Release - v0.30.0 New release published by github-actions[bot] Cerbos 0.30.0 View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.30.0.html Changelog Features • 304586b feat!: Check variable references at compile time (#1772) • b9228f6 feat(client): Add options for intercepting gRPC operations (#1724) • 24cb3e4 feat: Add cerbosctl command to export policies and schemas from store (#1686) • 9652c90 feat: Audit log rotation support (#1766) Enhancements • 8fd1ac8 enhancement!: Use

.cerbos.yaml

as conventional name for config file (#1755) • 5dce9a9 enhancement(helm): Add ability to set clusterIP (#1707) • 3fbd95e enhancement(helm): Allow an image digest to be provided instead of a tag (#1735) • 1f6ba2c enhancement: Better error messages from compile command (#1750) • e2c7af0 enhancement: Clean-up store resources (#1749) • 4e7d22c enhancement: Compile and run tests from an archive (#1721) • 6582c70 enhancement: Configurable time skew for JWT validation (#1790) • 1130d12 enhancement: Configuration to disable API explorer (#1767) • 4d5d0c5 enhancement: Relax naming conventions for resource kinds, principals and roles (#1762) Bug fixes • 0b7a189 fix(docs): Typo in Calling Cerbos (#1726) • 6b09c62 fix(planner): Lambda body can be a field selection (#1720) • 91a0d48 fix: Evict policies from cache after disable or enable (#1711) • a29a992 fix: Ignore invalid expressions (#1799) • 7bfa52a fix: Normalize Git store subdirectory config to handle leading

./

correctly (#1774) Documentation • c7c5f37 docs(sdk): Update SDK examples (#1731) • 34f6859 docs: Add testdata schema URLs (#1779) • eaaed3d docs: Caveats of sharing a DB with multiple instances (#1743) • a8ad220 docs: Fix typo in 03_calling-cerbos.adoc (#1714) • b606512 docs: Remove deprecated endpoint/rpc (#1734) • 4fbbe36 docs: Stop building docs for older versions (#1716) • a2cf9c9 docs: Update examples for handling expressions beginning with quote (#1739) Chores • 4a690fd chore(ci): Always run

upload-test-times

after

test

(#1756) • 2b7c99b chore(ci): Create PRs for Homebrew formula updates (#1704) • 98de402 chore(ci): Debug logging for server tests (#1791) • 711844a chore(ci): Increase timeout for client tests (#1793) • bc1a4d5 chore(ci): Publish prerelease images tagged by commit hash (#1736) • 5691a1b chore(ci): Split snapshots job (#1796) • 2479397 chore(ci): Switch to Coveralls (#1751) • b3c81ff chore(ci): Upload test coverage from snapshot builds (#1764) • fdf5f2e chore(ci): Use experimental 'loopvar' released with Go 1.21 (#1738) • 3738d7c chore(deps): Bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 in /tools (#1788) • e7aff6e chore(deps): Downgrade pterm to v0.12.66 (#1787) • 81122c6 chore(deps): Update actions/checkout action to v4 (#1795) • 0959bda chore(deps): Update bufbuild/buf-setup-action action to v1.25.0 (#1709) • e4410ce chore(deps): Update bufbuild/buf-setup-action action to v1.25.1 (<https://github.com/cerbos/cerbos/pu… cerbos/cerbos

Woo, nice one! Can I ask for more info on this:

Cerbos now follows the convention of looking for

.cerbos.yaml

as the default configuration file. This is to support the common use case of including the Cerbos configuration within the policy repo itself. If you use

cerbos run

, you may need to rename your configuration file to

.cerbos.yaml

.

Does that mean if there is a config.cerbos.yaml in the policy repo, that it will take that file instead of the configured config.yaml in settings?

No. if you have explicitly set a config file using either the

--config

flag or

CERBOS_CONFIG

environment variable, they will continue to work. We've just defined a convention that in our documentation the config file should be named

.cerbos.yaml

(a hidden file in Unix systems). A lot of people tend to put the config file inside their policy repository and get an error because it's not a valid policy file. This helps avoid that issue. If you're using

cerbos run

you will need to rename

cerbos.yaml

to

.cerbos.yaml

. Otherwise, this change won't affect anything you're currently doing at all.