Peter Garner
02/16/2024, 4:57 PMPeter Garner
02/16/2024, 4:58 PMPeter Garner
02/16/2024, 4:58 PMPeter Garner
02/16/2024, 4:58 PMPeter Garner
02/16/2024, 4:59 PMPeter Garner
02/16/2024, 5:01 PMPeter Garner
02/16/2024, 5:01 PMPeter Garner
02/16/2024, 5:01 PMMadhu Jahagirdar
02/18/2024, 7:18 AMRoman Levytskyi
02/19/2024, 1:49 PMSai Kumar Gade
02/22/2024, 8:47 AMUncaught SyntaxError /node_modules/@cerbos/embedded/lib/client.js:40
this.server = server(instantiate(source, options), options.decodeJWTPayload ?? cannotDecodeJWTPayload, options.globals);
SyntaxError: Unexpected token '?'
Alex Dolid
03/04/2024, 7:27 PM{"type":"Error","message":"gRPC error 14 (UNAVAILABLE): read ECONNRESET","stack":"NotOK: gRPC error 14 (UNAVAILABLE): read ECONNRESET
my fly.toml configuration
app = 'cerbos-service'
primary_region = 'waw'
[build]
[http_service]
internal_port = 3592
force_https = true
auto_stop_machines = true
auto_start_machines = true
min_machines_running = 0
[http_service.http_options]
h2_backend = true
[[services]]
internal_port = 3592
protocol = "tcp"
auto_stop_machines = true
auto_start_machines = true
min_machines_running = 0
[[services.ports]]
handlers = ["http"]
start_port = 3592
end_port = 3592
[[services]]
internal_port = 3593
protocol = "tcp"
auto_stop_machines = true
auto_start_machines = true
min_machines_running = 0
[[services.ports]]
handlers = ["tls", "http"]
start_port = 3593
end_port = 3593
[services.ports.tls_options]
alpn = ["h2"]
[[vm]]
size = "shared-cpu-1x"
memory = '256mb'
cpu_kind = 'shared'
cpus = 1
Martin Schmengler
03/07/2024, 1:39 PMAvinash Dalvi
03/16/2024, 6:39 AMdocker run --rm --name cerbos -d -v $(pwd)/cerbos-quickstart:/quickstart -p 3592:3592 <http://ghcr.io/cerbos/cerbos:0.34.0|ghcr.io/cerbos/cerbos:0.34.0> server --config=/quickstart/.cerbos.yaml
with custom but it just getting random ID as output but docker is not running. I want to run configuration inside this project https://github.com/cerbos/nextjs-prisma-cerbos any help ? as per this document https://docs.cerbos.dev/cerbos/latest/installation/containerAvinash Dalvi
03/16/2024, 7:35 AMStore does not support regexp filters
anyone came across this error in API. I tried to find out documentation around couldn’t find any. Due to this not able to see list of policy and not able to check policy id to fetch policy detailsLindsay Cade
03/19/2024, 7:24 PMget_query
method. I have posted an issue here: https://github.com/cerbos/query-plan-adapters/issues/69
I would love any help or advice! Thanks!Fatuma A
03/22/2024, 8:48 AMFatuma A
03/22/2024, 8:50 AMBrandon Choe
03/22/2024, 11:02 PMUnsupported operator exists
when I try to pass in a relation to fieldNameMapper
queryPlanToPrisma({
queryPlan,
fieldNameMapper: {
'request.resource.attr.workflowUserRoles': 'workflowUserRoles'
}
});
// yaml
- expr: >
R.attr.workflowUserRoles.exists(workflowUserRole,
workflowUserRole.userId == P.id && workflowUserRole.role == "OWNER"
)
// schema.prisma
model Workflow {
workflowUserRoles WorkflowUserRole[]
}
Dimitar Danailov
03/25/2024, 3:19 PMBrian Fletcher
03/26/2024, 4:38 PMKunal Verma
03/28/2024, 12:10 PMresource := cerbos.NewResource("posts", )
Apart from this, if you could pls guide me in the right direction regarding my rest of the implementation, that would mean a lot
ThanksTyler Bray
