The v0.29 release of Cerbos is packed with new features such as shared variables, support for globals, updates to scopes and more.
We have been working closely with users of Cerbos such as Envoy, Blockchain.com, Utility Warehouse, 9fin, and Salesroom on this release and can’t wait to hear more about what you would like to see in future releases - join our Slack community to join the conversation.
Now it’s possible to share variable definitions between multiple policies using the new ExportVariables policy type. You can define your variables in a dedicated file and import them into any of the other policies to reuse common values and expressions across your policy repo. Read more about how to use them at Variables.
A new globals object is available to policies at runtime to read environment-specific values defined in the configuration file of the Cerbos server. This is useful if you want your policies to consider certain values defined in the execution environment while evaluating the rules. See globals documentation for more information.
When evaluating scoped policies, the default behaviour of Cerbos is to fail if a policy file with the requested scope doesn’t exist. You can now relax this requirement through a configuration setting. When lenient scope search is enabled, if a policy file with the requested scope doesn’t exist in the policy repo, Cerbos will walk up through the scope chain until it finds a defined policy. Note that only leaf scopes can be missing. It’s still an error to have policies missing from the middle of the scope chain. See Scoped Policies for details.
This release also includes updates to the
ListPolicies method on the Admin API to allow filtering and a couple of community contributions to support TLS on the Kafka log sink and improvements to the contents of the logs.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team