Cerbos Cloud support, Kafka sink and improved test outputs - Cerbos v0.26 Release

Published by Alex Olivier on April 16, 2023
image

The latest release of Cerbos - v0.26 - includes support for Cerbos Cloud, a Kafka sink for audit logs and improvements to the tests output.

We have been working closely with users of Cerbos such as Blockchain.com, Utility Warehouse, 9fin, Salesroom, and Doorfeed on this release and can’t wait to hear more on what you would like to see in future releases - join our Slack community to join the conversation.

Cerbos Cloud Support

We introduce the new bundle storage driver that allows you to connect your Cerbos instances to Cerbos Cloud, a cloud-hosted control plane and CI/CD pipeline for easily validating, testing and distributing optimized policy bundles to on-premise Cerbos instances. With Cerbos Cloud, you’re still in full control of your environment and data while delegating the toil of building and maintaining a Git-ops and observability pipeline to the cloud. Head over to https://cerbos.dev/next to learn more and register your interest in the public beta.

Kafka audit log sink

A new audit log sink for Kafka has been contributed by the Cerbos community member @rcrowe. With this new driver, Cerbos audit logs can be written to a Kafka topic and feed into your data processing pipeline for further processing and storage. See Kafka configuration for details. As part of this change, a new metric for monitoring audit publishing errors has been introduced as well.

Policy file archive support

It is now possible to point the disk storage driver to a gzip, zip or tar archive containing Cerbos policies and schemas. This is particularly useful for deploying Cerbos to Kubernetes with your policy archive stored under a key in a ConfigMap or a Secret. See disk driver configuration for details.

Test output improvements

This release includes a breaking change to the way policy test results are reported. Previously the results were grouped by principals but this led to some subtle issues and confusion for users who wanted to separate principals into separate test cases. In this release of Cerbos, the test results are grouped by the name of the test case first.

The Cerbos policy testing framework now supports outputting test results in the JUnit XML format. This enables integrating the Cerbos policy testing process into most of the popular CI and testing tools available in the market. Add --test-output=junit to the cerbos compile command to produce test results in JUnit format.

You can find the full release notes here and if you have any questions join our Slack community.

DOCUMENTATION

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team