v0.18.0

Cerbos 0.18.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.18.0.html

Changelog

Features

• d0415ae feat: Publish cerbosctl container (#972)

Enhancements

• 491e45b enhancement!: Ignore hidden directories and files (#993)
• 5d990af enhancement!: Log PlanResources calls in audit trail (#960)
• 45e35b3 enhancement!: Normalise query plan filterDebug field (#1003)
• 7ee28ae enhancement: Add store polling metrics (#989)
• 749afe3 enhancement: Allow multiple rules per action in principal policies (#1010)
• bcae1a9 enhancement: Allow setting file mode of UDS (#966)
• 72fda39 enhancement: Cache JWT verification status (#995)
• 34427a8 enhancement: Deduplicate operands to and/or operations (#1012)
• 065aa68 enhancement: Expand aliases in PlanResources output (#963)
• 57a0bc4 enhancement: Optimise NOT conditions in query planner output (#981)
• 138ed79 enhancement: Support auto-propagation for traces (#980)

Bug fixes

• 09c3f73 fix: Apply defaults when loading audit config (#952)
• 570936e fix: Cerbosctl version should fail gracefully (#973)
• df53d29 fix: Combine conditions from principal and resource policies in query plans (#1009)
• d232a9e fix: Handle google.protobuf.Value correctly in OpenAPI schemas (#968)
• c17e34c fix: Ignore test files when updating index from git (#985)
• dfa6701 fix: Respect WithRootDir option in (Index).ListSchemaIDs (#992)

Documentation

• c14a204 docs: Add JavaScript SDK link to README (#990)
• 90283cb docs: Add links to .NET SDK (#1006)
• 1b6049e docs: Add new JavaScript SDK (#986)
• 060d25c docs: Showcase users (#983)
• fc2ef78 docs: Specify what happens when multiple rules match (#1007)
• 2f121ad docs: Update audit examples (#950)

Chores

• b683401 chore(ci): Parallelize generate and test jobs (#994)
• 981ea87 chore(ci): Publish cerbosctl snapshot container (#982)
• 5c15536 chore(deps): Bump bufbuild/buf-setup-action from 1.4.0 to 1.5.0 (#974)
• 5c070a7 chore(deps): Bump github.com/alecthomas/kong from 0.5.0 to 0.6.0 (#1000)
• 10e4894 chore(deps): Bump github.com/alecthomas/participle/v2 (#1002)
• 6f4ef40 chore(deps): Bump github.com/bojand/ghz in /tools (#958)
• 9a3c310 chore(deps): Bump github.com/bufbuild/buf from 1.4.0 to 1.5.0 in /tools (#978)
• fec5e86 chore(deps): Bump github.com/fergusstrange/embedded-postgres (#998)
• 2700533 chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#957)
• 367f8cf chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 (#976)
• 9866441 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 in /tools (#956)
• b8bb22b chore(deps): Bump github.com/lestrrat-go/httprc from 1.0.1 to 1.0.2 (#999)
• 7402f78 chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.26 to 7.0.27 (#955)
• 9ff3457 chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.27 to 7.0.28 (#997)
• 36e7dbb chore(deps): Bump github.com/ory/dockertest/v3 from 3.8.1 to 3.9.1 (#954)
• f175344 chore(deps): Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#977)
• 63ca90f chore(deps): Bump github.com/vektra/mockery/v2 from 2.12.2 to 2.12.3 in /tools (#959)
• c7bcc19 chore(deps): Bump golang.org/x/tools from 0.1.10 to 0.1.11 (#1001)
• e44d7a7 chore(deps): Bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#975)
• 10fad95 chore(release): Add 0.18.0 release notes (#1005)
• 33d6703 chore(release): Prepare release 0.18.0
• 3fa5b03 chore(test): Update Minio config in tests (#965)
• 6ba9dd9 chore(version): Bump version to 0.18.0
• 8a2be23 chore: Update changelog grouping configuration (#996)

v0.17.0

Cerbos 0.17.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.17.0.html

Changelog

Features

• 83afe12 feat: Add file backend for audit logs (#909)

