Releases: cerbos/cerbos
v0.18.0
Cerbos 0.18.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.18.0.html
Changelog
Features
Enhancements
- 491e45b enhancement!: Ignore hidden directories and files (#993)
- 5d990af enhancement!: Log PlanResources calls in audit trail (#960)
- 45e35b3 enhancement!: Normalise query plan filterDebug field (#1003)
- 7ee28ae enhancement: Add store polling metrics (#989)
- 749afe3 enhancement: Allow multiple rules per action in principal policies (#1010)
- bcae1a9 enhancement: Allow setting file mode of UDS (#966)
- 72fda39 enhancement: Cache JWT verification status (#995)
- 34427a8 enhancement: Deduplicate operands to and/or operations (#1012)
- 065aa68 enhancement: Expand aliases in PlanResources output (#963)
- 57a0bc4 enhancement: Optimise NOT conditions in query planner output (#981)
- 138ed79 enhancement: Support auto-propagation for traces (#980)
Bug fixes
- 09c3f73 fix: Apply defaults when loading audit config (#952)
- 570936e fix: Cerbosctl version should fail gracefully (#973)
- df53d29 fix: Combine conditions from principal and resource policies in query plans (#1009)
- d232a9e fix: Handle
google.protobuf.Value
correctly in OpenAPI schemas (#968) - c17e34c fix: Ignore test files when updating index from git (#985)
- dfa6701 fix: Respect
WithRootDir
option in(Index).ListSchemaIDs
(#992)
Documentation
- c14a204 docs: Add JavaScript SDK link to README (#990)
- 90283cb docs: Add links to .NET SDK (#1006)
- 1b6049e docs: Add new JavaScript SDK (#986)
- 060d25c docs: Showcase users (#983)
- fc2ef78 docs: Specify what happens when multiple rules match (#1007)
- 2f121ad docs: Update audit examples (#950)
Chores
- b683401 chore(ci): Parallelize generate and test jobs (#994)
- 981ea87 chore(ci): Publish cerbosctl snapshot container (#982)
- 5c15536 chore(deps): Bump bufbuild/buf-setup-action from 1.4.0 to 1.5.0 (#974)
- 5c070a7 chore(deps): Bump github.com/alecthomas/kong from 0.5.0 to 0.6.0 (#1000)
- 10e4894 chore(deps): Bump github.com/alecthomas/participle/v2 (#1002)
- 6f4ef40 chore(deps): Bump github.com/bojand/ghz in /tools (#958)
- 9a3c310 chore(deps): Bump github.com/bufbuild/buf from 1.4.0 to 1.5.0 in /tools (#978)
- fec5e86 chore(deps): Bump github.com/fergusstrange/embedded-postgres (#998)
- 2700533 chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#957)
- 367f8cf chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 (#976)
- 9866441 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 in /tools (#956)
- b8bb22b chore(deps): Bump github.com/lestrrat-go/httprc from 1.0.1 to 1.0.2 (#999)
- 7402f78 chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.26 to 7.0.27 (#955)
- 9ff3457 chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.27 to 7.0.28 (#997)
- 36e7dbb chore(deps): Bump github.com/ory/dockertest/v3 from 3.8.1 to 3.9.1 (#954)
- f175344 chore(deps): Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#977)
- 63ca90f chore(deps): Bump github.com/vektra/mockery/v2 from 2.12.2 to 2.12.3 in /tools (#959)
- c7bcc19 chore(deps): Bump golang.org/x/tools from 0.1.10 to 0.1.11 (#1001)
- e44d7a7 chore(deps): Bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#975)
- 10fad95 chore(release): Add 0.18.0 release notes (#1005)
- 33d6703 chore(release): Prepare release 0.18.0
- 3fa5b03 chore(test): Update Minio config in tests (#965)
- 6ba9dd9 chore(version): Bump version to 0.18.0
- 8a2be23 chore: Update changelog grouping configuration (#996)
