We have been working closely with users of Cerbos such as Utility Warehouse, 9fin, Salesroom, Wizeline, and Doorfeed on this release and can’t wait to hear more on what you would like to see in future releases - join our Slack community to join the conversation.
Writing policy tests for policies that have time-based conditions is now easier because the value returned by the
now function can be fixed for the entire test suite or individual tests. This also influences the
timeSince calculations and gives you the ability to write deterministic tests to ensure that your logic is sound. See the policy testing documentation to learn more.
Setting the value of
now for the entire test suite:
name: TestSuite description: Tests for verifying something options: now: "2022-08-02T15:00:00Z" tests: ...
Setting the value of
now for a single test:
tests: - name: With local now options: now: "2022-08-03T15:00:00Z" ...
The security warnings for default Admin API credentials are now smarter.
An overly strict validation rule that prevented single wildcards from being used for resource names in principal policies has been relaxed.
You can find the full release notes here.
One of the tricky problems with decoupled authorization is filtering a list to retain only those items that a particular user has access to as now the conditions are dynamic based on the request.
The PlanResources API allows you to send a principal, action, and resource kind (plus any available attributes) to obtain a tree representation of the minimal set of conditions that must be satisfied for that principal to be allowed to act on that resource kind.
To make working with this API easier, we have released an adapter library for SQLAlchemy that takes a Query Plan (PlanResources API) response and converts it into a query object. This is designed to work alongside a project using the Cerbos Python SDK.
Much like our existing Prisma adapter, the following conditions are supported:
in. Other operators (eg math operators) can be implemented programmatically, and attached to the query object via the
You can find the adapter and example application over on Github.
Our other SDKs will be updated in time to include this also.
Additionally, .NET and PHP code snippets are now generated directly in the playground for you to quickly and simply get up and running with Cerbos.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team