The latest release of Cerbos, v0.25, contains improvements to the Admin API to make administrative tasks easier and error-free.
We have been working closely with users of Cerbos such as Blockchain.com, Utility Warehouse, 9fin, Salesroom, and Doorfeed on this release and can’t wait to hear more on what you would like to see in future releases - join our Slack community to join the conversation.
When using database-backed policy stores, it's now possible to disable policies by name
cerbosctl or the Admin API. Previously this required re-submitting the whole policy to the Admin API with its
disabled field set to
true. The new endpoint detects whether disabling a scoped policy would break the scope chain and warns the user about it. That helps prevent users from making changes that leaves the policy store in an invalid state.
DeleteSchema Admin API endpoint now returns the number of schemas deleted and does not throw an error if none were deleted.
This release includes a bug fix for the situation whereby if a user edited a policy in-place while Cerbos was running and changed its identifiers (kind, name, version), the old policy definition would still be available in the compiled policy cache and can be used for making decisions. Now Cerbos detects when a policy file has changed its identifiers and evicts the old state from the cache.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team