Introduction

Cerbos v0.36.0 enhances the efficiency and functionality of policy-driven access controls. This version introduces asynchronous audit logging, refined Kafka backend handling, and new administrative commands, all designed to optimize performance and scalability.

Asynchronous Audit Logging

One of the key enhancements in v0.36.0 is the shift to asynchronous audit logging. This change is designed to reduce the overhead associated with writing large audit log entries, particularly when dealing with slow sinks (files and stdout, for example). This change is beneficial for PDPs handling large batch requests with high volumes of data, where response times could be affected by the additional load of logging activities. By moving logging to the background, Cerbos ensures that response times are not adversely affected.

Kafka Backend Improvements

A community contribution from @rcrowe has strengthened the Kafka backend in Cerbos. The system now defaults to using system CA certificates for TLS connections unless otherwise specified. The update also enhanced error handling that prevent blocking writes during downstream outages.

New Features: cerbosctl commands

• The cerbosctl inspect command is a new addition that provides command-line access to the inspect Admin API, a feature introduced in the previous release. This command allows users to list actions defined in each policy, offering greater visibility into policy configurations. More policy inspection options are planned for future releases.

Command-Line Usage:

$ cerbosctl inspect --policies

• With the `cerbosctl hub epdp list-candidates` command, you can scan the policy folder and get a list of policy IDs and file paths for the policies that will be included in the Embedded PDP bundles. Keep an eye out for an upcoming update to Cerbos Hub for more details on this.

Command-Line Usage: