-
GhostTunnel has support for certificate reloading and SPIFFE identities. Instead of implementing all of that ourselves, we can tell users to deploy GhostTunnel in front.
https://github.com/ghostunn…
-
Currently the `apiVersion` field is set to `cerbos.dev/v1`. Bearing in mind that the API is not stable yet and that we could potentially have a schema/API registry hosted at the address in the future,…
-
https://github.com/cerbos/cerbos/runs/2213557808?check_suite_focus=true
-
Currently, the set of expressions in the `condition` block is implicitly ANDed together.
E.g.
```yaml
condition:
match:
expr:
- request.resource.attr.dev_record == true
- reque…
-
My config file was formatted badly and the port variable wasn't defined, but the server still started (but didn't listen). Would be better if it exited with an error as it _looked_ like it was working…
-
The `disk` driver does not support reloading policies when they change on disk due to the file watch API being limited to watching individual files. It would be really useful to somehow implement the …
-
It would be nice to include the name of the policy that made the decision on the response.
I don't see a reason why policy names would be secret. You need to know them in order to make a request a…
-
This is an important part in the GitOps workflow. Whenever a policy is added/updated/removed, there should be a way for the users to verify that it matches their criteria of "valid" before it gets com…
-
Sometimes users need to filter a list of things to figure out what they have access to. For example, from a list of 100 documents, which ones do I have access to?
-
https://community.victronenergy.com/questions/68678/cerbo-gx-internal-audible-alarm-not-working.html