Elodie Philippe
02/23/2022, 10:45 AMid
in a PrincipalPolicy?Jesum Yip
03/22/2022, 2:40 AM{
"log.level": "error",
"@timestamp": "2022-03-22T02:36:56.777Z",
"log.logger": "cerbos.blob",
"message": "Failed to build index",
"bucket": "<gs://abac-policies>",
"workDir": "/root/tmp/cerbos/work",
"error": "failed to build index: missing imports=1, duplicate definitions=0, load failures=0"
}
Jesum Yip
03/22/2022, 3:18 AMJan Kühnlein
04/06/2022, 8:50 AMJan Kühnlein
04/06/2022, 8:57 AM{"log.level":"error","@timestamp":"2022-04-06T08:51:05.396Z","log.logger":"cerbos.git.store","message":"Failed to pull from remote","dir":"/work","error":"non-fast-forward update"}
{"log.level":"error","@timestamp":"2022-04-06T08:51:05.396Z","log.logger":"cerbos.git.store","message":"Failed to check for updates","dir":"/work","error":"failed to pull from remote: non-fast-forward update"}
Colton
04/08/2022, 7:36 PMVladyslav Ishchenko
05/05/2022, 10:20 AMmake image
command I’m getting this error even though I have enough space on my mac.
My setup is: MacBook Pro (13-inch, M1, 2020)
Vladyslav Ishchenko
05/05/2022, 10:24 AM$BUCKET_URL
that I need to paste in conf.default.yml
is the url of bucket with static website hosting enabled and with enabled public access, right?
It wasn’t clear from the documentation which steps should be done in order to set up the bucket for Cerbos.
Thanks in advance!Jesum Yip
05/05/2022, 1:00 PMRasmus Dencker
05/25/2022, 1:22 PMbooks.manage
, authors.read
, ..., and principals can easily assume more than 20 roles.
Is that doable in cerbos?Rasmus Dencker
05/25/2022, 1:23 PMattr
and do configure with expr instead?Rasmus Dencker
05/27/2022, 11:23 AMRasmus Dencker
05/28/2022, 6:46 PM<http://github.com/cerbos/cerbos/api/genpb/cerbos/policy/v1|github.com/cerbos/cerbos/api/genpb/cerbos/policy/v1>
which aaaalmost works; it just yields a bunch of extra op
nodes in the yaml:Rasmus Dencker
05/28/2022, 6:47 PMHarry Zinoviou
05/31/2022, 9:47 AM{"log.level":"info","@timestamp":"2022-05-30T17:47:05.452Z","log.logger":"cerbos.server","message":"maxprocs: Leaving GOMAXPROCS=8: CPU quota undefined"}
{"log.level":"info","@timestamp":"2022-05-30T17:47:05.452Z","log.logger":"cerbos.server","message":"Loading configuration from /config/config.yaml"}
{"log.level":"debug","@timestamp":"2022-05-30T17:47:05.454Z","log.logger":"cerbos.index","message":"Index build failed","missing":null,"missing_scopes":null,"load_failures":null,"duplicates":[{"file":"account_resource.yaml","otherFile":"..2022_05_30_17_45_35.387152270/account_resource.yaml"},{"file":"quant_roles.yaml","otherFile":"..2022_05_30_17_45_35.387152270/quant_roles.yaml"},{"file":"team_resource.yaml","otherFile":"..2022_05_30_17_45_35.387152270/team_resource.yaml"},{"file":"user_resource.yaml","otherFile":"..2022_05_30_17_45_35.387152270/user_resource.yaml"}],"disabled":[]}
{"log.level":"info","@timestamp":"2022-05-30T17:47:05.454Z","log.logger":"cerbos.server","message":"maxprocs: No GOMAXPROCS change to reset"}
cerbos: error: failed to create store: failed to build index: missing imports=0, missing scopes=0, duplicate definitions=4, load failures=0
Does that mean there is an issue with the content in the policy files?
The files are defined in a configmap and then mounted to the container.
I've also ran a local compile with no errors.Rasmus Dencker
06/02/2022, 4:35 PM{"log.level":"warn","@timestamp":"2022-06-02T16:23:26.596Z","log.logger":"cerbos.otel","message":"OpenTelemetry error","error":"starting span \"ExportMetrics\": unsupported sampler: 0x7df690"}
- any clue?Rasmus Dencker
06/03/2022, 8:47 AMOTEL_PROPAGATORS
). AFAIK, it chooses the first valid propagator for incoming requests. Would that be feasible to implement in Cerbos? Right now I have to choose between tracecontext and b3. I prefer tracecontext, but some of the 3rd party services we use only support b3, so it'd be super cool if Cerbos had an auto
option to detect the propagation headers from an incoming requestTopi Hernández Mares
06/16/2022, 2:51 PMdef is_allowed(
self,
action: str,
principal: Principal,
resource: Resource,
request_id: Optional[str] = None,
aux_data: Optional[AuxData] = None,
) -> bool:
"""Check permission for a single action
Args:
action (str): action being performed
principal (Principal): principal who is performing the action
resource (Resource): resource on which the action is being performed
request_id (None|str): request ID for the request (default None)
aux_data (None|AuxData): auxiliary data for the request
"""
resp = self.check_resources(
principal=principal,
resources=ResourceList().add(resource, {action}),
request_id=request_id,
aux_data=aux_data,
)
> return resp.get_resource(resource.id).is_allowed(action)
E AttributeError: 'NoneType' object has no attribute 'is_allowed'
I've been looking at the client code and I found that get_resource
returns None
when the request fails, but I don't know what is failing.Topi Hernández Mares
06/16/2022, 7:32 PMCharith (Cerbos)
06/16/2022, 7:37 PMcerbos run
command to launch Cerbos, execute your tests and then shutdown Cerbos.
