, according to benchmarks, significantly improves the time taken to produce a decision while reducing the CPU and memory resources consumed. More details about these improvements will be published soon.

This fixes a bug where deleting a role policy would not remove its parent role relationships from the index. A subsequent policy update would then rebuild the parent role index from stale state, effectively restoring the deleted role policy’s inheritance rules. For example, if a role policy defined employee as inheriting from user, deleting that role policy and then adding or updating any other policy would cause employee to continue inheriting from user.

Fixes an issue where renaming a policy file causes it to be dropped from the index.