Simplifying administrative tasks with the Admin API - Cerbos v0.25 Release

The latest release of Cerbos, v0.25, contains improvements to the Admin API to make administrative tasks easier and error-free.

We have been working closely with users of Cerbos such as Blockchain.com, Utility Warehouse, 9fin, Salesroom, and Doorfeed on this release and can’t wait to hear more on what you would like to see in future releases - join our Slack community to join the conversation.

Cerbos v0.25 Release

When using database-backed policy stores, it's now possible to disable policies by name cerbosctl or the Admin API. Previously this required re-submitting the whole policy to the Admin API with its disabled field set to true. The new endpoint detects whether disabling a scoped policy would break the scope chain and warns the user about it. That helps prevent users from making changes that leaves the policy store in an invalid state.

The DeleteSchema Admin API endpoint now returns the number of schemas deleted and does not throw an error if none were deleted.

This release includes a bug fix for the situation whereby if a user edited a policy in-place while Cerbos was running and changed its identifiers (kind, name, version), the old policy definition would still be available in the compiled policy cache and can be used for making decisions. Now Cerbos detects when a policy file has changed its identifiers and evicts the old state from the cache.

You can find the full release notes here and if you have any questions join our Slack community.