Enhancements

• c09cdcc enhancement: Allow rule match on any role (#920)
• da8ca1d enhancement: Configurable request limits (#945)
• 90614d9 enhancement: Remove limit on number of roles (#946)

Bug fixes

• af4d2b2 fix(ci): Fix confdocs panicking when no comment for a struct provided (#910)
• 6c57cae fix: Return DENY from query plan when no policy or action matches (#918)

Others

• 7ab27b3 chore(ci): Update README of the E2E tests to reflect the change of the helmfile repository (#912)
• 651d13a chore(ci): Update changelog grouping (#889)
• 9f5fc90 chore(deps): Bump amannn/action-semantic-pull-request (#896)
• 79fd3c6 chore(deps): Bump docker/login-action from 1 to 2 (#894)
• 0b84b5f chore(deps): Bump docker/setup-buildx-action from 1 to 2 (#895)
• e1f8b20 chore(deps): Bump docker/setup-qemu-action from 1 to 2 (#893)
• e9d1388 chore(deps): Bump github.com/alecthomas/participle/v2 (#935)
• cce0244 chore(deps): Bump github.com/aws/aws-sdk-go from 1.43.31 to 1.44.4 (#879)
• 63f2036 chore(deps): Bump github.com/aws/aws-sdk-go from 1.43.31 to 1.44.5 (#884)
• 2761b98 chore(deps): Bump github.com/denisenkom/go-mssqldb from 0.12.0 to 0.12.2 (#934)
• 0d9c246 chore(deps): Bump github.com/golang-migrate/migrate/v4 (#881)
• d7883c3 chore(deps): Bump github.com/golangci/golangci-lint in /tools (#929)
• cc8d04e chore(deps): Bump github.com/golangci/golangci-lint in /tools (#939)
• d080cd2 chore(deps): Bump github.com/google/cel-go from 0.11.2 to 0.11.3 (#900)
• 1cf745c chore(deps): Bump github.com/google/cel-go from 0.11.3 to 0.11.4 (#926)
• a924f0e chore(deps): Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#886)
• 2a9b938 chore(deps): Bump github.com/google/gops from 0.3.22 to 0.3.23 (#904)
• 0a4464d chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#940)
• f461fb0 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 (#942)
• 54e4b60 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.0 to 2.10.1 (#933)
• ed13d04 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 in /tools (#938)
• b917d77 chore(deps): Bump github.com/jackc/pgx/v4 from 4.16.0 to 4.16.1 (#901)
• 2cd05f4 chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.23 to 1.2.24 (#899)
• 0818dcf chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.24 to 1.2.25 (#941)
• e9fb9ed chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.24 to 7.0.26 (#898)
• ca2bfb8 chore(deps): Bump github.com/opencontainers/runc from 1.1.0 to 1.1.2 (#948)
• 53de84c chore(deps): Bump github.com/prometheus/client_golang (#927)
• 1db14b4 chore(deps): Bump github.com/vektra/mockery/v2 from 2.12.0 to 2.12.1 in /tools (#883)
• 28c8e0d chore(deps): Bump github.com/vektra/mockery/v2 from 2.12.1 to 2.12.2 in /tools (#903)
• 9d1149f chore(deps): Bump go.opentelemetry.io/otel/bridge/opencensus (#880)
• 71d7705 chore(deps): Bump go.opentelemetry.io/otel/exporters/jaeger (#885)
• 0653dd6 chore(deps): Bump go.opentelemetry.io/otel/sdk from 1.6.3 to 1.7.0 (#878)
• e84d664 chore(deps): Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#925)
• 1a7a0c5 chore(deps): Bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#928)
• 34ed045 chore(deps): Bump goreleaser/goreleaser-action from 2 to 3 (#932)
• 75e33e8 chore(deps): Bump gotest.tools/gotestsum from 1.8.0 to 1.8.1 in /tools (#902)
• d6c01f8 chore(deps): Bump helm.sh/helm/v3 from 3.8.2 to 3.9.0 (#936)
• a4062f0 chore(deps): Bump modernc.org/sqlite from 1.17.0 to 1.17.2 (#897)
• 66189ef chore(deps): Bump modernc.org/sqlite from 1.17.2 to 1.17.3 (#937)
• d3dd2c3 chore(e2e): Add E2E test with tracing enabled (#907)
• 019db0d chore(release): Add 0.17.0 release notes (#949)
• dd92b74 chore(release): Prepare release 0.17.0
• 0fab2a9 chore(test): Update E2E test config for request limit tests (#947)
• 8b72372 chore(version): Bump version to 0.17.0
• db9a403 chore: Add API usage stats to telemetry (#924)
• 412a40d chore: Update Otel semconv version (#905)
• 9051872 chore: Update telemetry schema (#943)
• 90b1e51 docs: Add MacOS command variant for password generation (#891)
• bc94e17 docs: Add glossary (#888)
• 15e6c63 docs: Add links to demos (#914)
• 4e8fdc7 docs: Add new SDK links to README and docs (#919)
• d28f1f0 docs: Document limits on resources and actions (#930)