v0.17.0
Cerbos 0.17.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.17.0.html
Changelog
Features
Enhancements
- c09cdcc enhancement: Allow rule match on any role (#920)
- da8ca1d enhancement: Configurable request limits (#945)
- 90614d9 enhancement: Remove limit on number of roles (#946)
Bug fixes
- af4d2b2 fix(ci): Fix confdocs panicking when no comment for a struct provided (#910)
- 6c57cae fix: Return DENY from query plan when no policy or action matches (#918)
Others
- 7ab27b3 chore(ci): Update README of the E2E tests to reflect the change of the helmfile repository (#912)
- 651d13a chore(ci): Update changelog grouping (#889)
- 9f5fc90 chore(deps): Bump amannn/action-semantic-pull-request (#896)
- 79fd3c6 chore(deps): Bump docker/login-action from 1 to 2 (#894)
- 0b84b5f chore(deps): Bump docker/setup-buildx-action from 1 to 2 (#895)
- e1f8b20 chore(deps): Bump docker/setup-qemu-action from 1 to 2 (#893)
- e9d1388 chore(deps): Bump github.com/alecthomas/participle/v2 (#935)
- cce0244 chore(deps): Bump github.com/aws/aws-sdk-go from 1.43.31 to 1.44.4 (#879)
- 63f2036 chore(deps): Bump github.com/aws/aws-sdk-go from 1.43.31 to 1.44.5 (#884)
- 2761b98 chore(deps): Bump github.com/denisenkom/go-mssqldb from 0.12.0 to 0.12.2 (#934)
- 0d9c246 chore(deps): Bump github.com/golang-migrate/migrate/v4 (#881)
- d7883c3 chore(deps): Bump github.com/golangci/golangci-lint in /tools (#929)
- cc8d04e chore(deps): Bump github.com/golangci/golangci-lint in /tools (#939)
- d080cd2 chore(deps): Bump github.com/google/cel-go from 0.11.2 to 0.11.3 (#900)
- 1cf745c chore(deps): Bump github.com/google/cel-go from 0.11.3 to 0.11.4 (#926)
- a924f0e chore(deps): Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#886)
- 2a9b938 chore(deps): Bump github.com/google/gops from 0.3.22 to 0.3.23 (#904)
- 0a4464d chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#940)
- f461fb0 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 (#942)
- 54e4b60 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.0 to 2.10.1 (#933)
- ed13d04 chore(deps): Bump github.com/grpc-ecosystem/grpc-gateway/v2 in /tools (#938)
- b917d77 chore(deps): Bump github.com/jackc/pgx/v4 from 4.16.0 to 4.16.1 (#901)
- 2cd05f4 chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.23 to 1.2.24 (#899)
- 0818dcf chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.24 to 1.2.25 (#941)
- e9fb9ed chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.24 to 7.0.26 (#898)
- ca2bfb8 chore(deps): Bump github.com/opencontainers/runc from 1.1.0 to 1.1.2 (#948)
- 53de84c chore(deps): Bump github.com/prometheus/client_golang (#927)
- 1db14b4 chore(deps): Bump github.com/vektra/mockery/v2 from 2.12.0 to 2.12.1 in /tools (#883)
- 28c8e0d chore(deps): Bump github.com/vektra/mockery/v2 from 2.12.1 to 2.12.2 in /tools (#903)
- 9d1149f chore(deps): Bump go.opentelemetry.io/otel/bridge/opencensus (#880)
- 71d7705 chore(deps): Bump go.opentelemetry.io/otel/exporters/jaeger (#885)
- 0653dd6 chore(deps): Bump go.opentelemetry.io/otel/sdk from 1.6.3 to 1.7.0 (#878)
- e84d664 chore(deps): Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#925)
- 1a7a0c5 chore(deps): Bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#928)
- 34ed045 chore(deps): Bump goreleaser/goreleaser-action from 2 to 3 (#932)
- 75e33e8 chore(deps): Bump gotest.tools/gotestsum from 1.8.0 to 1.8.1 in /tools (#902)
