The v0.32 release of Cerbos is packed with new features such as transition to OpenTelemetry, enhanced policy testing, and more.
We have been working closely with users of Cerbos such as Envoy, Blockchain.com, Utility Warehouse, 9fin, and Salesroom on this release. We can’t wait to hear more about what you would like to see in future releases - join our Slack community to join the conversation.
Making the leap to OpenTelemetry
Cerbos fully transitioned from OpenCensus to OpenTelemetry, a move that significantly boosts our metrics and tracing capabilities. This shift allows for more efficient integration with a variety of observability products supporting the OpenTelemetry protocol (OTLP) but also offers the flexibility to use push metrics and fine-tune trace sampling. With this update, configuration through the tracing block in Cerbos files is deprecated in favor of using OpenTelemetry environment variables.
Support for the Jaeger native protocol has been deprecated as well in favour of OTLP, and with the next release it will be removed.
Heads-up for dashboard and alert users
For those who rely on dashboards and metric-based alerts, we recommend a review post-upgrade. Even though we tried to keep all the metric names unchanged, the subtle distinctions between OpenCensus and OpenTelemetry may impact your existing dashboards and metric-based alerts, and we want to ensure your monitoring remains seamless.
Enhancements in policy testing
Introduction of Globals
The policy test framework now includes support for defining the contents of globals per test case or for the whole test suite. Check our docs to learn more about how to use globals.
Verbose enhancements
When you run tests with the --verbose flag, expect to see detailed outputs including expected effects and policy results for successful cases, making your test results more comprehensive and informative.
Now, instead of just seeing the [OK] for successful test cases, you will be able to further understand why are they passing by looking at something like this:
│ └─┬CerHub Organizations Policy Tests
│ ├─┬alice
│ │ ├─┬data_corp
│ │ │ ├─┬access_repositories [OK]
│ │ │ │ └──RESULT: EFFECT_DENY
│ │ │ ├─┬create_project_boards [OK]
│ │ │ │ └──RESULT: EFFECT_ALLOW
Cerbos is now mirrored in Docker Hub
As part of our continuous effort to optimize development workflows, we've mirrored the Cerbos image to Docker Hub. By leveraging Docker Hub's extensive infrastructure, this update ensures smoother and more efficient builds and deployments.
You can find the full release notes for v0.32 on docs.cerbos.dev, and if you have any questions join our Slack community.
Top comments (0)