03/28/2024, 7:27 PMAvinash Dalvi
04/02/2024, 11:09 AMJan Kühnlein
04/03/2024, 7:05 PMAdosh Singh
04/10/2024, 10:13 AM@GetMapping
public ResponseEntity<?> getBlog(@RequestParam String blogId, @RequestParam String userId) {
try {
Blog blog = blogService.getBlog(blogId);
String role = DataLoader.users.get(userId).getRole();
String own = DataLoader.users.get(userId).getName();
String blogOwner = blog.getOwner();
Principal principal = Principal.newInstance(own, role);
Resource resource = Resource.newInstance("blog", blogId)
.withAttribute("owner", AttributeValue.stringValue(blogOwner));
var cerbosClient1 = new CerbosClientBuilder("localhost:3593")
.withPlaintext()
.buildBlockingClient();
System.out.println("after declearing cerbos client" + cerbosClient1);
CheckResult result = cerbosClient1.check(
principal,
resource,
"read");
System.out.println("after cerbos.Client1.check");
if (!result.isAllowed("read")) {
return ResponseEntity.status(403).body("Forbidden");
}
return ResponseEntity.ok(blog);
} catch (Exception e) {
// e.printStackTrace();
System.out.println("Error processing request: " + e.getMessage());
return ResponseEntity.internalServerError().body("Error processing request: " + e.getMessage());
}
}
When I try to hit this endpoint I am getting an error:
Error processing request: RPC exception [Status{code=INTERNAL, description=Panic! This is a bug!, cause=java.lang.NoSuchMethodError: io.grpc.internal.Http2ClientStreamTransportState: method 'void <init>(int, io.grpc.internal.StatsTraceContext, io.grpc.internal.TransportTracer)' not found....
The way I integrated using java-cerbos-sdk:
I've added this in the build.gradle file:
dependencies {
implementation("dev.cerbos:cerbos-sdk-java:0.+")
implementation("io.grpc:grpc-core:1.+")
}
repositories {
mavenCentral()
}
This is how I am making the client:
var cerbosClient1 = new CerbosClientBuilder("localhost:3593")
.withPlaintext()
.buildBlockingClient();
I ran the cerbos server using:
docker run --rm --name cerbos -d -v "$(Get-Location)/cerbos/policies:/policies" -p 3592:3592 -p 3593:3593 <http://ghcr.io/cerbos/cerbos:0.34.0|ghcr.io/cerbos/cerbos:0.34.0>
and this successfully starts the cerbos server.
Cc:@Rohit Ghumaresdktr
04/10/2024, 11:44 AMFatuma A
04/15/2024, 9:01 AMDaniel Doornekamp
04/16/2024, 8:41 AMApr 16 10:38:28 system java[59202]: 10:38:28.472 [http-nio-8080-exec-5] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [/rc/api] threw exception [Request processing failed; nested exception is dev.cerbos.sdk.CerbosException: RPC exception [Status{code=INTERNAL, description=Panic! This is a bug!, cause=java.lang.NoSuchMethodError: io.grpc.internal.Http2ClientStreamTransportState: method 'void <init>(int, io.grpc.internal.StatsTraceContext, io.grpc.internal.TransportTracer)' not found
Does anyone have a clue what could be the reason we are receiving this error?Pratham Sikka
04/18/2024, 12:54 PMmake publish-lambda S3Bucket=<bucket-name>
Deploying with following values
===============================
Stack name : Cerbos
Region : None
Confirm changeset : False
Disable rollback : False
Deployment s3 bucket : None
Capabilities : ["CAPABILITY_IAM"]
Parameter overrides : {"ArchitectureParameter": "x86_64"}
Signing Profiles : {}
Initiating deployment
=====================
Waiting for changeset to be created..