- d6c01f8 chore(deps): Bump helm.sh/helm/v3 from 3.8.2 to 3.9.0 (#936)
- a4062f0 chore(deps): Bump modernc.org/sqlite from 1.17.0 to 1.17.2 (#897)
- 66189ef chore(deps): Bump modernc.org/sqlite from 1.17.2 to 1.17.3 (#937)
- d3dd2c3 chore(e2e): Add E2E test with tracing enabled (#907)
- 019db0d chore(release): Add 0.17.0 release notes (#949)
- dd92b74 chore(release): Prepare release 0.17.0
- 0fab2a9 chore(test): Update E2E test config for request limit tests (#947)
- 8b72372 chore(version): Bump version to 0.17.0
- db9a403 chore: Add API usage stats to telemetry (#924)
- 412a40d chore: Update Otel semconv version (#905)
- 9051872 chore: Update telemetry schema (#943)
- 90b1e51 docs: Add MacOS command variant for password generation (#891)
- bc94e17 docs: Add glossary (#888)
- 15e6c63 docs: Add links to demos (#914)
- 4e8fdc7 docs: Add new SDK links to README and docs (#919)
- d28f1f0 docs: Document limits on
resources
andactions
(#930)
v0.16.0
Cerbos 0.16.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.16.0.html
Changelog
Others
- 222fbe6 chore(ci): Use the same format for GCS buckets (#806)
- 7b9041c chore(deps): Bump actions/setup-go from 2 to 3 (#829)
- ec9574b chore(deps): Bump amannn/action-semantic-pull-request (#844)
- 6635f39 chore(deps): Bump amannn/action-semantic-pull-request (#860)
- b7cf353 chore(deps): Bump azure/setup-helm from 2.0 to 2.1 (#843)
- 366dac2 chore(deps): Bump bufbuild/buf-setup-action from 1.3.0 to 1.3.1 (#808)
- 48048a7 chore(deps): Bump bufbuild/buf-setup-action from 1.3.1 to 1.4.0 (#861)
- e954513 chore(deps): Bump codecov/codecov-action from 2 to 3 (#830)
- 8d685a8 chore(deps): Bump github.com/alecthomas/participle/v2 (#834)
- e09e302 chore(deps): Bump github.com/bojand/ghz in /tools (#837)
- bb5b208 chore(deps): Bump github.com/bufbuild/buf from 1.3.0 to 1.3.1 in /tools (#815)
- 7cbf2bd chore(deps): Bump github.com/bufbuild/buf from 1.3.1 to 1.4.0 in /tools (#868)
- 4bb1659 chore(deps): Bump github.com/gdamore/tcell/v2 from 2.4.0 to 2.5.0 (#817)
- a6a8413 chore(deps): Bump github.com/gdamore/tcell/v2 from 2.5.0 to 2.5.1 (#848)
- 46d1f97 chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#851)
- e223783 chore(deps): Bump github.com/goreleaser/goreleaser in /tools (#867)
- 4f730e2 chore(deps): Bump github.com/jackc/pgx/v4 from 4.15.0 to 4.16.0 (#862)
- 21f7c58 chore(deps): Bump github.com/jmoiron/sqlx from 1.3.4 to 1.3.5 (#854)
- 8480dbd chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.20 to 1.2.21 (#811)
- e675539 chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.21 to 1.2.22 (#831)
- 46563a8 chore(deps): Bump github.com/lestrrat-go/jwx from 1.2.22 to 1.2.23 (#849)
- 46128dc chore(deps): Bump github.com/minio/minio-go/v7 from 7.0.23 to 7.0.24 (#847)
- 4319f20 chore(deps): Bump github.com/planetscale/vtprotobuf from 0.2.0 to 0.3.0 in /tools (#850)
- a53d494 chore(deps): Bump github.com/pterm/pterm from 0.12.39 to 0.12.40 (#818)
- 2961f3a chore(deps): Bump github.com/pterm/pterm from 0.12.40 to 0.12.41 (#845)
- 8434c10 chore(deps): Bump github.com/tidwall/gjson from 1.14.0 to 1.14.1 (#864)
- 7f88353 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.0 to 2.10.2 in /tools (#814)
- d0fc7c4 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.2 to 2.10.4 in /tools (#838)
- 9c5be84 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.4 to 2.10.6 in /tools (#852)
- b686dd7 chore(deps): Bump github.com/vektra/mockery/v2 from 2.10.6 to 2.12.0 in /tools (#869)