v0.16.0

Cerbos 0.16.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.16.0.html

Changelog

Others

• 222fbe6 chore(ci): Use the same format for GCS buckets (#806)
• 7b9041c chore(deps): Bump actions/setup-go from 2 to 3 (#829)
• ec9574b chore(deps): Bump amannn/action-semantic-pull-request (#844)
• 6635f39 chore(deps): Bump amannn/action-semantic-pull-request (#860)
• b7cf353 chore(deps): Bump azure/setup-helm from 2.0 to 2.1 (#843)
• 366dac2 chore(deps): Bump bufbuild/buf-setup-action from 1.3.0 to 1.3.1 (#808)
• 48048a7 chore(deps): Bump bufbuild/buf-setup-action from 1.3.1 to 1.4.0 (#861)
• e954513 chore(deps): Bump codecov/codecov-action from 2 to 3 (#830)
• 8d685a8 chore(deps): Bump github.com/alecthomas/participle/v2 (#834)
• e09e302 chore(deps): Bump github.com/bojand/ghz in /tools (#837)
• bb5b208 chore(deps): Bump github.com/bufbuild/buf from 1.3.0 to 1.3.1 in /tools (#815)
• 7cbf2bd chore(deps): Bump github.com/bufbuild/buf from 1.3.1 to 1.4.0 in /tools (#868)
• 4bb1659 chore(deps): Bump github.com/gdamore/tcell/v2 from 2.4.0 to 2.5.0 (#817)
• a6a8413 chore(deps): Bump github.com/gdamore/tcell/v2 from 2.5.0 to 2.5.1 (#848)
• 46d1f97 chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#851)
• e223783 chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#867)
• 4f730e2 chore(deps): Bump github.com/jackc/pgx/v4 from 4.15.0 to 4.16.0 (#862)
• 21f7c58 chore(deps): Bump github.com/jmoiron/sqlx from 1.3.4 to 1.3.5 (#854)
• 8480dbd chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.20 to 1.2.21 (#811)
• e675539 chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.21 to 1.2.22 (#831)
• 46563a8 chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.22 to 1.2.23 (#849)
• 46128dc chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.23 to 7.0.24 (#847)
• 4319f20 chore(deps): Bump github.com/planetscale/vtprotobuf from 0.2.0 to 0.3.0 in /tools (#850)
• a53d494 chore(deps): Bump github.com/pterm/pterm from 0.12.39 to 0.12.40 (#818)
• 2961f3a chore(deps): Bump github.com/pterm/pterm from 0.12.40 to 0.12.41 (#845)
• 8434c10 chore(deps): Bump github.com/tidwall/gjson from 1.14.0 to 1.14.1 (#864)
• 7f88353 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.0 to 2.10.2 in /tools (#814)
• d0fc7c4 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.2 to 2.10.4 in /tools (#838)
• 9c5be84 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.4 to 2.10.6 in /tools (#852)
• b686dd7 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.6 to 2.12.0 in /tools (#869)
• 7c9e271 chore(deps): Bump go.opentelemetry.io/otel from 1.6.1 to 1.6.3 (#833)
• ed79204 chore(deps): Bump go.opentelemetry.io/otel/bridge/opencensus (#855)
• cc94c3e chore(deps): Bump go.opentelemetry.io/otel/exporters/jaeger (#810)
• da99d65 chore(deps): Bump go.opentelemetry.io/otel/exporters/jaeger (#839)
• 4a9038c chore(deps): Bump go.opentelemetry.io/otel/sdk from 1.6.0 to 1.6.1 (#809)
• 5c36e86 chore(deps): Bump go.uber.org/automaxprocs from 1.4.0 to 1.5.1 (#832)
• 9fbfd07 chore(deps): Bump gocloud.dev from 0.24.0 to 0.25.0 (#816)
• 555316a chore(deps): Bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#865)
• 24dde69 chore(deps): Bump gotest.tools/gotestsum from 1.7.0 to 1.8.0 in /tools (#836)
• 7f08949 chore(deps): Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 (#846)
• 4d2398a chore(deps): Bump modernc.org/sqlite from 1.15.3 to 1.15.4 (#813)
• fd54ada chore(deps): Bump modernc.org/sqlite from 1.15.4 to 1.16.0 (#835)
• 23efda6 chore(deps): Bump modernc.org/sqlite from 1.16.0 to 1.17.0 (#863)
• fcd4a96 chore(release): Add 0.15.1 release notes (#825)
• 7f7c06a chore(release): Add 0.16.0 release notes (#876)
• 709eb23 chore(release): Prepare release 0.16.0
• c87b554 chore(version): Bump version to 0.16.0
• 811bb34 chore: Add CheckResources API to Playground (#821)
• 7a8dd68 chore: Group changelog items (#826)
• 558db56 chore: Make playground test API response match validate and evaluate (#857)
• 6947db3 chore: Rename interface{} to any and use Go build info (#807)
• 9e7b3c8 docs: Add links to new SDKs (#877)
• 0a1f196 docs: Document Jaeger trace format (#871)
• a9f36d3 docs: Fix ID attribute in testing docs (#822)
• 2985ba1 enhancement: Add trace for denial due to no matching policies (#858)
• 112b614 enhancement: Auto-detect end of input in REPL (#859)
• 573f51c enhancement: Execute policy conditions in the CEL REPL (#820)
• cbeb83d enhancement: Policy variables in the REPL (#853)
• faec1ef feat!: Promote PlanResources API to stable (#872)
• 70e9a8a feat: Simplify QueryPlanner AST for CEL comprehensions (#870)
• 3d17855 feat: Unified check API (#819)
• ac53b5d fix: Use the branch name in git pull (#823)
• 699187f test: Add the query planner tests (#873)

