The latest release of Cerbos, v0.22, includes optimized query plans, improved policy loading and more controls for debugging requests.
We have been working closely with users of Cerbos such as Blockchain.com, Utility Warehouse, 9fin, Salesroom, and Doorfeed on this release and can’t wait to hear more on what you would like to see in future releases - join our Slack community to join the conversation.
The query planner is now smarter and able to produce simpler, optimized plans for some of the commonly seen filter patterns. For example, checking for membership in a single-item list can be converted to a comparison operation and checking for membership in an empty list can be reduced to simply return false. This should help you build better database queries for building lists of resources filtered using access control logic.
There are several more improvements and fixes to the query planner in this release:
Query plan requests are now validated using schemas if they are available. This should help catch invalid requests and schema drifts early.
All the custom CEL functions provided by Cerbos are now supported for query plan generation.
A few more edge cases and bugs found by production users have been addressed
In addition to the query plan improvements, a number of other updates have been made to the development and deployment experience:
The Cerbos engine now coordinates all parallel requests to changed policies while they’re being compiled. This should help reduce latency spikes in busy servers during policy recompilation.
To aid with debugging, if the Cerbos process receives a
USR1 signal, it will now temporarily switch the log level to debug level for 10 minutes.
Validation rules for scopes have been relaxed. Scope components no longer need to be at least two characters long.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team