- 7c9e271 chore(deps): Bump go.opentelemetry.io/otel from 1.6.1 to 1.6.3 (#833)
- ed79204 chore(deps): Bump go.opentelemetry.io/otel/bridge/opencensus (#855)
- cc94c3e chore(deps): Bump go.opentelemetry.io/otel/exporters/jaeger (#810)
- da99d65 chore(deps): Bump go.opentelemetry.io/otel/exporters/jaeger (#839)
- 4a9038c chore(deps): Bump go.opentelemetry.io/otel/sdk from 1.6.0 to 1.6.1 (#809)
- 5c36e86 chore(deps): Bump go.uber.org/automaxprocs from 1.4.0 to 1.5.1 (#832)
- 9fbfd07 chore(deps): Bump gocloud.dev from 0.24.0 to 0.25.0 (#816)
- 555316a chore(deps): Bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#865)
- 24dde69 chore(deps): Bump gotest.tools/gotestsum from 1.7.0 to 1.8.0 in /tools (#836)
- 7f08949 chore(deps): Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 (#846)
- 4d2398a chore(deps): Bump modernc.org/sqlite from 1.15.3 to 1.15.4 (#813)
- fd54ada chore(deps): Bump modernc.org/sqlite from 1.15.4 to 1.16.0 (#835)
- 23efda6 chore(deps): Bump modernc.org/sqlite from 1.16.0 to 1.17.0 (#863)
- fcd4a96 chore(release): Add 0.15.1 release notes (#825)
- 7f7c06a chore(release): Add 0.16.0 release notes (#876)
- 709eb23 chore(release): Prepare release 0.16.0
- c87b554 chore(version): Bump version to 0.16.0
- 811bb34 chore: Add CheckResources API to Playground (#821)
- 7a8dd68 chore: Group changelog items (#826)
- 558db56 chore: Make playground test API response match validate and evaluate (#857)
- 6947db3 chore: Rename interface{} to any and use Go build info (#807)
- 9e7b3c8 docs: Add links to new SDKs (#877)
- 0a1f196 docs: Document Jaeger trace format (#871)
- a9f36d3 docs: Fix ID attribute in testing docs (#822)
- 2985ba1 enhancement: Add trace for denial due to no matching policies (#858)
- 112b614 enhancement: Auto-detect end of input in REPL (#859)
- 573f51c enhancement: Execute policy conditions in the CEL REPL (#820)
- cbeb83d enhancement: Policy variables in the REPL (#853)
- faec1ef feat!: Promote PlanResources API to stable (#872)
- 70e9a8a feat: Simplify QueryPlanner AST for CEL comprehensions (#870)
- 3d17855 feat: Unified check API (#819)
- ac53b5d fix: Use the branch name in git pull (#823)
- 699187f test: Add the query planner tests (#873)
v0.15.1
v0.15.0
Cerbos 0.15.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.15.0.html
Changelog
- 4831df5 enhancement!: Add tree output functionality to the
cerbos compile
command (#729) - 2f79a98 enhancement!: Make the test server fully configurable (#747)
- bd06a88 enhancement: Add
--color
flag tocerbos compile
(#754) - c67970d enhancement: Add protobufs for engine traces and test results (#749)
- 4b7d9d6 enhancement: Add telemetry (#743)
- a9e6978 enhancement: Improve HTTP health check (#771)
- ce2850c enhancement: Publish JSON schemas for nested messages (#778)
- af13103 enhancement: Reduce verbosity of test results (#768)
- b33c1b4 feat: Add an API to execute tests from the playground (#775)
- 4b3ac79 feat: Add immediate reloading from the store with Admin API (#769)
- f2b069e feat: Provide JSON schemas (#727)
- 37e1bf7 feat: Publish JSON schemas (#744)
- 519bdea feat: REPL for conditions (#799)
- 976e819 fix: Handle comments at the beginning of YAML files (#803)
- 079c499 fix: Validate that test files match schema (#724)
v0.14.0
Cerbos 0.14.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.14.0.html
Changelog
- d12c30b enhancement: Add cache metrics (#706)