There's an example with test containers here: https://github.com/cerbos/cerbos-sdk-python
Here's the documentation for `cerbos run`: https://docs.cerbos.dev/cerbos/latest/cli/cerbos.html#runTS
06/16/2022, 10:12 PMTopi Hernández Mares
06/22/2022, 2:33 PMRuntimeError("Cannot send a request, as the client has been closed.")
This only happens when I make two or more requests to Cerbos with the SDKTopi Hernández Mares
07/06/2022, 1:43 PMThe read operation timed out
. I thought that increasing the timeout_secs
param in the client could fix this issue, but id didn't. I enabled audit logs on my Cerbos container to see if there is any error in that side, but I discovered that whenever I get the error The read operation timed out
, I don't get any logs, not even the one about Handled Request
david
07/19/2022, 12:19 PMSteve High (NTWRK)
07/22/2022, 1:33 PM"request failed: rpc error: code = Unimplemented desc = unknown method CheckResources for service cerbos.svc.v1.CerbosService
I installed the standalone a few days ago, and it looks like it's the latest version. Homebrew thinks I am on v0.19.0
. WHen I run cerbos -v
, it returns 0.7.0
. Just wanna make sure this is a goreleaser hiccup, or if i am actually on an old version.
I'll try building from source and see if there's a differencedavid
07/25/2022, 10:12 AMc, err := client.New(*cerbosAddr, client.WithTLSInsecure())
for the Javascript GRPC client? i.e. use TLS, but allow insecure.Ming Fang
07/25/2022, 8:19 PMGabi Zarhin
07/27/2022, 1:10 PMDennis (Cerbos)
08/02/2022, 1:46 AMAsma Rahim
08/01/2022, 11:10 AMAsma Rahim
08/01/2022, 11:10 AMAlex Olivier (Cerbos)
08/01/2022, 11:35 AMCharith (Cerbos)
08/01/2022, 1:26 PMpw
script?Asma Rahim
08/02/2022, 4:20 AMpw
script. I used this command to install
./pw install
Charith (Cerbos)
08/02/2022, 7:34 AMAsma Rahim
08/02/2022, 7:36 AMCharith (Cerbos)
08/02/2022, 7:39 AMAsma Rahim
08/02/2022, 8:04 AMCharith (Cerbos)
08/02/2022, 8:09 AMpw
script is a Python script itself so it probably uses the global Python interpreter during bootstrap to setup the virtual env and other things. IIRC, Python 3.10 had some backward incompatible changes so that could be why you're getting those errors.Asma Rahim
08/02/2022, 8:22 AMCharith (Cerbos)
08/02/2022, 8:24 AMAsma Rahim
08/02/2022, 12:05 PMAlex Olivier (Cerbos)
08/02/2022, 12:06 PMAsma Rahim
08/02/2022, 12:07 PMAlex Olivier (Cerbos)
08/02/2022, 12:07 PMAsma Rahim
08/02/2022, 12:08 PMAlex Olivier (Cerbos)
08/02/2022, 12:08 PMAsma Rahim
08/02/2022, 12:09 PMAlex Olivier (Cerbos)
08/02/2022, 12:09 PM@cerbos/http
Asma Rahim
08/02/2022, 12:10 PMAlex Olivier (Cerbos)
08/02/2022, 12:10 PMAsma Rahim
08/02/2022, 12:15 PMAlex Olivier (Cerbos)
08/02/2022, 12:16 PMAsma Rahim
08/02/2022, 12:16 PMAlex Olivier (Cerbos)
08/02/2022, 12:18 PMAsma Rahim
08/02/2022, 1:09 PM@cerbos/http
import { HTTP } from "@cerbos/http";
const cerbos = new HTTP("<http://localhost:3592>");
await cerbos.isAllowed({
principal: { id: "<mailto:user@example.com|user@example.com>", roles: ["USER"] },
resource: { kind: "document", id: "1" },
action: "view",
}); // => true
actions
as an array ["eat", "sleep", "repeat"]
Is there any documentation for this SDK besides the readme on github?Alex Olivier (Cerbos)
08/03/2022, 1:19 PMAsma Rahim
08/03/2022, 1:19 PMAlex Olivier (Cerbos)
08/03/2022, 1:20 PMAsma Rahim
08/03/2022, 1:40 PM/api/check_resource_batch
Alex Olivier (Cerbos)
08/03/2022, 1:41 PMconst decision = await cerbos.checkResources({
principal: { id: "<mailto:user@example.com|user@example.com>", roles: ["USER"] },
resources: [
{
resource: { kind: "document", id: "1" },
actions: ["view", "edit"],
},
{
resource: { kind: "image", id: "1" },
actions: ["delete"],
},
],
});
decision.isAllowed({
resource: { kind: "document", id: "1" },
action: "view",
}); // => true