Since our last update, we have introduced Cerbos Hub Playground engine settings, tailored for those of you who are building more complex policies and want a development experience that mirrors real-world deployments more closely.
We've also been busy expanding our educational resources - we have published a guide on API security best practices, and a demo on implementing authorization in Flask.
In other news, we’ve written a blog on how to implement an asynchronous fetch function in a Remix app, explored practical concerns with regard to stateless architecture, and published the final chapter of our monolith to microservice migration ebook where we look at how’s it possible to achieve effective team collaboration and code ownership.
Product Updates
Cerbos Hub
We have rolled out an update to the Cerbos Hub Playground, which introduces new settings in the Playground’s right-hand sidebar, letting you configure the Cerbos PDP engine used when evaluating policy during development, in a way that reflects your actual environment. You can find full details of these settings in the Cerbos configuration reference.
The changes include the ability to configure the default policy version, ability to enable lenient scope search, and the addition of global variables, which allow you to pass environment-specific information into your policy conditions during evaluation.
In case you missed it, we released v0.40 of Cerbos PDP at the end of last year, in which we introduced a new constants policy type and improved ergonomics for test suites.
Constants policy type, a new way of defining structured, constant values that can be referenced in policy conditions, has been introduced. This is the perfect place to define common data such as quota levels, usage limits and configuration values which can then be interrogated in conditions across other policy types.
This release also includes several enhancements to the policy testing framework to help reduce repetition, increase readability and increase reliability:
Test fixtures now allow creation of groups of principals or resources. These grouped principals or resources can be referenced by their group name in the test cases.
Tests that exercise policies with time-based conditions must define the value of now at the test suite level or at the individual test case level. This ensures that tests are not flaky depending on the time of day the tests are run.
This is the last Cerbos release with support for SQL Server as a policy storage backend. It will be removed in the next release of Cerbos.
You can implement authorization in your application by writing if-statements to check what actions a user can perform. However, this approach will require you to write many such statements, and ties the authorization logic to your application. To streamline your authZ process and avoid unforeseen bugs, you can adopt a central Policy Decision Point (PDP) that all your applications can connect to for authorization checks. In this demo, we go through the implementation of a blog application that integrates with a Cerbos PDP server for authorization checks.
Upcoming Events
For those of you who we met at CyberSec Asia and the Gartner IAM Summit: thank you for stopping by and chatting with us. Your support means a lot!
We’re looking forward to the following conferences in the coming weeks.
KubeCon Europe, London, UK, April 1-4, Booth S632 in the startup section (Psst, ask us for a discount code to get 20% off your registration). And catch Daniel Maher’s talk, Authz as a dev workflow, on April 4.
Experience Cerbos and policy writing via an in-browserPlayground
You are receiving this email because either we have met, chatted, or you've visited our websitecerbos.devand asked us to keep you up-to-date. If you have been forwarded this email, you cansubscribeand receive future updates directly from us. If you prefer not to receive these updates, you can unsubscribe below, but we hope you stay!
.png?upscale=true&width=1200&upscale=true&name=cerbos-newsletter-banner-2024%20(17).png)
