Docs & Resources
We have been working closely with users of Cerbos such as Utility Warehouse, 9fin, Salesroom, Refine, and Doorfeed on this release and can’t wait to hear more on what you would like to see in future releases - join our Slack community to join the conversation.
Cerbos v0.18 has been focused on a number of tooling updates and optimizations.
cerbosctlutility is now available as a container. It makes it easier to provision Cerbos on container orchestration systems using native constructs (for example, init containers on Kubernetes).
request.resource, are expanded to their long-form in the plan output to help make the API response predictable.
filterDebugfield in the query plan response is standardized to use S-expression format to ensure that it is easily verifiable by automated tools.
You can find the full release notes here.
Continuing on from the last release, a new .NET SDK is now available via NuGet and GitHub.
The Cerbos SDKs make calling and interacting with Cerbos a much more streamlined experience and provide native methods for constructing calls out to check authorization in your codebase. As with everything else with Cerbos, they are open-source and can be found on GitHub.
Next up is a PHP SDK which will be released in the coming weeks.
The Node SDK has been re-written from scratch to make use of a common core that is built off the protobuf definitions of the Cerbos API and implements a gRPC and HTTP client which can be used interchangeably depending on your implementation.
This revision includes methods for fetching a query plan via the
PlanResources API as well as the typical authorization check.
The move to use gRPC on the server-side implementation results in a significant performance increase due to the inherently lower overhead of gRPC+protobuf over a more traditional JSON-based HTTP interface.
As this is a breaking change, the new SDK is published under
@cerbos/grpc - documentation can be found on GitHub.
The Cerbos Playground now includes a new mode to view the query plan for a specific principal, resource kind, and action. This mode enables you to see the conditions which need to be met when fetching resources from your data storage to select only the instances that the user is authorized to access. You can find out more about query plans here.
You can find the full release notes here and if you have any questions join our Slack community.
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team