v0.15.1

Cerbos 0.15.1

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.15.1.html

Changelog

• f5959be fix(backport): Fixes to include in v0.15.1 (#822 and #823) (#824)

v0.15.0

Cerbos 0.15.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.15.0.html

Changelog

• 4831df5 enhancement!: Add tree output functionality to the cerbos compile command (#729)
• 2f79a98 enhancement!: Make the test server fully configurable (#747)
• bd06a88 enhancement: Add --color flag to cerbos compile (#754)
• c67970d enhancement: Add protobufs for engine traces and test results (#749)
• 4b7d9d6 enhancement: Add telemetry (#743)
• a9e6978 enhancement: Improve HTTP health check (#771)
• ce2850c enhancement: Publish JSON schemas for nested messages (#778)
• af13103 enhancement: Reduce verbosity of test results (#768)
• b33c1b4 feat: Add an API to execute tests from the playground (#775)
• 4b3ac79 feat: Add immediate reloading from the store with Admin API (#769)
• f2b069e feat: Provide JSON schemas (#727)
• 37e1bf7 feat: Publish JSON schemas (#744)
• 519bdea feat: REPL for conditions (#799)
• 976e819 fix: Handle comments at the beginning of YAML files (#803)
• 079c499 fix: Validate that test files match schema (#724)