CloudFormation stack changeset
-----------------------------------------------------------------------------------------------------------------
Operation LogicalResourceId ResourceType Replacement
-----------------------------------------------------------------------------------------------------------------
+ Add CerbosServerFunctionCatchA AWS::Lambda::Permission N/A
llPermission
+ Add CerbosServerFunctionRole AWS::IAM::Role N/A
+ Add CerbosServerFunction AWS::Lambda::Function N/A
+ Add ServerlessHttpApiApiGatewa AWS::ApiGatewayV2::Stage N/A
yDefaultStage
+ Add ServerlessHttpApi AWS::ApiGatewayV2::Api N/A
-----------------------------------------------------------------------------------------------------------------
Changeset created successfully.
2024-04-18 17:49:50 - Waiting for stack create/update to complete
CloudFormation events from stack operations (refresh every 5.0 seconds)
-----------------------------------------------------------------------------------------------------------------
ResourceStatus ResourceType LogicalResourceId ResourceStatusReason
-----------------------------------------------------------------------------------------------------------------
CREATE_IN_PROGRESS AWS::CloudFormation::Stack Cerbos User Initiated
CREATE_IN_PROGRESS AWS::IAM::Role CerbosServerFunctionRole -
CREATE_IN_PROGRESS AWS::IAM::Role CerbosServerFunctionRole Resource creation
Initiated
CREATE_COMPLETE AWS::IAM::Role CerbosServerFunctionRole -
CREATE_IN_PROGRESS AWS::Lambda::Function CerbosServerFunction -
CREATE_IN_PROGRESS AWS::Lambda::Function CerbosServerFunction Resource creation
Initiated
CREATE_COMPLETE AWS::Lambda::Function CerbosServerFunction -
CREATE_IN_PROGRESS AWS::ApiGatewayV2::Api ServerlessHttpApi -
CREATE_IN_PROGRESS AWS::ApiGatewayV2::Api ServerlessHttpApi Resource creation
Initiated
CREATE_COMPLETE AWS::ApiGatewayV2::Api ServerlessHttpApi -
CREATE_IN_PROGRESS AWS::ApiGatewayV2::Stage ServerlessHttpApiApiGatewa -
yDefaultStage
CREATE_IN_PROGRESS AWS::Lambda::Permission CerbosServerFunctionCatchA -
llPermission
CREATE_IN_PROGRESS AWS::ApiGatewayV2::Stage ServerlessHttpApiApiGatewa Resource creation
yDefaultStage Initiated
CREATE_COMPLETE AWS::ApiGatewayV2::Stage ServerlessHttpApiApiGatewa -
yDefaultStage
CREATE_IN_PROGRESS AWS::Lambda::Permission CerbosServerFunctionCatchA Resource creation
llPermission Initiated
CREATE_COMPLETE AWS::Lambda::Permission CerbosServerFunctionCatchA -
llPermission
CREATE_COMPLETE AWS::CloudFormation::Stack Cerbos -
-----------------------------------------------------------------------------------------------------------------
CloudFormation outputs from deployed stack
-----------------------------------------------------------------------------------------------------------------
Outputs
-----------------------------------------------------------------------------------------------------------------
Key CerbosServerFunctionAPI
Description API Gateway endpoint URL for Cerbos Server
Value <value>
Key CerbosServerFunctionIamRole
Description IAM Role created for the Cerbos Server function
Value <value>
Key CerbosServerFunction
Description Cerbos Server Function ARN
Value <value>
-----------------------------------------------------------------------------------------------------------------
Successfully created/updated stack - Cerbos in None
As you can see I have been able to deploy Cerbos successfully in AWS Lambda.
Now I want to deploy a Next.js application to AWS Lambda. I would like to understand how do I leverage the current setup to attach policies to my Next.js application which I'm deploying using AWS Lambda?