- 8fbbd17 enhancement: Add index entry count metric (#677)
- 1c42af1 enhancement: Allow compile and schema cache sizes to be configured (#700)
- 90f324a enhancement: Allow policies to be empty (#694)
- 21d2fb2 enhancement: Do not ignore invalid test suites (#686)
- 317ccd7 enhancement: Include type of unexpected result in error message (#693)
- 40a9cc3 enhancement: Use camel case for custom functions (#672)
- c4eea85 feat!: Add matrix tests (#701)
- c7d3bc9 feat: Add
now
function that returns the current timestamp (#670) - 726eaa7 feat: Add healthcheck command (#692)
- 8ad06a6 feat: Introduce
cerbosctl put
(#676) - 42feb6a fix: Configure GoReleaser to generate Homebrew formula in tap's
Formula
subdirectory (#685) - 22299b6 fix: Require at least one action in every rule (#690)
v0.13.0
Cerbos 0.13.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.13.0.html
Changelog
- 353dce0 enhancement: Add query plan API to Playground (#607)
- caa481d enhancement: Allow aux_data to be accessed as auxData (#623)
- f1e105f feat: Add --sort-by flag to cerbosctl get subcommands (#606)
- 61473e3 feat: Add SQL Server support (#575)
- bb28265 feat: Add cerbos run command (#625)
- 3ab7035 feat: Scoped policies (#660)
- b6b7bb8 fix: Dangling quotes in helmfiles (#576)
- 45aac7f fix: cerbosctl get subcommands retrieve unmatching policy types (#594)
v0.12.0
Cerbos 0.12.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.12.0.html
Changelog
- 75ee7df Fix list policies endpoint returning error message (#509)
- f8aadf6 enhancement(refactor)!: Refactor policy Admin API endpoints (#516)
- 350028f enhancement: Add auxData and traces to tests (#508)
- 69851b0 enhancement: Add query planner filter kind (#558)
- b28550d enhancement: Simplify query plan logical operation expressions with a single operand (#561)
- 77e6a5c enhancement: Strict JSON request parsing (#537)
- e2cf505 enhancement: Switch from Distroless to scratch (#531)
- 86985bc feat!: Query planner to accept known resource attributes (#540)
- 1e2e229 feat!: Replace cerbosctl list with cerbosctl get (#536)
- b26032b feat: Enable switching off schema validation for certain actions (#562)
- add7fdb feat: Query planner returns detailed error (#555)
- 2d669aa feat: Resources query planner (#505)
- 3058315 fix: Detect file with multiple policies (#522)
v0.11.0
Cerbos 0.11.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.11.0.html
Changelog
- 34a7a85 enhancement: Add schema support to playground (#496)
- d15415b enhancement: Log the number of policies found on startup (#488)
- 9181c40 feat: Attribute validation using JSON schemas (#485)
- 4b9bca4 feat: Support for OpenTelemetry traces (#443)
- 9291efd fix: Make auxData optional in the OpenAPI example (#476)
Docker images
docker pull ghcr.io/cerbos/cerbos:0.11.0
docker pull ghcr.io/cerbos/cerbos:dev
v0.10.0
Cerbos 0.10.0
View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.10.0.html
Changelog
3e16923 Fix passwordHash in full configuration doc (#434)
58a2979 enhancement: Better errors when disabled services are accessed (#420)
2a1c2ff enhancement: Provide issue submission link for panics at cerbosctl (#283)
13730c3 feat: Homebrew formula (#428)
4a518a0 feat: Linux packages (#424)
0e218e1 fix: Updates URL to download Cerbos binaries (#422)
Docker images
docker pull ghcr.io/cerbos/cerbos:0.10.0
docker pull cerbos.jfrog.io/containers/cerbos:0.10.0
docker pull ghcr.io/cerbos/cerbos:dev