v0.14.0

Cerbos 0.14.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.14.0.html

Changelog

• d12c30b enhancement: Add cache metrics (#706)
• 8fbbd17 enhancement: Add index entry count metric (#677)
• 1c42af1 enhancement: Allow compile and schema cache sizes to be configured (#700)
• 90f324a enhancement: Allow policies to be empty (#694)
• 21d2fb2 enhancement: Do not ignore invalid test suites (#686)
• 317ccd7 enhancement: Include type of unexpected result in error message (#693)
• 40a9cc3 enhancement: Use camel case for custom functions (#672)
• c4eea85 feat!: Add matrix tests (#701)
• c7d3bc9 feat: Add now function that returns the current timestamp (#670)
• 726eaa7 feat: Add healthcheck command (#692)
• 8ad06a6 feat: Introduce cerbosctl put (#676)
• 42feb6a fix: Configure GoReleaser to generate Homebrew formula in tap's Formula subdirectory (#685)
• 22299b6 fix: Require at least one action in every rule (#690)

v0.13.0

Cerbos 0.13.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.13.0.html

Changelog

• 353dce0 enhancement: Add query plan API to Playground (#607)
• caa481d enhancement: Allow aux_data to be accessed as auxData (#623)
• f1e105f feat: Add --sort-by flag to cerbosctl get subcommands (#606)
• 61473e3 feat: Add SQL Server support (#575)
• bb28265 feat: Add cerbos run command (#625)
• 3ab7035 feat: Scoped policies (#660)
• b6b7bb8 fix: Dangling quotes in helmfiles (#576)
• 45aac7f fix: cerbosctl get subcommands retrieve unmatching policy types (#594)

v0.12.0

Cerbos 0.12.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.12.0.html

Changelog

• 75ee7df Fix list policies endpoint returning error message (#509)
• f8aadf6 enhancement(refactor)!: Refactor policy Admin API endpoints (#516)
• 350028f enhancement: Add auxData and traces to tests (#508)
• 69851b0 enhancement: Add query planner filter kind (#558)
• b28550d enhancement: Simplify query plan logical operation expressions with a single operand (#561)
• 77e6a5c enhancement: Strict JSON request parsing (#537)
• e2cf505 enhancement: Switch from Distroless to scratch (#531)
• 86985bc feat!: Query planner to accept known resource attributes (#540)
• 1e2e229 feat!: Replace cerbosctl list with cerbosctl get (#536)
• b26032b feat: Enable switching off schema validation for certain actions (#562)
• add7fdb feat: Query planner returns detailed error (#555)
• 2d669aa feat: Resources query planner (#505)
• 3058315 fix: Detect file with multiple policies (#522)

v0.11.0

Cerbos 0.11.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.11.0.html

Changelog

• 34a7a85 enhancement: Add schema support to playground (#496)
• d15415b enhancement: Log the number of policies found on startup (#488)
• 9181c40 feat: Attribute validation using JSON schemas (#485)
• 4b9bca4 feat: Support for OpenTelemetry traces (#443)
• 9291efd fix: Make auxData optional in the OpenAPI example (#476)

Docker images

• docker pull ghcr.io/cerbos/cerbos:0.11.0
• docker pull ghcr.io/cerbos/cerbos:dev

v0.10.0

Cerbos 0.10.0

View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.10.0.html

Changelog

3e16923 Fix passwordHash in full configuration doc (#434)
58a2979 enhancement: Better errors when disabled services are accessed (#420)
2a1c2ff enhancement: Provide issue submission link for panics at cerbosctl (#283)
13730c3 feat: Homebrew formula (#428)
4a518a0 feat: Linux packages (#424)
0e218e1 fix: Updates URL to download Cerbos binaries (#422)

Docker images

• docker pull ghcr.io/cerbos/cerbos:0.10.0
• docker pull cerbos.jfrog.io/containers/cerbos:0.10.0
• docker pull ghcr.io/cerbos/cerbos:dev